SlideShare a Scribd company logo

Hacking with paper

Sumedt Jitpukdebodin
Sumedt Jitpukdebodin

How to hack people with paper (QRCode)?

Technology
1 of 26
Download to read offline
HACKING WITH PAPER By Sumedt Jitpukdebodin Web Application Security Specialist,ACIS i-Secure LPIC-1, NCLA, C|EHv6, Sec+, eCPPT
WHO AM I? ▪ Learning Guy ▪ Activities Guy ▪ Writer ▫ Thai And English Article For PenetrationTesting. ▪ My book “Basic Hacking And Security”(THAI) ▪ Gray Hat in sometimes. ▪ CITEC ▫ Writer Of Linux Security In Hackazine. ▫ Lecturer Of Ethical Hacking and Master Of Exploitation Courses. ▫ One Of CITEC LiveTeam. ▫ Security And Linux Consultant in the community.
MY JOB i-Secure ▪ Web Application Security Specialist ▫ Security Research ▫ Web Attacking Analysis ▫ Web Application Firewall Engineer ▫ Etc.
WHAT IS PAPER HACKING? ▪ Not new. ▪ Not hard. ▪ New target. ▪ New way?
QR-CODE ▪ Barcode 2 Dimention ▪ Japan ▪ QR = Quick Response ▪ Message, Contact, Picture anything that can be the “characters” even “URL” ▪ Maximum data 7089 numeric characters or 4296 alphanumeric characters = 2KB ▪ Easy to read with Android and iOS Mobile and Tablet.
QR-CODE(2) ▪ QR-Code In Korea ▪ Every train station ▪ Scan to buy ▪ Pay by mobile
QR-CODE(3) ▪ QR-Code inThailand ▪ Magazine can talk!!! ▪ http://www.youtube.com/v=X62xhsDqdBQ
TREND OF MOBILE ▪ Speed ▪ Popular ▪ Price ▪ Protection ▪ Awareness
WHAT IS PAPER HACKING? ▪ QR-Code ▪ Mobile ▪ Social Engineering
STEP OF ATTACK 1. Create the evil site(s). 2. Mapping the site into the real world. 3. Create the QR-Code. 4. Lure the people. 5. HappyTime ☺
1) CREATE EVIL SITE. ▪ Android ▫ Android Content Provider File Disclosure With Metasploit ▫ Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit By MJ Keith ▪ iPhone ▫ iPhone MobileSafari LibTIFF Buffer Overflow ▪ Phishing ▫ Gmail ▫ Apple Store
1) CREATE EVIL SITE(2) ▪ Create script for detect any device with $_SERVER[‘HTTP_USER_AGENT’] ▫ Redirect it to the match page.
1) CREATE EVIL SITE(3)
1) CREATE EVIL SITE(4) iPhone Android Others Evilsite:8081 Evilsite:8080 Evilsite/phishing2
2) MAPPING TO THE PUBLIC ▪ Forward Connections. ▪ Dydns ▪ NoIP
2) MAPPING TO THE PUBLIC
3) CREATE QR-CODE ▪ Web ▫ http://qrcode.kaywa.com/ ▫ http://goqr.me/ ▪ Android ▫ QR Droid ▫ QR Code Generator ▪ iPhone ▫ Optiscan ▫ Qrafter
3) CREATE QR-CODE(2)
4) LURE THE PEOPLE ▪ Social Engineering ▫ Event ▫ Interesting Word. ▫ Negative Word. ▫ Social Network.
5) HAPPY TIME ☺ Detect Device Android iPhone Others Phishing2 Evilsite:8080 Evilsite:8081 Phishing
5) HAPPY TIME ☺(1)
5) HAPPY TIME ☺(2)
5) HAPPY TIME ☺(3)
5) HAPPY TIME ☺(4)
Q&A

Recommended

Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesomeSumedt Jitpukdebodin
 
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysisSumedt Jitpukdebodin
 
R u hacked
R u hackedR u hacked
R u hackedSumedt Jitpukdebodin
 
Web architecture mechanism and threats
Web architecture mechanism and threatsWeb architecture mechanism and threats
Web architecture mechanism and threatsSumedt Jitpukdebodin
 
Security awareness training
Security awareness trainingSecurity awareness training
Security awareness trainingSumedt Jitpukdebodin
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
CryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a HackCryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a HackBryan Becker
 
Hyper Island - 2012
Hyper Island - 2012Hyper Island - 2012
Hyper Island - 2012Detectify
 

Recommended

Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesomeSumedt Jitpukdebodin
 
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysisSumedt Jitpukdebodin
 
R u hacked
R u hackedR u hacked
R u hackedSumedt Jitpukdebodin
 
Web architecture mechanism and threats
Web architecture mechanism and threatsWeb architecture mechanism and threats
Web architecture mechanism and threatsSumedt Jitpukdebodin
 
Security awareness training
Security awareness trainingSecurity awareness training
Security awareness trainingSumedt Jitpukdebodin
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
CryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a HackCryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a HackBryan Becker
 
Hyper Island - 2012
Hyper Island - 2012Hyper Island - 2012
Hyper Island - 2012Detectify
 
The Revolution of Crypto Funding - Building towards a Scamless Future
The Revolution of Crypto Funding - Building towards a Scamless FutureThe Revolution of Crypto Funding - Building towards a Scamless Future
The Revolution of Crypto Funding - Building towards a Scamless FutureRuben Merre
 
A million little tracking devices - Don Bailey
A million little tracking devices - Don BaileyA million little tracking devices - Don Bailey
A million little tracking devices - Don Baileyidsecconf
 
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi Zero
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi ZeroBuilding a Bitcoin Hardware Wallet with Golang and a Raspberry Pi Zero
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi ZeroNic Raboy
 
Start yourit career
Start yourit careerStart yourit career
Start yourit careerSaad Talaat`
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busbyDavid Busby, CISSP
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Android best practices 2015
Android best practices 2015Android best practices 2015
Android best practices 2015Sean Katz
 
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?Chris Swan
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsn|u - The Open Security Community
 
AI and Blockchain
AI and BlockchainAI and Blockchain
AI and BlockchainSasha Lazarevic
 
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜Seungmin Shin
 
Web 3.0 - The Future of Web
Web 3.0 - The Future of WebWeb 3.0 - The Future of Web
Web 3.0 - The Future of WebMarcelo Serpa
 
Smart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecuritySmart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecurityOKsystem
 
Chit Chat Seputar Dunia IT (1).pptx
Chit Chat Seputar Dunia IT (1).pptxChit Chat Seputar Dunia IT (1).pptx
Chit Chat Seputar Dunia IT (1).pptxcaghiyadhk
 
Look ma! no hands!
Look ma! no hands!Look ma! no hands!
Look ma! no hands!Luis Diego González-Zúñiga, PhD
 
The Rise of GameFi
The Rise of GameFiThe Rise of GameFi
The Rise of GameFiastrooldboy
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Codemotion
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of ThingsKinoma
 
How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environmentSumedt Jitpukdebodin
 
Phishing
PhishingPhishing
PhishingSumedt Jitpukdebodin
 

More Related Content

Similar to Hacking with paper

The Revolution of Crypto Funding - Building towards a Scamless Future
The Revolution of Crypto Funding - Building towards a Scamless FutureThe Revolution of Crypto Funding - Building towards a Scamless Future
The Revolution of Crypto Funding - Building towards a Scamless FutureRuben Merre
 
A million little tracking devices - Don Bailey
A million little tracking devices - Don BaileyA million little tracking devices - Don Bailey
A million little tracking devices - Don Baileyidsecconf
 
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi Zero
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi ZeroBuilding a Bitcoin Hardware Wallet with Golang and a Raspberry Pi Zero
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi ZeroNic Raboy
 
Start yourit career
Start yourit careerStart yourit career
Start yourit careerSaad Talaat`
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busbyDavid Busby, CISSP
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Android best practices 2015
Android best practices 2015Android best practices 2015
Android best practices 2015Sean Katz
 
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?Chris Swan
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsn|u - The Open Security Community
 
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜Seungmin Shin
 
Web 3.0 - The Future of Web
Web 3.0 - The Future of WebWeb 3.0 - The Future of Web
Web 3.0 - The Future of WebMarcelo Serpa
 
Smart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecuritySmart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecurityOKsystem
 
Chit Chat Seputar Dunia IT (1).pptx
Chit Chat Seputar Dunia IT (1).pptxChit Chat Seputar Dunia IT (1).pptx
Chit Chat Seputar Dunia IT (1).pptxcaghiyadhk
 
The Rise of GameFi
The Rise of GameFiThe Rise of GameFi
The Rise of GameFiastrooldboy
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Codemotion
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of ThingsKinoma
 

Similar to Hacking with paper (20)

The Revolution of Crypto Funding - Building towards a Scamless Future
The Revolution of Crypto Funding - Building towards a Scamless FutureThe Revolution of Crypto Funding - Building towards a Scamless Future
The Revolution of Crypto Funding - Building towards a Scamless Future
 
A million little tracking devices - Don Bailey
A million little tracking devices - Don BaileyA million little tracking devices - Don Bailey
A million little tracking devices - Don Bailey
 
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi Zero
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi ZeroBuilding a Bitcoin Hardware Wallet with Golang and a Raspberry Pi Zero
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi Zero
 
Start yourit career
Start yourit careerStart yourit career
Start yourit career
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busby
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Android best practices 2015
Android best practices 2015Android best practices 2015
Android best practices 2015
 
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
 
AI and Blockchain
AI and BlockchainAI and Blockchain
AI and Blockchain
 
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜
[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜
 
Web 3.0 - The Future of Web
Web 3.0 - The Future of WebWeb 3.0 - The Future of Web
Web 3.0 - The Future of Web
 
Smart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones SecuritySmart Cards & Devices Forum 2012 - Smart Phones Security
Smart Cards & Devices Forum 2012 - Smart Phones Security
 
Chit Chat Seputar Dunia IT (1).pptx
Chit Chat Seputar Dunia IT (1).pptxChit Chat Seputar Dunia IT (1).pptx
Chit Chat Seputar Dunia IT (1).pptx
 
Look ma! no hands!
Look ma! no hands!Look ma! no hands!
Look ma! no hands!
 
The Rise of GameFi
The Rise of GameFiThe Rise of GameFi
The Rise of GameFi
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of Things
 

More from Sumedt Jitpukdebodin

How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environmentSumedt Jitpukdebodin
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breachSumedt Jitpukdebodin
 
What should I do when my website got hack?
What should I do when my website got hack?What should I do when my website got hack?
What should I do when my website got hack?Sumedt Jitpukdebodin
 
Web Architecture - Mechanism and Threats
Web Architecture - Mechanism and ThreatsWeb Architecture - Mechanism and Threats
Web Architecture - Mechanism and ThreatsSumedt Jitpukdebodin
 

More from Sumedt Jitpukdebodin (9)

How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environment
 
Phishing
PhishingPhishing
Phishing
 
Which side are you
Which side are youWhich side are you
Which side are you
 
Endpoint is not enough
Endpoint is not enoughEndpoint is not enough
Endpoint is not enough
 
Antivirus is hopeless
Antivirus is hopelessAntivirus is hopeless
Antivirus is hopeless
 
DDoS handlering
DDoS handleringDDoS handlering
DDoS handlering
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breach
 
What should I do when my website got hack?
What should I do when my website got hack?What should I do when my website got hack?
What should I do when my website got hack?
 
Web Architecture - Mechanism and Threats
Web Architecture - Mechanism and ThreatsWeb Architecture - Mechanism and Threats
Web Architecture - Mechanism and Threats
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Hacking with paper

  • 1. HACKING WITH PAPER By Sumedt Jitpukdebodin Web Application Security Specialist,ACIS i-Secure LPIC-1, NCLA, C|EHv6, Sec+, eCPPT
  • 2. WHO AM I? ▪ Learning Guy ▪ Activities Guy ▪ Writer ▫ Thai And English Article For PenetrationTesting. ▪ My book “Basic Hacking And Security”(THAI) ▪ Gray Hat in sometimes. ▪ CITEC ▫ Writer Of Linux Security In Hackazine. ▫ Lecturer Of Ethical Hacking and Master Of Exploitation Courses. ▫ One Of CITEC LiveTeam. ▫ Security And Linux Consultant in the community.
  • 3. MY JOB i-Secure ▪ Web Application Security Specialist ▫ Security Research ▫ Web Attacking Analysis ▫ Web Application Firewall Engineer ▫ Etc.
  • 4. WHAT IS PAPER HACKING? ▪ Not new. ▪ Not hard. ▪ New target. ▪ New way?
  • 5. QR-CODE ▪ Barcode 2 Dimention ▪ Japan ▪ QR = Quick Response ▪ Message, Contact, Picture anything that can be the “characters” even “URL” ▪ Maximum data 7089 numeric characters or 4296 alphanumeric characters = 2KB ▪ Easy to read with Android and iOS Mobile and Tablet.
  • 6. QR-CODE(2) ▪ QR-Code In Korea ▪ Every train station ▪ Scan to buy ▪ Pay by mobile
  • 7. QR-CODE(3) ▪ QR-Code inThailand ▪ Magazine can talk!!! ▪ http://www.youtube.com/v=X62xhsDqdBQ
  • 8. TREND OF MOBILE ▪ Speed ▪ Popular ▪ Price ▪ Protection ▪ Awareness
  • 9. WHAT IS PAPER HACKING? ▪ QR-Code ▪ Mobile ▪ Social Engineering
  • 10. STEP OF ATTACK 1. Create the evil site(s). 2. Mapping the site into the real world. 3. Create the QR-Code. 4. Lure the people. 5. HappyTime ☺
  • 11. 1) CREATE EVIL SITE. ▪ Android ▫ Android Content Provider File Disclosure With Metasploit ▫ Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit By MJ Keith ▪ iPhone ▫ iPhone MobileSafari LibTIFF Buffer Overflow ▪ Phishing ▫ Gmail ▫ Apple Store
  • 12. 1) CREATE EVIL SITE(2) ▪ Create script for detect any device with $_SERVER[‘HTTP_USER_AGENT’] ▫ Redirect it to the match page.
  • 13. 1) CREATE EVIL SITE(3)
  • 14. 1) CREATE EVIL SITE(4) iPhone Android Others Evilsite:8081 Evilsite:8080 Evilsite/phishing2
  • 15. 2) MAPPING TO THE PUBLIC ▪ Forward Connections. ▪ Dydns ▪ NoIP
  • 16. 2) MAPPING TO THE PUBLIC
  • 17. 3) CREATE QR-CODE ▪ Web ▫ http://qrcode.kaywa.com/ ▫ http://goqr.me/ ▪ Android ▫ QR Droid ▫ QR Code Generator ▪ iPhone ▫ Optiscan ▫ Qrafter
  • 19. 4) LURE THE PEOPLE ▪ Social Engineering ▫ Event ▫ Interesting Word. ▫ Negative Word. ▫ Social Network.
  • 20.
  • 21. 5) HAPPY TIME ☺ Detect Device Android iPhone Others Phishing2 Evilsite:8080 Evilsite:8081 Phishing
  • 22. 5) HAPPY TIME ☺(1)
  • 23. 5) HAPPY TIME ☺(2)
  • 24. 5) HAPPY TIME ☺(3)
  • 25. 5) HAPPY TIME ☺(4)
  • 26. Q&A