ethical hacking finse 2019 cyber security winter school
play

Ethical Hacking Finse 2019 Cyber Security Winter school - PowerPoint PPT Presentation

Aug 02, 2023 •211 likes •878 views

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi From Myself Associate Professor at UiO Teaching Ethical Hacking since 2012 Lecturer of the IN5290 Ethical Hacking at UiO Leader

  1. Ethical Hacking – Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erdödi

  2. From Myself • Associate Professor at UiO • Teaching Ethical Hacking since 2012 • Lecturer of the IN5290 Ethical Hacking at UiO • Leader of the UiO Hacking Arena • Leader of the UiO-CTF Capture the flag hacking team • Resarch fields: – Ethical hacking – Software vulnerability exploitation – Automation of hacking Finse 2019 Ethical hacking 2

  3. Schedule (6 th -7 th May 2019) Monday 17.00 - 19.00: Ethical hacking introduction, Information gathering, Web hacking tasks Monday 17.00 – Tuesday 11.00: PhD hacking competition Tuesday 11-12.30 Solution of the tasks, Result of the competition, Binary exploitations, Introduction to the UiO-Hacking- Arena Finse 2019 Ethical hacking 3

  4. Finse 2019 Hacking competition for PhD students Hi Young Padawan! The Empire wants to strike back! To become a real Jedi, Yoda master has sent you the following Jedi exam tasks: 1. You have to pretend to be Darth Vader to mislead the guards of the Death Star! First of all, buy a Darth Vader costume! You can buy it e.g. on a primitive planet (called Earth). Buy it online and find the hidden message for you! http://158.39.48.61:801 Finse 2019 Ethical hacking 4

  5. Finse 2019 Hacking competition for PhD students 2. After you managed to get inside the Death Star you can access the local dashboard of the main computer: http://158.39.48.61:802 Your task is to become the admin user. We have some information that can help you: The designer of the Death Star "accidently" wasn't enough careful when he coded the session management. We also know some existing (non admin) credentials: Obi Van clearly feels that his old padawan, Anakin (username:DarthVader) still uses the following password: Padme<3<3 . Thanks to R2-D2 who sniffed the Death Star's traffic we also know the password of a stormtrooper: trooper506/C6#Bda?79 Finse 2019 Ethical hacking 5

  6. Finse 2019 Hacking competition for PhD students 3. The Death Star's document repository (http://158.39.48.61:803) contains some operational document of the Star. The complete plan of the Star was there originally, but after a security check they decided to remove it from the repository. Did they really remove everything? What if they just commented out some of documents in the server side script. Try it! Finse 2019 Ethical hacking 6

  7. Finse 2019 Hacking competition for PhD students 4. The Emperor's secret is really important for us. Unfortunately all of the databases are encrypted, but 3-CPO managed to find an old database. This database uses xml queries. Why don't you try an Xpath injection? (http://193.225.218.118) Good luck young Padawan! May the force be with you! You can register and find the detailed task descriptions here: http://158.39.48.61 Finse 2019 Ethical hacking 7

  8. Differences between ethical and non- ethical hacking • Legal (contract) • Illegal • Promote the security by • Steal information, modify data, showing the make service unavailable for vulnerabilities own purpose • Find all vulnerabilities • Find the easiest way to reach the goal (weakest link) • Without causing harm • Do not care if they destroy the system (but not too early) • Document all activities • Without documentation • Final presentation and • Without report, delete all clues report Finse 2019 Ethical hacking 8

  9. Ethical hacking sub-fields • Information gathering • Network reconnaissance • Web hacking • Internal network hacking • Wireless hacking/ Mobile hacking • Software vulnerability exploitation (pwn, exploits) • Social Engineering • Hardware hacking • AI based hacking • Combination of the previous cases Finse 2019 Ethical hacking 9

  10. Main steps of hacking with the available information Finse 2019 Ethical hacking 10

  11. Main methods to carry out information gathering • Google and all search engines are best friends  – Simple search engine queries – Specific search engine queries (google hacking, see later) – Cached data (data that are not online right now, but can be restored) • The social media is another best friend  • Companies and persons spread lots of information from themselves • We can create personal and company profiles • We can identify key persons and other key information Finse 2019 Ethical hacking 11

  12. Information gathering with Google hacking • Using specific Google queries we can use smart filtering or get «hidden» data • Filter for site titles e.g. intitle:”index of” • Filter to file type with extension: type:doc, type:conf, etc • Expressions can be combined • Google Hacking Database (GHDB) helps Finse 2019 Ethical hacking 12

  13. Information gathering with Google hacking Finse 2019 Ethical hacking 13

  14. Web hacking Website hacking is very popular. There are many ways to compromize a website. We are going to touch a little bit on the following topics (we have limited time): • Hidden information • Session management • Unsecure file inclusions • Unsecure database handling All the hacking tasks are connected to these topics. Finse 2019 Ethical hacking 14

  15. Hypertext Transfer Protocol (HTTP) HTTP is the protocol for web communication. Currently version 1.0, 1.1 and 2.0 are in use (2.0 exists since 2015, almost all browsers support it by now). HTTP is used in a client – server model. The client sends a request and receives answer from the server. Finse 2019 Ethical hacking 15

  16. Hypertext Transfer Protocol (HTTP) Finse 2019 Ethical hacking 16

  17. Hypertext Transfer Protocol - telnet Finse 2019 Ethical hacking 17

  18. 18 Ethical hacking Accessing a webpage Finse 2019

  19. Client side – How the browser processes the html? Finse 2019 Ethical hacking 19

  20. How to start compromising a website? Finse 2019 Ethical hacking 20

  21. Burp suite – Download the free version for the challenges Burp is a graphical tool for testing websites. It has several modules for manipulating the web traffic. • Spider: Automatic crawl of web applications • Intruder: Automated attack on web applications • Sequencer: Quality analysis of the randomness in a sample of data items • Decoder: Transform encoded data • Comparer: Perform comparison of packets • Scanner: Automatic security test (not free) Finse 2019 Ethical hacking 21

  22. Burp suite Under HTTP history tab all the traffic that has passed through the browser are shown. All outgoing traffic can be intercepted as well and modified before sending. DEMO … Finse 2019 Ethical hacking 22

  23. Finding hidden information - examples • Example1: 158.39.48.35:801 • Example 2: 158.39.48.35:805 • Example3: 193.225.218.118/cybersmart/info2 Finse 2019 Ethical hacking 23

  24. Hacking Challenge 1: 1. You have to pretend to be Darth Vader to mislead the guards of the Death Star! First of all, buy a Darth Vader costume! You can buy it e.g. on a primitive planet (called Earth). Buy it online and find the hidden message for you! http://158.39.48.61:801 Finse 2019 Ethical hacking 24

  25. Session related attacks – What is the session variable? A user's session with a web application begins when the user first launch the application in a web browser. Users are assigned a unique session ID that identifies them to your application. The session should be ended when the browser window is closed, or when the user has not requested a page in a “very long” time. Finse 2019 Ethical hacking 25

  26. Session related attacks The session can be compromised in different ways: • Predictable session token The attacker finds out what is the next session id and sets his own session according to this. • Session sniffing The attacker uses a sniffer to capture a valid session id • Client-side attacks (e.g. XSS) The attacker redirects the client browser to his own website and steals the cookie (Javascript: document.cookie) containing the session id • Man-in-the-middle attack The attacker intercepts the communication between two computers • Man-in-the-browser attack Finse 2019 Ethical hacking 26

  27. Session hijacking attack examples • Example 1: http://193.225.218.118/OsloMet/session/task1 • Example2: http://193.225.218.118/OsloMet/session/task2 Credentials: Michael/Sicily, Sonny/woman, Fredo/Casino, admin/???? Finse 2019 Ethical hacking 27

  28. Hacking Challenge 2: 2. After you managed to get inside the Death Star you can access the local dashboard of the main computer: http://158.39.48.61:802 . Your task is to become the admin user. We have some information that can help you: • The designer of the Death Star "accidently" wasn't enough careful when he coded the session management. • We also know some existing (non admin) credentials: Obi Van clearly feels that his old padawan, Anakin (username:DarthVader) still uses the following password: Padme<3<3 . • Thanks to R2-D2 who sniffed the Death Star's traffic we also know the password of a stormtrooper: trooper506/C6#Bda?79 Finse 2019 Ethical hacking 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security and You Ethical Hacking Business Breakfast Thursday 12 January 2017 Cyber

Cyber Security and You Ethical Hacking Business Breakfast Thursday 12 January 2017 Cyber

Cyber Security and You Ethical Hacking Business Breakfast Thursday 12 January 2017 Cyber Security and You Ethical Hacking Business Breakfast Thursday 12 January 2017 Welcome from Chamber of Commerce Alison Henderson Chief Executive Officer

338 views • 18 slides
ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
got HW crypto? On the (in)security of a Self-Encrypting Drive series Finse Winter School 2018

got HW crypto? On the (in)security of a Self-Encrypting Drive series Finse Winter School 2018

got HW crypto? On the (in)security of a Self-Encrypting Drive series Finse Winter School 2018 Gunnar Alendal Speakers intro Gunnar Alendal: Cand.Scient (old skool) in Cryptography from the University of Bergen, UiB, Norway. Reverse

682 views • 57 slides
Ethical Hacking Philip Robbins August 31, 2013 Information Security &amp; Assurance Program

Ethical Hacking Philip Robbins August 31, 2013 Information Security &amp; Assurance Program

ISA 330 Introduction to Proactive System Security Week #1 Ethical Hacking Philip Robbins August 31, 2013 Information Security &amp; Assurance Program University of Hawai'i West Oahu 1 Ethical Hacking Topics Introductions Syllabus

1.17k views • 88 slides
Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen

Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen

Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen Simula@UiB Coins Winter School Finse, Norway May 12, 2017 Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 1 / 58 Our

1.39k views • 82 slides
Binary Analysis Dennis Andriesse Finse Winter School 2018 Who am I? Researcher at Vrije

Binary Analysis Dennis Andriesse Finse Winter School 2018 Who am I? Researcher at Vrije

Binary Analysis Dennis Andriesse Finse Winter School 2018 Who am I? Researcher at Vrije Universiteit Amsterdam Reverse engineering Hardening programs/anti-exploitation Malware analysis ... Attack developer in GameOver Zeus

532 views • 15 slides
CYBER SECURITY : WI-FI HACKING WITH A RASPBERRY PI NAME : ZUKISA SURNAME : DYANTYI STUDENT #

CYBER SECURITY : WI-FI HACKING WITH A RASPBERRY PI NAME : ZUKISA SURNAME : DYANTYI STUDENT #

CYBER SECURITY : WI-FI HACKING WITH A RASPBERRY PI NAME : ZUKISA SURNAME : DYANTYI STUDENT # : 3567302 TERM 3 : IMPLEMENTATION SUPERVISOR : DR. M NORMAN CO-SUPERVISOR : MR. M MUYOWA BACKGROUND INCREASE OF CONNECTED DEVICES

122 views • 8 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers Objectives After reading this chapter and completing the exercises, you will be able to: Describe Web applications Explain Web application

530 views • 9 slides
CYBER SECURITY By Sachin Dedhia CISA, CEH, ISO 27001 L.A., Ethical Hacker &amp; Digital

CYBER SECURITY By Sachin Dedhia CISA, CEH, ISO 27001 L.A., Ethical Hacker &amp; Digital

CYBER SECURITY By Sachin Dedhia CISA, CEH, ISO 27001 L.A., Ethical Hacker &amp; Digital Forensics Expert Founder Skynet Secure Solutions , skynetsecure.com Email : Sachin@skynetsecure.com Phone : 91- 9867700095 Web Conference Security

828 views • 11 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
Security protocols: formal models and verification Sergiu Bursuc School of Computer Science,

Security protocols: formal models and verification Sergiu Bursuc School of Computer Science,

Security protocols: formal models and verification Sergiu Bursuc School of Computer Science, University of Bristol Finse Winter School, 7 May 2015 Security protocols: roles and goals Roles: P 1 , . . . , P n (e.g. clients, servers, devices,

1.43k views • 127 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration Objectives

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration Objectives

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration Objectives After reading this chapter and completing the exercises, you will be able to: Describe the enumeration step of security testing Enumerate

265 views • 5 slides
HACKING THE POWER GRID: WHY WE SHOULD ALL BE CONCERNED ABOUT IOT SECURITY Presented by Computer

HACKING THE POWER GRID: WHY WE SHOULD ALL BE CONCERNED ABOUT IOT SECURITY Presented by Computer

HACKING THE POWER GRID: WHY WE SHOULD ALL BE CONCERNED ABOUT IOT SECURITY Presented by Computer Forensics &amp; Cyber Security Expert: Lee Neubecker, CISSP https://greatlakesforensics.com My Blog: https://leeneubecker.com About Lee

427 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
The above pictures are from Jawalakhel, in front of a complex and opposite to Staff College. The

The above pictures are from Jawalakhel, in front of a complex and opposite to Staff College. The

Hacking Fiber optics easier than copper cable Sachin Jung Karki Freelance IT Security professional February 1, 2016 You know that your copper-wired networks and wireless LANs can be sniffed and that your data can be compromised. But fiber-optic

272 views • 6 slides
Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E.

Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E.

Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E. Simos SBA Research Applied &amp; Computational Mathematics Division Seminar Series National Institute of Standards and Technology (NIST) Gaithersburg,

675 views • 50 slides
(Video credit: NASA's Goddard Space Flight Center) Meng Su Collaborators: Douglas P.

(Video credit: NASA's Goddard Space Flight Center) Meng Su Collaborators: Douglas P.

(Video credit: NASA's Goddard Space Flight Center) Meng Su Collaborators: Douglas P. Finkbeiner, Tracy R. Slatyer Harvard University Jet 2012, NRAO, Charlottesville 2012.03.04 Fermi Bubbles Giant gamma-ray structure with sharp edges

977 views • 55 slides
Deepwater Drilling Risk Mitigation and Safety August 11, 2010 Outline Risk Mitigation

Deepwater Drilling Risk Mitigation and Safety August 11, 2010 Outline Risk Mitigation

Deepwater Drilling Risk Mitigation and Safety August 11, 2010 Outline Risk Mitigation Commence Additional Deepwater Operation in the GOM Brief Overview of Different Drilling Operations Exploration Drilling Appraisal /

486 views • 14 slides
Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE SECURITY SPECIALIST Agenda Software Security Overview Software Security Methodologies Security Test Methods Analysis Tools Tools

497 views • 25 slides
SIBUR FIELD TRIP: TOBOLSK PRODUCTION SITE 3-4 October 2013 DISCLAIMER The information contained

SIBUR FIELD TRIP: TOBOLSK PRODUCTION SITE 3-4 October 2013 DISCLAIMER The information contained

SIBUR FIELD TRIP: TOBOLSK PRODUCTION SITE 3-4 October 2013 DISCLAIMER The information contained herein pertaining to SIBUR (the &quot;Company&quot;) has been provided by the Company solely for use at this presentation. By attending this

601 views • 34 slides
Common Vulnerabilities on iOS Apps by ivan r QconSF @ivRodriguezCA @ivRodriguezCA DISCLAIMER

Common Vulnerabilities on iOS Apps by ivan r QconSF @ivRodriguezCA @ivRodriguezCA DISCLAIMER

Common Vulnerabilities on iOS Apps by ivan r QconSF @ivRodriguezCA @ivRodriguezCA DISCLAIMER the views and opinions expressed on this talk are solely my own and do not reflect the views or opinions of my employer. @ivRodriguezCA

1.18k views • 82 slides
Multiple mating of female Dioryctria in British Columbia conifer seed orchards Jason Dombrowski

Multiple mating of female Dioryctria in British Columbia conifer seed orchards Jason Dombrowski

Multiple mating of female Dioryctria in British Columbia conifer seed orchards Jason Dombrowski Jason Dombrowski Caroline Whitehouse, Ward Strong and Maya Evenden Multiple mating theory Levels of polyandry can vary widely among and within

268 views • 16 slides

More recommend