from zero to zero day
play

From Zero to Zero-day How I became a hacker and why you should Carl - PowerPoint PPT Presentation

Mar 30, 2023 •157 likes •313 views

From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12 2018 1 / 14 Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com

  1. From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12 2018 1 / 14

  2. Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com Twitter: @zetatwo 2 / 14

  3. Background Agenda 1. My journey 2. Capture the Flag, CTF 3. Bug Bounties 4. Case study: RCE in GitHub Enterprise 3 / 14

  4. Background My journey Computer games C++ @ 7 years old Web sites, PHP University, engineering physics AI was cool Computer science Exchange at EPFL in Lausanne IT Security Competitive programming 4 / 14

  5. Background Capture the Flag, CTF CTF Job fair Recruitment firm Interview, Bitsec Skill test - Play with HackingForSoju Recruited - Online & offline competitions Development: Like the gym but hacking Travels: Korea, Poland, Romania, Las Vegas Solo competitions 5 / 14

  6. Background What is CTF? CTF Challenges Web Cryptography Forensics Binary exploitation "pwning" Reverse Engineering Format Jeopardy Attack/Defense Solo vs team Local vs online 6 / 14

  7. Background Community participation CTF Social media Twitter Community /r/netsec Podcasts Säkerhetspodcasten Säkerhetssnack ... a billion more ... Events Conferences: SEC-T, Security Fest Meetups: OWASP, SEC-T Spring Pub 7 / 14

  8. Background Blogs & Talks CTF Hobby projects Motivation + Time Community Conference talks SEC-T Security Fest Streaming YouTube channel Collaboration with LiveOverflow Blog - https://zeta-two.com 8 / 14

  9. Background Bug Bounties CTF Limited success previously H1-702 2017 Community H1-702: Preparations H1-702: Las Vegas 9 / 14

  10. Background Act 1, the Orange saga CTF Reversed GitHub Enterprise obfuscation Found some nice bugs Community Made a blogpost "I want the same setup!" -@avlidienbrunn RCE in This obfuscation is intended to discourage GitHub Enterprise GitHub customers from making modifications to the VM. We know this 'encryption' is easily broken. 10 / 14

  11. Background Act 2, @avlidienbrunn CTF A lot of features Source code helps Community Integrations - SSRF HTTP: Protected XMPP is not HTTP RCE in GitHub <?xml version='1.0'?><stream:stream to=' payload_lowercased_goes_here ' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org 11 / 14

  12. Background Act 3, CTF meets real world CTF localhost:6379 - Redis Worker queue Community LUA "I recognize this" CTF! RCE in SSRF -> RCE GitHub eval "redis.call('lpush', 'resque:queue:low', '{\"class\":\"'..string.char(71)..'it'.. string.char(72)..'ub::'..string.char(74).. 'obs::'..string.char(85)..'ser'..string.char(83).. 'uspend\",\"args\":[10,\"n00b\"]}'`)" 0 eval "redis.call('lpush', 'resque:queue:low', '{\"class\":\"GitHub::Jobs::UserSuspend\", \"args\":[10,\"n00b\"]}')" 0 {"class":"GitHub::Jobs::UserSuspend","args":[10,"n00b"]} 12 / 14

  13. Background So, in summary... CTF Base: Solid programming foundation Community Curiosity Persistence Mix-in: RCE in Capture the Flag GitHub Community engagement A lot of time Result: Epilogue Hacker Useful skills Friends and network Great job opportunities 13 / 14

  14. Questions? 14 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Principal Consultant @muellermarc Microsoft I like but Im a Microsoft Fan-Boy

Principal Consultant @muellermarc Microsoft I like but Im a Microsoft Fan-Boy

Marc Mller Principal Consultant @muellermarc Microsoft I like but Im a Microsoft Fan-Boy https://twitter.com/dberkholz/status/689211852157407233 100 Deployments pro Tag! UI BL DAL Order Order Orders Logic Data Product

668 views • 46 slides
Performance Evaluation of Containers for HPC Cristian Ruiz, Emmanuel Jeanvoine and Lucas Nussbaum

Performance Evaluation of Containers for HPC Cristian Ruiz, Emmanuel Jeanvoine and Lucas Nussbaum

Performance Evaluation of Containers for HPC Cristian Ruiz, Emmanuel Jeanvoine and Lucas Nussbaum INRIA Nancy, France VHPC15 . . . . . . . . Outline Introduction 1 State of the art 2 Experimental evaluation 3 Conclusions 4

488 views • 27 slides
MultiLanes: Providing Virtualized Storage for OS-level Virtualization on Many Cores Junbin Kang,

MultiLanes: Providing Virtualized Storage for OS-level Virtualization on Many Cores Junbin Kang,

MultiLanes: Providing Virtualized Storage for OS-level Virtualization on Many Cores Junbin Kang, Benlong Zhang, Tianyu Wo, Chunming Hu, and Jinpeng Huai Beihang University 20140904 1 ICT Outline Background MultiLanes Design

277 views • 24 slides
Enabling Hybrid CAN and CAN FD Networks Tony Adamson Marketing Manager CAN / LIN / FlexRay

Enabling Hybrid CAN and CAN FD Networks Tony Adamson Marketing Manager CAN / LIN / FlexRay

Enabling Hybrid CAN and CAN FD Networks Tony Adamson Marketing Manager CAN / LIN / FlexRay NXP Semiconductors COVER PAGE SUBTITLE PLACEHOLDER COMPANY CONFIDENTIAL Why Automotive OEMs look to CAN FD Accelerate bandwidth in general operation

630 views • 24 slides
Introductory Computer Security CS461/ECE422 Fall 2009 Susan Hinrichs Slide #1-1 Outline

Introductory Computer Security CS461/ECE422 Fall 2009 Susan Hinrichs Slide #1-1 Outline

Introductory Computer Security CS461/ECE422 Fall 2009 Susan Hinrichs Slide #1-1 Outline Administrative Issues Class Overview Information Assurance Overview Components of computer security Threats, Vulnerabilities,

554 views • 30 slides
SIP Working Group IETF 73 chaired by Keith Drage, Dean Willis Note Well Any submission to the

SIP Working Group IETF 73 chaired by Keith Drage, Dean Willis Note Well Any submission to the

SIP Working Group IETF 73 chaired by Keith Drage, Dean Willis Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF

372 views • 13 slides
OpenAFS Release Team Report Michael Meffie June 19, 2019 Michael Meffie OpenAFS Release Team

OpenAFS Release Team Report Michael Meffie June 19, 2019 Michael Meffie OpenAFS Release Team

OpenAFS Release Team Report Michael Meffie June 19, 2019 Michael Meffie OpenAFS Release Team Report June 19, 2019 1 / 17 OpenAFS Release Team Weekly meetings via jabber on Fridays jabber: release-team@conference.openafs.org email:

309 views • 17 slides
Social network plugin for telepathy framework Kirill Ivashov, Vyacheslav Dimitrov, Kirill Kulakov

Social network plugin for telepathy framework Kirill Ivashov, Vyacheslav Dimitrov, Kirill Kulakov

Social network plugin for telepathy framework Kirill Ivashov, Vyacheslav Dimitrov, Kirill Kulakov Petrozavodsk State University Department of Computer Science 9 th FRUCT conference, April 2629, Petrozavodsk, Russia Kirill Ivashov Social

506 views • 14 slides
Flash talk presentation NORDUnet NOC 3 rd TF-NOC meeting, June 28 th Zurich Stefan Listrm

Flash talk presentation NORDUnet NOC 3 rd TF-NOC meeting, June 28 th Zurich Stefan Listrm

NORDUnet Nordic Infrastructure for Research &amp; Education Flash talk presentation NORDUnet NOC 3 rd TF-NOC meeting, June 28 th Zurich Stefan Listrm Project manager NORDUnet NORDUnet Agenda Nordic infrastructure for Research &amp;

321 views • 11 slides
Connecting A Global Campus The Landscape The Landscape Institutional Perspective: Duke Global

Connecting A Global Campus The Landscape The Landscape Institutional Perspective: Duke Global

Connecting A Global Campus The Landscape The Landscape Institutional Perspective: Duke Global The Landscape Institutional Perspective: Duke Global Global IT Process: Discovery, Preparation, Implementation The Landscape Institutional

1.48k views • 114 slides
Seeking Default/Control Plane Tony Tauber Can we reach each other? Geoff Hustons talk on

Seeking Default/Control Plane Tony Tauber Can we reach each other? Geoff Hustons talk on

Seeking Default/Control Plane Tony Tauber Can we reach each other? Geoff Hustons talk on Desperately Seeking Default 1 Telephony based on any-to-any (peer-to-peer) connectivity All telephones equally reachable; anyone could

264 views • 9 slides
Social Clouds Creating a research agenda Andrew Lippman MIT Media Lab October, 2010 Clouds and

Social Clouds Creating a research agenda Andrew Lippman MIT Media Lab October, 2010 Clouds and

Social Clouds Creating a research agenda Andrew Lippman MIT Media Lab October, 2010 Clouds and Mists: 1 st Cloud Defined by access Familiar as the internet Result of a nexus: PC, backbone, ISPs Web Opened vast doors to creativity Clouds and

592 views • 24 slides
Binary XML and its Characterization Robin Berjon, XML Prague, 25/06/2005 What is Binary XML?

Binary XML and its Characterization Robin Berjon, XML Prague, 25/06/2005 What is Binary XML?

Binary XML and its Characterization Robin Berjon, XML Prague, 25/06/2005 What is Binary XML? Its not XML not in XML syntax doesnt comply to the XML specifications cant give it to an XML parser, it wont work your

553 views • 23 slides
AFRINIC-11 LOGISTICS AND ANNOUCEMENTS LILLIAN SHARPLEY, COMMUNICATIONS AREA MANAGER AFRINIC-11

AFRINIC-11 LOGISTICS AND ANNOUCEMENTS LILLIAN SHARPLEY, COMMUNICATIONS AREA MANAGER AFRINIC-11

AFRINIC-11 LOGISTICS AND ANNOUCEMENTS LILLIAN SHARPLEY, COMMUNICATIONS AREA MANAGER AFRINIC-11 SPECIAL THANKS AGENDA OVERVIEW 4 th AFRICAN IPv6 CONFERENCE TUESDAY, 24 NOV 2009 MORNING IPv6 Uptake, International ISP, Orange Update on

577 views • 13 slides
LURK Interim BOF Eric Burger Yaron Sheffer Via the Internet Thingy Jabber: lurk@jabber.ieE.org

LURK Interim BOF Eric Burger Yaron Sheffer Via the Internet Thingy Jabber: lurk@jabber.ieE.org

LURK Interim BOF Eric Burger Yaron Sheffer Via the Internet Thingy Jabber: lurk@jabber.ieE.org Materials: hHps://datatracker.ieE.org/meeLng/interim-2016-lurk-2/session/lurk/ IETF Note Well This summary is only meant to point you in the right

276 views • 12 slides
F2F Computing An Introduction Ulrich Norbisrath Teooriapevad Plvas 2008/01/26 Ulrich

F2F Computing An Introduction Ulrich Norbisrath Teooriapevad Plvas 2008/01/26 Ulrich

F2F Computing An Introduction Ulrich Norbisrath Teooriapevad Plvas 2008/01/26 Ulrich Norbisrath (http://ulno.net) F2F Computing An Introduction 2008/01/24 University of Tartu http://f2f.ulno.net 1/15 Outline Anecdote

500 views • 15 slides
ELEC / COMP 177 Fall 2015 Some slides from Kurose

ELEC / COMP 177 Fall 2015 Some slides from Kurose

ELEC / COMP 177 Fall 2015 Some slides from Kurose and Ross, Computer Networking , 5 th Edition Project 2 Python HTTP Server v2 Starts

426 views • 26 slides
Distributed ephemeral log service Log entries are replicated,dispersed See Ivy,

Distributed ephemeral log service Log entries are replicated,dispersed See Ivy,

Distributed ephemeral log service Log entries are replicated,dispersed See Ivy, Palimpsest papers. Nodes can append to their own log Can read any log Nodes implement FIFO queue of log entries Old entries fall off the

435 views • 5 slides
Welcome to the Routing wg at RIPE 74 Joo Damas, Paolo Moroni Agenda A. Welcome. 5

Welcome to the Routing wg at RIPE 74 Joo Damas, Paolo Moroni Agenda A. Welcome. 5

Welcome to the Routing wg at RIPE 74 Joo Damas, Paolo Moroni Agenda A. Welcome. 5 Thanks to the scribe, jabber scribe and stenographer. Microphone etiquette. Minutes from RIPE 73. B. IRR Filtering at IXP Route Servers. 30 Erik

264 views • 4 slides
INTRODUCING OSSEC host-based IDS Saturday 21 st November, 2015 Theresa Meiksner BSidesVienna

INTRODUCING OSSEC host-based IDS Saturday 21 st November, 2015 Theresa Meiksner BSidesVienna

INTRODUCING OSSEC host-based IDS Saturday 21 st November, 2015 Theresa Meiksner BSidesVienna 0x7DF (2015) Overview 1. What is OSSEC? 2. Architectural overview 3. Why do we need log analysis? 4. How to detect a rootkit with OSSEC? 5. ELK

651 views • 20 slides
Mining Debian Maintainer Scripts Nicolas Jeannerod and Ralf Treinen joint work with Yann R

Mining Debian Maintainer Scripts Nicolas Jeannerod and Ralf Treinen joint work with Yann R

Intro Static Parser for Shell Statistical Analysis of Scripts Findings Conclusion Mining Debian Maintainer Scripts Nicolas Jeannerod and Ralf Treinen joint work with Yann R egis-Gianas IRIF, Universit e Paris-Diderot July 31, 2018

581 views • 41 slides
Polish NGI: PL-Grid www.plgrid.pl/en Marcin Radecki EGI-InSPIRE SA1 Kickoff Meeting 1

Polish NGI: PL-Grid www.plgrid.pl/en Marcin Radecki EGI-InSPIRE SA1 Kickoff Meeting 1

Polish NGI: PL-Grid www.plgrid.pl/en Marcin Radecki EGI-InSPIRE SA1 Kickoff Meeting 1 PL-Grid Project Establish and manage Polish e-Infrastructure for supporting Computational Science in European Research Space, 2009- 2011, 20M

212 views • 19 slides
Mining Patterns and Building Classifiers From Software Data: Addressing Soft. Maintenance &amp;

Mining Patterns and Building Classifiers From Software Data: Addressing Soft. Maintenance &amp;

Mining Patterns and Building Classifiers From Software Data: Addressing Soft. Maintenance &amp; Reliability Issues David Lo School of Information Systems Singapore Management University Presentation at UIUC July 31, 2009 1 Motivation:

693 views • 58 slides
M33TFINDER: DIsclosINg coRpoRaTE sEcRETs VIa VIDEocoNFERENcEs Ing. Yamila Levalle @ylevalle Ing.

M33TFINDER: DIsclosINg coRpoRaTE sEcRETs VIa VIDEocoNFERENcEs Ing. Yamila Levalle @ylevalle Ing.

M33TFINDER: DIsclosINg coRpoRaTE sEcRETs VIa VIDEocoNFERENcEs Ing. Yamila Levalle @ylevalle Ing. Yamila Levalle @ylevalle

400 views • 16 slides

More recommend