your web server has been hacked now what
play

Your web server has been hacked now what? Archzilon Eshun-Davies - PowerPoint PPT Presentation

Dec 13, 2023 •131 likes •247 views

Your web server has been hacked now what? Archzilon Eshun-Davies (@laudarch)_ CISO/CEO Tactical Intelligence Security OWASP Ghana 2019 Who is this talk for? - Individuals, developers and sys admins. Are you sure youve been hacked? Q1:

  1. Your web server has been hacked now what? Archzilon Eshun-Davies (@laudarch)_ CISO/CEO Tactical Intelligence Security OWASP Ghana 2019

  2. Who is this talk for? - Individuals, developers and sys admins.

  3. Are you sure you’ve been hacked? Q1: Does your site look suspiciously different? Q2: Did your bandwidth usage shoot up? Q3: Are your customers complaining of strange calls? Q4: Have you lost money? Archzilon Eshun-Davies (@laudarch)

  4. Yes you have You can tell because well it looks like this or similar. Archzilon Eshun-Davies (@laudarch)

  5. How did they get in? Logs: Log files in /var/log, error_log. Check you app: PHP, JS, CSS, PDFs, files - If you have baseline here it’ll help a lot . Forensics: File dates, permissions, sizes, access date and time etc Database: Check your database for funny queries and injected queries and procedures. Check developers workstations. Cron Jobs: Check cron jobs for unusual jobs. Someone compromising a system will often leave a backdoor to get back in again and again. Cron is a very popular way to do this if they managed to get that far. Archzilon Eshun-Davies (@laudarch)

  6. How does it look like? Archzilon Eshun-Davies (@laudarch)

  7. 404 Good, 200 Bad We can follow attack patterns to see when they succeeded and where. While you go through logs you are looking for how and where they succeeded. Archzilon Eshun-Davies (@laudarch)

  8. Archzilon Eshun-Davies (@laudarch)

  9. All IPs are liars. Implement your own logger take all IPs $ip[] = $_SERVER['HTTP_CLIENT_IP']; $ip[] = $_SERVER['HTTP_X_FORWARDED_FOR']; $ip[] = $_SERVER['REMOTE_ADDR']; You might just get the real IP from the proxy. Archzilon Eshun-Davies (@laudarch)

  10. How to prevent the hack • Harden servers, including using vendor recommendations on secure configurations • Code review and testing. • Have your web app / web site vulnerability tested by a professional certified tester at least once. • Use Intrusion Prevention Systems. • Check out OWASP www.owasp.org and http://phpsec.org/projects/guide/2.html for web application security resources. Archzilon Eshun-Davies (@laudarch)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How we hacked How we hacked and what happened next and how you can be safe Ruben van Vreeland

How we hacked How we hacked and what happened next and how you can be safe Ruben van Vreeland

How we hacked How we hacked and what happened next and how you can be safe Ruben van Vreeland Fixed Fixed https://www.owasp.org/index.php/Top_10_2013-Top_10 <script>alert(1)</script> User Data Change Data XSS Bootstrap

1.06k views • 59 slides
Welcome to NEOnets Cyber Security Executive Briefing If you havent yet been hacked, you

Welcome to NEOnets Cyber Security Executive Briefing If you havent yet been hacked, you

Welcome to NEOnets Cyber Security Executive Briefing If you havent yet been hacked, you will be. In fact, you already may have been hacked, but dont know it yet. Stu Davis, Chief Information Officer, Ohio Department of

600 views • 45 slides
How we hacked and how you can be safe and what happened next Ruben van Vreeland Ruben van

How we hacked and how you can be safe and what happened next Ruben van Vreeland Ruben van

How we hacked How we hacked and how you can be safe and what happened next Ruben van Vreeland Ruben van Vreeland Web Application Security Web hosting / infrastructure Web applications / platforms VB6, C#, PHP, (Spring) Java

569 views • 29 slides
Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot gray inc. @dotgray Sunday, March 15, 15 Resources Codex.WordPress.org / Hardening_WordPress Blog.Sucuri.net / WordPress Security WPSecure.net /

608 views • 32 slides
Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

E LIOM Tierless Web programming from the ground up Gabriel R ADANNE Jrme V OUILLON Vincent B ALAT Vasilis P APAVASILEIOU Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server DOM 2 2 / 22 1

778 views • 42 slides
Identity Risk & Governance I may not get hacked but I know I will be audited! 1

Identity Risk & Governance I may not get hacked but I know I will be audited! 1

A Strategic Portfolio Focus on Identity Risk & Governance I may not get hacked but I know I will be audited! 1 #GetIAMRight | One Identity - Restricted - Confidential IAM Risk Framework Provide a comprehensive view of real-time

366 views • 13 slides
Server Server Server Server Server Datacenter Network (e.g., Ethernet, InfiniBand,

Server Server Server Server Server Datacenter Network (e.g., Ethernet, InfiniBand,

Chanwoo Chung , Jinhyung Koo, Junsu Im, Arvind , and Sungjin Lee DGIST and MIT NVRAMOS 19 2019.10.24 DATA -INTENSIVE COMPUTING SYSTEMS LAB ORATORY Computation Application Application Application Application Application

597 views • 48 slides
The Shocking Secrets of the Electric Grid !!! Are Current Fears That It Can Be Hacked Well

The Shocking Secrets of the Electric Grid !!! Are Current Fears That It Can Be Hacked Well

The Shocking Secrets of the Electric Grid !!! Are Current Fears That It Can Be Hacked Well Grounded? Eastern Western Texas Transmission G L Generation Load Kilowatt = 1 thousand watts Megawatt = 1 million watts Gigawatt = 1

323 views • 18 slides
1 Handling Return Traffic Handling Return Traffic URL Switching URL Switching Idea: switch

1 Handling Return Traffic Handling Return Traffic URL Switching URL Switching Idea: switch

The Server Selection Problem The Server Selection Problem server array A server farm B Which server? Server Traffic Management Server Traffic Management not-so-great solutions static client binding manual selection HTTP forwarding Jeff

810 views • 3 slides
HACKED EVIDENCE - NOW WHAT? Kyiv Arbitration Days, 13 September 2019 Veronika Korom Solicitor,

HACKED EVIDENCE - NOW WHAT? Kyiv Arbitration Days, 13 September 2019 Veronika Korom Solicitor,

HACKED EVIDENCE - NOW WHAT? Kyiv Arbitration Days, 13 September 2019 Veronika Korom Solicitor, England & Wales Avocat au Barreau de Paris ESSEC Business School This copy is for your personal, non-commercial use only. To order

457 views • 8 slides
SERVER SKY Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com

SERVER SKY Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com

SERVER SKY Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com 2009 September 26 Abstract It is easier to move bits than atoms or energy. Server-sats are ultralight disks of silicon that convert sunlight

269 views • 24 slides
How I Hacked facebook Again! by Orange Tsai Orange Tsai Principal security researcher at

How I Hacked facebook Again! by Orange Tsai Orange Tsai Principal security researcher at

How I Hacked facebook Again! by Orange Tsai Orange Tsai Principal security researcher at DEVCORE Captain of HITCON CTF team 0day researcher, focusing on Web/Application security orange_8361 Infiltrating Corporate Intranet Like NSA

764 views • 75 slides
Server Traffic Management Server Traffic Management Jeff Chase Duke University, Department of

Server Traffic Management Server Traffic Management Jeff Chase Duke University, Department of

Server Traffic Management Server Traffic Management Jeff Chase Duke University, Department of Computer Science CPS 212: Distributed Information Systems The Server Selection Problem The Server Selection Problem server array A server farm B

430 views • 14 slides
How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November

How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November

How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November 2014 B-Sides Vienna Sebastian Bachmann & Tibor Eli as How we hacked Online Banking Malware 22. November 2014 1 / 55 About Us About:

576 views • 55 slides
SERVER SKY - Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com

SERVER SKY - Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com

SERVER SKY - Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com 2009 September 28 Abstract It is easier to move bits than atoms or energy. Server-sats are ultra-thin disks of silicon in earth orbit, powered by

473 views • 12 slides
#Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS

#Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS

2/28/2019 #Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS Manager, City of Frisco How frequently are local governments under cyberattack? 70 60 50 40 30 20 10 0 Hourly or more At least

437 views • 18 slides
A Big Data Architecture for the Detection of Anomalies within Database Connection Logs Swapneel

A Big Data Architecture for the Detection of Anomalies within Database Connection Logs Swapneel

A Big Data Architecture for the Detection of Anomalies within Database Connection Logs Swapneel Mehta, Prasanth Kothuri, Daniel Lanza Garcia European Organisation for Nuclear Research Meyrin, Geneva {swapneel.sundeep.mehta, prasanth.kothuri,

253 views • 6 slides
Open-access datasets for time series causality discovery validation I. Guyon, C. Aliferis, G.

Open-access datasets for time series causality discovery validation I. Guyon, C. Aliferis, G.

Open-access datasets for time series causality discovery validation I. Guyon, C. Aliferis, G. Cooper, A. Elisseff, O. Guyon, J.-P. Pellet, A. Statnikov, P. Spirtes http://clopinet.com/causality/ causality@clopinet.com The challenges of

507 views • 16 slides
and Combinations of Key-Phrases and Visual Features Yaakov HaCohen-Kerner 1 , Asaf Sabag 1,

and Combinations of Key-Phrases and Visual Features Yaakov HaCohen-Kerner 1 , Asaf Sabag 1,

Classification Using Various Machine Learning Methods and Combinations of Key-Phrases and Visual Features Yaakov HaCohen-Kerner 1 , Asaf Sabag 1, Dimitris Liparas 2 , Anastasia Moumtzidou 2 , Stefanos Vrochidis 2 , Ioannis Kompatsiaris 2 1 Dept. of

433 views • 19 slides
Recast European Insolvency Regulation An Introductory Analysis Prof. Dr. Bob Wessels Em. Prof.

Recast European Insolvency Regulation An Introductory Analysis Prof. Dr. Bob Wessels Em. Prof.

Recast European Insolvency Regulation Prof. Dr. Bob Wessels Recast European Insolvency Regulation An Introductory Analysis Prof. Dr. Bob Wessels Em. Prof. University of Leiden / The Netherlands info@bobwessels.nl [February 2015]

292 views • 17 slides
Catch Your Own Bugs: Including all Engineers in the Automation Cycle Laura Bright McAfee, Inc .

Catch Your Own Bugs: Including all Engineers in the Automation Cycle Laura Bright McAfee, Inc .

Catch Your Own Bugs: Including all Engineers in the Automation Cycle Laura Bright McAfee, Inc . Laura_Bright@mcafee.com October 9, 2012 Introduction End-to-end automation frameworks provide many benefits Continual monitoring of product

423 views • 23 slides
Hardening PHP - Some basic security measures. Antonio Bonifati

Hardening PHP - Some basic security measures. Antonio Bonifati

Hardening PHP - Some basic security measures. Antonio Bonifati <http://ninuzzo.freehostia.com> ABSTRACT A summary of the most important PHP settings aimed at improving security of PHP web servers. Whenever you have to harden a PHP

615 views • 5 slides
Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing

Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing

Mathieu Deous Julien Reveret Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing forensic analysis on a compromised web server What to search, where, how ? Logs but also dynamic analysis What

603 views • 28 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Introduction Introduction Welcome to the course! Instructor: Dr. Charles J. Antonelli

209 views • 10 slides

More recommend