SlideShare une entreprise Scribd logo

idsecconf2010-hacking priv8 network

Ammar WK
Ammar WK

This Paper Presented at IDSECCONF2010

Technologie
1  sur  30
Télécharger pour lire hors ligne
Hacking into Bank priv8 Network y3dips@echo.or.id | y3dips.echo.or.id
Private Network • Old time: Infrastructure Deploy by banks • Present time: Public infrastructure usage - VPN
VPN • Just like a Phone call between 2 node over public phone infrastructure • Priv8 network service delivered over a public network infrastructure
VPN • a Virtual Private Network • l2tp, pptp, ipsec, ssl vpn, ssh based vpn (oepn vpn)
VPNVPN
Why Using VPN • Bank eagerly needed a private line! • Reducing Cost. • “It should be” Secure.
Why Attacking VPN • Yes, Its Private. • Is it Secure? (relatively). • The Most Dangerous place are the safest place. • Rely on the security product.
Hacking The IPSECs VPN
TheVPN Topology host client site client WEB server airport DB server Internet IPSEC Tunnel SITE-TO-SITE REMOTE ACCESS (software client)
The IPSECs
IPSEC
IPSEC • Set of Protocols. • AH, ESP, IKE, Encryption. • Layer 3, Network • udp 500, 4500, IP 50,51
Famous Issue with The IPSECs VPN
Cisco “password 7” type encoding = l33t :P
Core Issue ! supportforums.cisco.com
Aggressive Mode Issue • Quick Handshake. • Hash in Plaintext. • Dedicated IP not a mandatory. • User (ID) not a mandatory.
Well Known Tools • Ike-Scan • Ike-probe • IKEprober • ikecrack-snarf
Custom Tools?
How it works
What Next? • Crack the PSK with known Tools • psk-crack • Build Your Own Cracker (not so hard but not done :P)
Other Issue • Vendor Issue with the device/protocl implementation (!google) • Configuration Issue • Split tunneling • Transform Mode • Credential storing • Un-encrypted • Not Secure
host client site client WEB server airport DB server Internet IPSEC Tunnel SITE-TO-SITE REMOTE ACCESS (software client) [ Show Over ]
Survive • “Eliminate transport mode and the AH protocol, and fold authentication of the ciphertext into the ESP protocol, leaving only ESP in tunnel mode.” http://www.schneier.com/paper-ipsec.html
Survive • Dont Use PSK please :) • Disable Aggresive Mode in the device • Network Filtering • Never use Dynamic IP • Filter IP to connect to Gateway
Reference • PSK Cracking using IKE Aggressive Mode - Michael Thumann • IPSec VPN Design - Vijay Bollapragada, Mohamed Khalid, Scott Wainner • Great Old “google” also for “most of the” images.
Thanks @y3dips

Recommandé

Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginnersn|u - The Open Security Community
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...JosephTesta9
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 

Recommandé

Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginnersn|u - The Open Security Community
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...JosephTesta9
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
A Byte of Software Deployment
A Byte of Software DeploymentA Byte of Software Deployment
A Byte of Software DeploymentGong Haibing
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkGreater Noida Institute Of Technology
 
Vp ns
Vp nsVp ns
Vp nsAyano Midakso
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShellkieranjacobsen
 
Significant Audio Test Time Reduction, testing all Channels in parallel
Significant Audio Test Time Reduction, testing all Channels in parallelSignificant Audio Test Time Reduction, testing all Channels in parallel
Significant Audio Test Time Reduction, testing all Channels in parallelHTCS LLC
 
Avermetrics intro
Avermetrics introAvermetrics intro
Avermetrics introHTCS LLC
 
Los Angeles AWS Users Group - Athena Deep Dive
Los Angeles AWS Users Group - Athena Deep DiveLos Angeles AWS Users Group - Athena Deep Dive
Los Angeles AWS Users Group - Athena Deep DiveKevin Epstein
 
Open Source Networking
Open Source NetworkingOpen Source Networking
Open Source NetworkingArtur Bergman
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
OSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devicesOSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devicesNETWAYS
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Web servers for the Internet of Things
Web servers for the Internet of ThingsWeb servers for the Internet of Things
Web servers for the Internet of ThingsAlexandru Radovici
 
Security workflow with ansible
Security workflow with ansibleSecurity workflow with ansible
Security workflow with ansibledevanshdubey7
 
Upcoming Products, Services and Features - Workshop by Praveen Umanath
Upcoming Products, Services and Features - Workshop by Praveen UmanathUpcoming Products, Services and Features - Workshop by Praveen Umanath
Upcoming Products, Services and Features - Workshop by Praveen UmanathResellerClub
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksNortheast Ohio Information Security Forum
 
Huiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attackHuiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attackGeekPwn Keen
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCanSecWest
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Wireshar training
Wireshar trainingWireshar training
Wireshar trainingLuke Luo
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 

Contenu connexe

Tendances

A Byte of Software Deployment
A Byte of Software DeploymentA Byte of Software Deployment
A Byte of Software DeploymentGong Haibing
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShellkieranjacobsen
 
Significant Audio Test Time Reduction, testing all Channels in parallel
Significant Audio Test Time Reduction, testing all Channels in parallelSignificant Audio Test Time Reduction, testing all Channels in parallel
Significant Audio Test Time Reduction, testing all Channels in parallelHTCS LLC
 
Avermetrics intro
Avermetrics introAvermetrics intro
Avermetrics introHTCS LLC
 
Los Angeles AWS Users Group - Athena Deep Dive
Los Angeles AWS Users Group - Athena Deep DiveLos Angeles AWS Users Group - Athena Deep Dive
Los Angeles AWS Users Group - Athena Deep DiveKevin Epstein
 
Open Source Networking
Open Source NetworkingOpen Source Networking
Open Source NetworkingArtur Bergman
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
OSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devicesOSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devicesNETWAYS
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Web servers for the Internet of Things
Web servers for the Internet of ThingsWeb servers for the Internet of Things
Web servers for the Internet of ThingsAlexandru Radovici
 
Security workflow with ansible
Security workflow with ansibleSecurity workflow with ansible
Security workflow with ansibledevanshdubey7
 
Upcoming Products, Services and Features - Workshop by Praveen Umanath
Upcoming Products, Services and Features - Workshop by Praveen UmanathUpcoming Products, Services and Features - Workshop by Praveen Umanath
Upcoming Products, Services and Features - Workshop by Praveen UmanathResellerClub
 
Huiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attackHuiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attackGeekPwn Keen
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCanSecWest
 

Tendances (18)

A Byte of Software Deployment
A Byte of Software DeploymentA Byte of Software Deployment
A Byte of Software Deployment
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Vp ns
Vp nsVp ns
Vp ns
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAF
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
 
Significant Audio Test Time Reduction, testing all Channels in parallel
Significant Audio Test Time Reduction, testing all Channels in parallelSignificant Audio Test Time Reduction, testing all Channels in parallel
Significant Audio Test Time Reduction, testing all Channels in parallel
 
Avermetrics intro
Avermetrics introAvermetrics intro
Avermetrics intro
 
Los Angeles AWS Users Group - Athena Deep Dive
Los Angeles AWS Users Group - Athena Deep DiveLos Angeles AWS Users Group - Athena Deep Dive
Los Angeles AWS Users Group - Athena Deep Dive
 
Open Source Networking
Open Source NetworkingOpen Source Networking
Open Source Networking
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source Options
 
OSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devicesOSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devices
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
 
Web servers for the Internet of Things
Web servers for the Internet of ThingsWeb servers for the Internet of Things
Web servers for the Internet of Things
 
Security workflow with ansible
Security workflow with ansibleSecurity workflow with ansible
Security workflow with ansible
 
Upcoming Products, Services and Features - Workshop by Praveen Umanath
Upcoming Products, Services and Features - Workshop by Praveen UmanathUpcoming Products, Services and Features - Workshop by Praveen Umanath
Upcoming Products, Services and Features - Workshop by Praveen Umanath
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
 
Huiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attackHuiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attack
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnology
 

En vedette

Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Wireshar training
Wireshar trainingWireshar training
Wireshar trainingLuke Luo
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionChris Harrington
 
Beyaz Şapkalı Hacker Eğitimi Yardımcı Ders Notları
Beyaz Şapkalı Hacker Eğitimi Yardımcı Ders NotlarıBeyaz Şapkalı Hacker Eğitimi Yardımcı Ders Notları
Beyaz Şapkalı Hacker Eğitimi Yardımcı Ders NotlarıBGA Cyber Security
 
Let's Hack School: Learner Agency in a Time of New Technologies
Let's Hack School: Learner Agency in a Time of New TechnologiesLet's Hack School: Learner Agency in a Time of New Technologies
Let's Hack School: Learner Agency in a Time of New Technologiesbudtheteacher
 

En vedette (8)

Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wireshark
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
Wireshar training
Wireshar trainingWireshar training
Wireshar training
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet Inspection
 
Beyaz Şapkalı Hacker Eğitimi Yardımcı Ders Notları
Beyaz Şapkalı Hacker Eğitimi Yardımcı Ders NotlarıBeyaz Şapkalı Hacker Eğitimi Yardımcı Ders Notları
Beyaz Şapkalı Hacker Eğitimi Yardımcı Ders Notları
 
Georgia Tech Hack Day
Georgia Tech Hack DayGeorgia Tech Hack Day
Georgia Tech Hack Day
 
Let's Hack School: Learner Agency in a Time of New Technologies
Let's Hack School: Learner Agency in a Time of New TechnologiesLet's Hack School: Learner Agency in a Time of New Technologies
Let's Hack School: Learner Agency in a Time of New Technologies
 

Similaire à idsecconf2010-hacking priv8 network

DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...Felipe Prado
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)ClubHack
 
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...PROIDEA
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsAleksandr Timorin
 
You think your WiFi is safe?
You think your WiFi is safe?You think your WiFi is safe?
You think your WiFi is safe?Rob Gillen
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network SecurityUC San Diego
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Adam Dunkels
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon chinaPeter Hlavaty
 
Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE
Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE
Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE Dragos, Inc.
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockownerkhan
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
 

Similaire à idsecconf2010-hacking priv8 network (20)

DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
 
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanisms
 
You think your WiFi is safe?
You think your WiFi is safe?You think your WiFi is safe?
You think your WiFi is safe?
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon china
 
Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE
Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE
Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE
 
Phifer 3 30_04
Phifer 3 30_04Phifer 3 30_04
Phifer 3 30_04
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknock
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud Platforms
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.
 

Plus de Ammar WK

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssnAmmar WK
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?Ammar WK
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0dayAmmar WK
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareAmmar WK
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteAmmar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingAmmar WK
 
Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
Network security
Network securityNetwork security
Network securityAmmar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security ProfessionalAmmar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationAmmar WK
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A HackerAmmar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 

Plus de Ammar WK (20)

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssn
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0day
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or White
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
Network security
Network securityNetwork security
Network security
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security Professional
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigation
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A Hacker
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 

Dernier

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 

Dernier (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 

idsecconf2010-hacking priv8 network