SlideShare une entreprise Scribd logo

Password Security Techniques Discussion

Ammar WK
Ammar WK
1  sur  36
Télécharger pour lire hors ligne
Ahmad Muammar W. K. http://google.com/search?q=y3dips
Details Password Deal with Cracking Passive Action Simulation Discussion http://google.com/search?q=y3dips
Password Why ? “Kata Kunci” diansastro 090382 mickey http://google.com/search?q=y3dips
Password Panjang Minimum 6 Karakter Tidak Ber-Makna (bukan nama pacar, bukan tanggal lahir) Kombinasi Huruf, Angka dan karakter lain UsernameX Password Perlu Pengamanan extra http://google.com/search?q=y3dips
Password PassPhrase ? D1an545TR0 4m1nkExtravaganz4 KaptenTSUBASA http://google.com/search?q=y3dips
Ahmad Muammar W. K. http://google.com/search?q=y3dips
Simulation ! Cracking windows Password via linux via windows Cracking Linux Password Remote Cracking http://google.com/search?q=y3dips
Cracking windows Password Tools Bkhive + sampdump2 (getting hash) Pwdump2 (getting hash) John the ripper for cracking the hash Database password : SAM file , system http://google.com/search?q=y3dips
Cracking Linux Password Tools Unshadow John the ripper for cracking the hash Database password : passwd, shadow http://google.com/search?q=y3dips
Remote Cracking Bruteforcing via network Slow speed Brutus, hydra, ssh crack, tftpd-bruteforce http://google.com/search?q=y3dips
Ahmad Muammar W. K. http://google.com/search?q=y3dips
Passive Action? Browser Ability? Keylogger Application/Engine Hole Insecure protocol/line http://google.com/search?q=y3dips
Ahmad Muammar W. K. http://google.com/search?q=y3dips
Browser Ability Wand/Remember Password History Cache ability etc http://google.com/search?q=y3dips
Ahmad Muammar W. K. http://google.com/search?q=y3dips
Keylogger Malicious Program Key stroke Passive tools http://google.com/search?q=y3dips
Ahmad Muammar W. K. http://google.com/search?q=y3dips
Bugs in Application Application/Engine Vulnerability Information disclosure e.g: phpnuke, postnuke, mambo http://google.com/search?q=y3dips
Ahmad Muammar W. K. http://google.com/search?q=y3dips
Insecure Line Plaintext protocol ( http, tcp, smtp ) Plaintext Data Sniff it & collect it ( ethereal, ettercap, dsniff, etc) http://google.com/search?q=y3dips
http:// clear text
Ahmad Muammar W. K. http://google.com/search?q=y3dips
Survive Using a better pass phrase Using secure line/protocol Encryption Securing tools (firewall, antivirus) Update info E.t.c http://google.com/search?q=y3dips
Ahmad Muammar W. K. http://google.com/search?q=y3dips

Recommandé

Archivo Word
Archivo WordArchivo Word
Archivo WordBrayanStevenHerreraCombariza
 
Google Dorks -Advance Searching Technique
Google Dorks -Advance Searching TechniqueGoogle Dorks -Advance Searching Technique
Google Dorks -Advance Searching TechniqueMayur Parmar
 
Spyware
SpywareSpyware
Spywareguest6fde72
 
Buying Domain Names / Selecting Hosting / WordPress .ORG vs .COM
Buying Domain Names / Selecting Hosting / WordPress .ORG vs .COMBuying Domain Names / Selecting Hosting / WordPress .ORG vs .COM
Buying Domain Names / Selecting Hosting / WordPress .ORG vs .COMDavid Bisset
 
Hacs workshop
Hacs workshopHacs workshop
Hacs workshopAmrita University
 
Nuevo presentación de microsoft power point
Nuevo presentación de microsoft power pointNuevo presentación de microsoft power point
Nuevo presentación de microsoft power pointAlan Martinez
 
brighton final.pptx
brighton final.pptxbrighton final.pptx
brighton final.pptxssuser152aeb
 
การปรึกษาทางไกลระหว่างประเทศผ่านเครือข่ายสังคมและโมบายแอพพิเคชัน
การปรึกษาทางไกลระหว่างประเทศผ่านเครือข่ายสังคมและโมบายแอพพิเคชันการปรึกษาทางไกลระหว่างประเทศผ่านเครือข่ายสังคมและโมบายแอพพิเคชัน
การปรึกษาทางไกลระหว่างประเทศผ่านเครือข่ายสังคมและโมบายแอพพิเคชันPrachyanun Nilsook
 

Recommandé

Archivo Word
Archivo WordArchivo Word
Archivo WordBrayanStevenHerreraCombariza
 
Google Dorks -Advance Searching Technique
Google Dorks -Advance Searching TechniqueGoogle Dorks -Advance Searching Technique
Google Dorks -Advance Searching TechniqueMayur Parmar
 
Spyware
SpywareSpyware
Spywareguest6fde72
 
Buying Domain Names / Selecting Hosting / WordPress .ORG vs .COM
Buying Domain Names / Selecting Hosting / WordPress .ORG vs .COMBuying Domain Names / Selecting Hosting / WordPress .ORG vs .COM
Buying Domain Names / Selecting Hosting / WordPress .ORG vs .COMDavid Bisset
 
Hacs workshop
Hacs workshopHacs workshop
Hacs workshopAmrita University
 
Nuevo presentación de microsoft power point
Nuevo presentación de microsoft power pointNuevo presentación de microsoft power point
Nuevo presentación de microsoft power pointAlan Martinez
 
brighton final.pptx
brighton final.pptxbrighton final.pptx
brighton final.pptxssuser152aeb
 
การปรึกษาทางไกลระหว่างประเทศผ่านเครือข่ายสังคมและโมบายแอพพิเคชัน
การปรึกษาทางไกลระหว่างประเทศผ่านเครือข่ายสังคมและโมบายแอพพิเคชันการปรึกษาทางไกลระหว่างประเทศผ่านเครือข่ายสังคมและโมบายแอพพิเคชัน
การปรึกษาทางไกลระหว่างประเทศผ่านเครือข่ายสังคมและโมบายแอพพิเคชันPrachyanun Nilsook
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareAmmar WK
 
Art of Thinking [Re-write]
Art of Thinking [Re-write]Art of Thinking [Re-write]
Art of Thinking [Re-write]Ammar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
from 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootfrom 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootAmmar WK
 
webhacking
webhackingwebhacking
webhackingAmmar WK
 
eMAPT
eMAPTeMAPT
eMAPTAndrii Holovchenko
 
Exploit Development with Python
Exploit Development with PythonExploit Development with Python
Exploit Development with PythonThomas Gregory
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution StandardSource Conference
 
Bringing SDR to the pentest community - BlackHat USA 2014
Bringing SDR to the pentest community - BlackHat USA 2014Bringing SDR to the pentest community - BlackHat USA 2014
Bringing SDR to the pentest community - BlackHat USA 2014jmichel.p
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingKhairi Aiman
 
Penetrasi Jaringan
Penetrasi JaringanPenetrasi Jaringan
Penetrasi JaringanDigital Echidna
 
IPTV Security
IPTV SecurityIPTV Security
IPTV SecurityM.Syarifudin, ST, OSCP, OSWP
 
Social Network Security & Backdooring email
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring emailM.Syarifudin, ST, OSCP, OSWP
 
iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_PentestM.Syarifudin, ST, OSCP, OSWP
 
backdooring workshop
backdooring workshopbackdooring workshop
backdooring workshopAmmar WK
 
Information gath
Information gathInformation gath
Information gathM.Syarifudin, ST, OSCP, OSWP
 
Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Dan H
 
mikrotik
mikrotik mikrotik
mikrotikFrestea Enaghsekalie
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit ResearchDan H
 
Denial Of services
Denial Of servicesDenial Of services
Denial Of servicesAmmar WK
 
Wireless Network Pentestration
Wireless Network PentestrationWireless Network Pentestration
Wireless Network PentestrationKHNOG
 

Contenu connexe

En vedette

Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareAmmar WK
 
Art of Thinking [Re-write]
Art of Thinking [Re-write]Art of Thinking [Re-write]
Art of Thinking [Re-write]Ammar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
from 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootfrom 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootAmmar WK
 
webhacking
webhackingwebhacking
webhackingAmmar WK
 
Exploit Development with Python
Exploit Development with PythonExploit Development with Python
Exploit Development with PythonThomas Gregory
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution StandardSource Conference
 
Bringing SDR to the pentest community - BlackHat USA 2014
Bringing SDR to the pentest community - BlackHat USA 2014Bringing SDR to the pentest community - BlackHat USA 2014
Bringing SDR to the pentest community - BlackHat USA 2014jmichel.p
 
backdooring workshop
backdooring workshopbackdooring workshop
backdooring workshopAmmar WK
 
Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Dan H
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit ResearchDan H
 

En vedette (20)

Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
Art of Thinking [Re-write]
Art of Thinking [Re-write]Art of Thinking [Re-write]
Art of Thinking [Re-write]
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)
 
from 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootfrom 33 to 0 - A journey to be root
from 33 to 0 - A journey to be root
 
webhacking
webhackingwebhacking
webhacking
 
eMAPT
eMAPTeMAPT
eMAPT
 
Exploit Development with Python
Exploit Development with PythonExploit Development with Python
Exploit Development with Python
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution Standard
 
Bringing SDR to the pentest community - BlackHat USA 2014
Bringing SDR to the pentest community - BlackHat USA 2014Bringing SDR to the pentest community - BlackHat USA 2014
Bringing SDR to the pentest community - BlackHat USA 2014
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Penetrasi Jaringan
Penetrasi JaringanPenetrasi Jaringan
Penetrasi Jaringan
 
IPTV Security
IPTV SecurityIPTV Security
IPTV Security
 
Social Network Security & Backdooring email
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring email
 
iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
 
backdooring workshop
backdooring workshopbackdooring workshop
backdooring workshop
 
Information gath
Information gathInformation gath
Information gath
 
Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)
 
mikrotik
mikrotik mikrotik
mikrotik
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit Research
 

Similaire à Password Security Techniques Discussion

Denial Of services
Denial Of servicesDenial Of services
Denial Of servicesAmmar WK
 
Wireless Network Pentestration
Wireless Network PentestrationWireless Network Pentestration
Wireless Network PentestrationKHNOG
 
They need either one Manually easy or Hard1. Go to dnschecker..docx
They need either one Manually easy or Hard1. Go to dnschecker..docxThey need either one Manually easy or Hard1. Go to dnschecker..docx
They need either one Manually easy or Hard1. Go to dnschecker..docxrandymartin91030
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applicationsMohammed A. Imran
 
Django Web Application Security
Django Web Application SecurityDjango Web Application Security
Django Web Application Securitylevigross
 
Fronteers 2009 Of Hamsters, Feature Creatures and Missed Opportunities
Fronteers 2009 Of Hamsters, Feature Creatures and Missed OpportunitiesFronteers 2009 Of Hamsters, Feature Creatures and Missed Opportunities
Fronteers 2009 Of Hamsters, Feature Creatures and Missed OpportunitiesChristian Heilmann
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password securitysecurityxploded
 
Phpnw security-20111009
Phpnw security-20111009Phpnw security-20111009
Phpnw security-20111009Paul Lemon
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Aleksandr Yampolskiy
 
Breaking the cyber kill chain!
Breaking the cyber kill chain!Breaking the cyber kill chain!
Breaking the cyber kill chain!Nahidul Kibria
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsAbdulrahman Bassam
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!SecuRing
 
What I learned about IoT Security ... and why it's so hard!
What I learned about IoT Security ... and why it's so hard!What I learned about IoT Security ... and why it's so hard!
What I learned about IoT Security ... and why it's so hard!Christoph Engelbert
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Securityjgrahamc
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextFastly
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextFastly
 
Drupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityDrupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityMediacurrent
 

Similaire à Password Security Techniques Discussion (20)

Denial Of services
Denial Of servicesDenial Of services
Denial Of services
 
Wireless Network Pentestration
Wireless Network PentestrationWireless Network Pentestration
Wireless Network Pentestration
 
HackCon - SPF
HackCon - SPFHackCon - SPF
HackCon - SPF
 
They need either one Manually easy or Hard1. Go to dnschecker..docx
They need either one Manually easy or Hard1. Go to dnschecker..docxThey need either one Manually easy or Hard1. Go to dnschecker..docx
They need either one Manually easy or Hard1. Go to dnschecker..docx
 
Password Attack
Password Attack Password Attack
Password Attack
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applications
 
Django Web Application Security
Django Web Application SecurityDjango Web Application Security
Django Web Application Security
 
Fronteers 2009 Of Hamsters, Feature Creatures and Missed Opportunities
Fronteers 2009 Of Hamsters, Feature Creatures and Missed OpportunitiesFronteers 2009 Of Hamsters, Feature Creatures and Missed Opportunities
Fronteers 2009 Of Hamsters, Feature Creatures and Missed Opportunities
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password security
 
Phpnw security-20111009
Phpnw security-20111009Phpnw security-20111009
Phpnw security-20111009
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
 
Breaking the cyber kill chain!
Breaking the cyber kill chain!Breaking the cyber kill chain!
Breaking the cyber kill chain!
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensics
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!
 
What I learned about IoT Security ... and why it's so hard!
What I learned about IoT Security ... and why it's so hard!What I learned about IoT Security ... and why it's so hard!
What I learned about IoT Security ... and why it's so hard!
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Security
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertext
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertext
 
Drupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityDrupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal Security
 

Plus de Ammar WK

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssnAmmar WK
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?Ammar WK
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0dayAmmar WK
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteAmmar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingAmmar WK
 
Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
Network security
Network securityNetwork security
Network securityAmmar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security ProfessionalAmmar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationAmmar WK
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A HackerAmmar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkAmmar WK
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Ammar WK
 

Plus de Ammar WK (20)

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssn
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0day
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or White
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
Network security
Network securityNetwork security
Network security
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security Professional
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigation
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A Hacker
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008
 

Password Security Techniques Discussion

  • 1. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  • 2. Details Password Deal with Cracking Passive Action Simulation Discussion http://google.com/search?q=y3dips
  • 3. Password Why ? “Kata Kunci” diansastro 090382 mickey http://google.com/search?q=y3dips
  • 4. Password Panjang Minimum 6 Karakter Tidak Ber-Makna (bukan nama pacar, bukan tanggal lahir) Kombinasi Huruf, Angka dan karakter lain UsernameX Password Perlu Pengamanan extra http://google.com/search?q=y3dips
  • 5. Password PassPhrase ? D1an545TR0 4m1nkExtravaganz4 KaptenTSUBASA http://google.com/search?q=y3dips
  • 6. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  • 7. Simulation ! Cracking windows Password via linux via windows Cracking Linux Password Remote Cracking http://google.com/search?q=y3dips
  • 8. Cracking windows Password Tools Bkhive + sampdump2 (getting hash) Pwdump2 (getting hash) John the ripper for cracking the hash Database password : SAM file , system http://google.com/search?q=y3dips
  • 9.
  • 10.
  • 11.
  • 12. Cracking Linux Password Tools Unshadow John the ripper for cracking the hash Database password : passwd, shadow http://google.com/search?q=y3dips
  • 13.
  • 14. Remote Cracking Bruteforcing via network Slow speed Brutus, hydra, ssh crack, tftpd-bruteforce http://google.com/search?q=y3dips
  • 15.
  • 16. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  • 17. Passive Action? Browser Ability? Keylogger Application/Engine Hole Insecure protocol/line http://google.com/search?q=y3dips
  • 18. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  • 19. Browser Ability Wand/Remember Password History Cache ability etc http://google.com/search?q=y3dips
  • 20.
  • 21. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  • 22. Keylogger Malicious Program Key stroke Passive tools http://google.com/search?q=y3dips
  • 23.
  • 24. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  • 25. Bugs in Application Application/Engine Vulnerability Information disclosure e.g: phpnuke, postnuke, mambo http://google.com/search?q=y3dips
  • 26.
  • 27. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  • 28. Insecure Line Plaintext protocol ( http, tcp, smtp ) Plaintext Data Sniff it & collect it ( ethereal, ettercap, dsniff, etc) http://google.com/search?q=y3dips
  • 29. http:// clear text
  • 30.
  • 31.
  • 32.
  • 33.
  • 34. Ahmad Muammar W. K. http://google.com/search?q=y3dips
  • 35. Survive Using a better pass phrase Using secure line/protocol Encryption Securing tools (firewall, antivirus) Update info E.t.c http://google.com/search?q=y3dips
  • 36. Ahmad Muammar W. K. http://google.com/search?q=y3dips