Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Ethical hacking for fun and profit

172 vues

Publié le

Describe the ethical hacking, why it's fun to learn and a land of possibility to make business with it

Publié dans : Technologie
  • Soyez le premier à commenter

Ethical hacking for fun and profit

  1. 1. SUMMARY • ETHICAL HACKING • SECURITY AS A WAY TO LEARN • IMAGE VS REALITY • HACKER MINDSET • THE REAL FULLSTACK • WHERE TO BEGIN • SECURITY AS A WAY TO MAKE BUSINESS • CURRENT STATUS • OFFENSIVE SECURITY SERVICES • DEFENSIVE SECURITY SERVICES • DEV SEC OPS Join the IT Security
  2. 2. WHO THE HELL ARE YOU ? • BATARD FLORENT @SHENRIL • HTTP://CODE-ARTISAN.IO • FRENCH • DEVELOPER & SECURITY ENGINEER FOR 10 YEARS (FRANCE, SWITZERLAND, USA, JAPAN) • TRY TO MIX THE DEVOPS TRENDS WITH SECURITY
  3. 3. ETHICAL HACKING •HACKING WITH A SENSE OF RESPONSIBILITY •TRY TO IMPROVE THE OVERALL SECURITY AWARENESS SITUATION •TRY TO HELP THE PEOPLE REALLY BUILDING THE STUFF (REDTEAM/BLUETEAM) •ALSO REFERRED AS WHITE HAT •TRY TO MAKE BUILT-IN SECURITY THE EASIEST CHOICE YOU CAN MAKE
  4. 4. SECURITY AS A WAY TO LEARN SECURITY CAN BE FUN
  5. 5. IMAGE What is Hacking to you ?
  6. 6. REALITY • STATE SPONSORED CYBER ATTACKS • NSA DEVELOPED ATTACKS MADE PUBLIC • VULNERABILITY BUSINESS (VUPEN, COSEINC) • ORGANIZED CRIME • DARKWEB • ECONOMIC ESPIONNAGE • AND EVENTUALLY SOME LONELY GENIUSES DOING IT FOR THE FAME AND THE INTEL • THERE IS A MIDDLE GROUND • COMING TO MATURITY FOR SOME COMPANIES • LITTLE AWARENESS FROM THE PUBLIC ON WHAT S REALLY POSSIBLE • TOOLS AND MEANS TO HACK GOT OPENED TO EVERYONE (METASPLOIT, LOIC, SCANNERS, SQLMAP)
  7. 7. HACKER MINDSET • HACKER WAS THE TERM FOR CURIOUS PEOPLE WHO FOUND NEW WAYS TO USE TECHNOLOGIES • NEW WAYS OFTEN MEANT NOT PAYING FOR SOMETHING AND BECAME SECURITY RELATED • LOVE TO SOLVE PROBLEMS AND INVESTIGATE • LET’S DO THIS TODAY AND TAKE SOMETHING USUALLY PAINFUL TO MAKE IT YOUR STRENGTH
  8. 8. THE REAL FULLSTACK •SECURITY IS THE MOST TRANSVERSAL DISCIPLINE IN I.T • WEB / IOT / OS / MOBILE / CONTAINERS • FROM MEMORY(BUFFER OVERFLOW) TO UI (WEB XSS) •IT ALLOWS YOU TO DISCOVER A WIDE RANGE OF TECHNOLOGIES • LANGUAGES • FRAMEWORKS • SYSTEMS • NETWORKS
  9. 9. WHERE TO BEGIN •TWO APPROACHES • BEGIN WITH WHAT YOU KNOW • TAKE YOUR BELOVED TECHNOLOGY • FIND THE SECURITY ASPECT OF IT • GO HACK YOURSELF • BEGIN WITH WHAT YOU WANT TO KNOW • BROWSE THE HACKING SCENE • INVESTIGATE AREA YOU RE INTERESTED ABOUT • JOIN EVENTS OR CONTESTS (CTF) TO CHALLENGE YOURSELF
  10. 10. WHAT CAN YOU DO • TONS OF RESOURCES FOR TOOLS ONLINE • SYSTEM HACKING: METASPLOIT, OPENVAS, NESSUS, GITHUB • NETWORK HACKING: CAIN&ABEL, WIRESHARK, SCAPY, NMAP , AIRCRACK • WEB HACKING : SQLMAP, WPSCAN, WPSEKU, BURP SUITE, OWASP ZAP, NIKTO, BEEF • REVERSE ENGINEERING: IDA PRO, HEX RAYS, CFF • PASSWORD CRACKING: HASHCAT , HYDRA, JOHN • SOCIAL ENGINEERING: MALTEGO, SET, USB KEYS, YOUR BALLS AND A PHONE • TRAIN TO HACK : • ONLINE CTF , SECURITY EVENTS, ONLINE CONTESTS • METASPLOITABLE 1/2/3, REGULAR WINDOWS XP • DAMN VULNERABLE LINUX, DAMN VULNERABLE WEBAPP • WEBGOAT, MUTILLIDAE
  11. 11. METASPLOIT DEMO • SCAN A REMOTE MACHINE • EXPLOIT A REMOTE MACHINE • DISCOVER METERPRETER AND GO PARANOID
  12. 12. SQLMAP DEMO • SCAN A REMOTE WEBSITE • TRY TO EXPLOIT PARAMETERS • DUMP THE DATABASE AND PASSWORDS
  13. 13. STEPS TO ENLIGHTMENT 1. LEARN THE TOOLS – REALLY ! ATTACKS PRACTICES , OPTIONS 2. LEARN THE CONCEPTS BEHIND THE TOOLS – NETWORK , OVERFLOW, INJECTIONS 3. LEARN THE TOOLS – HOW THEY DO IT 4. GO CTF AND JOIN A TEAM ! 5. WRITE YOUR OWN TOOL, EXPLOIT CVE ? 6. SELL YOUR HACK TO BUG BOUNTY
  14. 14. SECURITY AS A WAY TO MAKE BUSINESS SECURITY CAN BE GOOD BUSINESS
  15. 15. CURRENT STATUS • AWARENESS IS STILL SHALLOW • THEY SENSE THE DANGER BUT DON’T ALWAYS KNOW HOW TO PREVENT IT OR IF THEY ARE VULNERABLE • MOST COMPANIES MISS THE BASIC HYGIENE ABOUT INFORMATION SECURITY • EXAMPLE : WANNACRY / PETYA/ NOT-PETYA • VULNERABILITY DEVELOPED BY THE NSA • ETERNALBLUE MS17-010 • AVAILABLE IN METASPLOIT FOR FREE EITHER TO SCAN AND TO EXPLOIT • ONLY NEED AN UPDATE • JAPAN IS NOT A GOOD STUDENT ON THIS TOPIC AND IS QUITE FAR BEHIND • LITTLE ECOSYSTEM: ABOUT 5 EVENTS ON THE TOPIC • FEW PROFESSIONALS: THINKING OF THE BOX IS PRETTY RARE • FEW BUSINESS RELATED TO SECURITY : TRENDMICRO, LAC, KCCS, KDL • GOOD IN OPERATION BUT NOT IN R&D FOR SECURITY
  16. 16. OFFENSIVE SECURITY SERVICES • SCAN OF VULNERABILITIES • APPLICATION SCANNING • INFRASTRUCTURE SCANNING • CHECK OF OPEN PORTS AND AUTHORIZATION ON RESOURCES (S3 BUCKETS, SSH, RIGHTS) • SOCIAL ENGINEERING CAMPAIGN: SEND FAKE EMAIL AND DO REPORTS • REAL SECURITY ASSESSMENT • LICENSE TO PWN: NEED TIGHT CONTRACT • GO FURTHER INTO SCANNING AND EXPLOITING • EXPLOIT UNTIL PROOF OF CORRUPTION : SCREENSHOTS, DATA • TRY TO STEAL DATA IN PERSO : THE CONMAN
  17. 17. DEFENSIVE SECURITY SERVICES • AWARENESS • HTTPS://HAVEIBEENPWNED.COM/ • TEST THEIR DEFENSE: SEND PLACEBO VIRUS , SCAN OPEN PORTS FROM OUTSIDE • PACKAGES VULNERABILITIES MAILING LIST : CVE COMES OUT , GET TAILORED EMAIL • REVIEW OF CONFIGS ON TOOLS/ ENV : WAF, SECRETS, UNIX RIGHTS • DEVELOPERS • SECURITY CODE REVIEWS • SECURITY DEPENDENCIES : BRAKEMAN , APPCANARY • AUTOMATIC SCANNING OF VULNERABILITIES ON TEST ENV : VADDY • CREATE CHECKLIST FOR DEVELOPERS : ASVS
  18. 18. STEP UP YOUR GAME • PROPOSE SECURITY OPTIONS TO YOUR CURRENT WORK • SECURITY MAINTENANCES • REGULAR SECURITY SCANS • THREAT INTELLIGENCE • PROPOSE SECURITY SOLUTIONS TO YOUR CLIENTS • CODE REVIEWS • PENETRATION TESTING • REGULAR / REAL-TIME SCANS • AWARENESS VERIFICATION • INCIDENT HANDLING • INTRODUCE TO SECURITY SOLUTIONS
  19. 19. DEV SEC OPS • MAKE SECURITY THE EASIEST CHOICE TO MAKE • INTEGRATE INTO PIPELINES • USE RECIPES TO BUILD SECURITY • AUTOMATIC DEPENDENCIES CHECK • AUTOMATIC KNOWN VULNERABILITY CHECK • UPDATE POLICY ON SECURITY EVENTS • WHAT OS VERSION DO YOU USE FOR PRODUCTION?
  20. 20. JOIN SECURITY ECOSYSTEM • OWASP events worldwide, Kansai too • Security topics at your favorite events • DevSecOps practices • Podcasting and Blogging • Defensive Security Podcast • Troy Hunt • Exploit-db • IPA / CERT
  21. 21. THANK YOU • FEEL FREE TO ASK QUESTIONS !

×