3. Disclaimer!
The content of this presentation and techniques showed
here are for educational purpose only The organizers and
presenters do not encourage the attendees to use this
knowledge learned here for any malicious and illegal
purpose.
If the attendees use this knowledge for any kind of real
hacking or illegal activity which violates the law, then we,
the organizers and the presenters will not be responsible for
that or any further consequences.
12. Web Cams &Video Chat
Clickjacking -
A new threat to all browsers (IE, Firefox,
Safari, Opera, Chrome etc) except non-
interactive browsers like Lynx.
Hijacking your click. Clicking on something
hidden to the users.
Enable webcam, microphone.
Get your credentials.
Mostly a flash and iframe based vulnerability.
Discussed in OWASP - 2008
13. Why Hacking?
Hacking for fun & profit
Capture The Flag
0’day
Underground economy
Bug Bounty
16. What do they want?
Credentials
PII information
PCI Data
Intellectual Property
OSINT
17.
18. Why heart bleed?
TLS HearBeat Extension.
The vulnerability lies in the implementation of TLS
Heartbeat extension. There is common necessity
in an established ssl session to maintain the
connection for a longer time. The HeartBeat
protocol extension is added to TLS for this reason.
The HTTP keep-alive feature does the same but HB
protocol allows a client to perform this action in
much higher rate.
The client can send a Heart-Beat request message
and the server has to respond back with a
HearBeat response .
20. • We can leak 64 kb of memory and that
could easily have usernames/password,
private keys etc.
• Constant HB request could be made to
the server leaking (random memory)
any amount of data from the server .