Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
h@Cking l0l
Malik Mesellem
Ethical Hacker
MME BVBA
° 2010
Security audits
and training
Objective
approach
Focus is
to advise
No-nonsen...
What are we afraid of?
Buffer
overflows
DoS
Port
scans
Trojans
IP spoofing
We all have
firewalls ;)
(since 1990)
I don’t think so…
Old skool
attacks✝
So WTH(ack) is the problem?
And who is
the enemy?
A new wave of client-side threats…
Complex application-level attacks
Complex application-level attacks
Your secure (?) infrastructure
IP PBX /
Web apps
DC
Member
computers
Firewall
Hacker’s attack plan?
ATTACK
the border
= web apps
Application-level attack
SQL injection
SELECT * FROM
… WHERE …
‘ OR 1=1--
Web server DOWN ;(
Hacker’s attack plan?
ATTACK
the weakest
= humans
Client-side attacks
Social engineering
Phishing,
malware,
exploits
Member computers DOWN ;(
You’ve just lost several assets!
They are inside
the network…
Now they go for the GOLD!
Credentials, hashes,
and tokens…
GAME OVER
You’ve lost
everything $$$
GAME OVER
You’ve lost
everything $$$
OMG… we definitely need heroes!
What if…
Secure Telecom &
VoIP Solutions
Security Audits
& Training
malik@mmebvba.com
www.mmebvba.com
linkedin.com/in/malikmesellem
twitter.com/MME_IT
PING me! (by clicking the icons)
Our Heartbeat Scan is a complete audit
Critical and vital parts are scanned and analyzed
Potential threats and vulnerabi...
Security Audits
Checkpoints in this Heartbeat Scan
 Vulnerability Assessment (LAN/WAN)
 Penetration Testing (LAN/WAN)
 ...
Check our calendar here
Hanssens Telecom Roadshow 2015 - Hacking 101
Hanssens Telecom Roadshow 2015 - Hacking 101
Hanssens Telecom Roadshow 2015 - Hacking 101
Hanssens Telecom Roadshow 2015 - Hacking 101
Hanssens Telecom Roadshow 2015 - Hacking 101
Hanssens Telecom Roadshow 2015 - Hacking 101
Hanssens Telecom Roadshow 2015 - Hacking 101
Hanssens Telecom Roadshow 2015 - Hacking 101
Hanssens Telecom Roadshow 2015 - Hacking 101
Prochain SlideShare
Chargement dans…5
×

Hanssens Telecom Roadshow 2015 - Hacking 101

589 vues

Publié le

Hacking 101

  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Hanssens Telecom Roadshow 2015 - Hacking 101

  1. 1. h@Cking l0l
  2. 2. Malik Mesellem Ethical Hacker MME BVBA ° 2010 Security audits and training Objective approach Focus is to advise No-nonsense mentality
  3. 3. What are we afraid of? Buffer overflows DoS Port scans Trojans IP spoofing
  4. 4. We all have firewalls ;) (since 1990) I don’t think so… Old skool attacks✝
  5. 5. So WTH(ack) is the problem? And who is the enemy?
  6. 6. A new wave of client-side threats…
  7. 7. Complex application-level attacks
  8. 8. Complex application-level attacks
  9. 9. Your secure (?) infrastructure IP PBX / Web apps DC Member computers Firewall
  10. 10. Hacker’s attack plan? ATTACK the border = web apps
  11. 11. Application-level attack SQL injection SELECT * FROM … WHERE … ‘ OR 1=1--
  12. 12. Web server DOWN ;(
  13. 13. Hacker’s attack plan? ATTACK the weakest = humans
  14. 14. Client-side attacks Social engineering Phishing, malware, exploits
  15. 15. Member computers DOWN ;(
  16. 16. You’ve just lost several assets! They are inside the network…
  17. 17. Now they go for the GOLD! Credentials, hashes, and tokens…
  18. 18. GAME OVER You’ve lost everything $$$
  19. 19. GAME OVER You’ve lost everything $$$
  20. 20. OMG… we definitely need heroes!
  21. 21. What if…
  22. 22. Secure Telecom & VoIP Solutions
  23. 23. Security Audits & Training
  24. 24. malik@mmebvba.com www.mmebvba.com linkedin.com/in/malikmesellem twitter.com/MME_IT PING me! (by clicking the icons)
  25. 25. Our Heartbeat Scan is a complete audit Critical and vital parts are scanned and analyzed Potential threats and vulnerabilities are identified Spread over several days for a fixed price Comprehensive checkpoints Report contains at least 100 pages!  Executive summary  Technical findings  Remediations Security Audits
  26. 26. Security Audits Checkpoints in this Heartbeat Scan  Vulnerability Assessment (LAN/WAN)  Penetration Testing (LAN/WAN)  Web Application Scans (OWASP Top 10)  Active Directory Review and Password Audit  Business Continuity - Disaster Recovery Check  Software Updates Compliance Check  Malware and Endpoint Inspection  Firewall Configuration Review  Wireless Security Survey  Email spear phishing campaign SPECIAL OFFER
  27. 27. Check our calendar here

×