SlideShare une entreprise Scribd logo

HoneyCon 2014

Chia-Hao Tsai
Chia-Hao Tsai

HoneyCon 2014

TechnologieActualités & Politique
1  sur  26
Télécharger pour lire hors ligne
HoneyCon 2014 jeytsai@NIT
Outline ● Ask questions any time ● HoneyCon Agenda ● CTF Time
The INFORMATION contained in this slide are generated by random alphanumeric and the images are randomly selected from web.
HoneyCon Agenda
Attack Event ● Past ○ ATM 變彈珠台 ○ Web ATM Vulnerability [2] ○ Website hacked [3] ○ Spam ○ Home router as botnet [4] ○ APT on government [5]
Attack Event (cont’d) ● Current ○ APT ○ Hack as a Service [6] ○ Mobile Hacking [7] ○ Heartbleed [8] ○ Orphan (DNS / NTP) Server ○ IOT Hacking
SPAM ● The email which you did not want it ○ Random generate ○ APT ● Spam contains ○ Phishing link ○ Malware ○ CryptoLocker [10] ○ ...
SPAM + Exploit ● So receive spam have no danger if I… ○ Not download the attachment? ○ Not click the link? ● Exploit on Reception Software ○ Malicious webpage ○ document preview ○ ...
DDoS ● Past ○ Ping to Death ○ SYN Flood ○ TearDrop Attack ○ Slow I/O Attack ○ … ● Design issue on program / protocol
DDoS ● Current ○ Reflected attack ○ GSM ○ LOIC (低軌道離子砲) ○ SPAM ● Attack target ○ Bandwidth / Infrastructure / Service
DDoS + DNS / NTP ● 七傷拳 ○ I DDoS U === U DDoS I ● 放大攻擊 (Reflection) ○ GET request => Full webpage ○ DNS request => DNS response ○ ...
Avoid DDoS ● Illusory ○ High-End firewall ○ ISP ○ Lots of backends ● Hacker always attack the weakness ○ Load balancer / Proxy Server / DNS Server / ...
Hard to Avoid DDoS ● Pattern matching ○ Not immediately respond ○ How about simulate general user ○ Variant is easy ● Total solution ○ 鎖國政策? ○ ISP?
HoneyPot ● A trap set to detect an unauthorized user. ○ 蜜罐 / 誘捕系統 ○ A logging system based on full / simulation system ● Concept ○ Assume should be hacked ○ Logging ○ Analysis
HoneyPot (cont’d) ● Low-interaction ○ Dionae / HoneyD / Kippo / Glastopf / Conpot ● High-interaction ○ Honeypot / Sebek ● Real Honeypot ○ HonEeeBox ○ Raspberry PI (潮)
HoneyPot + Analysis ● SPAM ○ Register a never used mail domain ○ Receive mail => SPAM which send to random addr ● SandBox ○ Simulate human behavior ○ Analysis the system status
HoneyPot + Analysis ● HoneyPot always be hacked ○ Too many events ○ Hard to analysis by trace the log one-by-one ● Visualization ○ 潮
CTF Time
● Capture the Flag ○ Problem solve ○ Put flat on the website ○ Protect your server ● Under the rule ○ you can do anything… What’s CTF
HoneyCon - CTF Rules 1. Honeycon2014 會 議 期 間 參 賽 隊 伍 可 隨 時 連 線 至 WarGame主機參賽。 2. 參賽者必需維持所守護主機的網頁服務正常運作,並對外 公開服務。 3. 刻意的D[D]oS行為將被取消比賽資格。 4. 任何防礙遊戲進行之行為,將被取消比賽資格。 5. 攻防行為僅限於WarGame環境中進行。 6. 遊戲中會有GM一同參與。 7. 遊戲中可能會有中毒的風險。 8. 獲獎隊伍需進行技術分享。
Why CTF ● Practice as a hacker in legal way ● Simulate how hacker to attack ● Defence hacker
How CTF ● In the open network ○ On-line ○ Give a hink (IP address with service / binary) ○ Find the flag ● In the closed network ○ Non-limit ○ All device in subnet can be hacked
PenTest Flow ● Social Engineering ● Scan by nmap [9] (DDoS…) ● Choice one target / service ○ Web / SSH / SMB / FTP / UPnP / IRC / ... ● Hacking
Reference 1. http://www.honeynet.org/ 2. http://www.i-security.tw/learn/tips_content.asp?Tid=134 3. http://www.zone-h.org/archive 4. http://hexus.net/tech/news/network/61245-easy-exploit-backdoor- found-several-d-link-router-models/ 5. http://techorange.com/2013/07/30/9th-hitcon-are-we-the-loser-in- the-cyber-war/ 6. https://blog.damballa.com/archives/330 7. http://www.ewdna.com/2014/05/phishing.html 8. http://www.ithome.com.tw/special_report/heartbleed 9. http://nmap.org/ 10. http://www.ithome.com.tw/node/83226
Thanks for your attention Q&A

Recommandé

Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Chia-Hao Tsai
 
Passwd crack introduction
Passwd crack introductionPasswd crack introduction
Passwd crack introductionChia-Hao Tsai
 
Security coding c and c++ ch8(2)
Security coding c and c++ ch8(2)Security coding c and c++ ch8(2)
Security coding c and c++ ch8(2)Chia-Hao Tsai
 
Build web server
Build web serverBuild web server
Build web serverChia-Hao Tsai
 
Learn Python in 30 min - 4
Learn Python in 30 min - 4Learn Python in 30 min - 4
Learn Python in 30 min - 4Chia-Hao Tsai
 
Rootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitRootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitChia-Hao Tsai
 
Learn python 1
Learn python 1Learn python 1
Learn python 1Chia-Hao Tsai
 
ELF 101
ELF 101ELF 101
ELF 101Chia-Hao Tsai
 

Recommandé

Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Chia-Hao Tsai
 
Passwd crack introduction
Passwd crack introductionPasswd crack introduction
Passwd crack introductionChia-Hao Tsai
 
Security coding c and c++ ch8(2)
Security coding c and c++ ch8(2)Security coding c and c++ ch8(2)
Security coding c and c++ ch8(2)Chia-Hao Tsai
 
Build web server
Build web serverBuild web server
Build web serverChia-Hao Tsai
 
Learn Python in 30 min - 4
Learn Python in 30 min - 4Learn Python in 30 min - 4
Learn Python in 30 min - 4Chia-Hao Tsai
 
Rootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitRootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitChia-Hao Tsai
 
Learn python 1
Learn python 1Learn python 1
Learn python 1Chia-Hao Tsai
 
ELF 101
ELF 101ELF 101
ELF 101Chia-Hao Tsai
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
Unmasking miscreants
Unmasking miscreantsUnmasking miscreants
Unmasking miscreantsBrandon Levene
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
 
Hyper Island - 2012
Hyper Island - 2012Hyper Island - 2012
Hyper Island - 2012Detectify
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learnedB.A.
 
Crawler
CrawlerCrawler
Crawlerhackstuff
 
Altitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation WorkshopAltitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation WorkshopFastly
 
Playlist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIPPlaylist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIPPierre BERTRAND
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busbyDavid Busby, CISSP
 
Mux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founderMux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founderAltinity Ltd
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)Mikal Villa
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows Ron Munitz
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...RootedCON
 
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)Javier Junquera
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Alex Cachia
 
On hacking & security
On hacking & security On hacking & security
On hacking & security Ange Albertini
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)Phillip Maddux
 
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAndroid "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAbhinav Mishra
 
[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001Chia-Hao Tsai
 
[2019.02.16] hst - orm
[2019.02.16] hst - orm[2019.02.16] hst - orm
[2019.02.16] hst - ormChia-Hao Tsai
 

Contenu connexe

Similaire à HoneyCon 2014

Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
 
Hyper Island - 2012
Hyper Island - 2012Hyper Island - 2012
Hyper Island - 2012Detectify
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learnedB.A.
 
Altitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation WorkshopAltitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation WorkshopFastly
 
Playlist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIPPlaylist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIPPierre BERTRAND
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busbyDavid Busby, CISSP
 
Mux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founderMux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founderAltinity Ltd
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)Mikal Villa
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows Ron Munitz
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...RootedCON
 
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)Javier Junquera
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Alex Cachia
 
On hacking & security
On hacking & security On hacking & security
On hacking & security Ange Albertini
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)Phillip Maddux
 
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAndroid "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAbhinav Mishra
 

Similaire à HoneyCon 2014 (20)

Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing Development
 
Unmasking miscreants
Unmasking miscreantsUnmasking miscreants
Unmasking miscreants
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
 
Hyper Island - 2012
Hyper Island - 2012Hyper Island - 2012
Hyper Island - 2012
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned
 
Crawler
CrawlerCrawler
Crawler
 
Altitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation WorkshopAltitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation Workshop
 
Playlist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIPPlaylist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIP
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busby
 
Mux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founderMux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founder
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
 
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 
Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock
 
On hacking & security
On hacking & security On hacking & security
On hacking & security
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)
 
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAndroid "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
 

Plus de Chia-Hao Tsai

[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001Chia-Hao Tsai
 
[2019.02.16] hst - orm
[2019.02.16] hst - orm[2019.02.16] hst - orm
[2019.02.16] hst - ormChia-Hao Tsai
 
[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301Chia-Hao Tsai
 
[2018.12.15] hst python object 102
[2018.12.15] hst python object 102[2018.12.15] hst python object 102
[2018.12.15] hst python object 102Chia-Hao Tsai
 
[2018.11.16] Python Object 101
[2018.11.16] Python Object 101[2018.11.16] Python Object 101
[2018.11.16] Python Object 101Chia-Hao Tsai
 
[2017.03.18] hst binary training part 1
[2017.03.18] hst binary training part 1[2017.03.18] hst binary training part 1
[2017.03.18] hst binary training part 1Chia-Hao Tsai
 
Rootkit 101 - 2nd Edition
Rootkit 101 - 2nd EditionRootkit 101 - 2nd Edition
Rootkit 101 - 2nd EditionChia-Hao Tsai
 
Learn python in 30 min - 3
Learn python in 30 min - 3Learn python in 30 min - 3
Learn python in 30 min - 3Chia-Hao Tsai
 
Learn python 2 - Real World Case
Learn python 2 - Real World CaseLearn python 2 - Real World Case
Learn python 2 - Real World CaseChia-Hao Tsai
 

Plus de Chia-Hao Tsai (11)

[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001
 
[2019.02.16] hst - orm
[2019.02.16] hst - orm[2019.02.16] hst - orm
[2019.02.16] hst - orm
 
[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301
 
[2018.12.15] hst python object 102
[2018.12.15] hst python object 102[2018.12.15] hst python object 102
[2018.12.15] hst python object 102
 
[2018.11.16] Python Object 101
[2018.11.16] Python Object 101[2018.11.16] Python Object 101
[2018.11.16] Python Object 101
 
[2017.03.18] hst binary training part 1
[2017.03.18] hst binary training part 1[2017.03.18] hst binary training part 1
[2017.03.18] hst binary training part 1
 
Rootkit 101 - 2nd Edition
Rootkit 101 - 2nd EditionRootkit 101 - 2nd Edition
Rootkit 101 - 2nd Edition
 
Maker - WiFi AP
Maker - WiFi APMaker - WiFi AP
Maker - WiFi AP
 
Learn python in 30 min - 3
Learn python in 30 min - 3Learn python in 30 min - 3
Learn python in 30 min - 3
 
Learn python 2 - Real World Case
Learn python 2 - Real World CaseLearn python 2 - Real World Case
Learn python 2 - Real World Case
 
Rootkit tw(0224)
Rootkit tw(0224)Rootkit tw(0224)
Rootkit tw(0224)
 

Dernier

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

HoneyCon 2014

  • 2. Outline ● Ask questions any time ● HoneyCon Agenda ● CTF Time
  • 3. The INFORMATION contained in this slide are generated by random alphanumeric and the images are randomly selected from web.
  • 5. Attack Event ● Past ○ ATM 變彈珠台 ○ Web ATM Vulnerability [2] ○ Website hacked [3] ○ Spam ○ Home router as botnet [4] ○ APT on government [5]
  • 6. Attack Event (cont’d) ● Current ○ APT ○ Hack as a Service [6] ○ Mobile Hacking [7] ○ Heartbleed [8] ○ Orphan (DNS / NTP) Server ○ IOT Hacking
  • 7. SPAM ● The email which you did not want it ○ Random generate ○ APT ● Spam contains ○ Phishing link ○ Malware ○ CryptoLocker [10] ○ ...
  • 8. SPAM + Exploit ● So receive spam have no danger if I… ○ Not download the attachment? ○ Not click the link? ● Exploit on Reception Software ○ Malicious webpage ○ document preview ○ ...
  • 9. DDoS ● Past ○ Ping to Death ○ SYN Flood ○ TearDrop Attack ○ Slow I/O Attack ○ … ● Design issue on program / protocol
  • 10. DDoS ● Current ○ Reflected attack ○ GSM ○ LOIC (低軌道離子砲) ○ SPAM ● Attack target ○ Bandwidth / Infrastructure / Service
  • 11. DDoS + DNS / NTP ● 七傷拳 ○ I DDoS U === U DDoS I ● 放大攻擊 (Reflection) ○ GET request => Full webpage ○ DNS request => DNS response ○ ...
  • 12. Avoid DDoS ● Illusory ○ High-End firewall ○ ISP ○ Lots of backends ● Hacker always attack the weakness ○ Load balancer / Proxy Server / DNS Server / ...
  • 13. Hard to Avoid DDoS ● Pattern matching ○ Not immediately respond ○ How about simulate general user ○ Variant is easy ● Total solution ○ 鎖國政策? ○ ISP?
  • 14. HoneyPot ● A trap set to detect an unauthorized user. ○ 蜜罐 / 誘捕系統 ○ A logging system based on full / simulation system ● Concept ○ Assume should be hacked ○ Logging ○ Analysis
  • 15. HoneyPot (cont’d) ● Low-interaction ○ Dionae / HoneyD / Kippo / Glastopf / Conpot ● High-interaction ○ Honeypot / Sebek ● Real Honeypot ○ HonEeeBox ○ Raspberry PI (潮)
  • 16. HoneyPot + Analysis ● SPAM ○ Register a never used mail domain ○ Receive mail => SPAM which send to random addr ● SandBox ○ Simulate human behavior ○ Analysis the system status
  • 17. HoneyPot + Analysis ● HoneyPot always be hacked ○ Too many events ○ Hard to analysis by trace the log one-by-one ● Visualization ○ 潮
  • 19. ● Capture the Flag ○ Problem solve ○ Put flat on the website ○ Protect your server ● Under the rule ○ you can do anything… What’s CTF
  • 20. HoneyCon - CTF Rules 1. Honeycon2014 會 議 期 間 參 賽 隊 伍 可 隨 時 連 線 至 WarGame主機參賽。 2. 參賽者必需維持所守護主機的網頁服務正常運作,並對外 公開服務。 3. 刻意的D[D]oS行為將被取消比賽資格。 4. 任何防礙遊戲進行之行為,將被取消比賽資格。 5. 攻防行為僅限於WarGame環境中進行。 6. 遊戲中會有GM一同參與。 7. 遊戲中可能會有中毒的風險。 8. 獲獎隊伍需進行技術分享。
  • 21. Why CTF ● Practice as a hacker in legal way ● Simulate how hacker to attack ● Defence hacker
  • 22. How CTF ● In the open network ○ On-line ○ Give a hink (IP address with service / binary) ○ Find the flag ● In the closed network ○ Non-limit ○ All device in subnet can be hacked
  • 23. PenTest Flow ● Social Engineering ● Scan by nmap [9] (DDoS…) ● Choice one target / service ○ Web / SSH / SMB / FTP / UPnP / IRC / ... ● Hacking
  • 24.
  • 25. Reference 1. http://www.honeynet.org/ 2. http://www.i-security.tw/learn/tips_content.asp?Tid=134 3. http://www.zone-h.org/archive 4. http://hexus.net/tech/news/network/61245-easy-exploit-backdoor- found-several-d-link-router-models/ 5. http://techorange.com/2013/07/30/9th-hitcon-are-we-the-loser-in- the-cyber-war/ 6. https://blog.damballa.com/archives/330 7. http://www.ewdna.com/2014/05/phishing.html 8. http://www.ithome.com.tw/special_report/heartbleed 9. http://nmap.org/ 10. http://www.ithome.com.tw/node/83226
  • 26. Thanks for your attention Q&A