2. your name
>>>About Myself
lCompleted B.E from Mumbai
University in Computer Engineering .
lCurrently pursuing M.Tech from
K.J.Somaiya COE.
lAbout to start Internship at Tech
Mahindra.
4. your name
>>>Pentagon Bug Bounty
lFirst bug bounty program during April-May.
lDoD partnered with HackerOne.
lIP: Registration → Background checks →
Task allocation.
lNo Critical, Mission-Facing Systems Involved.
lLive Assets: DoD public websites.
5. your name
>>>Pentagon Bug Bounty
Total 138 vulnerabilities discovered.
First vulnerability discovered in just 13 minutes fron the
start of the PT.
Bounty organised due a damaging year for US
cyberdefenses.
In 2015 Russian hackers gained access to
unclassified Pentagon computer systems, with
sophisticated cyberattacks also targeting digital
infrastructure inside the White House.
Hackers linked to the Chinese government also stole
personal information from background checks on 21.5
million Americans.
6. your name
>>>Humming Bad Malware
lC1: attempts to gain root access on a device
with...rootkit .
lC2: If rooting fails → a fake system update
notification, tricking users into granting
Humming Bad system-level permissions.
lTarget: Android Jellybean to Marshmellow.
lYingmob – shares resources and tech. With an
analytics company.
7. your name
>>>Humming Bad Malware
lInjection of advertisements into victim's devices, which
when clicked, Yingmob gets paid.
l20 Million ads on a daily basis that achieve
approximately 2.5 Million clicks per day.
l The campaign generates $300,000 a month; proving
attacks can achieve financial self-sufficiency.
lSSP: rooting,downloading fake apps and display ad
banners.
lCAP:Fake IMEI injection,sending usage statistics to
C&C server and checks for plugin updates.
8. your name
>>>Target → SmartWatch
lMotive: Steal ATM PIN by reproducing
trajectories of hand movements.
lBackward PIN-Sequence Inference
algorithm .
l80% success rate on the first attempt,
and over 90% of the time with 3 tries.
lBinghamton University's paper titled:
lFriend or Foe?: Your Wearable Devices
Reveal Your Personal PIN
9. your name
>>>More about the paper
lhttps://www.semanticscholar.org/paper/Frie
nd-or-Foe-Your-Wearable-Devices-Reveal-
Your-Wang-
Guo/e867c843844a46d35434f01855d10d9
738757037
lTests were successful irrespective of the
hand position and orientation.
lNo Concrete Solution to counter this form
of eavesdropping.
10. your name
>>>Miscellenous
lSolarin Cellphone → Sirin Labs.
lDDOS at Compusoft
→http://www.csoonline.com/article/3085159/data-
breach/the-story-of-a-ddos-extortion-attack-how-one-
company-decided-to-take-a-
stand.html?utm_content=buffer95b7e&utm_medium=soci
al&utm_source=linkedin.com&utm_campaign=buffer#tk.rs
s_all
l palantrir:
https://www.buzzfeed.com/williamalden/how-hired-
hackers-got-complete-control-of-
palantir?utm_term=.foMbAj3a32#.veydPwg2gq
