SlideShare une entreprise Scribd logo

Breakdown on Breaking In...2 Most Common Attack Vectors Explained.pptx

Télécharger en tant que PPTX, PDF
A
AdityaChawan4

Explore the dark side of cybersecurity with our compelling PowerPoint presentation! Delve into the world of attack vectors, from brute-forcing Tomcat server login pages to Wi-Fi deauthentication attacks. Gain insights into the techniques used by cybercriminals to exploit vulnerabilities and compromise systems. Whether you're a security professional or a curious enthusiast, this presentation sheds light on the threats lurking in the digital landscape. Join us as we uncover the tactics, tools, and countermeasures essential for defending against cyber threats. Don't miss out on this eye-opening journey into the realm of cyber warfare!

Technologie
1  sur  16
Breakdown on Breaking In
Meet & Greet Meet Alice He is our attacker Meet Victor He is our victim I am evil I am an ignorant web user
BEEF Attack • User's browser is hooked by sending a malicious link • Browser Exploitation Framework(BEEF) • Attacker then has complete access to the user's system • Attacker can also escalate the attack from here
BEEF Attack This deal looks tempting Complete Access 1 2 3 4 5
Steps • sudo apt-get install beef-xss • Type beef-xss to run the program • Login with the password just set by you • Create a malicious web page with the hook URL • Enter a password for the default user "beef" • Beef UI will open automatically in your browser • Send it to the user • Boom! Browser Hooked
Wifi Deauth Attack • Deauth means to disconnect • Spoof victim MAC address and send deauth packets to the router • To disconnect deauth packet is sent
Wifi Deauth Attack Scene 1 Coffee Shop
Wifi Deauth Attack I am Victor & I want to disconnect Scene 2 Coffee Shop
Steps • Kill all the processes running on the wireless network interface(NIC) • Put the Wireless NIC in monitor mode • Start listening in monitor mode • Start listening on the target network specifically • Identify the victim MAC address • Deauth
Bruteforce Attack • Test Server:Tomcat Server • Found is Metasploitable Linux • Intentionally vulnerable • Bruteforcing from a wordlist • Wordlist:File containing all the possible combinations
username password 1 3 Correct Hit: tomcat tomcat Login Page 2 4
Steps • Set up the Tomcat Server • Scan Metasploitable Machine using NMAP • Open up login page of Tomcat Server • Open msfconsole and use the required auxiliary • Set required options for the auxiliary • Bruteforce • Fire up Postgresql service
Malicious Android APK • Create an APK for a third party app • APK contains malicious code • Initiates a reverse connection to the attacker • App can be beautified and customised
generates sends Reverse Connection evil configured 1 2 3 4 5
Steps • Fire up postgresql service • Create the malicious APK • Send it to the victim • Social Engineer him/her to install the app • Create a listener for incoming connections • Connection coming from phone to the attacker is connected
Thank You Vinita Bhandiwad Mam Neha Kudu Mam & Also the audience

Recommandé

Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...APNIC
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsLeveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsDiogo Mónica
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat Security Conference
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNorth Texas Chapter of the ISSA
 
DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET Sukhdeep Singh Sandhu
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptxMuhammadRehan856177
 

Recommandé

Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...APNIC
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsLeveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsDiogo Mónica
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat Security Conference
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNorth Texas Chapter of the ISSA
 
DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET Sukhdeep Singh Sandhu
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptxMuhammadRehan856177
 
PPIT Lecture 20
PPIT Lecture 20PPIT Lecture 20
PPIT Lecture 20Kashif Sohail
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016Earl Carter
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
How i'm going to own your organization v2
How i'm going to own your organization v2How i'm going to own your organization v2
How i'm going to own your organization v2RazorEQX
 
Avirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirupRay2
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network SecurityUC San Diego
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton
 
Botnets presentation
Botnets presentationBotnets presentation
Botnets presentationMahmoud Ibra
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...JosephTesta9
 
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVCNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVSam Bowne
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3Setia Juli Irzal Ismail
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.Senad Aruc
 
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...OWASP Delhi
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 

Contenu connexe

Similaire à Breakdown on Breaking In...2 Most Common Attack Vectors Explained.pptx

How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
How i'm going to own your organization v2
How i'm going to own your organization v2How i'm going to own your organization v2
How i'm going to own your organization v2RazorEQX
 
Avirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirupRay2
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network SecurityUC San Diego
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton
 
Botnets presentation
Botnets presentationBotnets presentation
Botnets presentationMahmoud Ibra
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...JosephTesta9
 
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVCNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVSam Bowne
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.Senad Aruc
 
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...OWASP Delhi
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 

Similaire à Breakdown on Breaking In...2 Most Common Attack Vectors Explained.pptx (20)

PPIT Lecture 20
PPIT Lecture 20PPIT Lecture 20
PPIT Lecture 20
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
 
How i'm going to own your organization v2
How i'm going to own your organization v2How i'm going to own your organization v2
How i'm going to own your organization v2
 
Avirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptx
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
 
Botnets presentation
Botnets presentationBotnets presentation
Botnets presentation
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
 
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVCNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
 
Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.
 
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 

Dernier

Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoUXDXConf
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelreely ones
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 

Dernier (20)

Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 

Breakdown on Breaking In...2 Most Common Attack Vectors Explained.pptx

  • 2. Meet & Greet Meet Alice He is our attacker Meet Victor He is our victim I am evil I am an ignorant web user
  • 3. BEEF Attack • User's browser is hooked by sending a malicious link • Browser Exploitation Framework(BEEF) • Attacker then has complete access to the user's system • Attacker can also escalate the attack from here
  • 5. Steps • sudo apt-get install beef-xss • Type beef-xss to run the program • Login with the password just set by you • Create a malicious web page with the hook URL • Enter a password for the default user "beef" • Beef UI will open automatically in your browser • Send it to the user • Boom! Browser Hooked
  • 6. Wifi Deauth Attack • Deauth means to disconnect • Spoof victim MAC address and send deauth packets to the router • To disconnect deauth packet is sent
  • 7. Wifi Deauth Attack Scene 1 Coffee Shop
  • 8. Wifi Deauth Attack I am Victor & I want to disconnect Scene 2 Coffee Shop
  • 9. Steps • Kill all the processes running on the wireless network interface(NIC) • Put the Wireless NIC in monitor mode • Start listening in monitor mode • Start listening on the target network specifically • Identify the victim MAC address • Deauth
  • 10. Bruteforce Attack • Test Server:Tomcat Server • Found is Metasploitable Linux • Intentionally vulnerable • Bruteforcing from a wordlist • Wordlist:File containing all the possible combinations
  • 11. username password 1 3 Correct Hit: tomcat tomcat Login Page 2 4
  • 12. Steps • Set up the Tomcat Server • Scan Metasploitable Machine using NMAP • Open up login page of Tomcat Server • Open msfconsole and use the required auxiliary • Set required options for the auxiliary • Bruteforce • Fire up Postgresql service
  • 13. Malicious Android APK • Create an APK for a third party app • APK contains malicious code • Initiates a reverse connection to the attacker • App can be beautified and customised
  • 15. Steps • Fire up postgresql service • Create the malicious APK • Send it to the victim • Social Engineer him/her to install the app • Create a listener for incoming connections • Connection coming from phone to the attacker is connected
  • 16. Thank You Vinita Bhandiwad Mam Neha Kudu Mam & Also the audience