SlideShare ist ein Scribd-Unternehmen logo

Hacking Cracking 2008

Jim Geovedi
Jim Geovedi
Technologie
1 von 26
hacking/cracking the other side of the story jim geovedi guide to ict megatrend 31 January 2008 — Hotel Shangri-La, Jakarta
‣ information security ‣ 0-day vulnerabilities
infosec ≠ satpam ‣ current trends: identity thefts, botnet, mobile communication hacking, 0-day vulnerabilities, corporate espionage, wiretapping
industry status ‣ big security companies acquire small start-up or spin-off companies to offer more solutions ‣ "palugada" propaganda
software development ‣ cheap software development? outsource to india or china!
security investment ‣ companies bought a lot of security devices or applications ‣ firewall, anti virus, spam and content filtering, ids, ips, patch management, etc.
common issues ‣ companies do not have enough resources. ‣ vendors re-introducing: ‣ weak and easy guessed passwords ‣ clear-text protocols ‣ misconfigurations
‣ information security ‣ 0-day vulnerabilities
‣ 0-day, pronounce zero-day, sometimes oh day, means new. ‣ the term has it's origin in the warez scene, but has become firmly entrenched in the exploit trading scene.
‣ 0-day is used to refer to exploits, software, media or vulnerability information released today and those that have not yet released.
vendor noticed patch released intrusion time value life cycle of 0-day (quick response from vendor)
vendor noticed patch released intrusion time value life cycle of 0-day (very late response from vendor)
‣ 0-day users: intelligence agents, professional penetration testers, product vendors, random hackers/crackers
obtaining 0-day ‣ conducting research (source code/ binary audit) ‣ share/trade between friends ‣ install honeypot ‣ buy from 0-day brokers
market ‣ current 0-day business model is considered weak ‣ the auction model
the players ‣ corporate: ISS, eEye, iDEFENSE, TippingPoint (3Com/ZDI), Immunity, Gleg, Argeniss, wabisabilabi, etc ‣ group or personal: cirt.dk, piotr bania, inge henriksen, mario ballano, neil kettle, etc.
programs ‣ https://labs.idefense.com/vcp/ ‣ http://www.wslabi.com/wabisabilabi/ rrp.do? ‣ http://www.zerodayinitiative.com/ details.html
prizes ‣ remote arbitrary code execution vulnerabilities in specified e-mail clients and servers (outlook, outlook express, thunderbird, sendmail, exchange) $8,000 - $12,000 ‣ remote arbitrary code execution vulnerabilities in specified critical internet infrastructure applications (apache httpd, bind, sendmail, openssh, iis, exchange): $16.00 - $24.000
how many? ‣ every complex software have bugs ‣ we should assume every popular application exist has at least one 0-day exploit in wild ‣ professionals keep their own 0-day!
fin. jim@geovedi.com

Empfohlen

Keynote - Jim Geovedi - professional-hackers
Keynote - Jim Geovedi - professional-hackersKeynote - Jim Geovedi - professional-hackers
Keynote - Jim Geovedi - professional-hackersidsecconf
 
Ethical Hacking Presentation
Ethical Hacking PresentationEthical Hacking Presentation
Ethical Hacking PresentationAmanUllah115928
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKunal Gawade, CFE
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Edureka!
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingVishesh Singhal
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingMukul Agarwal
 

Empfohlen

Keynote - Jim Geovedi - professional-hackers
Keynote - Jim Geovedi - professional-hackersKeynote - Jim Geovedi - professional-hackers
Keynote - Jim Geovedi - professional-hackersidsecconf
 
Ethical Hacking Presentation
Ethical Hacking PresentationEthical Hacking Presentation
Ethical Hacking PresentationAmanUllah115928
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKunal Gawade, CFE
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Edureka!
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingVishesh Singhal
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingMukul Agarwal
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportRaghav Bisht
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile AppsSophos Benelux
 
Ethical hacking course
Ethical hacking courseEthical hacking course
Ethical hacking courseChitraKuder
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRavi Rajput
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingkawsarahmedchoudhuryzzz
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damentalSatria Ady Pradana
 
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Edureka!
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...Edureka!
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hackingGeorgekutty Francis
 
ethical hacking
ethical hackingethical hacking
ethical hackingsamprada123
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingMazenetsolution
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAltacit Global
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingjustyogesh
 
Hacking
HackingHacking
HackingVipinYadav257
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSVishnupriya5
 
Ethical hacking course ppt
Ethical hacking course pptEthical hacking course ppt
Ethical hacking course pptDharsiniRavichandran
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information securityJayanth Vinay
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNitheesh Adithyan
 
Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot SecurityJim Geovedi
 
Professional Hackers
Professional HackersProfessional Hackers
Professional HackersJim Geovedi
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportRaghav Bisht
 
Ethical hacking course
Ethical hacking courseEthical hacking course
Ethical hacking courseChitraKuder
 
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Edureka!
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...Edureka!
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hackingGeorgekutty Francis
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingjustyogesh
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information securityJayanth Vinay
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 

Was ist angesagt? (20)

Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training Report
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
Ethical hacking course
Ethical hacking courseEthical hacking course
Ethical hacking course
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
 
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hacking
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking
HackingHacking
Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking course ppt
Ethical hacking course pptEthical hacking course ppt
Ethical hacking course ppt
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information security
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Andere mochten auch

Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot SecurityJim Geovedi
 
Professional Hackers
Professional HackersProfessional Hackers
Professional HackersJim Geovedi
 
IDS & Log Management
IDS & Log ManagementIDS & Log Management
IDS & Log ManagementJim Geovedi
 
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipJim Geovedi
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverJim Geovedi
 
Wireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers PlaygroundWireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers PlaygroundJim Geovedi
 
AI & NLP pada @begobet
AI & NLP pada @begobetAI & NLP pada @begobet
AI & NLP pada @begobetJim Geovedi
 
Cheating the 10,000 hour rule
Cheating the 10,000 hour ruleCheating the 10,000 hour rule
Cheating the 10,000 hour ruleJim Geovedi
 
Waluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaWaluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaJim Geovedi
 
Hacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsHacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsJim Geovedi
 
Satellite Telephony Security
Satellite Telephony SecuritySatellite Telephony Security
Satellite Telephony SecurityJim Geovedi
 
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Jim Geovedi
 
Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)Jim Geovedi
 
Hacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionHacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionJim Geovedi
 
The 21st Century Bank Job
The 21st Century Bank JobThe 21st Century Bank Job
The 21st Century Bank JobJim Geovedi
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Jim Geovedi
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Jim Geovedi
 
Warezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingWarezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingJim Geovedi
 

Andere mochten auch (20)

Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot Security
 
Professional Hackers
Professional HackersProfessional Hackers
Professional Hackers
 
IDS & Log Management
IDS & Log ManagementIDS & Log Management
IDS & Log Management
 
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
 
Internet Worms
Internet WormsInternet Worms
Internet Worms
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to Discover
 
Wireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers PlaygroundWireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers Playground
 
AI & NLP pada @begobet
AI & NLP pada @begobetAI & NLP pada @begobet
AI & NLP pada @begobet
 
Cheating the 10,000 hour rule
Cheating the 10,000 hour ruleCheating the 10,000 hour rule
Cheating the 10,000 hour rule
 
Waluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaWaluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social Media
 
Hacking Trust
Hacking TrustHacking Trust
Hacking Trust
 
Hacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsHacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
 
Satellite Telephony Security
Satellite Telephony SecuritySatellite Telephony Security
Satellite Telephony Security
 
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
 
Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)
 
Hacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionHacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT Connection
 
The 21st Century Bank Job
The 21st Century Bank JobThe 21st Century Bank Job
The 21st Century Bank Job
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
 
Warezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingWarezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite Hacking
 

Ähnlich wie Hacking Cracking 2008

Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfAdrian Sanabria
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofAdrian Sanabria
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg Tunde Ogunkoya
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic SecurityDenim Group
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 
HITCON 2017: Building a Public RPZ Service to Protect the World's Consumers
HITCON 2017: Building a Public RPZ Service to Protect the World's ConsumersHITCON 2017: Building a Public RPZ Service to Protect the World's Consumers
HITCON 2017: Building a Public RPZ Service to Protect the World's ConsumersJohn Bambenek
 
Application Security by Ethical Hackers
Application Security by Ethical HackersApplication Security by Ethical Hackers
Application Security by Ethical HackersEntersoft
 
SignaturesAreDead Long Live RESILIENT Signatures
SignaturesAreDead Long Live RESILIENT SignaturesSignaturesAreDead Long Live RESILIENT Signatures
SignaturesAreDead Long Live RESILIENT SignaturesDaniel Bohannon
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!MITRE ATT&CK
 

Ähnlich wie Hacking Cracking 2008 (20)

Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard Of
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg
 
Exodus intel slideshare 2019
Exodus intel slideshare 2019Exodus intel slideshare 2019
Exodus intel slideshare 2019
 
Exodus intel slideshare 2019
Exodus intel slideshare 2019Exodus intel slideshare 2019
Exodus intel slideshare 2019
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic Security
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOps
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
 
HITCON 2017: Building a Public RPZ Service to Protect the World's Consumers
HITCON 2017: Building a Public RPZ Service to Protect the World's ConsumersHITCON 2017: Building a Public RPZ Service to Protect the World's Consumers
HITCON 2017: Building a Public RPZ Service to Protect the World's Consumers
 
Application Security by Ethical Hackers
Application Security by Ethical HackersApplication Security by Ethical Hackers
Application Security by Ethical Hackers
 
SignaturesAreDead Long Live RESILIENT Signatures
SignaturesAreDead Long Live RESILIENT SignaturesSignaturesAreDead Long Live RESILIENT Signatures
SignaturesAreDead Long Live RESILIENT Signatures
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
 

Kürzlich hochgeladen

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Kürzlich hochgeladen (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Hacking Cracking 2008

  • 1. hacking/cracking the other side of the story jim geovedi guide to ict megatrend 31 January 2008 — Hotel Shangri-La, Jakarta
  • 2. information security ‣ 0-day vulnerabilities
  • 3. infosec ≠ satpam ‣ current trends: identity thefts, botnet, mobile communication hacking, 0-day vulnerabilities, corporate espionage, wiretapping
  • 4. industry status ‣ big security companies acquire small start-up or spin-off companies to offer more solutions ‣ "palugada" propaganda
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. software development ‣ cheap software development? outsource to india or china!
  • 10. security investment ‣ companies bought a lot of security devices or applications ‣ firewall, anti virus, spam and content filtering, ids, ips, patch management, etc.
  • 11. common issues ‣ companies do not have enough resources. ‣ vendors re-introducing: ‣ weak and easy guessed passwords ‣ clear-text protocols ‣ misconfigurations
  • 12. information security ‣ 0-day vulnerabilities
  • 13. 0-day, pronounce zero-day, sometimes oh day, means new. ‣ the term has it's origin in the warez scene, but has become firmly entrenched in the exploit trading scene.
  • 14. 0-day is used to refer to exploits, software, media or vulnerability information released today and those that have not yet released.
  • 15. vendor noticed patch released intrusion time value life cycle of 0-day (quick response from vendor)
  • 16. vendor noticed patch released intrusion time value life cycle of 0-day (very late response from vendor)
  • 17.
  • 18.
  • 19. 0-day users: intelligence agents, professional penetration testers, product vendors, random hackers/crackers
  • 20. obtaining 0-day ‣ conducting research (source code/ binary audit) ‣ share/trade between friends ‣ install honeypot ‣ buy from 0-day brokers
  • 21. market ‣ current 0-day business model is considered weak ‣ the auction model
  • 22. the players ‣ corporate: ISS, eEye, iDEFENSE, TippingPoint (3Com/ZDI), Immunity, Gleg, Argeniss, wabisabilabi, etc ‣ group or personal: cirt.dk, piotr bania, inge henriksen, mario ballano, neil kettle, etc.
  • 23. programs ‣ https://labs.idefense.com/vcp/ ‣ http://www.wslabi.com/wabisabilabi/ rrp.do? ‣ http://www.zerodayinitiative.com/ details.html
  • 24. prizes ‣ remote arbitrary code execution vulnerabilities in specified e-mail clients and servers (outlook, outlook express, thunderbird, sendmail, exchange) $8,000 - $12,000 ‣ remote arbitrary code execution vulnerabilities in specified critical internet infrastructure applications (apache httpd, bind, sendmail, openssh, iis, exchange): $16.00 - $24.000
  • 25. how many? ‣ every complex software have bugs ‣ we should assume every popular application exist has at least one 0-day exploit in wild ‣ professionals keep their own 0-day!