TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Ethical hacking for fun and profit
1.
2. SUMMARY
• ETHICAL HACKING
• SECURITY AS A WAY TO LEARN
• IMAGE VS REALITY
• HACKER MINDSET
• THE REAL FULLSTACK
• WHERE TO BEGIN
• SECURITY AS A WAY TO MAKE BUSINESS
• CURRENT STATUS
• OFFENSIVE SECURITY SERVICES
• DEFENSIVE SECURITY SERVICES
• DEV SEC OPS
Join the IT Security
3. WHO THE HELL ARE YOU ?
• BATARD FLORENT @SHENRIL
• HTTP://CODE-ARTISAN.IO
• FRENCH
• DEVELOPER & SECURITY ENGINEER FOR 10 YEARS (FRANCE, SWITZERLAND, USA, JAPAN)
• TRY TO MIX THE DEVOPS TRENDS WITH SECURITY
4. ETHICAL HACKING
•HACKING WITH A SENSE OF RESPONSIBILITY
•TRY TO IMPROVE THE OVERALL SECURITY AWARENESS SITUATION
•TRY TO HELP THE PEOPLE REALLY BUILDING THE STUFF (REDTEAM/BLUETEAM)
•ALSO REFERRED AS WHITE HAT
•TRY TO MAKE BUILT-IN SECURITY THE EASIEST CHOICE YOU CAN MAKE
7. REALITY
• STATE SPONSORED CYBER ATTACKS
• NSA DEVELOPED ATTACKS MADE PUBLIC
• VULNERABILITY BUSINESS (VUPEN, COSEINC)
• ORGANIZED CRIME
• DARKWEB
• ECONOMIC ESPIONNAGE
• AND EVENTUALLY SOME LONELY GENIUSES DOING IT FOR THE FAME AND THE INTEL
• THERE IS A MIDDLE GROUND
• COMING TO MATURITY FOR SOME COMPANIES
• LITTLE AWARENESS FROM THE PUBLIC ON WHAT S REALLY POSSIBLE
• TOOLS AND MEANS TO HACK GOT OPENED TO EVERYONE (METASPLOIT, LOIC, SCANNERS, SQLMAP)
8. HACKER MINDSET
• HACKER WAS THE TERM FOR CURIOUS PEOPLE WHO FOUND NEW WAYS TO USE TECHNOLOGIES
• NEW WAYS OFTEN MEANT NOT PAYING FOR SOMETHING AND BECAME SECURITY RELATED
• LOVE TO SOLVE PROBLEMS AND INVESTIGATE
• LET’S DO THIS TODAY AND TAKE SOMETHING USUALLY PAINFUL TO MAKE IT YOUR STRENGTH
9. THE REAL FULLSTACK
•SECURITY IS THE MOST TRANSVERSAL DISCIPLINE IN I.T
• WEB / IOT / OS / MOBILE / CONTAINERS
• FROM MEMORY(BUFFER OVERFLOW) TO UI (WEB XSS)
•IT ALLOWS YOU TO DISCOVER A WIDE RANGE OF TECHNOLOGIES
• LANGUAGES
• FRAMEWORKS
• SYSTEMS
• NETWORKS
10. WHERE TO BEGIN
•TWO APPROACHES
• BEGIN WITH WHAT YOU KNOW
• TAKE YOUR BELOVED TECHNOLOGY
• FIND THE SECURITY ASPECT OF IT
• GO HACK YOURSELF
• BEGIN WITH WHAT YOU WANT TO KNOW
• BROWSE THE HACKING SCENE
• INVESTIGATE AREA YOU RE INTERESTED ABOUT
• JOIN EVENTS OR CONTESTS (CTF) TO CHALLENGE YOURSELF
11. WHAT CAN YOU DO
• TONS OF RESOURCES FOR TOOLS ONLINE
• SYSTEM HACKING: METASPLOIT, OPENVAS, NESSUS, GITHUB
• NETWORK HACKING: CAIN&ABEL, WIRESHARK, SCAPY, NMAP , AIRCRACK
• WEB HACKING : SQLMAP, WPSCAN, WPSEKU, BURP SUITE, OWASP ZAP, NIKTO, BEEF
• REVERSE ENGINEERING: IDA PRO, HEX RAYS, CFF
• PASSWORD CRACKING: HASHCAT , HYDRA, JOHN
• SOCIAL ENGINEERING: MALTEGO, SET, USB KEYS, YOUR BALLS AND A PHONE
• TRAIN TO HACK :
• ONLINE CTF , SECURITY EVENTS, ONLINE CONTESTS
• METASPLOITABLE 1/2/3, REGULAR WINDOWS XP
• DAMN VULNERABLE LINUX, DAMN VULNERABLE WEBAPP
• WEBGOAT, MUTILLIDAE
12. METASPLOIT DEMO
• SCAN A REMOTE MACHINE
• EXPLOIT A REMOTE MACHINE
• DISCOVER METERPRETER AND GO PARANOID
13. SQLMAP DEMO
• SCAN A REMOTE WEBSITE
• TRY TO EXPLOIT PARAMETERS
• DUMP THE DATABASE AND PASSWORDS
14. STEPS TO ENLIGHTMENT
1. LEARN THE TOOLS – REALLY ! ATTACKS PRACTICES , OPTIONS
2. LEARN THE CONCEPTS BEHIND THE TOOLS – NETWORK , OVERFLOW, INJECTIONS
3. LEARN THE TOOLS – HOW THEY DO IT
4. GO CTF AND JOIN A TEAM !
5. WRITE YOUR OWN TOOL, EXPLOIT CVE ?
6. SELL YOUR HACK TO BUG BOUNTY
15. SECURITY AS A WAY TO MAKE BUSINESS
SECURITY CAN BE GOOD BUSINESS
16. CURRENT STATUS
• AWARENESS IS STILL SHALLOW
• THEY SENSE THE DANGER BUT DON’T ALWAYS KNOW HOW TO PREVENT IT OR IF THEY ARE VULNERABLE
• MOST COMPANIES MISS THE BASIC HYGIENE ABOUT INFORMATION SECURITY
• EXAMPLE : WANNACRY / PETYA/ NOT-PETYA
• VULNERABILITY DEVELOPED BY THE NSA
• ETERNALBLUE MS17-010
• AVAILABLE IN METASPLOIT FOR FREE EITHER TO SCAN AND TO EXPLOIT
• ONLY NEED AN UPDATE
• JAPAN IS NOT A GOOD STUDENT ON THIS TOPIC AND IS QUITE FAR BEHIND
• LITTLE ECOSYSTEM: ABOUT 5 EVENTS ON THE TOPIC
• FEW PROFESSIONALS: THINKING OF THE BOX IS PRETTY RARE
• FEW BUSINESS RELATED TO SECURITY : TRENDMICRO, LAC, KCCS, KDL
• GOOD IN OPERATION BUT NOT IN R&D FOR SECURITY
17. OFFENSIVE SECURITY SERVICES
• SCAN OF VULNERABILITIES
• APPLICATION SCANNING
• INFRASTRUCTURE SCANNING
• CHECK OF OPEN PORTS AND AUTHORIZATION ON RESOURCES (S3 BUCKETS, SSH, RIGHTS)
• SOCIAL ENGINEERING CAMPAIGN: SEND FAKE EMAIL AND DO REPORTS
• REAL SECURITY ASSESSMENT
• LICENSE TO PWN: NEED TIGHT CONTRACT
• GO FURTHER INTO SCANNING AND EXPLOITING
• EXPLOIT UNTIL PROOF OF CORRUPTION : SCREENSHOTS, DATA
• TRY TO STEAL DATA IN PERSO : THE CONMAN
18. DEFENSIVE SECURITY SERVICES
• AWARENESS
• HTTPS://HAVEIBEENPWNED.COM/
• TEST THEIR DEFENSE: SEND PLACEBO VIRUS , SCAN OPEN PORTS FROM OUTSIDE
• PACKAGES VULNERABILITIES MAILING LIST : CVE COMES OUT , GET TAILORED EMAIL
• REVIEW OF CONFIGS ON TOOLS/ ENV : WAF, SECRETS, UNIX RIGHTS
• DEVELOPERS
• SECURITY CODE REVIEWS
• SECURITY DEPENDENCIES : BRAKEMAN , APPCANARY
• AUTOMATIC SCANNING OF VULNERABILITIES ON TEST ENV : VADDY
• CREATE CHECKLIST FOR DEVELOPERS : ASVS
19. STEP UP YOUR GAME
• PROPOSE SECURITY OPTIONS TO YOUR CURRENT WORK
• SECURITY MAINTENANCES
• REGULAR SECURITY SCANS
• THREAT INTELLIGENCE
• PROPOSE SECURITY SOLUTIONS TO YOUR CLIENTS
• CODE REVIEWS
• PENETRATION TESTING
• REGULAR / REAL-TIME SCANS
• AWARENESS VERIFICATION
• INCIDENT HANDLING
• INTRODUCE TO SECURITY SOLUTIONS
20. DEV SEC OPS
• MAKE SECURITY THE EASIEST CHOICE TO MAKE
• INTEGRATE INTO PIPELINES
• USE RECIPES TO BUILD SECURITY
• AUTOMATIC DEPENDENCIES CHECK
• AUTOMATIC KNOWN VULNERABILITY CHECK
• UPDATE POLICY ON SECURITY EVENTS
• WHAT OS VERSION DO YOU USE FOR PRODUCTION?
21. JOIN SECURITY ECOSYSTEM
• OWASP events worldwide, Kansai too
• Security topics at your favorite events
• DevSecOps practices
• Podcasting and Blogging
• Defensive Security Podcast
• Troy Hunt
• Exploit-db
• IPA / CERT