SlideShare una empresa de Scribd logo

Hacking WordPress... and countermeasures.

Nestor Angulo de Ugarte
Nestor Angulo de Ugarte

A beginners intro to cybersecurity in WordPress environment, showing how the hacking process works using the Art of War as the driving theme. Also, there are some examples to make conscious of what could happen if we don't care about this. This talk was presented in the WordCamp Osaka 2019.

Tecnología
1 de 69
Descargar para leer sin conexión
4
Hacking WordPress & Countermeasures NESTOR ANGULO DE UGARTE WORDCAMP OSAKA 2019 #WCOSAKA
こんにちわ! 6
Who I am 7 u Computer Science Engineer & Technology consultant u Photographer & Early Adopter u Truly curious guy u 2015: SUCURI Incident Response & Easy SSL u 2019: GoDaddy Spain Interim Head of IT @ GoDaddy Spain
Where is カ ナリア諸島 8
9 About u Sucuri: Anaconda (No Securi / Security) u Website security u Fully remote (people from > 25 countries around the world) u 2008: Foundation u 2017: Proud part of the GoDaddy family u Free scanners: u Sitecheck (sitecheck.sucuri.net) u Performance (performance.sucuri.net)
10 #WCOsaka2019 Nestor Angulo (@pharar)
Concepts GIVING CONTEXT 11 #WCOsaka2019NestorAngulo(@pharar)
DISCLAIMER 12 #WCOsaka2019 Nestor Angulo (@pharar) Any sensitive information has been protected/encrypted to preserve privacy. Any similiarity with reality is a coincidence. I’m responsible of what I say, not what you interpret. Always ask an expert.
#WCOsaka2019 Nestor Angulo (@pharar) 13
#WCOsaka2019 Nestor Angulo (@pharar) 14 ハッキングされた企業と、 ハッキングされたことをま だ知らない企業の2種類があ ります。
HACKER VS Cyberterrorist 15 #WCOsaka2019 Nestor Angulo (@pharar) Hacker: Curious person who loves to go beyond limits or convetionalisms. Cyberterrorist / Cracker: Computer Hacker, whom intentions are always aligned to enrich himself in a zero- sum game situation. The bad guy
Hacker Hat Colours 16 u Black Hat Cyberterrorist, thief u Grey Hat White Hat using illegal procedures u White Hat Security Analyst, ethical hacker
Malware u Software intentionally designed to cause damage to a computer, client, or computer network. u Some types: u Backdoors, zero-day u Exploits u Trojan horses, Fremium plugins u Ransomware, Spyware u Adware, Scareware 17
CyberSecurity & Web Security 18 u Cybersecurity: Security in the digital world u Web Security: Field of Cybersecurity u Covers what happens through port 80 / 443
FACTS 19 Site hacking almost never is client-oriented (98% of cases) Almost always happens due to a deficient monitoring / maintenance A SSL certificate is not an antihacking shield Patches & security updates appear almost always after hacking exploits Errare Humanum Est (Human being fails) Security never is (nor will be) 100% effective
FACTS 20 Source: Website Hack Trend Report 2018 – sucuri.net
The Art of War IN THE MIND OF YOUR ENEMY
Common Targets 22 #WCOsaka2019 Nestor Angulo (@pharar) Users info Database Website Content Infrastructure Bot Net Reputation
Know your weaknesses 23 u You are your weakest point u You can be scammed u Passwords. u Vulnerable to brute force attacks u Leftovers u Admin users u Outdated/vulnerable software u Enabled/Disabled not-in-use plugins/themes u Non-secure connection (avoid public wifi) u Vulnerable to Man-In-the-Middle attacks
Hacking WordPress. The Process 24 Vulnerability ->Exploit Injection Final code Backdoor Spam / defacement BotNode Final code
Definitions 25 u Vulnerability u Bug in the code or posibility of misuse that can be exploited to perform unauthorized actions within a computer system. u Exploit u Software that leverages a vulnerability u Backdoor u Malware which allows remote execution of code
WPScan Vulnerability Database wpvulndb.com 26
Gallery of Horrors 27 #WCOsaka2019NestorAngulo(@pharar)
Defacements
Defacements
Example 1: Photographer Gallery 30
31 #WCOsaka2019NestorAngulo(@pharar)
32 #WCOsaka2019NestorAngulo(@pharar)
Example 2: Pet food store 33
34
35
Bonus 36
37
DEFACEMENTS 38 #WCOsaka2019 Nestor Angulo (@pharar) Partial / full replacement of website frontend. Very obvious Easy detection: - Users (hear them!) - Scanners Target: Awareness or social/political revindication
Black Hat SEO / Spam
40
41
42
43
44
BLACK HAT SEO / SPAM 45 #WCOsaka2019 Nestor Angulo (@pharar) Spam/unwanted content in your site Detection: - Scanners (Easy) - Users (hear them!) - Search Engine warnings Target: Your SEO and reputation
DDoS Attacks / BotNets
Definitions 47 u DoS attack - Denial of Service - Overhelmed application due to a huge amount of petitions u DDoS attack u Distributed DoS u BotNet u Net of websites linked to act coordinated u Have bot nodes and a bot master
Normal, tending to calm 48
49
50
BOTNETS, CRYPTOMINERS, DDOS 51 #WCOsaka2019 Nestor Angulo (@pharar) Affecting to your infrastructure Detection: - Usually difficult - Strange use of resources - File Integrity Scanner WAF recommended Target: - Your server’s resources - User’s resources. - Zombie node
Countermeasures REACTIVES AND PROACTIVE MEASURES 52 #WCOsaka2019NestorAngulo(@pharar)
Characters in the Story (if something happens) 53 You • Owner / Admins • Developer & Designer • Users/clients Hosting Provider • Agent / C3 • Support & Backups Security Expert • Security department • External services
Security in Layers 54 u You ( the weakest layer ) u Your device ( Antivirus ) u Your connection ( SSL ) u Your website ( WAF ) u Your credentials ( Strong Passwords / 2FA ) u Your site security ( monitor / updates ) u Your server security ( monitor / updates ) u Your database ( monitor ) u Maintenance tasks
Measures: Reactive vs Proactive 55 #WCOsaka2019 Nestor Angulo (@pharar) Reactive: When bad things have already happened Pain mitigation Proactive: Before anything bad happens Risk mitigation
#WCOsaka2019 Nestor Angulo (@pharar) Reactive measures u Scan your site: uStatus: Sitecheck.sucuri.net uBlacklist: Virustotal.com u CRC: Check, Remove and Change u Update u Restore a backup 56
57 #WCOsaka2019NestorAngulo(@pharar)
#WCOsaka2019 Nestor Angulo (@pharar) Proactive measures u Reduce admins, plugins and themes u Backups u Updates u Invest in Hosting & Security u WAF 58
The more Doors, the higher Risk 59 #WCOsaka2019 Nestor Angulo (@pharar) “To Caesar, what is Caesar’s”. Admin stuff with admin account. The rest, with a limited account The more admins, plugins and themes the more risk (even when disabled). All user’s passwords MUST be unique and strong (better with 2FA when possible) Applied to all layers (wp-admin, [S]FTP, cPanel, dashboard, db, …)
BACKUPS 60 u Have a backups strategy uNEVER store the backups in your production server uA clean and FUNCTIONAL backup will be your best friend a bad day
BACKUPS 61 u Have a backups strategy uNEVER store the backups in your production server uA clean and backup will be your best friend a bad day
Updates 62 u PLUGINS u THEMES u CORE u PHP u APACHE / NGINX u SERVER u CPANEL / PLESK u …
Updates 63 Source: Web Professional Security Survey 2019 – Sucuri.net
Remember to Invest in 64 #WCOsaka2019 Nestor Angulo (@pharar) SECURITY HOSTING
Hosting 65 #WCOsaka2019 Nestor Angulo (@pharar) FIRST LAYER OF YOUR SITE’S DEFENSE BALANCE BETWEEN PRICE AND FEATURES THEY ARE IN CHARGE OF THE SERVER’S SERVICES, DATABASE AND MAINTENANCE
Shared hosting vs dedicated #WCOsaka2019NestorAngulo(@pharar) 66
Source: 2019 Sucuri survey to ecommerce owners. 67
WAF Your guard dog 68 #WCOsaka2019 Nestor Angulo (@pharar) FILTERS ALL YOUR WEB TRAFFIC PROTECTS AGAINST XSS, DDOS, … PATCHS VIRTUALLY WIDELY KNOWN SOFTWARE VULNERABILITIES IF IT INCLUDES CDN, IMPROVES YOUR SITE’S SPEED & PERFORMANCE FORENSIC ANALISYS TOOL ALLOWS MANUAL BLOCKING
WAF Your guard dog 69 #WCOsaka2019 Nestor Angulo (@pharar) FILTERS ALL YOUR WEB TRAFFIC PROTECTS AGAINST XSS, DDOS, … PATCHS VIRTUALLY WELL KNOWN SOFTWARE VULNERABILITIES IF IT INCLUDES CDN, YOUR SITE WILL IMPROVE ITS SPEED AND PERFORMANCE FORENSIC ANALISYS TOOL ALLOWS MANUAL BLOCKING
70 #WCOsaka2019 Nestor Angulo (@pharar)
71 #WCOsaka2019NestorAngulo(@pharar)
ありがとうござ いました︕ ご質問は︖ 72 @pharar #WCOSAKA2019

Recomendados

2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober20152016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
Saumil Shah
 
The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016
Saumil Shah
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
EC-Council
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testing
NowSecure
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Mazin Ahmed
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec Crossroads
Saumil Shah
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
Saumil Shah
 

Recomendados

2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober20152016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
Saumil Shah
 
The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016
Saumil Shah
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
EC-Council
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testing
NowSecure
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Mazin Ahmed
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec Crossroads
Saumil Shah
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
Saumil Shah
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
Ben Ten (0xA)
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
James Wickett
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptx
Peter Yaworski
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universe
Sébastien GIORIA
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of Security
Saumil Shah
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
Saumil Shah
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
Shubham Gupta
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014
Sebastien Gioria
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
Cyren, Inc
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APT
Avkash Kathiriya
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Saumil Shah
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection
☁️Seyfallah Tagrerout☁ [MVP]
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)
Phillip Maddux
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
Sebastien Gioria
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013
IGN MANTRA
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Mazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
Abhinav Mishra
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers Job
Arbin Godar
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
Ammar WK
 
Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.
Nestor Angulo de Ugarte
 
I've been hacked! So, now, what!?
I've been hacked! So, now, what!?I've been hacked! So, now, what!?
I've been hacked! So, now, what!?
Nestor Angulo de Ugarte
 

Más contenido relacionado

La actualidad más candente

It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
Ben Ten (0xA)
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
James Wickett
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universe
Sébastien GIORIA
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APT
Avkash Kathiriya
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013
IGN MANTRA
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers Job
Arbin Godar
 

La actualidad más candente (20)

It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptx
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universe
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of Security
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APT
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers Job
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 

Similar a Hacking WordPress... and countermeasures.

OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
Valerie Houghton
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
Valerie Houghton
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
Cyber Security Alliance
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
Gilles Sgro
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
lior mazor
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
sudip pudasaini
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 

Similar a Hacking WordPress... and countermeasures. (20)

Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.
 
I've been hacked! So, now, what!?
I've been hacked! So, now, what!?I've been hacked! So, now, what!?
I've been hacked! So, now, what!?
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security way
 
QAing the security way!
QAing the security way!QAing the security way!
QAing the security way!
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pj
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
 

Más de Nestor Angulo de Ugarte

Más de Nestor Angulo de Ugarte (6)

¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?
 
Limpiar Sitios Hackeados
Limpiar Sitios HackeadosLimpiar Sitios Hackeados
Limpiar Sitios Hackeados
 
Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.
 
Me han Hackeado... ¿Y ahora qué?
Me han Hackeado... ¿Y ahora qué?Me han Hackeado... ¿Y ahora qué?
Me han Hackeado... ¿Y ahora qué?
 
WordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las BackdoorsWordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las Backdoors
 
Backdoor: El Bueno, El Feo y el Malo
Backdoor: El Bueno, El Feo y el MaloBackdoor: El Bueno, El Feo y el Malo
Backdoor: El Bueno, El Feo y el Malo
 

Último

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Último (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

Hacking WordPress... and countermeasures.