SlideShare una empresa de Scribd logo

Penetration Testing is the Art of the Manipulation

JongWon Kim
JongWon Kim
Tecnología
1 de 52
Descargar para leer sin conexión
Penetration Testing is the Art of the Manipulation Attack & Defense Author: JongWon Kim dikien2012@gmail.com 1
Table of Contents Penetration Testing is the Art of the Manipulation…………………………...............................................1 Table of Contents……….........................................................................................................................2 About Me.................................................................................................................................................3 Planning the Attack.................................................................................................................................5 Staging the Attack (1): WEB Server ................................................................................................5 - Stage 1. Reconnaissance…………………………………………………………………..……..…5 - Stage 2. Information Gathering.………………………………………………….……...................6 - Stage 3. Target Exploitation……………………………………………………………………..….. 8 - Stage 4. Privilege Escalation…………………………………………………………..……………11 - Stage 5. Maintaining Access………………………………………………………..………………18 Staging the Attack (2): DNS Server .....................................................................................................25 - Stage 1. Information Gathering………………………………………………………….….……25 - Stage 2. Post Exploit(Pivot)……………………………………………………………………..….28 Staging the Forensic…………………………………………………………………………………………35 - Stage 1. Web Shell Detection………………………………………………………………………35 - Stage 2. Log Analysis…………………………………………………………………………..……40 - Stage3. Volatility……………………………………………………………………………………44 Staging the Defense: Code Level…………………………………………………………………………..47 Summary...............................................................................................................................................50 Reference………………………………………………………………………………….……………………51 2
About Me Name: JongWon Kim Blog: http://dikien2012.blogspot.com LinkedIn: http://kr.linkedin.com/pub/jongwon-kim/45/a40/b07/en Twitter: @dikien2012 My Experience: Period Working Experience Personal Experience 2011. 08  C, Linux, CCNA 2011. 09  Windows 2008 Server, Perl 2011. 10  Working as a Math Teacher  Reversing  L2,L3,L4, Firewall Configuration 2011. 11  WIFI-Hacking(SWSE) 2011. 12  System Hacking(SMFE) 2012. 01~02  Exploit Code Study using ROP  Privacy Information Protection Law  WEB Hacking 2012. 04~09  Security Solution Operation(IPS, WAF,  Database Security and DB Access Control) Technical Skills:  Experience in Black and White Box Penetration Testing to identify system vulnerabilities and test security controls in firewalls, routers, IDS and IPS, and various types of servers, including Windows and UNIX Web, Mail, FTP, DNS, Domain Controllers and applications hosted internally  Strong Web Application Assessment Experience such as SQL Injection, Cross Site Scripting, Cookie Manipulation, and Buffer Overflows  Vulnerability Detection and Remediation  Familiarity with penetration testing tools such as BackTrack and MetaSpolit vulnerability scanning tools such as pangolin, wireshark, Nexpose, nmap, Acunetix and AppScan  Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP)  Conduct onsite and remote Social Engineering testing including persuasion, phishing, mock websites, and telephone contact  Experience in Evasion Techniques to bypass firewalls, and intrusion detection  Knowledge of security tools such as IPS, WAF and Database monitoring  Ability to conduct source code reviews with PHP  Familiarity with scripting Python  In familiarity with Windows, Solaris, and AIX 3
 Familiarity with XML, SOAP, JSON and Ajax and HTML5  Network Switching and Routing (Cisco)  Knowledge of TCP and IP protocols and networking architectures wireless LAN security, including 802.11 standards Consulting Skills:  Independence: Self-Managed and Motivated  Team Oriented  Formal policy and procedure documents  Public Speaking  Technical Writing 4
Planning the Attack After 2100 years, human beings put the micro chipset into their brain to get smarter. As all ages do, disaster occurs. Some bad guys develop the exploit to manipulate human. Computer malwares are still big trouble and human zombies are created. I am trying to prevent an even worse tragedy to analysis the malware. However, the trouble is that the malware is protected by some anti-reversing key. I got some letter from anonymous. It said that there are anti-reversing code and human botnet lists on NASA‟s database. At the end of letter, it was written on “aliens/toor”. Let‟s explore!!! A list of Attack Directives is the following: 1) Compromise as much of NASA‟s network as possible 2) Extract data to find out anti-reversing key and the list of Human Zombie 3) Pivot its network Staging the Attack  Mission 1. Attack WEB Server Stage 1. Reconnaissance  Scenario:  Ping the host and get the IP address  Use the whatweb to figure out more information from response  I skipped out DNS brute force since it is the virtual host  Attack Detail  Ping the host and get the IP address [Figure 1. Ping the host]  We can figure out what is the version of PHP, HTTP Server, Country, Admin Email, and Operation System. It will show more information if you type “-v a=4” [Figure 2. whatweb] 5
Stage 2. Information Gathering  Scenario:  Use the nmap to find services and OS that runs on the server  Use nexpose to get more specific information  Use w3af to figure out what web vulnerabilities are  Attack Detail  -sV and -O option of nmap will give you version and OS information [Figure 3. Services from nmap] [Figure 4. OS from nmap] 6
 This Nexpose results show me 58 vulnerabilities, especially “default SSH password is toor” is one of the critical things. You can also use Nessus and compare to Nessus results to increase false positives and false negatives. [Figure 5. more details from Nexpose]  There are many w3af plugins, but I will use only audit option to save my time [ Figure 6. w3af: Plugin Setting ] 7
 There are XSS, command injection, SQL injection, and LFI. On top of that, there is upload vulnerability but, it can‟t find out. I will use Blind SQL injection vulnerability to breach database on Stage 3. [Figure 7. w3af: results] Stage 3. Target Exploitation  Scenario:  Use the sqlmap to breach database (target is attack_2 payload)  Use hashcat to crack hashes  Attack Detail  Let‟s find out current database user, name, and password, but it wasn‟t able to get a password with sqlmap. Current user is general@% and database name is members. It didn‟t turn out to the password of the general user. I will use another tactic to get the password later. [Figure 8. Sqlmap: current database user and name] 8
 Members table have four fields: message, sessions, topics, and users. I guess users might be user‟s ids and passwords and session is also similar role for authorization. [Figure 9. Sqlmap: Members database]  As I expected, there are information related users on members table. I am curious about message table. What‟s the message? Let‟s dig into there. [Figure 10. Sqlmap: message table on members database]  Let‟s dump message table on members database. There are two hash values. It looks like some hints to get human botnet lists and anti-reversing key. 9
[Figure 11. Sqlmap: hash values on message table]  Let‟s crack them out using hashcat. Hash values are secret and checkout. I guess that secret means database name. However, there is a big problem. Sqlmap doesn‟t show me a table named secret. It means two possibilities. First, there is no secret table. Second, user named “general” has no authority to look into. I bet second one and time to privilege escalation to check it out. [Figure 12. Hashcat: cipher text : clear text] 10
Stage 4. Privilege Escalation  Scenario:  Use a fimap to spawn a shell  Use a Expect to get a TTY  Make a Upload page with “MySQL Dumpfile option”  Upload a webshell  Attack Detail  Use a fimap to figure out which parameters have RFI and LFI vulnerabilities. [Figure 13. Fimap: vulnerable parameters] 11
 -x option means that it will exploit the target with above output. Choose [1] to exploit “www.nasa.com”. Choose [1] to take advantage of „rfi‟ parameter. I will use pentestmonkey‟s reverse shell. Let‟s Choose [2] and put my ip address and port to connect back to my backtrack. [Figure 14. Fimap: reverse shell]  Netcat is listening on 1000 port for reverse shell [ Figure 15. Netcat: waiting for a shell] 12
 I got a shell and checked my id is www-data, but problem is it communicates without cipher text. It can be detected IPS. Let‟s reduce this possibility with AES HTTP shell below. [Figure 16. Reverse shell: id] [Figure 17. Wireshark: not cipher text]  “su and ssh” didn‟t work properly. Those two instructions are necessary for post exploitation. Let‟s solve the problem with magic shell. [Figure 18. Message: must be run from a terminal]  Time to try “aliens/toor” from the letter. With a magic shell, I can use su and ssh command. [Figure 19. Magic shell] 13
 Check the kernel version with “uname -a” to get a root privilege. Download local exploit source from exploit-db and compile it. [Figure 20. Download local exploit code]  Execute it and I finally get a root shell and change shell from ”/bin/sh” to “/bin/bash” for convenience [Figure 21. Privilege escalation success] 14
[Figure 22. Change the shell to bash]  There is a suspicious folder named treasure. Real treasure is over there, database password, but I am not sure that this user has a super privilege. [Figure 23. Password for database]  Below is the job for make a webpage to upload webshell. I create two tables. [ Figure 24. Make two tables] 15
 Insert some values into each table and save them to “/var/www/upload/”. [Figure 25. Create a “form.php” ] [Figure 26. Create a “upload.php” ] 16
 Choose the file which you would like to prefer and upload and move to “/var/www/upload/” [Figure 27. Choose the”r57shell.php” ] [Figure 28. Move the file in webrooot ] 17
Stage 5. Maintaining Access  Scenario:  Use a weevely to make a backdoor with password  Brute force attack to get an ftp credential with metasploit  Traffic Obfuscation: AES HTTP Reverse shell  Attack Detail  Backdoor was created identified by password=complexpassword [Figure 29. Make a backdoor]  Use a metasploit for brute force attack and get an id and password. [Figure 30. Make a backdoor] 18
 Upload the backdoor with FTP [Figure 31. Upload the backdoor]  I don‟t need r57shell, upload.php and form.php files anymore since backdoor is uploaded successfully [ Figure 32. Remove unnecessary files]  Change the privilege to read the backdoor by www-data user [Figure 33. Change the privilege] 19
 Connect to the backdoor and check out post exploit modules [ Figure 34. Weevely: post exploit modules]  Enumerate readable web config files using module “:audit.user_files auto=web “. Extract credentials from readable file and log in the database with those credentials. Since this process I have already done, I left it for reader. Let‟s look around internal network and check out if there is another server. I will exploit 192.168.100.40 on Mission 2. [Figure 35. Weevely: Explore internal network] 20
 Find writable system script to replace with malicious script. First, enumerate writable user files using module. Second, upload malicious script replacing system file. [Figure 36. Weevely: Upload a malicious script]  If you are lazy to above process, Intersect 2.5(post exploit module) will also be very nice choice. It includes many awesome feature such as backdoor, collecting credential, internal network, variety of shells and etc. Select modules you would create and create it with “:create”. [Figure 37. Intersect: Setting modules] [Figure 38. Intersect: backdoor file] 21
 Compare normal shell and AES HTTP Reverse shell. From now, I used pentest monkey‟s reverse shell and weevely‟s backdoor. Since these two shells communicate not cipher text, I use AES HTTP Reverse shell with cipher text. [Figure 39. Fimap: Server setting] [Figure 40. Fimap: Server Start] [ Figure 41. AES HTTP Reverse shell communicates with cipher text] 22
 Upload another webshell to test if this shell works properly. Upload .htaccess to bypass whitelist extension server side script. [Figure 42. Upload .htaccess]  Upload another webshell named “c99-bl_hongrae.txt”. The server recognizes “.txt” extension to “.php” since “.htaccess”. [Figure 43. Upload the “c99-bl_hongrae.txt”] 23
 Check it out if the webshell having extension “.txt” works well. It works very well. [Figure 44. Upload the “c99-bl_hongrae.txt”]  There is 192.168.100.40 which is alive on internal network. Let‟s attack this one 24
 Mission 2. Attack DNS Server Stage 1. Information Gathering  Scenario:  Make a payload to communicate metasploit  Upload a payload and pivot 192.168.100.40 with that session  SSH Enumerate and Brute force  Attack Detail  Make a custom payload and waiting for connecting back to 1337 ports [Figure 45. Make a payload] [Figure 46. Waiting for a session]  Upload a payload with FTP and give the permission to execute it [Figure 47. Upload a payload] 25
[Figure 48. Change the permission] [Figure 49. Connecting a Session]  First, enumerate SSH version. It shows SSH-2.0 running on Sun OS [Figure 50. Enumerate a banner] 26
 Second, Brute force attack with known password file [Figure 51. Brute force]  Third, Connect it and it shows that server is for DNS [Figure 52. SSH Connection] 27
Stage 2. Post Exploit  Scenario:  Manipulate the forward zone file  From previous, pivot 192.168.100.40 with compromised web server.  Getting Human Botnet and Anti-Reversing Key  Destroy the machine  Attack Detail  Change company main hompage ip address to my ip address [Figure 53. Pollute forward zone file]  Setting the compromised web server to attack victims and use CVE-2012-1889 vulnerability with the metasploit [Figure 54. Metasploit: CVE-2012-1889] 28
 As soon as clients try to connect company‟s website, they will be in the big trouble. Even if clients have anti-virus solution, it would be useless since the exploit migrate very fast [Figure 55. Antivirus is so slow]  Regardless of anti-virus solution, session was created, and works well [Figure 56. Metasploit: sessions]  Collecting information of compromised the desktop [Figure 57. Metasploit: Collecting *.inc] 29
 “db.inc” looks like curious and opens it. It‟s the password that I am looking for. I am sure this machine belongs to database administrator. [Figure 58. Metasploit: found database password]  Check out server name and available tokens [Figure 59. Metasploit: UID and Tokens]  Check out hash dump and crack it with john [Figure 60. Metasploit: Hashdump] 30
[Figure 61. John: Crack the Hashdump]  Getting more information with “run scraper” [Figure 62. Metasploit: Getting more Information]  Make a persistent backdoor with “run metsvc –A” and check out that works properly [Figure 63. Metasploit: Making a backdoor] 31
[Figure 64. Metasploit: Backdoor is running]  Run VNC and I found there is a HeidiSQL for administration. I finally was able to get a secret table. There are human botnet list and decoding key for reverisng. [Figure 65. Metasploit: VNC] [Figure 66. VNC: Connecting secret table] [Figure 67. VNC: Human Botnet List] 32
[Figure 68. VNC: Decoding Key]  After getting information, I set up my mind to destroy that machine using bat file [Figure 69. Bat file] [Figure 70. Execute a bat file] [Figure 71. Execute a bat file] 33
[Figure 72. Deleting system files]  After rebooting, computer doesn‟t work properly [Figure 73. Booting Fail] 34
Staging the Forensic Stage 1. Web Shell Detection  Scenario:  First Filter: Web Shell Detector(NeoPI & Emposha)  Second Filter: Manual Job with Grep  Manual Job  Details  I will use the NeoPI to detect whether web shell is uploaded or not. This is basic NeoPI‟s options. Upload folders are “/tmp/” and “/var/www/upload/”, I will look into one of them. Let‟s look at “/var/www/” with “./neopi.py /var/www/ -a”, -a means it will run all test. It will show you 5 different types of results. [Figure 74. NeoPI: Entropy] [Figure 75. NeoPI: Longestword] 35
[Figure 76. NeoPI: Signature] [Figure 77. NeoPI: IC] [Figure 78. NeoPI: Commulative]  At this time, I will use another web shell detector named Emposha to reduce false positive. Upload it at webroot folder and execute it at the browser. In my opinion, NeoPI‟s performance is better than Emposha. [Figure 79. Emposha: Upload at webroot] 36
[Figure 80. Emposha: Result(1)] [Figure 81. Emposha: Result(2)] [Figure 82. Emposha: Result(3)] 37
[Figure 83. Emposha: Result(4)] [Figure 84. Emposha: Result(5)] [Figure 85. Emposha: Result(5)] [Figure 86. Emposha: Result(6)] 38
 If you find one that is suspicious, you can test it manually with grep instruction. I will choose one of the files that are suspicious from upper outcome. [Figure 86. Grep: Command] [Figure 87. Grep: Evidence(1)] [Figure 88. Grep: Evidence(2)] Below are dangerous functions. It can be used with the argument of the grep.  PHP: require(), include(), eval(), exec(), passthru(), system(), fopen(), etc  Python: exec(), eval(), execfile(), compile(), input()  Perl: open(), sysopen(), glob(), system()  C: system(), exec(), strcpy(), strcat(), sprintf()  Java: system.* (system.runtime) 39
Stage 2. Log Analysis  Scenario:  Collecting Log files  Analysis  Details  Analysis the utmp with utmp parser. If user log out, this will be wiped out. Wtmp, lastlog, secure, xferlog, sulog, ~./history, access_log, error_log and other logs can be analyzed similarly. [Figure 89. Utmp Analysis(1)] [Figure 90. Utmp Analysis(2)] 40
 There is a backdoor and someone tried to use “CVE-2012-2122” to bypass Authentication [Figure 91. Bash_History Analysis]  Something was injected into local directory and there will be a suspicious user from “flush privilege” [Figure 92. MySQL_History Analysis] [Figure 92. Apache2 Log Analysis(1): SQL Injection] 41
[Figure 93. Apache2 Log Analysis(2): WebShell] [Figure 94. Apache2 Log Analysis(3): Directory Traversal] [Figure 95. Permission Analysis(1): User] [Figure 96. Permission Analysis(2): Group] 42
[Figure 97. Log Analysis: Passwd] [Figure 98. Log Analysis: Service] [Figure 99. Log Analysis: Hidden files]  On top of that, these following commands will also be worth: “cat /etc/crontab”, “ls /etc/cron.daily/”, “cat /etc/login.defs | grep -v "#"”, "cat /etc/profile | grep umask”, “rpcinfo –p”, “ps -ef | grep rpc”, “ps -aux | grep ftp”, “ls -ltrR /var/spool/cron”, and “crontab -l” 43
Stage 3. Volatility  Details  Sorry for missing original memory dump from DBA[figure- ]. Maintaining the evidence is essential for forensic. However, I forgot to dump the memory when I destroy DBA‟s machine. I just will show how to extract memory image and analysis basic commands. [Figure 100. Moonsol: Dump the memory to protect the evidence(1)] [Figure 101. Moonsol: Dump the memory to protect the evidence(2)] 44
[Figure 102. Volatility: Prepare] [Figure 103. Volatility: cmdscan] [Figure 104. Volatility: connscan] 45
[Figure 105. Volatility: getsids] [Figure 106. Volatility: pstree] [Figure 107. Volatility: svcscan] 46
Staging the Defense I referenced “Essential PHP Security” and “Pro PHP Security” for secure coding. I wrote two page index.php, vulnerable page and indexs.php, more secure page. I have learned input validation from user input is extremely important step before query go into database. Checking based on white list is much better than black list for upload file. I used internal function, regular expression and type conversion to be secured the code. Also, I did white list checking way as much as possible. Especially, Restricting length of input value from preventing SQL Injection is a nice idea. I didn‟t apply to secure token, but it would be better if it was. [Figure 108. Secure Coding: String Type SQL Injection = Escape Data + Length Restriction] [Figure 109. Secure Coding: Directory Traversal] 47
[Figure 110. Secure Coding: Checking based on White List(1)] [Figure 111. Secure Coding: Checking based on White List(2)] 48
[Figure 112. Secure Coding: Checking based on White List(3)] 49
Summary “If DNS server was compromised from bad guy, what would be happen?” I started to write this paper with the thought. Recent vulnerabilities from Java, flash, and windows are severely threaten to us called zero day vulnerability. Of course, I do not think there are companies that allow connecting to DNS server from anonymous. I make this scenario to show as many as attack types. I hope that this paper will be securing your valuable assets. I used every tool about web and database on backtrack 5 R3. I compared each of tools and tried to get catch what is the strong point of each of them. My future work might be making a suitable tool for me and concentrate on improving many advanced techniques about web hacking. Thank you for reading my study. I always believe that my strong point is that I have a quick learning skill than my competitors. 50
Reference 1. Essential PHP Security by Chris Shiflett (Oct 20, 2005) 2. Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses (Expert's Voice in Open Source) by Chris Snyder, Thomas Myer and Michael Southwell (Dec 9, 2010) 3. 데이터베이스 보안 by 조은백(Feb 11, 2011) 4. HTML5&CSS3 실무테크닉 by 조승한, 안종일(Mar 5, 2012) 5. Python,PHP,HTML5,AJAX,JQuery Online Study 6. RFI 방어 입력값 검증 PHP코드정리 7. InfoSec Resources – PT Example 8. Protocol-Level Evasion of Web Application Firewalls | Qualys Security Labs | Qualys Community 9. RFI DDOS 봇넷분석 10. [시스템 해킹] 리눅스 Setuid :: 네이버 블로그 11. [시스템 해킹] 리눅스 backdoor 찾는법과 숨기는법 :: 네이버 블로그 12. Meterpreter_cheat_sheet_v0.1.pdf 13. Post-Exploitation Without A TTY | pentestmonkey 14. 취약한 PHP코드 참조하기 15. htaccess를 이용 16. Apache 가이드 강추 17. MySQL 보안 설정(권한) 18. 40 Beautiful Free HTML5 & CSS3 Templates 19. Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL5 / MySQL323 / MD4 / WPA / WPA2 - Passwords recovery - Reverse hash lookup Online - Hash Calculator 20. [Linux1] 20일차 - find,grep.. :: 네이버블로그 21. 리눅스-vsftp-설치,설정(root),파일업.. :: 네이버블로그 22. contagio: CVE-2012-1889 Microsoft XML vulnerability - Samples and Analysis by Brian Mariani and Frédéric Bourla 23. John The Ripper Hash Formats | pentestmonkey 24. SkipfishDoc - skipfish - Project documentation - web application security scanner - Google Project Hosting 25. Wooks Home. : PHP Injection 26. Backtrack 5 R3 Metasploit Post Modules (What To Do After You Compromise A System) 27. Python Backdoor - Aes Encrypted Traffic 28. Apache의 access log 관리 방법 :: 네이버 블로그 29. grep 명령어 및 옵션 :: 네이버 블로그 51
30. Metasploit: CVE-2012-2122: mysql취약점인데 이미 패치됨 31. 솔라리스 DNS 32. Fedora VSFTP 업로드 33. mysql 원격 34. sql injection sample code + remode code excution 35. PHP - mySQL 개발자를 위한 보안 팁 .. :: 네이버블로그 36. cyb3r sh3ll - Browse Files at SourceForge.net 37. Xss Trojan Using Evilweb Tool 38. msfpayload 39. su crack ssh bruth force metasploit 40. Nmap Scripting Engine Introduction With Http-Enumeration 41. CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability | The Hacker News 42. hackers 매거진 43. ohdae/Intersect-2.5 · GitHub 44. msfconsole haking ftp + backdors - YouTube 45. SQL Injection/LFI/XSS Exploit Scanner + web shell Hunter - XCode - Yogyafree - YouTube 46. Weevely 0.6 Tutorial - bruteforce and SQL pwnage - YouTube 47. CVE-2012-1889- Microsoft XML Core Services Vulnerability Metasploit Demo - YouTube 48. sqlmap (EuroPython2011) - YouTube 49. FIMAP - AES HTTP Reverse Shell Plugin - YouTube 50. 백도어FIMAP - Local File Inclusion to Remote Code Execution - YouTube 51. SQLMap 페이지변조 js삽입해서 shell of the future하기 52. Information Security: Tutorial: How to scan exp... | SecurityStreet 53. Deface All Sites on Server Without Root - YouTube 54. Programming a Custom Backdoor in Python - YouTube 55. How SQL Injection Attacks Work 유투브 인터뷰 56. Mercury : 시스템 로그 분석 57. Pragmatic Forensics : 잽싸게 올리고 빠지는 utmp parser 58. Memory Acquisition Tools 59. MoonSols Windows Memory Toolkit | MoonSols 60. ToTo : 해킹 후 깔끔하게 로그 지우기 61. Reversing & Malware Analysis Training Part 8 - Malware Memory Foresnics - YouTube 52

Recomendados

Spreading Technique used by Malware
Spreading Technique used by MalwareSpreading Technique used by Malware
Spreading Technique used by MalwareAbhishek Singh
 
Crisis. advanced malware
Crisis. advanced malwareCrisis. advanced malware
Crisis. advanced malwareYury Chemerkin
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
 
Denial of Service Attack Project
Denial of Service Attack ProjectDenial of Service Attack Project
Denial of Service Attack ProjectNadim Ebadi
 
Welcome to the world of hacking
Welcome to the world of hackingWelcome to the world of hacking
Welcome to the world of hackingTjylen Veselyj
 
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYCOUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYIJNSA Journal
 
nullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric Systemnullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric Systemn|u - The Open Security Community
 
International Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics EngineeringInternational Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics Engineeringanchalsinghdm
 

Recomendados

Spreading Technique used by Malware
Spreading Technique used by MalwareSpreading Technique used by Malware
Spreading Technique used by MalwareAbhishek Singh
 
Crisis. advanced malware
Crisis. advanced malwareCrisis. advanced malware
Crisis. advanced malwareYury Chemerkin
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
 
Denial of Service Attack Project
Denial of Service Attack ProjectDenial of Service Attack Project
Denial of Service Attack ProjectNadim Ebadi
 
Welcome to the world of hacking
Welcome to the world of hackingWelcome to the world of hacking
Welcome to the world of hackingTjylen Veselyj
 
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYCOUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYIJNSA Journal
 
nullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric Systemnullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric Systemn|u - The Open Security Community
 
International Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics EngineeringInternational Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics Engineeringanchalsinghdm
 
Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Florin D. Tanasache
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedYury Chemerkin
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Linuxmalaysia Malaysia
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareBRNSSPublicationHubI
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control AddressAngie Lee
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?Dmitry Evteev
 
13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber SecurityCedar Consulting
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
Owning bad guys {and mafia} with javascript botnets
Owning bad guys {and mafia} with javascript botnetsOwning bad guys {and mafia} with javascript botnets
Owning bad guys {and mafia} with javascript botnetsChema Alonso
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointAndrew McNicol
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxkarthikvcyber
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hackerbestip
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threatsKishore Kumar
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointAndrew McNicol
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 

Más contenido relacionado

Similar a Penetration Testing is the Art of the Manipulation

Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Florin D. Tanasache
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedYury Chemerkin
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareBRNSSPublicationHubI
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control AddressAngie Lee
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?Dmitry Evteev
 
13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber SecurityCedar Consulting
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
Owning bad guys {and mafia} with javascript botnets
Owning bad guys {and mafia} with javascript botnetsOwning bad guys {and mafia} with javascript botnets
Owning bad guys {and mafia} with javascript botnetsChema Alonso
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointAndrew McNicol
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxkarthikvcyber
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hackerbestip
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threatsKishore Kumar
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointAndrew McNicol
 

Similar a Penetration Testing is the Art of the Manipulation (20)

Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security Software
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 
13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
Owning bad guys {and mafia} with javascript botnets
Owning bad guys {and mafia} with javascript botnetsOwning bad guys {and mafia} with javascript botnets
Owning bad guys {and mafia} with javascript botnets
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPoint
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Último (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Penetration Testing is the Art of the Manipulation

  • 1. Penetration Testing is the Art of the Manipulation Attack & Defense Author: JongWon Kim dikien2012@gmail.com 1
  • 2. Table of Contents Penetration Testing is the Art of the Manipulation…………………………...............................................1 Table of Contents……….........................................................................................................................2 About Me.................................................................................................................................................3 Planning the Attack.................................................................................................................................5 Staging the Attack (1): WEB Server ................................................................................................5 - Stage 1. Reconnaissance…………………………………………………………………..……..…5 - Stage 2. Information Gathering.………………………………………………….……...................6 - Stage 3. Target Exploitation……………………………………………………………………..….. 8 - Stage 4. Privilege Escalation…………………………………………………………..……………11 - Stage 5. Maintaining Access………………………………………………………..………………18 Staging the Attack (2): DNS Server .....................................................................................................25 - Stage 1. Information Gathering………………………………………………………….….……25 - Stage 2. Post Exploit(Pivot)……………………………………………………………………..….28 Staging the Forensic…………………………………………………………………………………………35 - Stage 1. Web Shell Detection………………………………………………………………………35 - Stage 2. Log Analysis…………………………………………………………………………..……40 - Stage3. Volatility……………………………………………………………………………………44 Staging the Defense: Code Level…………………………………………………………………………..47 Summary...............................................................................................................................................50 Reference………………………………………………………………………………….……………………51 2
  • 3. About Me Name: JongWon Kim Blog: http://dikien2012.blogspot.com LinkedIn: http://kr.linkedin.com/pub/jongwon-kim/45/a40/b07/en Twitter: @dikien2012 My Experience: Period Working Experience Personal Experience 2011. 08  C, Linux, CCNA 2011. 09  Windows 2008 Server, Perl 2011. 10  Working as a Math Teacher  Reversing  L2,L3,L4, Firewall Configuration 2011. 11  WIFI-Hacking(SWSE) 2011. 12  System Hacking(SMFE) 2012. 01~02  Exploit Code Study using ROP  Privacy Information Protection Law  WEB Hacking 2012. 04~09  Security Solution Operation(IPS, WAF,  Database Security and DB Access Control) Technical Skills:  Experience in Black and White Box Penetration Testing to identify system vulnerabilities and test security controls in firewalls, routers, IDS and IPS, and various types of servers, including Windows and UNIX Web, Mail, FTP, DNS, Domain Controllers and applications hosted internally  Strong Web Application Assessment Experience such as SQL Injection, Cross Site Scripting, Cookie Manipulation, and Buffer Overflows  Vulnerability Detection and Remediation  Familiarity with penetration testing tools such as BackTrack and MetaSpolit vulnerability scanning tools such as pangolin, wireshark, Nexpose, nmap, Acunetix and AppScan  Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP)  Conduct onsite and remote Social Engineering testing including persuasion, phishing, mock websites, and telephone contact  Experience in Evasion Techniques to bypass firewalls, and intrusion detection  Knowledge of security tools such as IPS, WAF and Database monitoring  Ability to conduct source code reviews with PHP  Familiarity with scripting Python  In familiarity with Windows, Solaris, and AIX 3
  • 4. Familiarity with XML, SOAP, JSON and Ajax and HTML5  Network Switching and Routing (Cisco)  Knowledge of TCP and IP protocols and networking architectures wireless LAN security, including 802.11 standards Consulting Skills:  Independence: Self-Managed and Motivated  Team Oriented  Formal policy and procedure documents  Public Speaking  Technical Writing 4
  • 5. Planning the Attack After 2100 years, human beings put the micro chipset into their brain to get smarter. As all ages do, disaster occurs. Some bad guys develop the exploit to manipulate human. Computer malwares are still big trouble and human zombies are created. I am trying to prevent an even worse tragedy to analysis the malware. However, the trouble is that the malware is protected by some anti-reversing key. I got some letter from anonymous. It said that there are anti-reversing code and human botnet lists on NASA‟s database. At the end of letter, it was written on “aliens/toor”. Let‟s explore!!! A list of Attack Directives is the following: 1) Compromise as much of NASA‟s network as possible 2) Extract data to find out anti-reversing key and the list of Human Zombie 3) Pivot its network Staging the Attack  Mission 1. Attack WEB Server Stage 1. Reconnaissance  Scenario:  Ping the host and get the IP address  Use the whatweb to figure out more information from response  I skipped out DNS brute force since it is the virtual host  Attack Detail  Ping the host and get the IP address [Figure 1. Ping the host]  We can figure out what is the version of PHP, HTTP Server, Country, Admin Email, and Operation System. It will show more information if you type “-v a=4” [Figure 2. whatweb] 5
  • 6. Stage 2. Information Gathering  Scenario:  Use the nmap to find services and OS that runs on the server  Use nexpose to get more specific information  Use w3af to figure out what web vulnerabilities are  Attack Detail  -sV and -O option of nmap will give you version and OS information [Figure 3. Services from nmap] [Figure 4. OS from nmap] 6
  • 7. This Nexpose results show me 58 vulnerabilities, especially “default SSH password is toor” is one of the critical things. You can also use Nessus and compare to Nessus results to increase false positives and false negatives. [Figure 5. more details from Nexpose]  There are many w3af plugins, but I will use only audit option to save my time [ Figure 6. w3af: Plugin Setting ] 7
  • 8. There are XSS, command injection, SQL injection, and LFI. On top of that, there is upload vulnerability but, it can‟t find out. I will use Blind SQL injection vulnerability to breach database on Stage 3. [Figure 7. w3af: results] Stage 3. Target Exploitation  Scenario:  Use the sqlmap to breach database (target is attack_2 payload)  Use hashcat to crack hashes  Attack Detail  Let‟s find out current database user, name, and password, but it wasn‟t able to get a password with sqlmap. Current user is general@% and database name is members. It didn‟t turn out to the password of the general user. I will use another tactic to get the password later. [Figure 8. Sqlmap: current database user and name] 8
  • 9. Members table have four fields: message, sessions, topics, and users. I guess users might be user‟s ids and passwords and session is also similar role for authorization. [Figure 9. Sqlmap: Members database]  As I expected, there are information related users on members table. I am curious about message table. What‟s the message? Let‟s dig into there. [Figure 10. Sqlmap: message table on members database]  Let‟s dump message table on members database. There are two hash values. It looks like some hints to get human botnet lists and anti-reversing key. 9
  • 10. [Figure 11. Sqlmap: hash values on message table]  Let‟s crack them out using hashcat. Hash values are secret and checkout. I guess that secret means database name. However, there is a big problem. Sqlmap doesn‟t show me a table named secret. It means two possibilities. First, there is no secret table. Second, user named “general” has no authority to look into. I bet second one and time to privilege escalation to check it out. [Figure 12. Hashcat: cipher text : clear text] 10
  • 11. Stage 4. Privilege Escalation  Scenario:  Use a fimap to spawn a shell  Use a Expect to get a TTY  Make a Upload page with “MySQL Dumpfile option”  Upload a webshell  Attack Detail  Use a fimap to figure out which parameters have RFI and LFI vulnerabilities. [Figure 13. Fimap: vulnerable parameters] 11
  • 12. -x option means that it will exploit the target with above output. Choose [1] to exploit “www.nasa.com”. Choose [1] to take advantage of „rfi‟ parameter. I will use pentestmonkey‟s reverse shell. Let‟s Choose [2] and put my ip address and port to connect back to my backtrack. [Figure 14. Fimap: reverse shell]  Netcat is listening on 1000 port for reverse shell [ Figure 15. Netcat: waiting for a shell] 12
  • 13. I got a shell and checked my id is www-data, but problem is it communicates without cipher text. It can be detected IPS. Let‟s reduce this possibility with AES HTTP shell below. [Figure 16. Reverse shell: id] [Figure 17. Wireshark: not cipher text]  “su and ssh” didn‟t work properly. Those two instructions are necessary for post exploitation. Let‟s solve the problem with magic shell. [Figure 18. Message: must be run from a terminal]  Time to try “aliens/toor” from the letter. With a magic shell, I can use su and ssh command. [Figure 19. Magic shell] 13
  • 14. Check the kernel version with “uname -a” to get a root privilege. Download local exploit source from exploit-db and compile it. [Figure 20. Download local exploit code]  Execute it and I finally get a root shell and change shell from ”/bin/sh” to “/bin/bash” for convenience [Figure 21. Privilege escalation success] 14
  • 15. [Figure 22. Change the shell to bash]  There is a suspicious folder named treasure. Real treasure is over there, database password, but I am not sure that this user has a super privilege. [Figure 23. Password for database]  Below is the job for make a webpage to upload webshell. I create two tables. [ Figure 24. Make two tables] 15
  • 16. Insert some values into each table and save them to “/var/www/upload/”. [Figure 25. Create a “form.php” ] [Figure 26. Create a “upload.php” ] 16
  • 17. Choose the file which you would like to prefer and upload and move to “/var/www/upload/” [Figure 27. Choose the”r57shell.php” ] [Figure 28. Move the file in webrooot ] 17
  • 18. Stage 5. Maintaining Access  Scenario:  Use a weevely to make a backdoor with password  Brute force attack to get an ftp credential with metasploit  Traffic Obfuscation: AES HTTP Reverse shell  Attack Detail  Backdoor was created identified by password=complexpassword [Figure 29. Make a backdoor]  Use a metasploit for brute force attack and get an id and password. [Figure 30. Make a backdoor] 18
  • 19. Upload the backdoor with FTP [Figure 31. Upload the backdoor]  I don‟t need r57shell, upload.php and form.php files anymore since backdoor is uploaded successfully [ Figure 32. Remove unnecessary files]  Change the privilege to read the backdoor by www-data user [Figure 33. Change the privilege] 19
  • 20. Connect to the backdoor and check out post exploit modules [ Figure 34. Weevely: post exploit modules]  Enumerate readable web config files using module “:audit.user_files auto=web “. Extract credentials from readable file and log in the database with those credentials. Since this process I have already done, I left it for reader. Let‟s look around internal network and check out if there is another server. I will exploit 192.168.100.40 on Mission 2. [Figure 35. Weevely: Explore internal network] 20
  • 21. Find writable system script to replace with malicious script. First, enumerate writable user files using module. Second, upload malicious script replacing system file. [Figure 36. Weevely: Upload a malicious script]  If you are lazy to above process, Intersect 2.5(post exploit module) will also be very nice choice. It includes many awesome feature such as backdoor, collecting credential, internal network, variety of shells and etc. Select modules you would create and create it with “:create”. [Figure 37. Intersect: Setting modules] [Figure 38. Intersect: backdoor file] 21
  • 22. Compare normal shell and AES HTTP Reverse shell. From now, I used pentest monkey‟s reverse shell and weevely‟s backdoor. Since these two shells communicate not cipher text, I use AES HTTP Reverse shell with cipher text. [Figure 39. Fimap: Server setting] [Figure 40. Fimap: Server Start] [ Figure 41. AES HTTP Reverse shell communicates with cipher text] 22
  • 23. Upload another webshell to test if this shell works properly. Upload .htaccess to bypass whitelist extension server side script. [Figure 42. Upload .htaccess]  Upload another webshell named “c99-bl_hongrae.txt”. The server recognizes “.txt” extension to “.php” since “.htaccess”. [Figure 43. Upload the “c99-bl_hongrae.txt”] 23
  • 24. Check it out if the webshell having extension “.txt” works well. It works very well. [Figure 44. Upload the “c99-bl_hongrae.txt”]  There is 192.168.100.40 which is alive on internal network. Let‟s attack this one 24
  • 25.  Mission 2. Attack DNS Server Stage 1. Information Gathering  Scenario:  Make a payload to communicate metasploit  Upload a payload and pivot 192.168.100.40 with that session  SSH Enumerate and Brute force  Attack Detail  Make a custom payload and waiting for connecting back to 1337 ports [Figure 45. Make a payload] [Figure 46. Waiting for a session]  Upload a payload with FTP and give the permission to execute it [Figure 47. Upload a payload] 25
  • 26. [Figure 48. Change the permission] [Figure 49. Connecting a Session]  First, enumerate SSH version. It shows SSH-2.0 running on Sun OS [Figure 50. Enumerate a banner] 26
  • 27. Second, Brute force attack with known password file [Figure 51. Brute force]  Third, Connect it and it shows that server is for DNS [Figure 52. SSH Connection] 27
  • 28. Stage 2. Post Exploit  Scenario:  Manipulate the forward zone file  From previous, pivot 192.168.100.40 with compromised web server.  Getting Human Botnet and Anti-Reversing Key  Destroy the machine  Attack Detail  Change company main hompage ip address to my ip address [Figure 53. Pollute forward zone file]  Setting the compromised web server to attack victims and use CVE-2012-1889 vulnerability with the metasploit [Figure 54. Metasploit: CVE-2012-1889] 28
  • 29. As soon as clients try to connect company‟s website, they will be in the big trouble. Even if clients have anti-virus solution, it would be useless since the exploit migrate very fast [Figure 55. Antivirus is so slow]  Regardless of anti-virus solution, session was created, and works well [Figure 56. Metasploit: sessions]  Collecting information of compromised the desktop [Figure 57. Metasploit: Collecting *.inc] 29
  • 30. “db.inc” looks like curious and opens it. It‟s the password that I am looking for. I am sure this machine belongs to database administrator. [Figure 58. Metasploit: found database password]  Check out server name and available tokens [Figure 59. Metasploit: UID and Tokens]  Check out hash dump and crack it with john [Figure 60. Metasploit: Hashdump] 30
  • 31. [Figure 61. John: Crack the Hashdump]  Getting more information with “run scraper” [Figure 62. Metasploit: Getting more Information]  Make a persistent backdoor with “run metsvc –A” and check out that works properly [Figure 63. Metasploit: Making a backdoor] 31
  • 32. [Figure 64. Metasploit: Backdoor is running]  Run VNC and I found there is a HeidiSQL for administration. I finally was able to get a secret table. There are human botnet list and decoding key for reverisng. [Figure 65. Metasploit: VNC] [Figure 66. VNC: Connecting secret table] [Figure 67. VNC: Human Botnet List] 32
  • 33. [Figure 68. VNC: Decoding Key]  After getting information, I set up my mind to destroy that machine using bat file [Figure 69. Bat file] [Figure 70. Execute a bat file] [Figure 71. Execute a bat file] 33
  • 34. [Figure 72. Deleting system files]  After rebooting, computer doesn‟t work properly [Figure 73. Booting Fail] 34
  • 35. Staging the Forensic Stage 1. Web Shell Detection  Scenario:  First Filter: Web Shell Detector(NeoPI & Emposha)  Second Filter: Manual Job with Grep  Manual Job  Details  I will use the NeoPI to detect whether web shell is uploaded or not. This is basic NeoPI‟s options. Upload folders are “/tmp/” and “/var/www/upload/”, I will look into one of them. Let‟s look at “/var/www/” with “./neopi.py /var/www/ -a”, -a means it will run all test. It will show you 5 different types of results. [Figure 74. NeoPI: Entropy] [Figure 75. NeoPI: Longestword] 35
  • 36. [Figure 76. NeoPI: Signature] [Figure 77. NeoPI: IC] [Figure 78. NeoPI: Commulative]  At this time, I will use another web shell detector named Emposha to reduce false positive. Upload it at webroot folder and execute it at the browser. In my opinion, NeoPI‟s performance is better than Emposha. [Figure 79. Emposha: Upload at webroot] 36
  • 37. [Figure 80. Emposha: Result(1)] [Figure 81. Emposha: Result(2)] [Figure 82. Emposha: Result(3)] 37
  • 38. [Figure 83. Emposha: Result(4)] [Figure 84. Emposha: Result(5)] [Figure 85. Emposha: Result(5)] [Figure 86. Emposha: Result(6)] 38
  • 39. If you find one that is suspicious, you can test it manually with grep instruction. I will choose one of the files that are suspicious from upper outcome. [Figure 86. Grep: Command] [Figure 87. Grep: Evidence(1)] [Figure 88. Grep: Evidence(2)] Below are dangerous functions. It can be used with the argument of the grep.  PHP: require(), include(), eval(), exec(), passthru(), system(), fopen(), etc  Python: exec(), eval(), execfile(), compile(), input()  Perl: open(), sysopen(), glob(), system()  C: system(), exec(), strcpy(), strcat(), sprintf()  Java: system.* (system.runtime) 39
  • 40. Stage 2. Log Analysis  Scenario:  Collecting Log files  Analysis  Details  Analysis the utmp with utmp parser. If user log out, this will be wiped out. Wtmp, lastlog, secure, xferlog, sulog, ~./history, access_log, error_log and other logs can be analyzed similarly. [Figure 89. Utmp Analysis(1)] [Figure 90. Utmp Analysis(2)] 40
  • 41. There is a backdoor and someone tried to use “CVE-2012-2122” to bypass Authentication [Figure 91. Bash_History Analysis]  Something was injected into local directory and there will be a suspicious user from “flush privilege” [Figure 92. MySQL_History Analysis] [Figure 92. Apache2 Log Analysis(1): SQL Injection] 41
  • 42. [Figure 93. Apache2 Log Analysis(2): WebShell] [Figure 94. Apache2 Log Analysis(3): Directory Traversal] [Figure 95. Permission Analysis(1): User] [Figure 96. Permission Analysis(2): Group] 42
  • 43. [Figure 97. Log Analysis: Passwd] [Figure 98. Log Analysis: Service] [Figure 99. Log Analysis: Hidden files]  On top of that, these following commands will also be worth: “cat /etc/crontab”, “ls /etc/cron.daily/”, “cat /etc/login.defs | grep -v "#"”, "cat /etc/profile | grep umask”, “rpcinfo –p”, “ps -ef | grep rpc”, “ps -aux | grep ftp”, “ls -ltrR /var/spool/cron”, and “crontab -l” 43
  • 44. Stage 3. Volatility  Details  Sorry for missing original memory dump from DBA[figure- ]. Maintaining the evidence is essential for forensic. However, I forgot to dump the memory when I destroy DBA‟s machine. I just will show how to extract memory image and analysis basic commands. [Figure 100. Moonsol: Dump the memory to protect the evidence(1)] [Figure 101. Moonsol: Dump the memory to protect the evidence(2)] 44
  • 45. [Figure 102. Volatility: Prepare] [Figure 103. Volatility: cmdscan] [Figure 104. Volatility: connscan] 45
  • 46. [Figure 105. Volatility: getsids] [Figure 106. Volatility: pstree] [Figure 107. Volatility: svcscan] 46
  • 47. Staging the Defense I referenced “Essential PHP Security” and “Pro PHP Security” for secure coding. I wrote two page index.php, vulnerable page and indexs.php, more secure page. I have learned input validation from user input is extremely important step before query go into database. Checking based on white list is much better than black list for upload file. I used internal function, regular expression and type conversion to be secured the code. Also, I did white list checking way as much as possible. Especially, Restricting length of input value from preventing SQL Injection is a nice idea. I didn‟t apply to secure token, but it would be better if it was. [Figure 108. Secure Coding: String Type SQL Injection = Escape Data + Length Restriction] [Figure 109. Secure Coding: Directory Traversal] 47
  • 48. [Figure 110. Secure Coding: Checking based on White List(1)] [Figure 111. Secure Coding: Checking based on White List(2)] 48
  • 49. [Figure 112. Secure Coding: Checking based on White List(3)] 49
  • 50. Summary “If DNS server was compromised from bad guy, what would be happen?” I started to write this paper with the thought. Recent vulnerabilities from Java, flash, and windows are severely threaten to us called zero day vulnerability. Of course, I do not think there are companies that allow connecting to DNS server from anonymous. I make this scenario to show as many as attack types. I hope that this paper will be securing your valuable assets. I used every tool about web and database on backtrack 5 R3. I compared each of tools and tried to get catch what is the strong point of each of them. My future work might be making a suitable tool for me and concentrate on improving many advanced techniques about web hacking. Thank you for reading my study. I always believe that my strong point is that I have a quick learning skill than my competitors. 50
  • 51. Reference 1. Essential PHP Security by Chris Shiflett (Oct 20, 2005) 2. Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses (Expert's Voice in Open Source) by Chris Snyder, Thomas Myer and Michael Southwell (Dec 9, 2010) 3. 데이터베이스 보안 by 조은백(Feb 11, 2011) 4. HTML5&CSS3 실무테크닉 by 조승한, 안종일(Mar 5, 2012) 5. Python,PHP,HTML5,AJAX,JQuery Online Study 6. RFI 방어 입력값 검증 PHP코드정리 7. InfoSec Resources – PT Example 8. Protocol-Level Evasion of Web Application Firewalls | Qualys Security Labs | Qualys Community 9. RFI DDOS 봇넷분석 10. [시스템 해킹] 리눅스 Setuid :: 네이버 블로그 11. [시스템 해킹] 리눅스 backdoor 찾는법과 숨기는법 :: 네이버 블로그 12. Meterpreter_cheat_sheet_v0.1.pdf 13. Post-Exploitation Without A TTY | pentestmonkey 14. 취약한 PHP코드 참조하기 15. htaccess를 이용 16. Apache 가이드 강추 17. MySQL 보안 설정(권한) 18. 40 Beautiful Free HTML5 & CSS3 Templates 19. Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL5 / MySQL323 / MD4 / WPA / WPA2 - Passwords recovery - Reverse hash lookup Online - Hash Calculator 20. [Linux1] 20일차 - find,grep.. :: 네이버블로그 21. 리눅스-vsftp-설치,설정(root),파일업.. :: 네이버블로그 22. contagio: CVE-2012-1889 Microsoft XML vulnerability - Samples and Analysis by Brian Mariani and Frédéric Bourla 23. John The Ripper Hash Formats | pentestmonkey 24. SkipfishDoc - skipfish - Project documentation - web application security scanner - Google Project Hosting 25. Wooks Home. : PHP Injection 26. Backtrack 5 R3 Metasploit Post Modules (What To Do After You Compromise A System) 27. Python Backdoor - Aes Encrypted Traffic 28. Apache의 access log 관리 방법 :: 네이버 블로그 29. grep 명령어 및 옵션 :: 네이버 블로그 51
  • 52. 30. Metasploit: CVE-2012-2122: mysql취약점인데 이미 패치됨 31. 솔라리스 DNS 32. Fedora VSFTP 업로드 33. mysql 원격 34. sql injection sample code + remode code excution 35. PHP - mySQL 개발자를 위한 보안 팁 .. :: 네이버블로그 36. cyb3r sh3ll - Browse Files at SourceForge.net 37. Xss Trojan Using Evilweb Tool 38. msfpayload 39. su crack ssh bruth force metasploit 40. Nmap Scripting Engine Introduction With Http-Enumeration 41. CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability | The Hacker News 42. hackers 매거진 43. ohdae/Intersect-2.5 · GitHub 44. msfconsole haking ftp + backdors - YouTube 45. SQL Injection/LFI/XSS Exploit Scanner + web shell Hunter - XCode - Yogyafree - YouTube 46. Weevely 0.6 Tutorial - bruteforce and SQL pwnage - YouTube 47. CVE-2012-1889- Microsoft XML Core Services Vulnerability Metasploit Demo - YouTube 48. sqlmap (EuroPython2011) - YouTube 49. FIMAP - AES HTTP Reverse Shell Plugin - YouTube 50. 백도어FIMAP - Local File Inclusion to Remote Code Execution - YouTube 51. SQLMap 페이지변조 js삽입해서 shell of the future하기 52. Information Security: Tutorial: How to scan exp... | SecurityStreet 53. Deface All Sites on Server Without Root - YouTube 54. Programming a Custom Backdoor in Python - YouTube 55. How SQL Injection Attacks Work 유투브 인터뷰 56. Mercury : 시스템 로그 분석 57. Pragmatic Forensics : 잽싸게 올리고 빠지는 utmp parser 58. Memory Acquisition Tools 59. MoonSols Windows Memory Toolkit | MoonSols 60. ToTo : 해킹 후 깔끔하게 로그 지우기 61. Reversing & Malware Analysis Training Part 8 - Malware Memory Foresnics - YouTube 52