SlideShare una empresa de Scribd logo

All your bases belong to us

Alessio Pennasilico
Alessio Pennasilico

Slide sull'approccio hacker alla sicurezza, passando da lockpicking, biometria e penetration test fantasiosi

Tecnología
1 de 19
Descargar para leer sin conexión
All your bases belong to us! Alessio L.R. Pennasilico Roma, 7 Aprile 2011 mayhem@alba.st twitter: mayhemspp FaceBook: alessio.pennasilico
$ whois mayhem Security Evangelist @ Board of Directors: CLUSIT, Associazione Informatici Professionisti (AIP/OPSI), Associazione Italiana Professionisti Sicurezza Informatica (AIPSI), Italian Linux Society (ILS), OpenBSD Italian User Group, Hacker’s Profiling Project All your bases belong to us! mayhem@alba.st 2
Hacker? The Tech Model Railroad club is an MIT student activity founded during the 1946-1947 school year, making this our 60th year, and making TMRC one of the oldest clubs at MIT. The Tech Model Railroad Club (TMRC) caters to model railroaders, railfans, and hackers alike. Our activities involve all aspects of model railroading, including the application of computer technology and timetable passenger and card-order freight operation. All your bases belong to us! mayhem@alba.st 3
Hacking?
Lockpicking Quanto è facile aprire una serratura? All your bases belong to us! mayhem@alba.st 5
Quanto ci vuole? http://www.youtube.com/watch?v=pgE1YJWQzTA All your bases belong to us! mayhem@alba.st 6
Come funziona? http://www.youtube.com/watch?v=_sQ9gcjtLQM All your bases belong to us! mayhem@alba.st 7
Per tutte le serrature? http://www.youtube.com/watch?v=g0Zw4JI4cxs&feature=related All your bases belong to us! mayhem@alba.st 8
Dove sono le serrature? All your bases belong to us! mayhem@alba.st 9
Biometria Uso cosciente? “Qualcosa che si possiede” Change Password All your bases belong to us! mayhem@alba.st 10
Social Engineering è più facile decriptare una password o chiederla? All your bases belong to us! mayhem@alba.st 11
Facebook Hacking “The social reconnaissance enabled us to identify 1402 employees 906 of which used facebook.” […] “We also populated the profile with information about our experiences at work by using combined stories that we collected from real employee facebook profiles.” http://snosoft.blogspot.com/2009/02/facebook-from-hackers-perspective.html All your bases belong to us! mayhem@alba.st 12
Fiducia “Upon completion we joined our customer's facebook group. Joining wasn't an issue and our request was approved in a matter of hours. Within twenty minutes of being accepted as group members, legitimate customer employees began requesting our friendship. […] Our friends list grew very quickly and included managers, executives, secretaries, interns, and even contractors.” All your bases belong to us! mayhem@alba.st 13
Risultati “We used those credentials to access the web- vpn which in turn gave us access to the network. As it turns out those credentials also allowed us to access the majority of systems on the network including the Active Directory server, the mainframe, pump control systems, the checkpoint firewall console, etc.” All your bases belong to us! mayhem@alba.st 14
Come mi proteggo? (Pen)Test Analisi (efficacia? deterrente?) Formazione All your bases belong to us! mayhem@alba.st 15
Conclusioni
Conclusioni Non fidarci di misure di sicurezza il cui scopo è farci sentire sicuri non quello di proteggerci All your bases belong to us! mayhem@alba.st 17
Conclusioni Dobbiamo rifuggire la pigrizia mentale Chi vuole i nostri dati lo farà per certo All your bases belong to us! mayhem@alba.st 18
These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution- ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :) Domande? Grazie per l’attenzione! Alessio L.R. Pennasilico Roma, 7 Aprile 2011 mayhem@alba.st twitter: mayhemspp FaceBook: alessio.pennasilico

Recomendados

Protecting online data unit 1
Protecting online data unit 1Protecting online data unit 1
Protecting online data unit 1
callum321
 
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
mdevtalk
 
Hacked - What do you do now?
Hacked - What do you do now?Hacked - What do you do now?
Hacked - What do you do now?
Tony Perez
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
luca menini
 
Come passare al sl e vivere felici padova
Come passare al sl e vivere felici padovaCome passare al sl e vivere felici padova
Come passare al sl e vivere felici padova
luca menini
 
Cittadini e cristiani custodi dell'ambiente
Cittadini e cristiani custodi dell'ambienteCittadini e cristiani custodi dell'ambiente
Cittadini e cristiani custodi dell'ambiente
luca menini
 
Cosa Sono I Sistemi Informativi
Cosa Sono I Sistemi InformativiCosa Sono I Sistemi Informativi
Cosa Sono I Sistemi Informativi
luca menini
 
RSA vs Hacker
RSA vs HackerRSA vs Hacker
RSA vs Hacker
Alessio Pennasilico
 

Recomendados

Protecting online data unit 1
Protecting online data unit 1Protecting online data unit 1
Protecting online data unit 1
callum321
 
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
mdevtalk
 
Hacked - What do you do now?
Hacked - What do you do now?Hacked - What do you do now?
Hacked - What do you do now?
Tony Perez
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
luca menini
 
Come passare al sl e vivere felici padova
Come passare al sl e vivere felici padovaCome passare al sl e vivere felici padova
Come passare al sl e vivere felici padova
luca menini
 
Cittadini e cristiani custodi dell'ambiente
Cittadini e cristiani custodi dell'ambienteCittadini e cristiani custodi dell'ambiente
Cittadini e cristiani custodi dell'ambiente
luca menini
 
Cosa Sono I Sistemi Informativi
Cosa Sono I Sistemi InformativiCosa Sono I Sistemi Informativi
Cosa Sono I Sistemi Informativi
luca menini
 
RSA vs Hacker
RSA vs HackerRSA vs Hacker
RSA vs Hacker
Alessio Pennasilico
 
Sl valido strumento di condivisione del sapere
Sl valido strumento di condivisione del sapereSl valido strumento di condivisione del sapere
Sl valido strumento di condivisione del sapere
luca menini
 
Wikinomics
WikinomicsWikinomics
Wikinomics
luca menini
 
Internet o Web? Tecnologie o reti di relazioni? Hardware o software?
Internet o Web? Tecnologie o reti di relazioni? Hardware o software?Internet o Web? Tecnologie o reti di relazioni? Hardware o software?
Internet o Web? Tecnologie o reti di relazioni? Hardware o software?
luca menini
 
Presentazione osm e mapillary
Presentazione osm e mapillaryPresentazione osm e mapillary
Presentazione osm e mapillary
luca menini
 
Reti di monitoraggio tradizionale e monitoraggio ambientale partecipato
Reti di monitoraggio tradizionale e monitoraggio ambientale partecipatoReti di monitoraggio tradizionale e monitoraggio ambientale partecipato
Reti di monitoraggio tradizionale e monitoraggio ambientale partecipato
luca menini
 
Sistema Informativo Ambientale
Sistema Informativo AmbientaleSistema Informativo Ambientale
Sistema Informativo Ambientale
luca menini
 
Il Software Libero
Il Software LiberoIl Software Libero
Il Software Libero
luca menini
 
I dati ambientali per la certificazione e l'innovazione
I dati ambientali per la certificazione e l'innovazioneI dati ambientali per la certificazione e l'innovazione
I dati ambientali per la certificazione e l'innovazione
luca menini
 
Perchè il tuo tablet interessa ai criminali
Perchè il tuo tablet interessa ai criminaliPerchè il tuo tablet interessa ai criminali
Perchè il tuo tablet interessa ai criminali
Alessio Pennasilico
 
10 anni di indicatori ambientali
10 anni di indicatori ambientali10 anni di indicatori ambientali
10 anni di indicatori ambientali
luca menini
 
Sistemi Informativi Aziendali
Sistemi Informativi AziendaliSistemi Informativi Aziendali
Sistemi Informativi Aziendali
luca menini
 
Lezione inquinamento acustico
Lezione inquinamento acusticoLezione inquinamento acustico
Lezione inquinamento acustico
luca menini
 
User Experience is Everything
User Experience is EverythingUser Experience is Everything
User Experience is Everything
WebRTCConferenceJapan
 
issue15
issue15issue15
issue15
Christine Trujillo
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity Assurance
Hitoshi Kokumai
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019
Kimberley Dray
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password System
Hitoshi Kokumai
 
Building a Modern Security Engineering Organization. Zane Lackey
Building a Modern Security Engineering Organization. Zane Lackey Building a Modern Security Engineering Organization. Zane Lackey
Building a Modern Security Engineering Organization. Zane Lackey
Yandex
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineering
Tiago Henriques
 
Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018
Hitoshi Kokumai
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Hitoshi Kokumai
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
 

Más contenido relacionado

Destacado

Reti di monitoraggio tradizionale e monitoraggio ambientale partecipato
Reti di monitoraggio tradizionale e monitoraggio ambientale partecipatoReti di monitoraggio tradizionale e monitoraggio ambientale partecipato
Reti di monitoraggio tradizionale e monitoraggio ambientale partecipato
luca menini
 

Destacado (12)

Sl valido strumento di condivisione del sapere
Sl valido strumento di condivisione del sapereSl valido strumento di condivisione del sapere
Sl valido strumento di condivisione del sapere
 
Wikinomics
WikinomicsWikinomics
Wikinomics
 
Internet o Web? Tecnologie o reti di relazioni? Hardware o software?
Internet o Web? Tecnologie o reti di relazioni? Hardware o software?Internet o Web? Tecnologie o reti di relazioni? Hardware o software?
Internet o Web? Tecnologie o reti di relazioni? Hardware o software?
 
Presentazione osm e mapillary
Presentazione osm e mapillaryPresentazione osm e mapillary
Presentazione osm e mapillary
 
Reti di monitoraggio tradizionale e monitoraggio ambientale partecipato
Reti di monitoraggio tradizionale e monitoraggio ambientale partecipatoReti di monitoraggio tradizionale e monitoraggio ambientale partecipato
Reti di monitoraggio tradizionale e monitoraggio ambientale partecipato
 
Sistema Informativo Ambientale
Sistema Informativo AmbientaleSistema Informativo Ambientale
Sistema Informativo Ambientale
 
Il Software Libero
Il Software LiberoIl Software Libero
Il Software Libero
 
I dati ambientali per la certificazione e l'innovazione
I dati ambientali per la certificazione e l'innovazioneI dati ambientali per la certificazione e l'innovazione
I dati ambientali per la certificazione e l'innovazione
 
Perchè il tuo tablet interessa ai criminali
Perchè il tuo tablet interessa ai criminaliPerchè il tuo tablet interessa ai criminali
Perchè il tuo tablet interessa ai criminali
 
10 anni di indicatori ambientali
10 anni di indicatori ambientali10 anni di indicatori ambientali
10 anni di indicatori ambientali
 
Sistemi Informativi Aziendali
Sistemi Informativi AziendaliSistemi Informativi Aziendali
Sistemi Informativi Aziendali
 
Lezione inquinamento acustico
Lezione inquinamento acusticoLezione inquinamento acustico
Lezione inquinamento acustico
 

Similar a All your bases belong to us

Building a Modern Security Engineering Organization. Zane Lackey
Building a Modern Security Engineering Organization. Zane Lackey Building a Modern Security Engineering Organization. Zane Lackey
Building a Modern Security Engineering Organization. Zane Lackey
Yandex
 
Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018
Hitoshi Kokumai
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Hitoshi Kokumai
 
Explaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matterExplaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matter
SSIMeetup
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic Memory
Hitoshi Kokumai
 

Similar a All your bases belong to us (20)

User Experience is Everything
User Experience is EverythingUser Experience is Everything
User Experience is Everything
 
issue15
issue15issue15
issue15
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity Assurance
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password System
 
Building a Modern Security Engineering Organization. Zane Lackey
Building a Modern Security Engineering Organization. Zane Lackey Building a Modern Security Engineering Organization. Zane Lackey
Building a Modern Security Engineering Organization. Zane Lackey
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineering
 
Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password system
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
 
Explaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matterExplaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matter
 
Invenio Conquer-Password-Mgmt
Invenio Conquer-Password-MgmtInvenio Conquer-Password-Mgmt
Invenio Conquer-Password-Mgmt
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic Memory
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
The Future of ECM: Collaborative Workspaces
The Future of ECM: Collaborative WorkspacesThe Future of ECM: Collaborative Workspaces
The Future of ECM: Collaborative Workspaces
 

Más de Alessio Pennasilico

Odio le mie applicazioni web e chi le ha scritte
Odio le mie applicazioni web e chi le ha scritteOdio le mie applicazioni web e chi le ha scritte
Odio le mie applicazioni web e chi le ha scritte
Alessio Pennasilico
 
Linux Day 2010: Virtualizzare con OpenVZ
Linux Day 2010: Virtualizzare con OpenVZLinux Day 2010: Virtualizzare con OpenVZ
Linux Day 2010: Virtualizzare con OpenVZ
Alessio Pennasilico
 
Linux Day 2010: Mi hanno installato Linux... ed ora?
Linux Day 2010: Mi hanno installato Linux... ed ora?Linux Day 2010: Mi hanno installato Linux... ed ora?
Linux Day 2010: Mi hanno installato Linux... ed ora?
Alessio Pennasilico
 
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster RecoverySmau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
Alessio Pennasilico
 
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione SicuraSmau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
Alessio Pennasilico
 
e-mail Power: 2010: servono ancora le
e-mail Power: 2010: servono ancora le e-mail Power: 2010: servono ancora le
e-mail Power: 2010: servono ancora le
Alessio Pennasilico
 
Porte aperte alla tecnologia: Creare una strategia di Disaster Recovery
Porte aperte alla tecnologia: Creare una strategia di Disaster RecoveryPorte aperte alla tecnologia: Creare una strategia di Disaster Recovery
Porte aperte alla tecnologia: Creare una strategia di Disaster Recovery
Alessio Pennasilico
 
ESC 2010: Virtualizzazione (in)security
ESC 2010: Virtualizzazione (in)securityESC 2010: Virtualizzazione (in)security
ESC 2010: Virtualizzazione (in)security
Alessio Pennasilico
 
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazione
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazioneSeminario Clusit Security Summit 2010: Minacce per la virtualizzazione
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazione
Alessio Pennasilico
 

Más de Alessio Pennasilico (20)

Odio le mie applicazioni web e chi le ha scritte
Odio le mie applicazioni web e chi le ha scritteOdio le mie applicazioni web e chi le ha scritte
Odio le mie applicazioni web e chi le ha scritte
 
Rischi o vulnerabilità?
Rischi o vulnerabilità?Rischi o vulnerabilità?
Rischi o vulnerabilità?
 
Sistemi SCADA e profili criminali
Sistemi SCADA e profili criminaliSistemi SCADA e profili criminali
Sistemi SCADA e profili criminali
 
Come il Cloud Computing può salvare l'analogico
Come il Cloud Computing può salvare l'analogicoCome il Cloud Computing può salvare l'analogico
Come il Cloud Computing può salvare l'analogico
 
ICT Security 2010: Le minacce delle nuove tecnologie
ICT Security 2010: Le minacce delle nuove tecnologieICT Security 2010: Le minacce delle nuove tecnologie
ICT Security 2010: Le minacce delle nuove tecnologie
 
Linux Day 2010: Virtualizzare con OpenVZ
Linux Day 2010: Virtualizzare con OpenVZLinux Day 2010: Virtualizzare con OpenVZ
Linux Day 2010: Virtualizzare con OpenVZ
 
Linux Day 2010: Mi hanno installato Linux... ed ora?
Linux Day 2010: Mi hanno installato Linux... ed ora?Linux Day 2010: Mi hanno installato Linux... ed ora?
Linux Day 2010: Mi hanno installato Linux... ed ora?
 
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster RecoverySmau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
 
Smau 2010 Milano: Seminario AIPSI Sicurezza del VoIP
Smau 2010 Milano: Seminario AIPSI Sicurezza del VoIPSmau 2010 Milano: Seminario AIPSI Sicurezza del VoIP
Smau 2010 Milano: Seminario AIPSI Sicurezza del VoIP
 
Smau 2010 Milano: Seminario Clusit per Intel sulla security
Smau 2010 Milano: Seminario Clusit per Intel sulla securitySmau 2010 Milano: Seminario Clusit per Intel sulla security
Smau 2010 Milano: Seminario Clusit per Intel sulla security
 
Linux Day 2010: Linux Security Demystified
Linux Day 2010: Linux Security DemystifiedLinux Day 2010: Linux Security Demystified
Linux Day 2010: Linux Security Demystified
 
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione SicuraSmau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
 
e-mail Power: 2010: servono ancora le
e-mail Power: 2010: servono ancora le e-mail Power: 2010: servono ancora le
e-mail Power: 2010: servono ancora le
 
OpenOffice
OpenOfficeOpenOffice
OpenOffice
 
Vpn Mobility VoIP
Vpn Mobility VoIPVpn Mobility VoIP
Vpn Mobility VoIP
 
Porte aperte alla tecnologia: Creare una strategia di Disaster Recovery
Porte aperte alla tecnologia: Creare una strategia di Disaster RecoveryPorte aperte alla tecnologia: Creare una strategia di Disaster Recovery
Porte aperte alla tecnologia: Creare una strategia di Disaster Recovery
 
Paranoia is a virtue
Paranoia is a virtueParanoia is a virtue
Paranoia is a virtue
 
ESC 2010: Virtualizzazione (in)security
ESC 2010: Virtualizzazione (in)securityESC 2010: Virtualizzazione (in)security
ESC 2010: Virtualizzazione (in)security
 
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazione
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazioneSeminario Clusit Security Summit 2010: Minacce per la virtualizzazione
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazione
 
Internet (in)sicuro
Internet (in)sicuroInternet (in)sicuro
Internet (in)sicuro
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 

All your bases belong to us

  • 1. All your bases belong to us! Alessio L.R. Pennasilico Roma, 7 Aprile 2011 mayhem@alba.st twitter: mayhemspp FaceBook: alessio.pennasilico
  • 2. $ whois mayhem Security Evangelist @ Board of Directors: CLUSIT, Associazione Informatici Professionisti (AIP/OPSI), Associazione Italiana Professionisti Sicurezza Informatica (AIPSI), Italian Linux Society (ILS), OpenBSD Italian User Group, Hacker’s Profiling Project All your bases belong to us! mayhem@alba.st 2
  • 3. Hacker? The Tech Model Railroad club is an MIT student activity founded during the 1946-1947 school year, making this our 60th year, and making TMRC one of the oldest clubs at MIT. The Tech Model Railroad Club (TMRC) caters to model railroaders, railfans, and hackers alike. Our activities involve all aspects of model railroading, including the application of computer technology and timetable passenger and card-order freight operation. All your bases belong to us! mayhem@alba.st 3
  • 5. Lockpicking Quanto è facile aprire una serratura? All your bases belong to us! mayhem@alba.st 5
  • 6. Quanto ci vuole? http://www.youtube.com/watch?v=pgE1YJWQzTA All your bases belong to us! mayhem@alba.st 6
  • 7. Come funziona? http://www.youtube.com/watch?v=_sQ9gcjtLQM All your bases belong to us! mayhem@alba.st 7
  • 8. Per tutte le serrature? http://www.youtube.com/watch?v=g0Zw4JI4cxs&feature=related All your bases belong to us! mayhem@alba.st 8
  • 9. Dove sono le serrature? All your bases belong to us! mayhem@alba.st 9
  • 10. Biometria Uso cosciente? “Qualcosa che si possiede” Change Password All your bases belong to us! mayhem@alba.st 10
  • 11. Social Engineering è più facile decriptare una password o chiederla? All your bases belong to us! mayhem@alba.st 11
  • 12. Facebook Hacking “The social reconnaissance enabled us to identify 1402 employees 906 of which used facebook.” […] “We also populated the profile with information about our experiences at work by using combined stories that we collected from real employee facebook profiles.” http://snosoft.blogspot.com/2009/02/facebook-from-hackers-perspective.html All your bases belong to us! mayhem@alba.st 12
  • 13. Fiducia “Upon completion we joined our customer's facebook group. Joining wasn't an issue and our request was approved in a matter of hours. Within twenty minutes of being accepted as group members, legitimate customer employees began requesting our friendship. […] Our friends list grew very quickly and included managers, executives, secretaries, interns, and even contractors.” All your bases belong to us! mayhem@alba.st 13
  • 14. Risultati “We used those credentials to access the web- vpn which in turn gave us access to the network. As it turns out those credentials also allowed us to access the majority of systems on the network including the Active Directory server, the mainframe, pump control systems, the checkpoint firewall console, etc.” All your bases belong to us! mayhem@alba.st 14
  • 15. Come mi proteggo? (Pen)Test Analisi (efficacia? deterrente?) Formazione All your bases belong to us! mayhem@alba.st 15
  • 17. Conclusioni Non fidarci di misure di sicurezza il cui scopo è farci sentire sicuri non quello di proteggerci All your bases belong to us! mayhem@alba.st 17
  • 18. Conclusioni Dobbiamo rifuggire la pigrizia mentale Chi vuole i nostri dati lo farà per certo All your bases belong to us! mayhem@alba.st 18
  • 19. These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution- ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :) Domande? Grazie per l’attenzione! Alessio L.R. Pennasilico Roma, 7 Aprile 2011 mayhem@alba.st twitter: mayhemspp FaceBook: alessio.pennasilico