This document outlines the agenda for a live hacking presentation hosted by SySS GmbH. The presentation will demonstrate various hacking techniques, including DDoS attacks, wireless keyboard attacks, mobile app and web service attacks, SMS spoofing, and attacks against crypto USB sticks. It will provide an overview of the speaker and SySS GmbH, and discuss recent cybersecurity incidents from 2015. The presentation aims to educate attendees on digital threats and the importance of security assessments and regular security testing. Live demonstrations will include antivirus evasion, mobile phone trojans, SQL injection, and cross-site scripting.
2. Page 2SySS GmbH14/06/16
AGENDA
1. DOS attack against an internet web server
2. Deactivating burglar alarm
3. Attacking wireless keyboards
4. Mobile App and Web Service
5. SMS spoofing and identity theft
6. Attacks against crypto usb sticks
7. Smartphone trojan / SIM bug
8. Hardware hacker tools
If time
1. USB attacks
2. Evading antivirus
3. SQL Injection
3. Page 3SySS GmbH14/06/16
ABOUT THE SPEAKER
Dipl.-Inform.
Sebastian Schreiber
Managing Director of SySS GmbH
+49 (0)7071 - 40 78 56-0
sebastian.schreiber@syss.de
4. Page 4SySS GmbH14/06/16
ABOUT SYSS GMBH
Founded in 1998
At present: about 80 employees
Based in Tübingen, southwest Germany
Operating worldwide, focusing on Germany
Rapidly growing: new campus providing space for 280 „Pentest Experts“ is
under construction
Services
Penetration Testing & Security Analyses (95%)
Incident Response/ Training/ Live Hacking Presentations (5%)
5. Page 5SySS GmbH14/06/16
SELECTED INCIDENCES 2015
04/2015: „Russian Hackers Read Obama‘s Unclassified Emails“ – nytimes.com
05/2015: „IT Incident Deutscher Bundestag“ – tagesschau.de
07/2015: „Hacker remotely take over a Jeep Cherokee“ – heise.de
07/2015: „Hackers can disable a sniper rifle – or change its target“ – wired.de
07/2015: „Surveillance software: Hacking Team becoming Hacked Team“ –
heise.de
08/2015: „Ashley Madison Dating Portal: Hacker stealing 11,2 Mio. passwords“ –
golem.de
09/2015: „Cyber crime: Robbing fingerprints of more then five million US
government employees” –
wired.de
10/2015: „USA: Hacker stealing data about millions of T-Mobile customers “ –
Spiegel.de
10/2015: „Online banking: New ways of attacking German mTAN“ – heise.de
8. Page 8SySS GmbH14/06/16
SQL INJECTION IN LOG-IN
FORMS
SELECT * FROM users WHERE user='peter' AND password='peter‘
peter' OR 1=1#
http://www.live-hack.de/xss/xss.php
SELECT * FROM users WHERE user='peter' OR 1=1#' AND password='peter’
11. Page 11SySS GmbH14/06/16
ANTIVIRUS EVASION (1/2)
How antivirus software works
Blacklisting
Whitelisting
Blacklisting: How it works and its weak points
Signature based:
Searching for known patterns
Unknown
12. Page 12SySS GmbH14/06/16
ANTIVIRUS EVASION (2/2)
Blacklisting: How it works and its weak points
Signature-based:
Searching for known patterns
Unknown malware will not be detected
Polymorphic malware has already been used for a long time to outsmart signature-
based detection
Behavior-based:
Software is classified as harmless or harmful according to its behavior
In general, rule-based technologies in combination with scoring procedures and
fixed thresholds concerning calculated scores (heuristic procedures)
Static code analysis: It is only possible to check code directly accessible within an
executable file
Dynamic code analysis during runtime (sandbox environment): Various limitations
given by the sandbox environment (e.g., period of time, specific user
actions like mouse clicks etc.)
13. Page 13SySS GmbH14/06/16
ANTIVIRUS EVASION:
LIVE DEMONSTRATION
Free-of-charge malware protection for end-users and
small business
Uses the same technology and scan engine as
System Center 2012 Endpoint Protection (formerly
Forefront Endpoint Protection)
Example for antivirus
software: Microsoft
Security Essentials
Using the following antivirus evasion methods:
Polymorphism
Encryption + compression
Detection of sandbox environments
Malware: Meterpreter Shell
(windows/meterpreter/reverse_https) of Metasploit
Framework
Creating an executable file
containing known malware
using the software
“ShCoLo” by
SySS GmbH
14. Page 14SySS GmbH14/06/16
ANTIVIRUS EVASION: TEST
RESULTS
Product Version Date of virus definition
file
Operating system(s) of target
systems
Avira AntiVir Professional 10.2.0.1064 21.05.2013 Windows XP SP 3 (32 Bit)
Windows 7 SP 1 (64 Bit)
AVG Free 2013.0.2904 20.05.2013 Windows XP SP 3 (32 Bit)
Kaspersky Endpoint Protection
Workstation
8.1.0.831 21.05.2013 Windows XP SP 3 (32 Bit)
McAfee SaaS Endpoint
Protection
5400.1158 20.05.2013 Windows 7 SP 1 (64 Bit)
Microsoft Security Essentials 4.1.522.0 21.05.2013 Windows XP SP 3 (32 Bit)
Sophos Endpoint Security and
Control
10.2 21.05.2013 Windows XP SP 3 (32 Bit)
Symantec Endpoint Protection 12.1.1101.401 27.05.2013 Windows 7 SP 1 (64 Bit)
15. Page 15SySS GmbH14/06/16
MOBILE PHONE TROJAN
Symbian phone:
0049-177-6397937
SMS forwarding
Activate the microphone
Reboot
Location info
18. Page 18SySS GmbH14/06/16
ACTIONABLE TAKEAWAYS
Be aware of digital attacks 24/7
Try to think like a hacker when applying IT safety measures
Perform security assessments like penetration tests
Stay alert and retest your IT security on regular basis
Remember: The next vulnerability could just be found while attending this
session
22. Page 22SySS GmbH14/06/16
Thank you very much
for your attention!
SySS – The Pentest Experts
Sebastian Schreiber, Managing Director
sebastian.schreiber@syss.de