SlideShare una empresa de Scribd logo

Defend before attack on your Organization

Santhosh Baswa
Santhosh Baswa

- The document discusses hacking a specific organization by targeting its employees and infrastructure vulnerabilities. It proposes using social engineering techniques like phishing and exploiting recent vulnerabilities in CMS systems. It also lists potential attack vectors like open ports, default passwords, and outdated software. The document then discusses monitoring certificate transparency logs and integrating them with Slack to detect phishing domains in real-time. It provides a GitHub link for a demo Python project to catch phishing campaigns using the CertStream API.

Tecnología
1 de 17
Descargar para leer sin conexión
- Santhosh Baswa Defend Before !1 On your Organization Attack
• I’m still a script kiddie maybe ? • Working for Sophos. • CTF player *Occasionally* Who Am I !2
“Do you think Phishing/Social Engineering is Major Threat ???” !3 *** Share Your Thoughts***
Yes/No
“How to target on specific Organization ??? ” !5 ***Any IDEA***
“What is the target ?” • Target Organization • Employee data *LinkedIn* • Generate pattern emails • Organization Architecture “Let’s start compromise.” • Take few recent vulns *Web* • Maybe CMS (Drupal/WP) • Automate Compromise • Generate Payloads ;) “Maybe Hacked ..!!!! ” • Target Sales/Admin Teams • If success || fail ?? • Grab the active users. • Malicious doc/html/js/jar execution. • C2C / Backdoor (maybe) PREPARE Let’s Start target a specific Organization (Red Teamers/Hackers/Hacktivists) !6
• On-prime/Cloud • S3 Buckets • Open Ports • Mis(s)-configuration • Default Passwords !7 • WordPress/Drupal CMS • Vulnerable Web Apps • Internal Apps • Endpoint Updates • Lack of Knowledge • Psychology Attacking Vectors Infrastructure > Third party > Employees 1 2 3
***Any IDEAS on Defense*** Success / Failure ! Start Discussion
Get back to Phishing / Social Engineering Defense ..!!!! !9 *** Employee Training / Awareness ***
Still Do You Have Any Defense Strategies ?? FA CT
** Just Imagine ** You can Yes !!! If You can Detect Before **** Attack
Big Yesssssssssss ….!!!! !12 • Anyone Know about Certificate Transparency Logs ?? • Monitoring CTL Logs ???? • Do you think Is It Possible ??
Cert Stream *Open-source* Project • Google CT Team ( 13 Resources ) • Web Page: https://certstream.calidog.io/ • Free API Access – Python & others.
Security Alerts Python + Slack Integration Requirements : • Linux VM • Python (pip install certstream) • Slack API Access
Project Execution - Output !15 • Modify domains.py ( Domains List) • Slack API + Execute ( catch_phish.py) • Phishing Campaign Domains.
Let’s Start !!!!!! Demo Github: https://github.com/P3t3rp4rk3r/phishdomain_slack
“ !17 — P3t3rp4rk3r Any Questions ???

Recomendados

Thoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for Sitecore
PINT Inc
 
Zero_to_Hero_in_Cyber_Security
Zero_to_Hero_in_Cyber_SecurityZero_to_Hero_in_Cyber_Security
Zero_to_Hero_in_Cyber_Security
Santhosh Baswa
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Positive Hack Days
 
Phd final
Phd finalPhd final
Phd final
Positive Hack Days
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
jasonhaddix
 
Do bad things happen on Windows
Do bad things happen on WindowsDo bad things happen on Windows
Do bad things happen on Windows
Jesse Moore
 
Wp 3hr-course
Wp 3hr-courseWp 3hr-course
Wp 3hr-course
Rich Webster
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
David Stockton
 

Recomendados

Thoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for Sitecore
PINT Inc
 
Zero_to_Hero_in_Cyber_Security
Zero_to_Hero_in_Cyber_SecurityZero_to_Hero_in_Cyber_Security
Zero_to_Hero_in_Cyber_Security
Santhosh Baswa
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Positive Hack Days
 
Phd final
Phd finalPhd final
Phd final
Positive Hack Days
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
jasonhaddix
 
Do bad things happen on Windows
Do bad things happen on WindowsDo bad things happen on Windows
Do bad things happen on Windows
Jesse Moore
 
Wp 3hr-course
Wp 3hr-courseWp 3hr-course
Wp 3hr-course
Rich Webster
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
David Stockton
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
Andrew Morris
 
What I have learned by dealing with a dungeon master
What I have learned by dealing with a dungeon masterWhat I have learned by dealing with a dungeon master
What I have learned by dealing with a dungeon master
Raúl Araya Tauler
 
Columbus WordCamp 2015
Columbus WordCamp 2015Columbus WordCamp 2015
Columbus WordCamp 2015
Jason Packer
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!
Peter Hlavaty
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
David Stockton
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
Will Schroeder
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software Systems
Security Innovation
 
Ranger BSides-FINAL
Ranger BSides-FINALRanger BSides-FINAL
Ranger BSides-FINAL
Christopher Duffy, D.Sc.
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet.
Shubham Mittal
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
Wallarm
 
Getting Started with the Cortana Skills Kit
Getting Started with the Cortana Skills KitGetting Started with the Cortana Skills Kit
Getting Started with the Cortana Skills Kit
Rick Wargo
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game Programming
Yaser Zhian
 
Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank... Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank...
ITCamp
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk Fundamentals
Alison Gianotto
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0
Michael Gough
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
JoAnna Cheshire
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
PINT Inc
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
Andrew McNicol
 
Testers, get into security bug bounties!
Testers, get into security bug bounties!Testers, get into security bug bounties!
Testers, get into security bug bounties!
eusebiu daniel blindu
 
Levelling up in open source
Levelling up in open sourceLevelling up in open source
Levelling up in open source
Jon Spriggs
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
 

Más contenido relacionado

Similar a Defend before attack on your Organization

BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
Andrew Morris
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software Systems
Security Innovation
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
Wallarm
 
Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank... Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank...
ITCamp
 

Similar a Defend before attack on your Organization (20)

BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
 
What I have learned by dealing with a dungeon master
What I have learned by dealing with a dungeon masterWhat I have learned by dealing with a dungeon master
What I have learned by dealing with a dungeon master
 
Columbus WordCamp 2015
Columbus WordCamp 2015Columbus WordCamp 2015
Columbus WordCamp 2015
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software Systems
 
Ranger BSides-FINAL
Ranger BSides-FINALRanger BSides-FINAL
Ranger BSides-FINAL
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet.
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
 
Getting Started with the Cortana Skills Kit
Getting Started with the Cortana Skills KitGetting Started with the Cortana Skills Kit
Getting Started with the Cortana Skills Kit
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game Programming
 
Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank... Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank...
 
MacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk FundamentalsMacIT 2014 - Essential Security & Risk Fundamentals
MacIT 2014 - Essential Security & Risk Fundamentals
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
 
Testers, get into security bug bounties!
Testers, get into security bug bounties!Testers, get into security bug bounties!
Testers, get into security bug bounties!
 
Levelling up in open source
Levelling up in open sourceLevelling up in open source
Levelling up in open source
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Defend before attack on your Organization

  • 1. - Santhosh Baswa Defend Before !1 On your Organization Attack
  • 2. • I’m still a script kiddie maybe ? • Working for Sophos. • CTF player *Occasionally* Who Am I !2
  • 3. “Do you think Phishing/Social Engineering is Major Threat ???” !3 *** Share Your Thoughts***
  • 5. “How to target on specific Organization ??? ” !5 ***Any IDEA***
  • 6. “What is the target ?” • Target Organization • Employee data *LinkedIn* • Generate pattern emails • Organization Architecture “Let’s start compromise.” • Take few recent vulns *Web* • Maybe CMS (Drupal/WP) • Automate Compromise • Generate Payloads ;) “Maybe Hacked ..!!!! ” • Target Sales/Admin Teams • If success || fail ?? • Grab the active users. • Malicious doc/html/js/jar execution. • C2C / Backdoor (maybe) PREPARE Let’s Start target a specific Organization (Red Teamers/Hackers/Hacktivists) !6
  • 7. • On-prime/Cloud • S3 Buckets • Open Ports • Mis(s)-configuration • Default Passwords !7 • WordPress/Drupal CMS • Vulnerable Web Apps • Internal Apps • Endpoint Updates • Lack of Knowledge • Psychology Attacking Vectors Infrastructure > Third party > Employees 1 2 3
  • 8. ***Any IDEAS on Defense*** Success / Failure ! Start Discussion
  • 9. Get back to Phishing / Social Engineering Defense ..!!!! !9 *** Employee Training / Awareness ***
  • 10. Still Do You Have Any Defense Strategies ?? FA CT
  • 11. ** Just Imagine ** You can Yes !!! If You can Detect Before **** Attack
  • 12. Big Yesssssssssss ….!!!! !12 • Anyone Know about Certificate Transparency Logs ?? • Monitoring CTL Logs ???? • Do you think Is It Possible ??
  • 13. Cert Stream *Open-source* Project • Google CT Team ( 13 Resources ) • Web Page: https://certstream.calidog.io/ • Free API Access – Python & others.
  • 14. Security Alerts Python + Slack Integration Requirements : • Linux VM • Python (pip install certstream) • Slack API Access
  • 15. Project Execution - Output !15 • Modify domains.py ( Domains List) • Slack API + Execute ( catch_phish.py) • Phishing Campaign Domains.
  • 16. Let’s Start !!!!!! Demo Github: https://github.com/P3t3rp4rk3r/phishdomain_slack