SlideShare una empresa de Scribd logo

Lessons from the Hacking Team hack

Splend
Splend

The document discusses lessons learned from the hacking of Hacking Team, an Italian company that sells surveillance technology to governments. It describes how Hacking Team was compromised after using weak passwords, failing to properly secure their network and data, and not following security best practices. Over 400GB of internal documents and source code were leaked, exposing exploits and surveillance tools. The takeaway is that security companies must practice rigorous security and prepare for being a prime target if they want to advise others on security.

Tecnología
1 de 29
Descargar para leer sin conexión
Thijs Bosschert 27 oktober 2015, Den Haag info@radicallyopensecurity.com thijs@radicallyopensecurity.com Wat hebben we geleerd van de Hacking Team hack?
May 12, 2014 Radically Open Security Non-Profit Computer Security Consultancy We're an idealistic bunch of security researchers, networking/forensics geeks, and Capture The Flag winners that are passionate about making the world more secure. We believe in transparency and openness. And our goal is to secure the society that allows us to run a company in the first place. https://radicallyopensecurity.com/
May 12, 2014 Thijs Bosschert Freelance Security Professional • Incident Response • Forensics • Penetration tester • Security researcher • Trainer • CTF player (Eindbazen, Hack.ERS)
May 12, 2014 Worldwide IR
May 12, 2014 HackingTeam Source: http://www.hackingteam.it/
May 12, 2014 HackingTeam Remote Control System Take control of your targets and monitor them regardless of encryption and mobility. It doesn’t matter if you are after an Android phone or a Windows computer: you can monitor all the devices. Remote Control System is invisible to the user, evades antivirus and firewalls… Source: http://www.hackingteam.it/images/stories/galileo.pdf
May 12, 2014 HackingTeam Remote Control System Hack into your targets with the most advanced infection vectors available. Enter his wireless network and tackle tactical operations with ad-hoc equipment designed to operate while on the move. Keep an eye on all your targets and manage them remotely, all from a single screen. Be alerted on incoming relevant data and have meaningful events automatically highlighted. Source: http://www.hackingteam.it/images/stories/galileo.pdf
May 12, 2014 You will be hacked Source: https://twitter.com/hackingteam/status/563356441885835264
May 12, 2014 Imagine this Source: https://wikileaks.org/hackingteam/emails/
May 12, 2014 You have been hacked Source: https://twitter.com/hackingteam/status/563356441885835264
May 12, 2014 How was it done? Source: https://twitter.com/GammaGroupPR
May 12, 2014 How was it done? Source: http://0x27.me/HackBack/0x00.txt
May 12, 2014 0x00.txt ● Mapping out the target ● Scanning & Exploiting ● Escalating ● Pivoting ● Have Fun Source: http://0x27.me/HackBack/0x00.txt
May 12, 2014 Denial Source: Twitter
May 12, 2014 Bad response Source: Twitter
May 12, 2014 Bad press reactions Source: http://www.hackingteam.it/index.php/about-us
May 12, 2014 ~400 GB
May 12, 2014 WikiLeaks Email DB Source: https://wikileaks.org/hackingteam/emails/
May 12, 2014 0 days & exploits ● CVE-2015-0349 – Adobe Flash Player ● CVE-2015-2425 – IE 11 ● CVE-2015-2426 – OpenType Font Driver ● CVE-2015-5119 - Adobe Flash Player ● CVE-2015-5122 - Adobe Flash Player ● CVE-2015-5123 - Adobe Flash player
May 12, 2014 Weak passwords ● P4ssword ● Passw0rd ● wolverine ● universo ● HTPassw0rd ● Passw0rd!81 + Password reusage Source: http://pastebin.com/bxYXHFMu
May 12, 2014 Code like everyone is watching def content(*args) hash = [args].flatten.first || {} process = hash[:process] || ["Explorer.exe0", "Firefox.exe0", "Chrome.exe0"].sample process.encode!("US-ASCII") path = hash[:path] || ["C:Utentipippopedoporno.mpg", "C:UtentiplutoDocumentichildporn.avi", "C:secretsbomb_blueprints.pdf"].sample path = path.to_utf16le_binary_null Source: https://github.com/hackedteam/rcs- common/blob/master/lib/rcs-common/evidence/file.rb
May 12, 2014 CIS Critical Security Controls Source: SANS 20 Critical Controls Poster
May 12, 2014 CIS Critical Security Controls Source: SANS 20 Critical Controls Poster
May 12, 2014 ~400 GB
May 12, 2014 What went wrong? ● Weak passwords usage and re-usage ● No network Segmenting and protection ● No data encryption ● No secure email ● No data classification ● No monitoring ● Incorrect incident response procedures ● Usage of illegal software
May 12, 2014 Security level Source: http://lockheedmartin.com
May 12, 2014 Protection level Source: http://www.slideshare.net/jaredcarst/cyber-threats-cybersecurity-are-you-ready
May 12, 2014 Wat hebben we geleerd? Als security bedrijf ben je een gewild target voor aanvallers, dan kan je maar beter zorgen dat je daar dan ook op voorbereid bent.
May 12, 2014 Questions? https://radicallyopensecurity.com/ http://www.thice.nl thijs@radicallyopensecurity.com @ThiceNL http://nl.linkedin.com/in/bosschert Thijs Bosschert

Recomendados

WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...Otto Kekäläinen
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360John Strand
 
Penetration Testing Execution Standard
Penetration Testing Execution StandardPenetration Testing Execution Standard
Penetration Testing Execution StandardIftach Ian Amit
 
Everything You Always Wanted to Know About Drupal Security* (*But Were Afraid...
Everything You Always Wanted to Know About Drupal Security* (*But Were Afraid...Everything You Always Wanted to Know About Drupal Security* (*But Were Afraid...
Everything You Always Wanted to Know About Drupal Security* (*But Were Afraid...Balázs Tatár
 
Defend your organisation from Cyber Attacks
Defend your organisation from Cyber AttacksDefend your organisation from Cyber Attacks
Defend your organisation from Cyber Attacksbegmohsin
 
Ethical hacking for fun and profit
Ethical hacking for fun and profitEthical hacking for fun and profit
Ethical hacking for fun and profitFlorent Batard
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
About Deploy360 (Presented at ARIN 31)
About Deploy360 (Presented at ARIN 31)About Deploy360 (Presented at ARIN 31)
About Deploy360 (Presented at ARIN 31)Deploy360 Programme (Internet Society)
 

Recomendados

WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...Otto Kekäläinen
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360John Strand
 
Penetration Testing Execution Standard
Penetration Testing Execution StandardPenetration Testing Execution Standard
Penetration Testing Execution StandardIftach Ian Amit
 
Everything You Always Wanted to Know About Drupal Security* (*But Were Afraid...
Everything You Always Wanted to Know About Drupal Security* (*But Were Afraid...Everything You Always Wanted to Know About Drupal Security* (*But Were Afraid...
Everything You Always Wanted to Know About Drupal Security* (*But Were Afraid...Balázs Tatár
 
Defend your organisation from Cyber Attacks
Defend your organisation from Cyber AttacksDefend your organisation from Cyber Attacks
Defend your organisation from Cyber Attacksbegmohsin
 
Ethical hacking for fun and profit
Ethical hacking for fun and profitEthical hacking for fun and profit
Ethical hacking for fun and profitFlorent Batard
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
About Deploy360 (Presented at ARIN 31)
About Deploy360 (Presented at ARIN 31)About Deploy360 (Presented at ARIN 31)
About Deploy360 (Presented at ARIN 31)Deploy360 Programme (Internet Society)
 
Aten ntc-stories
Aten ntc-storiesAten ntc-stories
Aten ntc-storiesJ Matthew Saunders
 
(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahroodAlireza Ghahrood
 
Cybersecurity: A game of innovation
Cybersecurity: A game of innovationCybersecurity: A game of innovation
Cybersecurity: A game of innovationW2O Group
 
LonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security KeynoteLonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security KeynoteAlison Gianotto
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
Internship at Software Industry
Internship at Software IndustryInternship at Software Industry
Internship at Software IndustryMd. Shafiuzzaman Hira
 
11 People You Need To Follow at Insight 2014
11 People You Need To Follow at Insight 201411 People You Need To Follow at Insight 2014
11 People You Need To Follow at Insight 2014NetApp Insight
 
Digital Data Tips Tuesday #1 - Tag Management: Martijn Visser - ING
Digital Data Tips Tuesday #1 - Tag Management: Martijn Visser - INGDigital Data Tips Tuesday #1 - Tag Management: Martijn Visser - ING
Digital Data Tips Tuesday #1 - Tag Management: Martijn Visser - INGWebanalisten .nl
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
 
modern security risks for big data and mobile applications
modern security risks for big data and mobile applicationsmodern security risks for big data and mobile applications
modern security risks for big data and mobile applicationsTrivadis
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
 
Cybersecurity Fundamentals by Shaw E. Tuma
Cybersecurity Fundamentals by Shaw E. TumaCybersecurity Fundamentals by Shaw E. Tuma
Cybersecurity Fundamentals by Shaw E. TumaKlemchuk LLP
 
Securing Web Applications
Securing Web ApplicationsSecuring Web Applications
Securing Web ApplicationsMark Garratt
 
Security by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal SecuritySecurity by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal SecurityTara Arnold
 
Security by design: An Introduction to Drupal Security
Security by design: An Introduction to Drupal SecuritySecurity by design: An Introduction to Drupal Security
Security by design: An Introduction to Drupal SecurityMediacurrent
 
Cybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsCybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
 
Year Zero
Year ZeroYear Zero
Year Zeroleifdreizler
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Getting started with hacking android & i os apps tools, techniques and re...
Getting started with hacking android & i os apps tools, techniques and re...Getting started with hacking android & i os apps tools, techniques and re...
Getting started with hacking android & i os apps tools, techniques and re...n|u - The Open Security Community
 
Fiber Vakdag 2019 - Gerben Roseboom - MapXact
Fiber Vakdag 2019 - Gerben Roseboom - MapXactFiber Vakdag 2019 - Gerben Roseboom - MapXact
Fiber Vakdag 2019 - Gerben Roseboom - MapXactSplend
 
Fiber Vakdag 2019 - Lex Wils - FCA
Fiber Vakdag 2019 - Lex Wils - FCAFiber Vakdag 2019 - Lex Wils - FCA
Fiber Vakdag 2019 - Lex Wils - FCASplend
 

Más contenido relacionado

Similar a Lessons from the Hacking Team hack

(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahroodAlireza Ghahrood
 
Cybersecurity: A game of innovation
Cybersecurity: A game of innovationCybersecurity: A game of innovation
Cybersecurity: A game of innovationW2O Group
 
LonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security KeynoteLonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security KeynoteAlison Gianotto
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
11 People You Need To Follow at Insight 2014
11 People You Need To Follow at Insight 201411 People You Need To Follow at Insight 2014
11 People You Need To Follow at Insight 2014NetApp Insight
 
Digital Data Tips Tuesday #1 - Tag Management: Martijn Visser - ING
Digital Data Tips Tuesday #1 - Tag Management: Martijn Visser - INGDigital Data Tips Tuesday #1 - Tag Management: Martijn Visser - ING
Digital Data Tips Tuesday #1 - Tag Management: Martijn Visser - INGWebanalisten .nl
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
 
modern security risks for big data and mobile applications
modern security risks for big data and mobile applicationsmodern security risks for big data and mobile applications
modern security risks for big data and mobile applicationsTrivadis
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
 
Cybersecurity Fundamentals by Shaw E. Tuma
Cybersecurity Fundamentals by Shaw E. TumaCybersecurity Fundamentals by Shaw E. Tuma
Cybersecurity Fundamentals by Shaw E. TumaKlemchuk LLP
 
Securing Web Applications
Securing Web ApplicationsSecuring Web Applications
Securing Web ApplicationsMark Garratt
 
Security by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal SecuritySecurity by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal SecurityTara Arnold
 
Security by design: An Introduction to Drupal Security
Security by design: An Introduction to Drupal SecuritySecurity by design: An Introduction to Drupal Security
Security by design: An Introduction to Drupal SecurityMediacurrent
 
Cybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsCybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Getting started with hacking android & i os apps tools, techniques and re...
Getting started with hacking android & i os apps tools, techniques and re...Getting started with hacking android & i os apps tools, techniques and re...
Getting started with hacking android & i os apps tools, techniques and re...n|u - The Open Security Community
 

Similar a Lessons from the Hacking Team hack (20)

Aten ntc-stories
Aten ntc-storiesAten ntc-stories
Aten ntc-stories
 
(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood
 
Cybersecurity: A game of innovation
Cybersecurity: A game of innovationCybersecurity: A game of innovation
Cybersecurity: A game of innovation
 
LonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security KeynoteLonestarPHP 2014 Security Keynote
LonestarPHP 2014 Security Keynote
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security Professional
 
Internship at Software Industry
Internship at Software IndustryInternship at Software Industry
Internship at Software Industry
 
11 People You Need To Follow at Insight 2014
11 People You Need To Follow at Insight 201411 People You Need To Follow at Insight 2014
11 People You Need To Follow at Insight 2014
 
Digital Data Tips Tuesday #1 - Tag Management: Martijn Visser - ING
Digital Data Tips Tuesday #1 - Tag Management: Martijn Visser - INGDigital Data Tips Tuesday #1 - Tag Management: Martijn Visser - ING
Digital Data Tips Tuesday #1 - Tag Management: Martijn Visser - ING
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber Attack
 
modern security risks for big data and mobile applications
modern security risks for big data and mobile applicationsmodern security risks for big data and mobile applications
modern security risks for big data and mobile applications
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
Cybersecurity Fundamentals by Shaw E. Tuma
Cybersecurity Fundamentals by Shaw E. TumaCybersecurity Fundamentals by Shaw E. Tuma
Cybersecurity Fundamentals by Shaw E. Tuma
 
Securing Web Applications
Securing Web ApplicationsSecuring Web Applications
Securing Web Applications
 
Security by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal SecuritySecurity by Design: An Introduction to Drupal Security
Security by Design: An Introduction to Drupal Security
 
Security by design: An Introduction to Drupal Security
Security by design: An Introduction to Drupal SecuritySecurity by design: An Introduction to Drupal Security
Security by design: An Introduction to Drupal Security
 
Cybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsCybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal Professionals
 
Year Zero
Year ZeroYear Zero
Year Zero
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Getting started with hacking android & i os apps tools, techniques and re...
Getting started with hacking android & i os apps tools, techniques and re...Getting started with hacking android & i os apps tools, techniques and re...
Getting started with hacking android & i os apps tools, techniques and re...
 

Más de Splend

Fiber Vakdag 2019 - Gerben Roseboom - MapXact
Fiber Vakdag 2019 - Gerben Roseboom - MapXactFiber Vakdag 2019 - Gerben Roseboom - MapXact
Fiber Vakdag 2019 - Gerben Roseboom - MapXactSplend
 
Fiber Vakdag 2019 - Lex Wils - FCA
Fiber Vakdag 2019 - Lex Wils - FCAFiber Vakdag 2019 - Lex Wils - FCA
Fiber Vakdag 2019 - Lex Wils - FCASplend
 
Martin Pels - NLNog ring
Martin Pels - NLNog ringMartin Pels - NLNog ring
Martin Pels - NLNog ringSplend
 
Wido den Hollander - IPv6
Wido den Hollander - IPv6Wido den Hollander - IPv6
Wido den Hollander - IPv6Splend
 
Pim van Stam - BGP
Pim van Stam - BGPPim van Stam - BGP
Pim van Stam - BGPSplend
 
Bart Lageweg - Ansible/Cobbler
Bart Lageweg - Ansible/CobblerBart Lageweg - Ansible/Cobbler
Bart Lageweg - Ansible/CobblerSplend
 
6projects - Eyle Brinkhuis - SURFnet - Virtuele Netwerkfuncties
6projects - Eyle Brinkhuis - SURFnet - Virtuele Netwerkfuncties6projects - Eyle Brinkhuis - SURFnet - Virtuele Netwerkfuncties
6projects - Eyle Brinkhuis - SURFnet - Virtuele NetwerkfunctiesSplend
 
HSB15 - Dr. Michel van Eeten - TU Delft
HSB15 - Dr. Michel van Eeten - TU DelftHSB15 - Dr. Michel van Eeten - TU Delft
HSB15 - Dr. Michel van Eeten - TU DelftSplend
 
HSB15 - Xander Jansen - SURFnet
HSB15 - Xander Jansen - SURFnetHSB15 - Xander Jansen - SURFnet
HSB15 - Xander Jansen - SURFnetSplend
 
HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDESplend
 
HSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHHSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHSplend
 
HSB15 - Aiko Pras - TU Twente
HSB15 - Aiko Pras - TU TwenteHSB15 - Aiko Pras - TU Twente
HSB15 - Aiko Pras - TU TwenteSplend
 
HSB15 - Lennert den Teuling - ISPConnect
HSB15 - Lennert den Teuling - ISPConnectHSB15 - Lennert den Teuling - ISPConnect
HSB15 - Lennert den Teuling - ISPConnectSplend
 
HSB15 - Richard Bosboom - HackerOne
HSB15 - Richard Bosboom - HackerOneHSB15 - Richard Bosboom - HackerOne
HSB15 - Richard Bosboom - HackerOneSplend
 
DHPA Techday 2015 - Patrick Savalle - Are you out of your mind?
DHPA Techday 2015 - Patrick Savalle - Are you out of your mind?DHPA Techday 2015 - Patrick Savalle - Are you out of your mind?
DHPA Techday 2015 - Patrick Savalle - Are you out of your mind?Splend
 
DHPA Techday 2015 - Patrick Savalle - Disruptive Technology
DHPA Techday 2015 - Patrick Savalle - Disruptive TechnologyDHPA Techday 2015 - Patrick Savalle - Disruptive Technology
DHPA Techday 2015 - Patrick Savalle - Disruptive TechnologySplend
 
DHPA Techday 2015 - Ger Apeldoorn - Deep dive into Puppet
DHPA Techday 2015 - Ger Apeldoorn - Deep dive into PuppetDHPA Techday 2015 - Ger Apeldoorn - Deep dive into Puppet
DHPA Techday 2015 - Ger Apeldoorn - Deep dive into PuppetSplend
 
DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...
DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...
DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...Splend
 
DHPA Techday 2015 - Johan Benning - HP Mobility
DHPA Techday 2015 - Johan Benning - HP MobilityDHPA Techday 2015 - Johan Benning - HP Mobility
DHPA Techday 2015 - Johan Benning - HP MobilitySplend
 
DHPA Techday 2015 - Arjen Zonneveld - Jelte Jansen - DNSSEC College
DHPA Techday 2015 - Arjen Zonneveld - Jelte Jansen - DNSSEC CollegeDHPA Techday 2015 - Arjen Zonneveld - Jelte Jansen - DNSSEC College
DHPA Techday 2015 - Arjen Zonneveld - Jelte Jansen - DNSSEC CollegeSplend
 

Más de Splend (20)

Fiber Vakdag 2019 - Gerben Roseboom - MapXact
Fiber Vakdag 2019 - Gerben Roseboom - MapXactFiber Vakdag 2019 - Gerben Roseboom - MapXact
Fiber Vakdag 2019 - Gerben Roseboom - MapXact
 
Fiber Vakdag 2019 - Lex Wils - FCA
Fiber Vakdag 2019 - Lex Wils - FCAFiber Vakdag 2019 - Lex Wils - FCA
Fiber Vakdag 2019 - Lex Wils - FCA
 
Martin Pels - NLNog ring
Martin Pels - NLNog ringMartin Pels - NLNog ring
Martin Pels - NLNog ring
 
Wido den Hollander - IPv6
Wido den Hollander - IPv6Wido den Hollander - IPv6
Wido den Hollander - IPv6
 
Pim van Stam - BGP
Pim van Stam - BGPPim van Stam - BGP
Pim van Stam - BGP
 
Bart Lageweg - Ansible/Cobbler
Bart Lageweg - Ansible/CobblerBart Lageweg - Ansible/Cobbler
Bart Lageweg - Ansible/Cobbler
 
6projects - Eyle Brinkhuis - SURFnet - Virtuele Netwerkfuncties
6projects - Eyle Brinkhuis - SURFnet - Virtuele Netwerkfuncties6projects - Eyle Brinkhuis - SURFnet - Virtuele Netwerkfuncties
6projects - Eyle Brinkhuis - SURFnet - Virtuele Netwerkfuncties
 
HSB15 - Dr. Michel van Eeten - TU Delft
HSB15 - Dr. Michel van Eeten - TU DelftHSB15 - Dr. Michel van Eeten - TU Delft
HSB15 - Dr. Michel van Eeten - TU Delft
 
HSB15 - Xander Jansen - SURFnet
HSB15 - Xander Jansen - SURFnetHSB15 - Xander Jansen - SURFnet
HSB15 - Xander Jansen - SURFnet
 
HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDE
 
HSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHHSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECH
 
HSB15 - Aiko Pras - TU Twente
HSB15 - Aiko Pras - TU TwenteHSB15 - Aiko Pras - TU Twente
HSB15 - Aiko Pras - TU Twente
 
HSB15 - Lennert den Teuling - ISPConnect
HSB15 - Lennert den Teuling - ISPConnectHSB15 - Lennert den Teuling - ISPConnect
HSB15 - Lennert den Teuling - ISPConnect
 
HSB15 - Richard Bosboom - HackerOne
HSB15 - Richard Bosboom - HackerOneHSB15 - Richard Bosboom - HackerOne
HSB15 - Richard Bosboom - HackerOne
 
DHPA Techday 2015 - Patrick Savalle - Are you out of your mind?
DHPA Techday 2015 - Patrick Savalle - Are you out of your mind?DHPA Techday 2015 - Patrick Savalle - Are you out of your mind?
DHPA Techday 2015 - Patrick Savalle - Are you out of your mind?
 
DHPA Techday 2015 - Patrick Savalle - Disruptive Technology
DHPA Techday 2015 - Patrick Savalle - Disruptive TechnologyDHPA Techday 2015 - Patrick Savalle - Disruptive Technology
DHPA Techday 2015 - Patrick Savalle - Disruptive Technology
 
DHPA Techday 2015 - Ger Apeldoorn - Deep dive into Puppet
DHPA Techday 2015 - Ger Apeldoorn - Deep dive into PuppetDHPA Techday 2015 - Ger Apeldoorn - Deep dive into Puppet
DHPA Techday 2015 - Ger Apeldoorn - Deep dive into Puppet
 
DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...
DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...
DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...
 
DHPA Techday 2015 - Johan Benning - HP Mobility
DHPA Techday 2015 - Johan Benning - HP MobilityDHPA Techday 2015 - Johan Benning - HP Mobility
DHPA Techday 2015 - Johan Benning - HP Mobility
 
DHPA Techday 2015 - Arjen Zonneveld - Jelte Jansen - DNSSEC College
DHPA Techday 2015 - Arjen Zonneveld - Jelte Jansen - DNSSEC CollegeDHPA Techday 2015 - Arjen Zonneveld - Jelte Jansen - DNSSEC College
DHPA Techday 2015 - Arjen Zonneveld - Jelte Jansen - DNSSEC College
 

Último

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Último (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Lessons from the Hacking Team hack

  • 1. Thijs Bosschert 27 oktober 2015, Den Haag info@radicallyopensecurity.com thijs@radicallyopensecurity.com Wat hebben we geleerd van de Hacking Team hack?
  • 2. May 12, 2014 Radically Open Security Non-Profit Computer Security Consultancy We're an idealistic bunch of security researchers, networking/forensics geeks, and Capture The Flag winners that are passionate about making the world more secure. We believe in transparency and openness. And our goal is to secure the society that allows us to run a company in the first place. https://radicallyopensecurity.com/
  • 3. May 12, 2014 Thijs Bosschert Freelance Security Professional • Incident Response • Forensics • Penetration tester • Security researcher • Trainer • CTF player (Eindbazen, Hack.ERS)
  • 5. May 12, 2014 HackingTeam Source: http://www.hackingteam.it/
  • 6. May 12, 2014 HackingTeam Remote Control System Take control of your targets and monitor them regardless of encryption and mobility. It doesn’t matter if you are after an Android phone or a Windows computer: you can monitor all the devices. Remote Control System is invisible to the user, evades antivirus and firewalls… Source: http://www.hackingteam.it/images/stories/galileo.pdf
  • 7. May 12, 2014 HackingTeam Remote Control System Hack into your targets with the most advanced infection vectors available. Enter his wireless network and tackle tactical operations with ad-hoc equipment designed to operate while on the move. Keep an eye on all your targets and manage them remotely, all from a single screen. Be alerted on incoming relevant data and have meaningful events automatically highlighted. Source: http://www.hackingteam.it/images/stories/galileo.pdf
  • 8. May 12, 2014 You will be hacked Source: https://twitter.com/hackingteam/status/563356441885835264
  • 9. May 12, 2014 Imagine this Source: https://wikileaks.org/hackingteam/emails/
  • 10. May 12, 2014 You have been hacked Source: https://twitter.com/hackingteam/status/563356441885835264
  • 11. May 12, 2014 How was it done? Source: https://twitter.com/GammaGroupPR
  • 12. May 12, 2014 How was it done? Source: http://0x27.me/HackBack/0x00.txt
  • 13. May 12, 2014 0x00.txt ● Mapping out the target ● Scanning & Exploiting ● Escalating ● Pivoting ● Have Fun Source: http://0x27.me/HackBack/0x00.txt
  • 15. May 12, 2014 Bad response Source: Twitter
  • 16. May 12, 2014 Bad press reactions Source: http://www.hackingteam.it/index.php/about-us
  • 18. May 12, 2014 WikiLeaks Email DB Source: https://wikileaks.org/hackingteam/emails/
  • 19. May 12, 2014 0 days & exploits ● CVE-2015-0349 – Adobe Flash Player ● CVE-2015-2425 – IE 11 ● CVE-2015-2426 – OpenType Font Driver ● CVE-2015-5119 - Adobe Flash Player ● CVE-2015-5122 - Adobe Flash Player ● CVE-2015-5123 - Adobe Flash player
  • 20. May 12, 2014 Weak passwords ● P4ssword ● Passw0rd ● wolverine ● universo ● HTPassw0rd ● Passw0rd!81 + Password reusage Source: http://pastebin.com/bxYXHFMu
  • 21. May 12, 2014 Code like everyone is watching def content(*args) hash = [args].flatten.first || {} process = hash[:process] || ["Explorer.exe0", "Firefox.exe0", "Chrome.exe0"].sample process.encode!("US-ASCII") path = hash[:path] || ["C:Utentipippopedoporno.mpg", "C:UtentiplutoDocumentichildporn.avi", "C:secretsbomb_blueprints.pdf"].sample path = path.to_utf16le_binary_null Source: https://github.com/hackedteam/rcs- common/blob/master/lib/rcs-common/evidence/file.rb
  • 22. May 12, 2014 CIS Critical Security Controls Source: SANS 20 Critical Controls Poster
  • 23. May 12, 2014 CIS Critical Security Controls Source: SANS 20 Critical Controls Poster
  • 25. May 12, 2014 What went wrong? ● Weak passwords usage and re-usage ● No network Segmenting and protection ● No data encryption ● No secure email ● No data classification ● No monitoring ● Incorrect incident response procedures ● Usage of illegal software
  • 26. May 12, 2014 Security level Source: http://lockheedmartin.com
  • 27. May 12, 2014 Protection level Source: http://www.slideshare.net/jaredcarst/cyber-threats-cybersecurity-are-you-ready
  • 28. May 12, 2014 Wat hebben we geleerd? Als security bedrijf ben je een gewild target voor aanvallers, dan kan je maar beter zorgen dat je daar dan ook op voorbereid bent.