Upload File

chema alonso - dorking, pentesting & hacking con android apps [rootedvlc2]

  • Home
  • Technology
  • Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]
27
Dorking & Pentesting with Tacyt Chema Alonso @chemaalonso

Upload: rootedcon

Post on 08-Jan-2017

1.348 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Dorking & Pentesting�with Tacyt

Chema Alonso @chemaalonso

Page 2: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Dorking

Page 3: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

The target is the�“What” not the “Who”

Page 4: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

The Target is the Code

Page 5: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

What is “Tacyt”?

Page 6: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Dorking with apps:�code & metadata

Page 7: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

1.- Infrastructure

Page 8: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Infrastructure Surface

Page 9: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Well-Known Ports

Page 10: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Cpanel & Plesk

Page 11: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

2.- P@ssw0rdS

Page 12: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Password.txt

Page 13: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

UserLists

Page 14: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Userlist.app

Page 15: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Databases

Page 16: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

WebServices

Page 17: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

3.- Third Party Credentials

Page 18: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

PathFinder

Page 19: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Social Networks

Page 20: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

API Keys & Tokens

Page 21: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

4.- Bugs to get into

•  SQL.asp/php/aspx/… •  Query •  ldapsearch •  exec •  sql •  command •  …

Page 22: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

(Blind) SQL Injection

Page 23: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

(Blind) SQL Injection 101

Page 24: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

LDAP Search

Page 25: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

(Blind) LDAP Injection 101

Page 26: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Surprise me, baby!

Page 27: Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]

Questions? •  Chema Alonso

–  http://twitter.com/chemaalonso –  [email protected] –  http://www.elladodelmal.com

•  Disclaimer: Tacyt Service has been developed by Eleven Paths. All things working well are because of their hard work. All things *may* went bad on this talk were my fault.


Episodio de pentesting

Chema Alonso

Pentesting J2EE

ISA Server 2K6 VPNs Chema Alonso Microsoft MVP Windows Security [email protected]

iOS Application Pentesting

DORKING FC - Pitchero

Mill Road, Holmwood, Dorking, Surrey RH5 4NS £1,095,000 … · 2019-07-08 · Mill Road, Holmwood, Dorking, Surrey RH5 4NS 171 High Street, Dorking Surrey RH4 1AD 01306 877775 [email protected]

DORKING FC - Pitcherofiles.pitchero.com/clubs/18447/24.10.15ashunited_153022.pdfMEADOWBANK UPDATE: NO. 2 ‘LOVE FOOTBALL, LOVE YOUR COMMUNITY, JOIN DORKING FC! Dorking FC is looking

Revista Productos Chema

Dorking dictionary [thay tro.net]

Dorking Community Orchard

Chema Madoz

Trains Chema

Pentesting VOIP

Practical pentesting of ERP’s and businessmedia.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs... · ERPScan Pentesting Tool • ERPScan's Pentesting Tool is a freeware

Dorking Sports Centre

Pentesting Presentation

Pentesting y troyanos

Dorking & Pentesting with Tacyt

Goal Oriented Pentesting

Practical SAP Pentesting

Pentesting iOS Applications

Chema Revista

Android Hacking + Pentesting

patricia y chema

Pentesting with linux

Pentesting RESTful webservices

Pentesting web applications

TaxAssist Accountants Dorking

Pentesting with Metasploit

PHB Chema Madoz

AUDITING&PENTESTING STANDARDS

Pentesting Android Apps

Collen Chema

Caro Y Chema