hackers? - isaca nl chapter tables/2014/2014 10... · elger jonker misd ceh contact elgerjonker.nl...
TRANSCRIPT
![Page 1: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/1.jpg)
Hackers?What could possibly go wrong…
![Page 2: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/2.jpg)
Elger Jonker MISD CEH
Ethical Hacker
Computers since 1989
Apple Computers
Security & Architecture
![Page 3: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/3.jpg)
Contents
Hacking (demo)
Observe Hack
Ethics
Hackers The web
Spaces
Reconnaissance
Make
Responsibledisclosure
![Page 4: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/4.jpg)
4ohm2013.org
![Page 5: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/5.jpg)
Photo: maltman23
Hacking
“What does the system do?”
![Page 6: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/6.jpg)
“Hacker”, the general type…
• Advanced on certain (technological) levels.
• Takes things apart and understand them.
• Due to understanding uses things differently.
• Absorbs information quickly, learns a lot.
• Uses a variety of tools and methods, whatever is at disposal.
…can be applied to all kinds of motivations and persuits.
![Page 7: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/7.jpg)
Motivation & Persuit
Anonymous Script Kiddies
![Page 8: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/8.jpg)
Movie hackers Demosceners
![Page 9: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/9.jpg)
Intelligence Agencies Nations / Armies
![Page 10: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/10.jpg)
Different motivations
OffendersCyber Criminals
![Page 11: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/11.jpg)
![Page 12: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/12.jpg)
Ethical hackers
http://en.wikipedia.org/wiki/Hacker_ethic
Sharing
Openness
Decentralization
Free access to computers
World Improvement
freedom of information
improvement to quality of life
Happiness
Safety
![Page 13: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/13.jpg)
Ethical hackers
Responsible Disclosure
Codes of ethics connected tocertification by vendor(s)
![Page 14: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/14.jpg)
Hackerspaces
![Page 15: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/15.jpg)
Hackerspaces.NL
![Page 16: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/16.jpg)
Hackerspaces.NL
fb.com/Hack42Arnhem
twitter.com/hack42
flickr.com/search/?q=hack42
hack42.nl
![Page 17: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/17.jpg)
Foto: macsimski
![Page 18: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/18.jpg)
Foto: dvanzuijlekom
![Page 19: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/19.jpg)
![Page 20: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/20.jpg)
Foto: dvanzuijlekom
![Page 21: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/21.jpg)
Foto: dvanzuijlekom
![Page 22: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/22.jpg)
Foto: dvanzuijlekom
![Page 23: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/23.jpg)
Lichtbild Ausweis
![Page 24: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/24.jpg)
Foto: dvanzuijlekom
![Page 25: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/25.jpg)
![Page 26: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/26.jpg)
Foto: dvanzuijlekom
![Page 27: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/27.jpg)
Foto: Digital Nuisance
![Page 28: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/28.jpg)
Foto: dvanzuijlekom
![Page 29: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/29.jpg)
Foto: dvanzuijlekom
![Page 30: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/30.jpg)
30ohm2013.org
![Page 31: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/31.jpg)
31SMBC-Comics.com
![Page 32: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/32.jpg)
32
![Page 33: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/33.jpg)
33
![Page 34: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/34.jpg)
End user: Hacker:
Content management platform Website
Website
Website
Website
Website
Customer Relation System
Mobile Application
Worldwide Transaction System
Social Media Platform
34
Web applications through the eyes…
![Page 35: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/35.jpg)
Hacker viewNormal view
35BrickCityDepot StartTheDay
![Page 38: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/38.jpg)
Usercode / workarouds
Extensions / Plug-ins
Website / Software
Services
Servers
Operating system
Hardware
Technology Stack (website)Configuration,
Versions, Updates, Patches,
Standards,Sub-standards,
People
38
![Page 40: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/40.jpg)
Or… “security auditing”
• Auditing with a freeform component…
• What guide to use?• Owasp?
• What to check exactly?• Constantly evolves…
• Complex set of circumstances
![Page 41: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/41.jpg)
Reconnaissance
Technology stack- Server banners- Names of webservers- Page extensions- Metadata, frameworks
Software- Checking for known weaknesses- Check background information of
used software (such as admin urls, publisher, source code)
Public information- e-mail adresses- Linkedin, facebook, twitter, flickr- … more more more- Derive password-context from public
sources.
MARTHA ROTTER / SCRAPERWIKI
Public information- Search results- Company information- Url’s and servers- Other sites on the same domain
Find the weak spots
The real challenge is to know what they are.
41
![Page 42: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/42.jpg)
• First impressions example…
Reconnaissance exercise
compujeramey 42
![Page 43: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/43.jpg)
Live hacking example
pfos
http://zero.webappsecurity.com/
![Page 44: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/44.jpg)
44ohm2013.org
![Page 45: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/45.jpg)
I’ve found a serious security problem…
![Page 46: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/46.jpg)
• Anarchy, chaos, war
• Highest bidder, no ethics, immoral
• Might have derailing effect on society illegal.
Absolutely unacceptable toethical hackers and punishableby law.
Dark side (not an option)
![Page 47: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/47.jpg)
Journalist
• Source protection (NL)
• Might publish before fixing
• Might or might not protect you
Reputation trust.
http://www.nu.nl/media/3884580/wettelijk-recht-bronbescherming-journalist.html
![Page 48: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/48.jpg)
48
Responsible disclosure
• Companies should have Responsible Disclosure policy
• Company might still sue
• NCSC can be an intermediate
• NCSC can be “wobbed”
• NCSC can be a guide
“Wobbed”:https://nl.wikipedia.org/wiki/Openbaarheid_van_bestuur
![Page 49: Hackers? - ISACA NL Chapter Tables/2014/2014 10... · Elger Jonker MISD CEH Contact elgerjonker.nl Title Security? Author Jonker, Elger Created Date 10/13/2014 12:33:45 PM](https://reader036.vdocuments.us/reader036/viewer/2022071112/5fe8b608afd19b573512cbe3/html5/thumbnails/49.jpg)
Elger Jonker MISD CEH
Contact
elgerjonker.nl