Upload File

its ok to get hacked

24
It’s OK to get H@CK3D It’s OK to get H@CK3D

Upload: sensepost

Post on 13-Nov-2014

959 views

Category:

Technology


1 download

Report

DESCRIPTION

Presentation by Jaco van Gaan at IIA in 2001. This presentation is about the use of ethical hackers in business. The presentation begins with a series of discussions about hackers, what they do, how they do it and the different types of hackers.

TRANSCRIPT

  • 1. Its OK to get H@CK3D
  • 2. Introduction
    • About me
    • About SensePost
    • References
      • http://www.sensepost.com
      • [email_address]
      • [email_address]
  • 3.
    • Who got h@ck3d?
    • Hackers - the enemy or close friend?
    • Evaluating the work of Ethical hackers
    • Internal Audit tips and tricks
    • Questions
    Agenda
  • 4.
    • Problem vs Origin
    • De-Face
      • Unauthorized change to web page
      • Not necessary damage or data loss
      • Loss in reputation
      • http://www.attrition.org/mirrors
    Who got hacked?
  • 5. What Hackers do:
    • Steal
      • Information - to use and to sell
      • Money from accounts
      • Goods through e-buying
      • Resource - time and equipment
    • Talk, Boast
    • Leave backdoors open
      • Launch new attacks
  • 6. How do they do it?
    • Social engineering
    • Networking
    • Resources from the web...
  • 7.
    • Information gathering
    • Foot printing
    • ID servers/services by portscan
    • ID OS, services types (MS, IIS)
    • Check vulnerability databases
    • Run vulnerability checker (whisker)
    • Search for exploit tool / build exploit tool
    • Use tool
    • Gain control
    • De- face, delete, cover tracks.
    How do they do it 2?
  • 8.
  • 9.
    • Understand the origin of the problem, before trying to address it
    • Different types
      • Script kiddies
      • Professional hackers
      • Government agencies
      • Ethical hackers
    • Motivation behind attempts
      • Hacker manifesto:
    • Our only crime is curiosity
    Hackers enemy or close friend?
  • 10.
    • Who would target you?
    What me worry?!
  • 11. Evaluating the work of Ethical Hackers
  • 12.
    • ID Vulnerabilities proactively
    • Measure effectiveness of controls and Security investment
    • Verify vendor and technology claims
    • Create awareness
    • Improve IT staff skills and knowledge
    • Motivate Security expenditure
    • Get objective, independent results
    • Business pressure
    • Setting benchmarks
    • Continual measure and monitor
    Why get Hacked?
  • 13. External Assessment (Audit)
    • Collect and evaluate evidence to determine whether a computer system :
      • safeguards assets
      • maintain data integrity
      • allow the goals of an organisation to be achieved efficiently and effectively
    • Security policy as control document
    • International standards: SAS 70, BS 7799.
  • 14. Ethical Hackers- Evaluation
    • Organization
      • Independence
      • References
      • Experience
      • Certification
      • Cost
      • Ethics
      • Services offered
      • Backing: subsidiary/insurance
  • 15. Ethical Hackers - Evaluation
    • Methodology
      • Certification/benchmark
      • Audit plan
      • Execution according to plan
      • Report
      • Recommendations & resolution
  • 16. Ethical Hackers - Evaluation
    • Resources
      • Business skills
      • Experience: qualification, Certifications, Bodies
      • Individual background
    • The brief How, What, Where?
      • Type: logical, physical or social
      • Restrictions / conditions
      • Internal /external
  • 17. Ethical Hackers - Evaluation
    • Toolbox
      • Tool combinations: wider vulnerability exposure
      • Proprietary or off the shelf
    • Confidentiality
      • NDA
  • 18.
  • 19.
  • 20.
  • 21.
    • Value your information assets
    • Evaluate your risk
    • Be requirement driven, not technology driven
    • Enable your business
    The Internal Auditor
  • 22. The Internal Auditor
    • Separation of duties
    • Security policy
    • Use of a specialist
    • Be cautious of strange software
  • 23. questions?
  • 24.

Will Your Business Get Hacked - Hull (Apr 28)

Miss a Test Path and You Could Get Hacked Complex Equals Less Secure-McCabe.pdf · More Complex = Less Secure Miss a Test Path and You Could Get Hacked

How to Open a File and Not Get Hacked (Kupsch-Miller)

Get Hotmail hacked issues problem solve through our Hotmail password recovery team

Don’t Get Hacked – Best Practices in Cyber Hygiene

How You Will Get Hacked Ten Years from Now

Don't let your WordPress site get hacked

View The Email to Get Hacked: Attacking SMS-based Two ... · @gmail. com pw: w onderla nd. Philipp Markert, Florian Farke, and Markus Dürmuth View The Email to Get Hacked: Attacking

How to Get Hacked in 5 Easy Steps

Put something on the internet - Get hacked€¦ · Get hacked 1. Beyond Security Agenda • About me • IoT • IoT core ... • Been interested in the field of security since childhood

Getting hacked

I am not ok, you are ok - Get away from

Why ha.ckers. org doesn’t get hacked. Who we are. James Flom (id) COO SecTheory Ltd

Will Your Business Get Hacked? - #HumberBizWeek: 08.06.2016 @ Smailes Goldie

Anatomy of a Network Hack: How to Get your network hacked in10

Anatomy of a Network Hack: How to Get your network hacked ...€¦ · SEC403 - Anatomy of a Network Hack: How To Get Your Network Hacked in Ten Easy Steps! Jesper M. Johansson Enterprise

Edge Talks 4 December - Hacked off? Get hacking

HACKED WEBSITE TREND REPORT - Sucuri — … · HACKED WEBSITE TREND REPORT 2016 - Q2 The latest trends into how websites get hacked, ... ModX and vBulletin are being removed from

Will Your Business Get Hacked in 2016?

Don't Get Hacked on Hostile WiFi

How to Open a File and Not Get Hacked · How to Open a File and Not Get Hacked James A. Kupsch and Barton P. Miller University of Wisconsin SecSE 2008, Barcelona, Spain March 5th,

Anatomy of a Network Hack: How To Get Your Network Hacked in Ten Easy Steps!

I am not ok, you are not ok - Get nowhere with

How we hacked Tinder to get users for our app

Low Hanging Fruits: The Top Five - McAfee Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked 1 Low Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked WHITE

Fileshare.ro Hacked

PuppetConf 2016: How You Actually Get Hacked – Ben Hughes, Etsy

Don't Get Hacked: WordPress Security Best Practices

Ok, let’s get started!

To be Hacked or not to be Hacked!

Legend - Hacked By Foaad Pal | Hacked By Foaad Pal

Can your SMART TV get hacked?-by Martin Herfurt

Bsm Hacked Paper

Http:// HACKED!!! Securing your Business Ankit Fadia Ethical Hacker [email protected] Hacked!!!

Securing Drupal 7: Do not get Hacked or Spammed to death!