Security

Bug Bounty programs

• BugCrowd
• HackerOne

Elearning

• Codiscope
• Awesome-Hacking

Encryption

scramble code with a key

• Today’s encryption uses 256 bit keys

Symmetric key

When sender and receiver use the same key

• eg. Ceasar’s cypher
• The key has to be agreed before time

Asymmetric key

used in open communications like the Internet

• Consists of a public key that can be exchanged with anybody and a private key that isn’t shared
• The public key is used to encrypt data and anybody can create a secret message
• The secret can only be decrypted by a computer with a private key

IEEE OC CyberSecurity SIG

https://cssig.brats.com
Chair Arthur Schwarz

Techniques

SSH Pivoting

• is to move between subnets piping traffic from one subnet to another

• ssh -Local

• ssh -Remote
• ssh -Dynamic

SSH lateral attack

• moving within the same subnet

Tools

• MetaSploit
• Armitage - GUI for MetaSploit
• Dirty COW - “Copy on Write” Linux vulnerability
• haveibeenpwned
• liftsecurity
• skyk
• wifi-cracking

commands

• ifconfig to get ip address
• locate ifconfig to get the directory where the ifconfig or any other command is located.
• netdiscover -r <inet> discover how many machines connected to the local network
• nmap <ip address> shows ports exposed in a machine
• netstat

ACM Cyber Security

Brian Wallace - Cylance

The Diversity of the Cyber Threat Landscape
github.com/bwall
@botnet_hunter

• APT (Advanced Persistent Threats)

social engineering

• eg. hacking an email to get the VPN password

Spray and Pray Spam

• Offered as SaaS too
• emails, twitters

Credential Phishing

• eg. PayPal

Spear Phishing

• specific targets
• you can harvest info from user from public social media
  • Operation Cleaver -> can use trojan horse app, posing as a recruiter

USB Drops

• “lost and found” USB stick with malware
• USB Rubber Ducky
• Teensy-LC

Remote Exploitation

• software vulnerabilities
• unconfigured devices can be a gold mine for attacker
• IPv6 will make the web more vulnerable

Default Credentials

• eg. root/root
• this is how the Mirai DNS attack was done through IoT

Over Exposed Services

• eg. hotel wifi
• ANTLabs InnGate (hotel Wifi)
• RSYNC daemon

Exploits

• Adobe Reader is very vulnerable. Watch out with PDFs you don’t know
• patching helps

Man in the Middle (MITM)

• in a coffee shop wifi, trick you or your computer to proxy through them..
• tool Evilgrade

Public WiFi

• MITM
• Airplane, coffee shop, restaurant wifis
• anything not encrypted is at risk
• use VPN can help when using public WiFi
• or not use the public WiFi

Femtocells

• StringRay tool from law enforcement to listen to calls
• hack the femtocell and can get MITM access to a phone even without WiFi

Lateral Movement

Credential Theft

• Passwords

Cached Credentials

• Isass.exe in Windows stores username/passwords
• Mimikatz to pull data from Isass.exe

Credentials from the Network

• LLMNR, NBT-NS and MDNS can be abused on Windows to leak encrypted creds
• Responder tool

Credentials in Shared Documents

• creds in a script, file, github, slack
• attackers may be paid by the hour to dig into your stuff until they find something

Abusing Shared Resources

• they can modify wikis, word documents, exes, etc.

Destroy Data

Encrypt Data

• Ransomeware .. encrypt files in a system and ask a ransome for that
• Bitcoin or other difficult to de-anonymize payment method

Steal Data

• it’s possible to encode data in simple words eg. Taylor Swift lyrics using machine learning

Protection

• set protection like onion layers
• train your personnel
• how to setup a VPN

DDoS (Distributed Denial of Service)

When attackers flood a web server with requests

• A BotNet is a network of infected computers that can be used to cause DDoS attacks.

  meetups

  • OWASP-OC http://www.meetup.com/OWASP-OC/ ACMOC20OFF

Encryption cracker

• https://hashcat.net/hashcat/