SlideShare ist ein Scribd-Unternehmen logo

Hacking WordPress... and countermeasures.

Nestor Angulo de Ugarte
Nestor Angulo de Ugarte

A beginners intro to cybersecurity in WordPress environment, showing how the hacking process works using the Art of War as the driving theme. Also, there are some examples to make conscious of what could happen if we don't care about this. This talk was presented in the WordCamp Osaka 2019.

Technologie
1 von 69
Downloaden Sie, um offline zu lesen
4
Hacking WordPress & Countermeasures NESTOR ANGULO DE UGARTE WORDCAMP OSAKA 2019 #WCOSAKA
こんにちわ! 6
Who I am 7 u Computer Science Engineer & Technology consultant u Photographer & Early Adopter u Truly curious guy u 2015: SUCURI Incident Response & Easy SSL u 2019: GoDaddy Spain Interim Head of IT @ GoDaddy Spain
Where is カ ナリア諸島 8
9 About u Sucuri: Anaconda (No Securi / Security) u Website security u Fully remote (people from > 25 countries around the world) u 2008: Foundation u 2017: Proud part of the GoDaddy family u Free scanners: u Sitecheck (sitecheck.sucuri.net) u Performance (performance.sucuri.net)
10 #WCOsaka2019 Nestor Angulo (@pharar)
Concepts GIVING CONTEXT 11 #WCOsaka2019NestorAngulo(@pharar)
DISCLAIMER 12 #WCOsaka2019 Nestor Angulo (@pharar) Any sensitive information has been protected/encrypted to preserve privacy. Any similiarity with reality is a coincidence. I’m responsible of what I say, not what you interpret. Always ask an expert.
#WCOsaka2019 Nestor Angulo (@pharar) 13
#WCOsaka2019 Nestor Angulo (@pharar) 14 ハッキングされた企業と、 ハッキングされたことをま だ知らない企業の2種類があ ります。
HACKER VS Cyberterrorist 15 #WCOsaka2019 Nestor Angulo (@pharar) Hacker: Curious person who loves to go beyond limits or convetionalisms. Cyberterrorist / Cracker: Computer Hacker, whom intentions are always aligned to enrich himself in a zero- sum game situation. The bad guy
Hacker Hat Colours 16 u Black Hat Cyberterrorist, thief u Grey Hat White Hat using illegal procedures u White Hat Security Analyst, ethical hacker
Malware u Software intentionally designed to cause damage to a computer, client, or computer network. u Some types: u Backdoors, zero-day u Exploits u Trojan horses, Fremium plugins u Ransomware, Spyware u Adware, Scareware 17
CyberSecurity & Web Security 18 u Cybersecurity: Security in the digital world u Web Security: Field of Cybersecurity u Covers what happens through port 80 / 443
FACTS 19 Site hacking almost never is client-oriented (98% of cases) Almost always happens due to a deficient monitoring / maintenance A SSL certificate is not an antihacking shield Patches & security updates appear almost always after hacking exploits Errare Humanum Est (Human being fails) Security never is (nor will be) 100% effective
FACTS 20 Source: Website Hack Trend Report 2018 – sucuri.net
The Art of War IN THE MIND OF YOUR ENEMY
Common Targets 22 #WCOsaka2019 Nestor Angulo (@pharar) Users info Database Website Content Infrastructure Bot Net Reputation
Know your weaknesses 23 u You are your weakest point u You can be scammed u Passwords. u Vulnerable to brute force attacks u Leftovers u Admin users u Outdated/vulnerable software u Enabled/Disabled not-in-use plugins/themes u Non-secure connection (avoid public wifi) u Vulnerable to Man-In-the-Middle attacks
Hacking WordPress. The Process 24 Vulnerability ->Exploit Injection Final code Backdoor Spam / defacement BotNode Final code
Definitions 25 u Vulnerability u Bug in the code or posibility of misuse that can be exploited to perform unauthorized actions within a computer system. u Exploit u Software that leverages a vulnerability u Backdoor u Malware which allows remote execution of code
WPScan Vulnerability Database wpvulndb.com 26
Gallery of Horrors 27 #WCOsaka2019NestorAngulo(@pharar)
Defacements
Defacements
Example 1: Photographer Gallery 30
31 #WCOsaka2019NestorAngulo(@pharar)
32 #WCOsaka2019NestorAngulo(@pharar)
Example 2: Pet food store 33
34
35
Bonus 36
37
DEFACEMENTS 38 #WCOsaka2019 Nestor Angulo (@pharar) Partial / full replacement of website frontend. Very obvious Easy detection: - Users (hear them!) - Scanners Target: Awareness or social/political revindication
Black Hat SEO / Spam
40
41
42
43
44
BLACK HAT SEO / SPAM 45 #WCOsaka2019 Nestor Angulo (@pharar) Spam/unwanted content in your site Detection: - Scanners (Easy) - Users (hear them!) - Search Engine warnings Target: Your SEO and reputation
DDoS Attacks / BotNets
Definitions 47 u DoS attack - Denial of Service - Overhelmed application due to a huge amount of petitions u DDoS attack u Distributed DoS u BotNet u Net of websites linked to act coordinated u Have bot nodes and a bot master
Normal, tending to calm 48
49
50
BOTNETS, CRYPTOMINERS, DDOS 51 #WCOsaka2019 Nestor Angulo (@pharar) Affecting to your infrastructure Detection: - Usually difficult - Strange use of resources - File Integrity Scanner WAF recommended Target: - Your server’s resources - User’s resources. - Zombie node
Countermeasures REACTIVES AND PROACTIVE MEASURES 52 #WCOsaka2019NestorAngulo(@pharar)
Characters in the Story (if something happens) 53 You • Owner / Admins • Developer & Designer • Users/clients Hosting Provider • Agent / C3 • Support & Backups Security Expert • Security department • External services
Security in Layers 54 u You ( the weakest layer ) u Your device ( Antivirus ) u Your connection ( SSL ) u Your website ( WAF ) u Your credentials ( Strong Passwords / 2FA ) u Your site security ( monitor / updates ) u Your server security ( monitor / updates ) u Your database ( monitor ) u Maintenance tasks
Measures: Reactive vs Proactive 55 #WCOsaka2019 Nestor Angulo (@pharar) Reactive: When bad things have already happened Pain mitigation Proactive: Before anything bad happens Risk mitigation
#WCOsaka2019 Nestor Angulo (@pharar) Reactive measures u Scan your site: uStatus: Sitecheck.sucuri.net uBlacklist: Virustotal.com u CRC: Check, Remove and Change u Update u Restore a backup 56
57 #WCOsaka2019NestorAngulo(@pharar)
#WCOsaka2019 Nestor Angulo (@pharar) Proactive measures u Reduce admins, plugins and themes u Backups u Updates u Invest in Hosting & Security u WAF 58
The more Doors, the higher Risk 59 #WCOsaka2019 Nestor Angulo (@pharar) “To Caesar, what is Caesar’s”. Admin stuff with admin account. The rest, with a limited account The more admins, plugins and themes the more risk (even when disabled). All user’s passwords MUST be unique and strong (better with 2FA when possible) Applied to all layers (wp-admin, [S]FTP, cPanel, dashboard, db, …)
BACKUPS 60 u Have a backups strategy uNEVER store the backups in your production server uA clean and FUNCTIONAL backup will be your best friend a bad day
BACKUPS 61 u Have a backups strategy uNEVER store the backups in your production server uA clean and backup will be your best friend a bad day
Updates 62 u PLUGINS u THEMES u CORE u PHP u APACHE / NGINX u SERVER u CPANEL / PLESK u …
Updates 63 Source: Web Professional Security Survey 2019 – Sucuri.net
Remember to Invest in 64 #WCOsaka2019 Nestor Angulo (@pharar) SECURITY HOSTING
Hosting 65 #WCOsaka2019 Nestor Angulo (@pharar) FIRST LAYER OF YOUR SITE’S DEFENSE BALANCE BETWEEN PRICE AND FEATURES THEY ARE IN CHARGE OF THE SERVER’S SERVICES, DATABASE AND MAINTENANCE
Shared hosting vs dedicated #WCOsaka2019NestorAngulo(@pharar) 66
Source: 2019 Sucuri survey to ecommerce owners. 67
WAF Your guard dog 68 #WCOsaka2019 Nestor Angulo (@pharar) FILTERS ALL YOUR WEB TRAFFIC PROTECTS AGAINST XSS, DDOS, … PATCHS VIRTUALLY WIDELY KNOWN SOFTWARE VULNERABILITIES IF IT INCLUDES CDN, IMPROVES YOUR SITE’S SPEED & PERFORMANCE FORENSIC ANALISYS TOOL ALLOWS MANUAL BLOCKING
WAF Your guard dog 69 #WCOsaka2019 Nestor Angulo (@pharar) FILTERS ALL YOUR WEB TRAFFIC PROTECTS AGAINST XSS, DDOS, … PATCHS VIRTUALLY WELL KNOWN SOFTWARE VULNERABILITIES IF IT INCLUDES CDN, YOUR SITE WILL IMPROVE ITS SPEED AND PERFORMANCE FORENSIC ANALISYS TOOL ALLOWS MANUAL BLOCKING
70 #WCOsaka2019 Nestor Angulo (@pharar)
71 #WCOsaka2019NestorAngulo(@pharar)
ありがとうござ いました︕ ご質問は︖ 72 @pharar #WCOSAKA2019

Empfohlen

2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober20152016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015Saumil Shah
 
The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016Saumil Shah
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeEC-Council
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testingNowSecure
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsSaumil Shah
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017Saumil Shah
 

Empfohlen

2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober20152016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015Saumil Shah
 
The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016Saumil Shah
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeEC-Council
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testingNowSecure
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsSaumil Shah
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017Saumil Shah
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013Ben Ten (0xA)
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentJames Wickett
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookNowSecure
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptxPeter Yaworski
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universeSébastien GIORIA
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of SecuritySaumil Shah
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteSaumil Shah
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014Sebastien Gioria
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAvkash Kathiriya
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection☁️Seyfallah Tagrerout☁ [MVP]
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)Phillip Maddux
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSebastien Gioria
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013IGN MANTRA
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Nestor Angulo de Ugarte
 
I've been hacked! So, now, what!?
I've been hacked! So, now, what!?I've been hacked! So, now, what!?
I've been hacked! So, now, what!?Nestor Angulo de Ugarte
 

Weitere ähnliche Inhalte

Was ist angesagt?

It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013Ben Ten (0xA)
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentJames Wickett
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookNowSecure
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptxPeter Yaworski
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universeSébastien GIORIA
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of SecuritySaumil Shah
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteSaumil Shah
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014Sebastien Gioria
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAvkash Kathiriya
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection☁️Seyfallah Tagrerout☁ [MVP]
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)Phillip Maddux
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSebastien Gioria
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013IGN MANTRA
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 

Was ist angesagt? (20)

It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptx
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universe
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of Security
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APT
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers Job
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 

Ähnlich wie Hacking WordPress... and countermeasures.

OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA
 
QAing the security way!
QAing the security way!QAing the security way!
QAing the security way!Amit Gundiyal
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short VersionValerie Houghton
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short VersionValerie Houghton
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...Cyber Security Alliance
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksCiNPA Security SIG
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaGilles Sgro
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can youShakacon
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfKerimBozkanli
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSebastien Gioria
 

Ähnlich wie Hacking WordPress... and countermeasures. (20)

Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.
 
I've been hacked! So, now, what!?
I've been hacked! So, now, what!?I've been hacked! So, now, what!?
I've been hacked! So, now, what!?
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security way
 
QAing the security way!
QAing the security way!QAing the security way!
QAing the security way!
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pj
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
 

Mehr von Nestor Angulo de Ugarte

¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?Nestor Angulo de Ugarte
 
Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.Nestor Angulo de Ugarte
 
WordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las BackdoorsWordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las BackdoorsNestor Angulo de Ugarte
 

Mehr von Nestor Angulo de Ugarte (6)

¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?
 
Limpiar Sitios Hackeados
Limpiar Sitios HackeadosLimpiar Sitios Hackeados
Limpiar Sitios Hackeados
 
Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.
 
Me han Hackeado... ¿Y ahora qué?
Me han Hackeado... ¿Y ahora qué?Me han Hackeado... ¿Y ahora qué?
Me han Hackeado... ¿Y ahora qué?
 
WordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las BackdoorsWordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las Backdoors
 
Backdoor: El Bueno, El Feo y el Malo
Backdoor: El Bueno, El Feo y el MaloBackdoor: El Bueno, El Feo y el Malo
Backdoor: El Bueno, El Feo y el Malo
 

Kürzlich hochgeladen

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Hacking WordPress... and countermeasures.