How to train your ninja

•

1 gefällt mir•844 views

This document outlines an agenda for conducting an e-banking security assessment. It discusses various aspects of assessing security such as session management, access control, authentication, and technical vulnerabilities. The document recommends delivering management and technical reports with findings, risks, values, technical details, and patching/coding recommendations. It emphasizes pentester ethics and non-disclosure agreements when conducting such assessments.

Technologie Wirtschaft & Finanzen

HOW
TO TRAIN
E-banking Security Assessment
K-159 <k-159@echo.or.id> Your Ninja

#WHOAMI
A FATHER
RESEARCHER
SOCIAL
ENGINEER
GOSSIPER
noosc

6
EVER
CHOOSED
A BANK
‘COZ THEIR
SECURE IT
SYSTEM?

Old Management New Management
Technology dollar stingy
Aggressive
visionary
technical savvy
SHIFTING ORG.BEHAVIOUR

COMMON SITUATION
High risk.The IT department is high risk
The Data Center is small and crowded
There is no Help Desk system
Most of the communication lines are at speeds of 64 K
The core banking system is old and obsolete
The Trade Finance System is old and obsolete
The ATM switch is old and cannot support many of the
new ATM functions required
The Call Center is obsolete and supports only 8 agents

Bank Central Regulation
Peraturan BI No. 5/8/PBI/2003
Surat Edaran BI No. 6/18/DPNP, tanggal 20 April 2004

SESSION MANAGEMENT
ACCESS CONTROL
AUTHENTICATION
MANAGEMENT

TECHNICAL REPORT
TECHNICAL DETAIL+PATCHING+CODING

CreditsPage1: http://www.ninjaonline.co.uk/media/gbu0/prodlg/ninjasuit.jpg
Page2: http://alformer259.ﬁles.wordpress.com/2009/11/dsc001511.jpg
Page3: http://www.ﬂickr.com/photos/wienwardana/3165753895/
Page4: Kendi Demonic Photograph
Page5: http://www.ﬂickr.com/photos/anonymouscollective/2291139919
Page6: http://www.ﬂickr.com/photos/anonymouscollective/2291896028/sizes/l/in/photostream/
Page7: http://www.ﬂickr.com/photos/cverdier/4837773532/sizes/l/in/photostream/
Page8: http://www.detikﬁnance.com/read/2010/10/05/183003/1456367/68/akhir-kisah-si-pembobol-bank-rp-67-triliun
Page9: http://www.ﬂickr.com/photos/37021726@N07/3595094343/sizes/l/in/photostream/
Page10: http://cdn-images.hollywood.com/site/insideman_dc.jpg
Page11: http://www.familieharmsen.nl/vakanties/Zomer2001/TikabooValley/MVC-288F.JPG
Page12: http://www.primaironline.com/images_content/20100525BankIndonesia%20bankir-indonesia.org.jpg
Page14:http://www.ﬂickr.com/photos/sutje/1315711528
Page15: http://www.ﬂickr.com/photos/seier/3463984860/sizes/z/in/photostream/
Page16: http://www.ﬂickr.com/photos/fabiano/2783656239/sizes/l/in/photostream/
Page18: http://www.ﬂickr.com/photos/felixtito/334828049
Page19: http://www.ﬁles.chem.vt.edu/chem-dept/tissue/images/ethics180x120.png
Page20 : http://2.bp.blogspot.com/_VbdMFZn0qEM/TAHiacMpj9I/AAAAAAAAAmQ/OBKaqC0SN9g/s320/
ethics_header.jpgs
Page21: http://www.ﬂickr.com/photos/dcdead/4527722719
Page22: http://www.ﬂickr.com/photos/sugree/3024642081
Page23: http://www.ﬂickr.com/photos/tatraskoda/2057210204/sizes/o/in/photostream/
Page24: http://www.ﬂickr.com/photos/meetings/2073768553/sizes/o/in/photostream/
Page25: http://www.ﬂickr.com/photos/thecrimsonbat/4627770158
Page26: http://www.ﬂickr.com/photos/ingythewingy/4660595849/sizes/l/in/photostream/
Page27: http://www.ﬂickr.com/photos/gvd06a/408242761/
page28: http://sphotos.ak.fbcdn.net/hphotos-ak-ash1/
hs062.ash1/6926_149011886357_693241357_2571740_7209947_n.jpg
Page29: http://www.ﬂickr.com/photos/shadphotos/207233715/sizes/m/in/photostream/
Page30: http://www.ﬂickr.com/photos/rundstedt/4412545871/sizes/l/in/photostream/

Weitere ähnliche Inhalte

Was ist angesagt?

New innovations in banking industry

Hemanth Shenoy

Introduction (1) ME ppt

Ananthapadmanabhan Gopalan

Banking law emerging trends

Deepika Tripathi

E banking p pt sst nwc

siya pillai

Banking technology in india slide show

Lalit Sanagavarapu

New banking technology

Kumar Nirmal Prasad

E banking

JPEAGLES

Innovation in technology, enlarged completion, globalization and changing environments are the crucial aspects that have forced our Banking services to change. With the diminishing cost of computers and digital gadgets like tables and smart phones along with decreasing charges and easy accessibility of internet and Wifi etc would certainly boosted the awareness of technology which resulted into increasing usage of E-banking day by day. Electronic Banking is a beautiful tool to deliver banking services at customers’ convenient place like office, home etc. E-Banking is not just only help in providing quick and efficient services but it also helps in reducing transaction and delivery costs. It improves profitability providing a platform for cross selling and cost effective product information. But there are some challenges in front E-banking like security threads, lack of awareness and knowledge of end users, peoples’ perceptions, user interface, failure of bank transitions, etc. But apart from any barriers, electronic banking is the future of modern banking and this is the stage where e-banking is helping to delineate the role of a bank branch and taking branches away from that transactional banking to become customer service centres but this transformation is not that much simple and it needs a lot of innovative steps, planning and investment. This paper throws light on emerging issues and opportunities of Electronic Banking. Here, an attempt would be made to highlight some issues in E-Banking and its prospects.

E-BANKING EMERGING ISSUES AND OPPORTUNITIES

Vinit Varma

Among the financial service industry, the banking sector was one of the first to embrace rapid globalization and benefits significantly from technology development. The technological revolution in banking started in the 1950s, with the installation of the first automated bookkeeping machines at banks. This was well before the other industries became tech savvy. The first Automated Teller Machine (ATM) is reported to have been introduced in the USA in 1968 with only a cash dispenser. Automation in banking have become widespread over the past few decades as banks quickly realized that much of their labor intensive information-handling processes could be automated the use of computers. Against this background the paper examines the Technology driven banking services reference to the present and future of Technology driven banking in Bangladesh.

Use of technologies in the banking sector of Bangladesh

Masum Hussain

Technology in-banking-insight-and-foresight-idrbt-ey-report

Rohit Sharma

E banking-techonology and prospect in bBangladesh

MD. Baharul Alam

It in banking industry

Dharmik

Was ist angesagt? (12)

New innovations in banking industry

Introduction (1) ME ppt

Banking law emerging trends

E banking p pt sst nwc

Banking technology in india slide show

New banking technology

E banking

E-BANKING EMERGING ISSUES AND OPPORTUNITIES

Use of technologies in the banking sector of Bangladesh

Technology in-banking-insight-and-foresight-idrbt-ey-report

E banking-techonology and prospect in bBangladesh

It in banking industry

Andere mochten auch

070726 Mobile Social Networking Stephen Johnston

Stephen Johnston

Social media strategy for Nokia

sajithkaimal

IT in Healthcare

NetApp

How to Become a Thought Leader in Your Niche

Leslie Samuel

2015 Upload Campaigns Calendar - SlideShare

SlideShare

What to Upload to SlideShare

SlideShare

Getting Started With SlideShare

SlideShare

Andere mochten auch (7)

070726 Mobile Social Networking Stephen Johnston

Social media strategy for Nokia

IT in Healthcare

How to Become a Thought Leader in Your Niche

2015 Upload Campaigns Calendar - SlideShare

What to Upload to SlideShare

Getting Started With SlideShare

Ähnlich wie How to train your ninja

10 reasons on why digital banking in Indonesia will fail: The reason I am making this presentation is because you might heard too many opinion that saying the future of banking is digital. Here I am trying to explain the opposite of major opinion. This is highly subjective, but I hope it can help you to see things clearer. #1 Bank is highly regulated industry; in Indonesia regulation is complicated (REGULATORY) #2 Banking is infrastructure business; oligopoly is inevitable (TECHNOLOGY) #3 Banking in Indonesia known for its inefficiency, digital will make it efficient but (INEFFICIENT) #4 Not all banking interested in going digital (COST) #5 The customer is demanding but does not mean the business is good (DEMANDING) #6 The cost to build digital bank is very cheap, but why not many banks interested (COST) #7 Who watch the watchmen? (REGULATORY) #8 Big player significant moves affecting the market; zero sum game? (COMPETITION) #9 More regulation, more complicated futures (REGULATORY) #10 Don’t forget about data security (SECURITY)

Why digital banking in Indonesia will fail

Anjar Priandoyo

Online Banking

Military Institute of Science & Technology

From Online To Digital

The Bank Channel

Understanding Core Banking.pdf

Software House

Low cost 3d authentication service for atm and pos

Bank Alfalah Limited

Trust and Usage of Ebanking Presentation

YOGESHSHAKYA11

Bank Indonesia Regulation 9/15/2007 IT Risk Management

Anjar Priandoyo

E banking-130826111407-phpapp01

haris ali

Equnix Business Solutions (Equnix) is an IT Solution provider in Indonesia, providing comprehensive solution services especially on the infrastructure side for corporate business needs based on research and Open Source. Equnix has 3 (three) main services known as the Trilogy of Services: Support (Maintenance/Managed), World class level of Software Development, and Expert Consulting and Assessment for High Performance Transactions System. Equnix is customer oriented, not product or principal. Equal opportunity based on merit is our credo in managing HR development.

Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdf

Equnix Business Solutions

Bba401 e-commerce

smumbahelp

DBS Bank Insight - Digital Banking Asean Banks

San Naing

Asia Digital Banking Penetration - Market research

Thành Công

Online Banking

Ritul Sonania

E banking service of sbi bank

Priyanka Mangotra

5 Predictions for Finance, FinTech and Blockchain Market

Grow VC Group

Internet banking

jass_randhawa

Tolga Yurteri, NKBM

Marketing magazin

PACB Future of Community Banking 2015-Marsico

Jeff Marsico

Technopreneurship, Incubation and Angel Investments in China

Chris Evdemon

Online banking

rajendra arekar

Ähnlich wie How to train your ninja (20)

Why digital banking in Indonesia will fail

Online Banking

From Online To Digital

Understanding Core Banking.pdf

Low cost 3d authentication service for atm and pos

Trust and Usage of Ebanking Presentation

Bank Indonesia Regulation 9/15/2007 IT Risk Management

E banking-130826111407-phpapp01

Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdf

Bba401 e-commerce

DBS Bank Insight - Digital Banking Asean Banks

Asia Digital Banking Penetration - Market research

Online Banking

E banking service of sbi bank

5 Predictions for Finance, FinTech and Blockchain Market

Internet banking

Tolga Yurteri, NKBM

PACB Future of Community Banking 2015-Marsico

Technopreneurship, Incubation and Angel Investments in China

Online banking

Mehr von idsecconf

Cloud Managed Router merupakan hasil dari kombinasi antara perangkat router konvensional dengan teknologi cloud management, yang dikembangkan agar memudahkan pengguna untuk dapat mengatur perangkat router dari jarak jauh. Namun tentu saja dengan penerapan yang kurang tepat, maka hal ini bisa dimanfaatkan oleh orang yang tidak bertanggung jawab, bahkan dapat beresiko akses perangkat router diambil alih. Pada topik ini saya akan sedikit menceritakan bagaimana resiko tersebut bisa terjadi.

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf

Kesiapan infrastruktur terkadang menjadi kendala dalam melaksanakan red team exercise secara internal. Guna memperoleh hasil yang optimal terdapat beberapa strong points yang perlu diadopsi dalam pengembangan infrastruktur yakni rapid deployment, stealth, dan scalability. Melalui Infrastructure as code (IaC) yang dapat mendukung proses automation infrastruktur red team, operator dapat mereduksi waktu deployment dengan komponen yang bersifat disposable per engagement. Infrastruktur terbagi menjadi 4 segmen yakni segmen network memanfaatkan WireGuard yang disederhanakan melalui Headscale “Zero Config”. Segmen C2 dan Segmen Phishing merupakan core sections. Segmen SIEM bertujuan mengagregasi dan memproses log dari berbagai komponen seperti reverse proxy pada redirector ataupun C2 server. Manajemen multi-cloud environment memanfaatkan Terraform dengan provisioning yang di-handle menggunakan Ansible. Python sebagai wrapper kedua platform sehingga penggunaan tetap sederhana. Operator dapat secara fleksibel mendeskripsikan segmen yang hendak di deploy melalui sebuah YAML file.

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf

Dalam dunia keamanan siber, sinergi antara berbagai proses memiliki peran yang sangat penting. Salah satu proses atau framework yang tengah menjadi sorotan dan menarik perhatian luas adalah Detection Engineering. Proses Detection Engineering ini bertujuan untuk meningkatkan struktur dan pengorganisasian dalam pembuatan detection use case atau rules di Security Operation Center (SOC). Detection Engineering bisa dikatakan masih baru dalam dunia keamanan siber, sehingga terdapat banyak peluang untuk membuat keseluruhan prosesnya menjadi lebih baik. Salah satu hal yang masih terlupakan adalah integrasi antara proses Detection Engineering dan Threat Modeling. Biasanya, Threat Modeling lebih berfokus pada solusi pencegahan dan mitigasi resiko secara langsung dan melupakanan komponen deteksi ketika pencegahan dan mitigasi tersebut gagal dalam menjalankan fungsinya. Dalam makalah ini, kami memperkenalkan paradigma baru dengan mengintegrasikan Detection Engineering ke dalam proses Threat Modeling. Pendekatan ini menjadikan Detection sebagai langkah proaktif tambahan, yang dapat menjadi lapisan pertahanan ekstra ketika kontrol pencegahan dan mitigasi akhirnya gagal dalam menghadapi ancaman sesungguhnya.

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf

Smart doorbell atau bel pintar telah menjadi populer dalam sistem keamanan rumah pintar. Namun, banyak dari perangkat ini masih menggunakan protokol yang tidak aman untuk berkomunikasi, protokol yang rentan terhadap serangan keamanan seperti jamming, sniffing dan replay attack. Penelitian ini bertujuan untuk menganalisis kelemahan penggunaan protokol komunikasi pada smart doorbell, serta menginvestigasi potensi pemanfaatan Software Defined Radio (SDR) dan modul arduino dalam mengamati komunikasi gelombang elektronik pada frekuensi 433 MHz. Selain itu penelitian ini ditujukan untuk mengidentifikasi potensi risiko yang dihadapi oleh pengguna pengkat IoT, serta memberikan pandangan tentang perlindungan yang lebih baik.

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf

Modern organizations are facing the severe challenge of effectively countering threats and mitigating Indicators of Compromise (IOCs) within their network environments. The increasing complexity and volume of cyber threats has highlighted the urgency of building robust mechanisms to block specific IOCs independently. While some organizations have adopted Endpoint Detection and Response (EDR) systems, these solutions often have limitations and require manual processes to collect and examine IOCs from multiple sources. These operational barriers prevent organizations from achieving a proactive and efficient defense posture, an obstacle that is particularly important due to the critical role that IOC blocking plays in containing the spread of threats and limiting potential damage. Hence, the need for a solution that orchestrates automated IOC blocking, utilizing tools such as AlienVault Open Threat Exchange (OTX), VirusTotal, CrowdStrike, and Slack. In this presentation, we examine the importance of automated IOC blocking and its potential to strengthen network security, while highlighting the critical role that these tools play in mitigating evolving cyber threats.

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf

Semakin berkembangnya teknologi di aplikasi Desktop terdapat celah keamanan yang dapat menyebabkan dampak langsung atau tidak langsung pada kerahasiaan, Integritas Data yang di bangun menggunakan Framework dari Electron khusus nya aplikasi Desktop di Sistem Operasi MAC. Dalam materi yang di persentasikan akan membahas celah keamanan Security Misconfiguration,RCE,Code Injection, Bypass File Quarantine dan juga bagaiman cara intercept Aplikasi Electron Desktop di system operasi macOS

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

idsecconf

Amazon Web Service (AWS) menjadi pemain besar dalam industri provider cloud, AWS menawarkan berbagai macam layanan yang mempermudah pengguna untuk operasional dan manajemen administrasi cloud computing. Dengan banyaknya layanan yang disediakan oleh Amazon Web Service membuat pengguna lupa akan keamanan dari service yang digunakan, karena bukan hanya Simple Storage Service (S3) saja yang bisa secara tidak sengaja mengekspos data sentitif seperti kredensial Database, SSH Private Key, Source code aplikasi atau bahkan data pribadi lain yang bersifat rahasia. Terdapat banyak service yang secara tidak sengaja terekspos ke public seperti EBS Snapshot, RDS Snapshot, SSM Document, SNS topic dan sebagainya. Malicious Actor bisa memanfaatkan Public shared atau exposed untuk melakukan Initial Access ke lingkungan Amazon Web Service pengguna lalu melakukan eksfiltrasi data internal yang rahasia.

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

idsecconf

Near Field Communication (NFC) saat ini adalah teknologi yang umumnya di gunakan untuk media pembayaran serta akses kontrol untuk keamanan ruangan dan gedung. Tidak terbatas untuk hal itu saja, teknologi NFC juga kerap di implementasikan untuk perangkat IoT. Beberapa perangkat menggunakan NFC tag untuk menyimpan informasi guna sinkronisasi dengan perangkat smartphone. Penggunaan teknologi NFC awalnya dianggap aman karna mengharuskan alat baca dengan tag berada dalam poisisi yang sangat dekat. Sehingga dianggap sulit untuk melakukan penyadapan informasinya. Seiring waktu banyak penilitian mengungkapkan bahwa komunikasi ISO 1443-3 ini bisa di intip dan di terjemahkan ke dalam bentuk perintah serta respon aslinya. Proxmark3 adalah salah satu alat yang dikembangkan untuk keperluan tersebut. Namun ada kondisi dimana perangkat proxmark tidak dapat di fungsikan maksimal lantaran berkurangnya sensititifitas pembaca dan tag ketika ada objek berada diantara keduanya. Di paper ini saya ingin menyajikan hasil penelitian saya tentang penggunaan Dynamic Instrumentation Frida untuk memantau penggunaan modul java nfc dalam platform Android dan menggunakannya untuk melakukan lockpicking pada gembok pintar berbasis NFC.

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

idsecconf

This paper is a documentation of proposed security management for Electronic Health Records which includes security planning and policy, security program, risk management, and protection mechanism. Planning and policy are developed to provide a basic principle of security management at a hospital. The security program in this document includes Risk-Adaptable Access Control (RAdAC) and the implementation of security education, training and awareness (SETA). Regarding risk management, we perform risk identification, inventory of assets, information assets classification, and information assets value assessment, threat identification, and vulnerability assessment. For protection mechanism, we propose biometrics and signature as the authentication methods. The use of firewalls, intrusion detection system and encrypted data transmission is also suggested for securing data, application and network.

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

idsecconf

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

idsecconf

Pelanggaran privasi merupakan suatu hal yang sering ditemui dewasa ini. Salah satu penyebab pelanggaran privasi adalah adanya data privat milik pengguna yang dikirimkan pada server milik aplikasi tanpa seizin pengguna atau adanya pengumpulan data tertentu tanpa izin. Pada penelitian ini, kami menganalisis aplikasi-aplikasi yang didapatkan dari Google Play Store Indonesia untuk dicari apakah ada data privat milik pengguna yang dilanggar privasinya. Penelitian ini menggunakan tiga jenis metode yang utamanya berbasis static analysis; pendekatan reverse-engineering dengan static analysis untuk melihat apakah ada data yang berpotensi mengganggu privasi pengguna, analisis perizinan dan tracker yang dimiliki oleh aplikasi untuk melihat apakah perizinan dan tracker yang dimiliki oleh aplikasi memang tepat sesuai dengan use-case dari aplikasi tersebut, dan analisis regulasi data dengan mengambil data mengenai keamanan data yang diberikan developer ke Google Play Store. Hasil studi menunjukkan bahwa ada beberapa aplikasi yang memang mengambil data privat pengguna yang tidak relevan dengan use-case aplikasi dan mengirimnya ke server milik aplikasi dan pihak ketiga

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

idsecconf

Cloud service is often part of broader strategic initiatives, principally digital transformation (DX) and cloud-first. Despite the continued rapid adoption of cloud services, security remains a crucial issue for cloud users. A majority of organizations confirm they are at least moderately concerned about cloud security. However, there is still a gap between using the cloud and the implementation of cloud security by organizations, so retains the rate of cloud crime high. Eliminating or narrowing the gap is necessary so that organizations can continue to take advantage of the cloud securely. Understanding cloud crime would aid in both cloud crime prevention and protection. The purpose of this presentation is to identify how cloud security incidents can occur from both attacker and victim sides. Organizations can use this presentation's results as a reference to develop or improve cloud security programs and eliminate or narrow the gap between cloud utilization and cloud security implementation.

Utian Ayuba - Profiling The Cloud Crime.pdf

idsecconf

Organization using Adversary Emulation plan to develop an attack emulation and/or simulation and execute it against enterprise infrastructure. These activities leverage real-world attacks and TTPs by Threat Actor, so you can identify and finding the gaps in your defense before the real adversary attacking your infrastructure. Adversary Emulation also help security team to get more visibility into their environment. Performing Adversary Emulation continuously to strengthen and improve your defense over the time.

Proactive cyber defence through adversary emulation for improving your securi...

idsecconf

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

idsecconf

React Native merupakan framework yang digunakan untuk membuat aplikasi mobile baik itu Android maupun IOS (multi platform). Framework ini memungkinkan developer untuk membuat aplikasi untuk berbagai platform dengan menggunakan basis kode yang sama, yaitu JavaScript. Dikarenakan aplikasi ini berbasis JavaScript (client side), banyak developer yang tidak memperhatikan celah keamanan pada aplikasi. Terdapat berbagai macam celah keamanan meliputi client side dan server side. Presentasi ini memuat pengalaman saya dalam menemukan celah keamanan pada saat melakukan Penetration Testing pada aplikasi mobile berbasis React Native

Pentesting react native application for fun and profit - Abdullah

idsecconf

Pandemi covid-19 melonjak pada gelombang ke-2 di. Untuk mengantisipasi itu pemerintah membagikan oximeter ke puskesmas. Oximeter yang ada dipasaran mengharuskan tenaga kesehatan untuk kontak langsung dengan pasien. Dengan menggunakan Hacked Oxymeter ini dapat mengurangi intensitas bertemu dengan pasien dan mengurangi resiko terpapar covid-19. Secara metodologi, hacking oximeter ini membaca output komunikasi serial pada alat oximeter untuk kemudian diolah oleh mikrokontroler dan dikirim ke MQTT broker untuk diteruskan ke klien yang membutuhkan. Alat ini digunakan oleh pasien yang sedang isoman di hotel, fasilitas Kesehatan atau rumah sakit darurat/lapangan

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

idsecconf

Eksploitasi kerentanan pada hypervisor semakin banyak diperbincangkan di beberapa tahun ini, dimulai dari kompetisi hacking Pwn2Own pada 2017 yang mengadakan kategori Virtual Machine dalam ajang lombanya, dan juga teknologi-teknologi terkini yang banyak menggunakan hypervisor seperti Cloud Computing, Malware Detection, dll. Hal tersebut menjadi ketertarikan bagi sebagian hacker, security researcher untuk mencari kelemahan dan mengeksploitasi hypervisor. Tulisan ini menjelaskan mengenai proses Vulnerability Research dan VM Escape exploitation pada VirtualBox.

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

idsecconf

Proses DevSecOps saat ini banyak digunakan dikalangan industri yang membutuhkan kecepatan baik dalam pengembangan maupun implementasi. Setiap tahapan pada pipeline DevSecOps merupakan tahapan yang harus diperhatikan dan masuk kedalam pantauan SOC (Security Operation Center). Untuk itu diperlukan kemampuan SOC untuk bisa memantau setiap pipeline DevSecOps sehingga dapat memberikan gambaran kondisi keamanan pada organisasi

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

idsecconf

Mehr von idsecconf (20)

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Utian Ayuba - Profiling The Cloud Crime.pdf

Proactive cyber defence through adversary emulation for improving your securi...

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Pentesting react native application for fun and profit - Abdullah

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Kürzlich hochgeladen

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

Real Time Object Detection Using Open CV

Khem

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Navi Mumbai Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Navi Mumbai Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Navi Mumbai Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

DBX First Quarter 2024 Investor Presentation

Dropbox

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Kürzlich hochgeladen (20)

AXA XL - Insurer Innovation Award Americas 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Real Time Object Detection Using Open CV

Manulife - Insurer Transformation Award 2024

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

A Year of the Servo Reboot: Where Are We Now?

Data Cloud, More than a CDP by Matt Robison

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Ransomware_Q4_2023. The report. [EN].pdf

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

2024: Domino Containers - The Next Step. News from the Domino Container commu...

DBX First Quarter 2024 Investor Presentation

Exploring the Future Potential of AI-Enabled Smartphone Processors

MINDCTI Revenue Release Quarter One 2024

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

How to train your ninja

1. HOW TO TRAIN E-banking Security Assessment K-159 <k-159@echo.or.id> Your Ninja

2. 2 A Ninja?

3. The Agenda 3 NO HIDDEN AGENDA

4. #WHOAMI A FATHER RESEARCHER SOCIAL ENGINEER GOSSIPER noosc

5. PROLOG

6. 6 EVER CHOOSED A BANK ‘COZ THEIR SECURE IT SYSTEM?

7. 7 EVER DREAMED TO HACK YOUR OWN BANK?

8. 8 SOMEBODY DOES ..

9. 9 John Dilinger - Public Enemy (2010)

10. 10 Inside Man (2006)

11. INSIDE THE BANK

12. THE BANK IS .. Deposits,Loan,prosperity

13. Old Management New Management Technology dollar stingy Aggressive visionary technical savvy SHIFTING ORG.BEHAVIOUR

14. COMMON SITUATION High risk.The IT department is high risk The Data Center is small and crowded There is no Help Desk system Most of the communication lines are at speeds of 64 K The core banking system is old and obsolete The Trade Finance System is old and obsolete The ATM switch is old and cannot support many of the new ATM functions required The Call Center is obsolete and supports only 8 agents

15. E-Banking Is ..

16.

17. Bank Central Regulation Peraturan BI No. 5/8/PBI/2003 Surat Edaran BI No. 6/18/DPNP, tanggal 20 April 2004

18. THREAD INCRESE EACH HOUR

19. PENTESTER ETHICS

20. NON -DISCLOSURE AGREEMENT

21. Ebanking Assessment Activity

22. SESSION MANAGEMENT ACCESS CONTROL AUTHENTICATION MANAGEMENT

23. Deliverable ..

24. MANAGEMENT REPORT RISK+ASSET+VALUES

25. TECHNICAL REPORT TECHNICAL DETAIL+PATCHING+CODING

26. WELL KNOWN PENTESTER

27. JIM GEOVEDI

28. Y3DIPS

29. Conclusion..

30. Please Be Safe!

31. Q&A

32. Thanks Twitter.com/159k

33. CreditsPage1: http://www.ninjaonline.co.uk/media/gbu0/prodlg/ninjasuit.jpg Page2: http://alformer259.files.wordpress.com/2009/11/dsc001511.jpg Page3: http://www.flickr.com/photos/wienwardana/3165753895/ Page4: Kendi Demonic Photograph Page5: http://www.flickr.com/photos/anonymouscollective/2291139919 Page6: http://www.flickr.com/photos/anonymouscollective/2291896028/sizes/l/in/photostream/ Page7: http://www.flickr.com/photos/cverdier/4837773532/sizes/l/in/photostream/ Page8: http://www.detikfinance.com/read/2010/10/05/183003/1456367/68/akhir-kisah-si-pembobol-bank-rp-67-triliun Page9: http://www.flickr.com/photos/37021726@N07/3595094343/sizes/l/in/photostream/ Page10: http://cdn-images.hollywood.com/site/insideman_dc.jpg Page11: http://www.familieharmsen.nl/vakanties/Zomer2001/TikabooValley/MVC-288F.JPG Page12: http://www.primaironline.com/images_content/20100525BankIndonesia%20bankir-indonesia.org.jpg Page14:http://www.flickr.com/photos/sutje/1315711528 Page15: http://www.flickr.com/photos/seier/3463984860/sizes/z/in/photostream/ Page16: http://www.flickr.com/photos/fabiano/2783656239/sizes/l/in/photostream/ Page18: http://www.flickr.com/photos/felixtito/334828049 Page19: http://www.files.chem.vt.edu/chem-dept/tissue/images/ethics180x120.png Page20 : http://2.bp.blogspot.com/_VbdMFZn0qEM/TAHiacMpj9I/AAAAAAAAAmQ/OBKaqC0SN9g/s320/ ethics_header.jpgs Page21: http://www.flickr.com/photos/dcdead/4527722719 Page22: http://www.flickr.com/photos/sugree/3024642081 Page23: http://www.flickr.com/photos/tatraskoda/2057210204/sizes/o/in/photostream/ Page24: http://www.flickr.com/photos/meetings/2073768553/sizes/o/in/photostream/ Page25: http://www.flickr.com/photos/thecrimsonbat/4627770158 Page26: http://www.flickr.com/photos/ingythewingy/4660595849/sizes/l/in/photostream/ Page27: http://www.flickr.com/photos/gvd06a/408242761/ page28: http://sphotos.ak.fbcdn.net/hphotos-ak-ash1/ hs062.ash1/6926_149011886357_693241357_2571740_7209947_n.jpg Page29: http://www.flickr.com/photos/shadphotos/207233715/sizes/m/in/photostream/ Page30: http://www.flickr.com/photos/rundstedt/4412545871/sizes/l/in/photostream/

How to train your ninja

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (12)

Andere mochten auch

Andere mochten auch (7)

Ähnlich wie How to train your ninja

Ähnlich wie How to train your ninja (20)

Mehr von idsecconf

Mehr von idsecconf (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

How to train your ninja