7. We Have So Many Colors
• White Hat
• Gray Hat
• Black Hat
• Red Hat
• Blue Hat
• Green Hat
• etc
http://xathrya.id/ 7
8. The Essence of Hacking
• Getting and using other people’s computers
(without getting caught)
• Defeat protection to attain some goals.
• Exploiting something and gaining profit.
• To have fun.
http://xathrya.id/ 8
9. But my talk wont cover hacking as crime.
Refine word “hacker” to be “security
professional”
We have two sides:
• Attacker
• Defender
http://xathrya.id/ 9
10. Be Defender
• Know why you do this.
• Know how attacker (might) attacks.
• Know how to defend yourself, your assets, etc.
• Know what to do when something happen
• Know why it can be like this.
(If you are screwed, at least you know why)
http://xathrya.id/ 10
11. Be Attacker
• Know how target organized.
• Know how target reacts to certain event.
• Have vast knowledge about system
• Know how to be “evil” (not necessary to be
one)
http://xathrya.id/ 11
12. But I bet you attend this meeting to be attacker.
http://xathrya.id/ 12
14. Stage 1: Reconnaissance
Gathering information, search for valuable
information related to our target. Analyze and
extract knowledge if appropriate.
Basically:
• Footprinting
• OSINT (Open-Source INTelligence)
16. • Reconnaissance is about intelligence
gathering.
• Gaining facts, inferring something, relating
back to target.
• Direct and indirect relevance might be helpful
in later stage.
• The more useful information you get, the
better chance you have to compromise.
http://xathrya.id/ 16
17. Footprinting
Gather information about node, machine, system, infrastructure used.
Grasping the environment before execution.
• Publicly exposed machine
(which one we available to us)
• Open port
(available door to us in)
• Network
(relation of other systems)
• Application
(ex: version)
• Server spesifics
(OS, kernel, important drivers, existing services, etc)
http://xathrya.id/ 17
18. OSINT
• Open Source INTelligence
• Open = overt, publicly available source
• Not about Open-Source Software.
• Try to google yourself, did you find something
useful?
http://xathrya.id/ 18
20. Now apply the same principle to target in
cyberspace.
http://xathrya.id/ 20
21. Stage 2: Vulnerability Mapping
Mapping threats and potential breach to
information found.
• Based on the system we found, what threat
available?
• How we can conduct attack?
• Make priority from the list, decide which one give
greater chance of success.
Simulate scenarios to break in before we get to the
next stage.
22. Your Goal!
• Find possible paths to penetrate target.
• Creating Threat Model is helpful.
http://xathrya.id/ 22
23. Stage 3: Gaining Access
The actual penetrating phase. Our purpose is to
break in, using the vulnerabilities found in
previous steps.
Or we might gain something when we are in this
process. Just populate the list.
24. Your Goal!
• Break in / compromise.
• Create a connection (persistent / non
persistent) between target and us. Mostly
reverse connection.
– Setup listener to receive callback.
– Plant backdoor.
• Do something in target.
– Ex: Create new user
http://xathrya.id/ 24
25. Stage 4: Privilege Escalation
When we break in, we might not have enough
privilege to take over. Therefore, we need to
exploit other thing to take higher privilege.
26. Your Goal!
• Acquire highest or enough privilege to do
something.
http://xathrya.id/ 26
27. Stage 5: Maintaining Access
If we want to do a long-time campaign, we need
to keep the access to compromised host
available.
Corporating malware is one of preferred way.
28. Your Goal!
• Keep access to yourself or your team.
http://xathrya.id/ 28
29. Stage 6: Covering Tracks
Don’t let any trace left.
• Delete logs
• Fabricate logs
(smarter yet trickier way)
Create fake evidence (might be predefined)
• Memory and Pool
• File
30. Bonus Stage
Basically do your mission or fulfill the objective.
• Dump data
• Maintain persistent access
• Harvest credentials
• Pivoting
• Proxying
• Etc
32. How Could I be the One?
Starting Path:
• Networking
• Programming
Security is another application of computer science,
with several extras.
Deep understanding of subjects give better result.
Extra communication skills is better.
http://xathrya.id/ 32
33. Area of Expertise
Some of fields (not all):
• Network Security
• Web Security
• Mobile Security
• IoT & Embedded System Security
Pick one and dive to it.
http://xathrya.id/ 33
34. Exploits
• What is it?
• Why it is important?
• How to develop one?
Exploit is specific to certain product or family of
product, having same / similar vulnerability.
http://xathrya.id/ 34
35. • Given code, find bugs
• Given bugs, how to coerce them into an
exploit?
• Given exploit, how do you deploy it?
• Given pwned system, how do you hide
yourself?
http://xathrya.id/ 35
37. Demo 1 (Web Security)
• Turn Virtualbox / Vmware on!
• Use bWapp VM
http://xathrya.id/ 37
38. Demo 2
• Certain boot2root VM
• Get the write-up on DracOS repository
http://xathrya.id/ 38
39. Okay, so where we can REALLY start learning?
(Assuming you want to be expert)
• Take course on computer science (seriously)
• Participate in competitions
– CTF
– Wargame
• Create practice lab
http://xathrya.id/ 39
40. CTF
• Good environment to learn.
• Normal security professional would do day to
day… on easy mode.
http://xathrya.id/ 40