Hacking Demonstration. Dr John McCarthy Ph.D. BSc (Hons) MBCS

Similar documents
Service Provider View of Cyber Security. July 2017

Webomania Solutions Pvt. Ltd. 2017

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

ANATOMY OF AN ATTACK!

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

UNLOCKED DOORS RESEARCH SHOWS PRINTERS ARE BEING LEFT VULNERABLE TO CYBER ATTACKS

3.5 SECURITY. How can you reduce the risk of getting a virus?

CASE STUDY TOP 10 AIRLINE SOLVES AUTOMATED ATTACKS ON WEB & MOBILE

IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT

A Review Paper on Network Security Attacks and Defences

Cyber Security Guide. For Politicians and Political Parties

Cyber security tips and self-assessment for business

hidden vulnerabilities

Cyber Hygiene Guide. Politicians and Political Parties

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Principles of ICT Systems and Data Security

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Ethical Hacking and Prevention

Connect Securely in an Unsecure World. Jon Clay Director: Global Threat

Train employees to avoid inadvertent cyber security breaches

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall

BUSINESS LECTURE TWO. Dr Henry Pearson. Cyber Security and Privacy - Threats and Opportunities.

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

Phishing in the Age of SaaS

A practical guide to IT security

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Chapter 11: Networks

DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER

Becoming the Adversary

CPTE: Certified Penetration Testing Engineer

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

How Cyber-Criminals Steal and Profit from your Data

CYBER SECURITY AIR TRANSPORT IT SUMMIT

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

10 FOCUS AREAS FOR BREACH PREVENTION

CE Advanced Network Security Phishing I

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Phishing Read Behind The Lines

Chapter 11: It s a Network. Introduction to Networking

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

ISO27001 Preparing your business with Snare

Curso: Ethical Hacking and Countermeasures

12/5/2013. work-life blur. more mobile. digital generation. multiple devices. tech. fast savvy

Wireless LAN Security (RM12/2002)

BCS Level 4 Certificate in Cyber Security Introduction QAN 603/0830/8

Supporting the NHS to Improve Cyber Security. Presented by Chris Flynn Security Operations Lead NHS Digital s Data Security Centre

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Cyber Security Audit & Roadmap Business Process and

Unique Phishing Attacks (2008 vs in thousands)

Protecting from Attack in Office 365

Securing the SMB Cloud Generation

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

DDoS MITIGATION BEST PRACTICES

PHISHING ATTACKS: 9 BAD HABITS MALICIOUS S LOVE. Proactive IT Solutions.

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Evaluating the Security Risks of Static vs. Dynamic Websites

BIG DATA INDUSTRY PAPER

JPCERT/CC Incident Handling Report [January 1, March 31, 2018]

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software

Choosing the Right Security Assessment

Security Specification

Cybersecurity The Evolving Landscape

Topics. Ensuring Security on Mobile Devices

Chapter 4. Network Security. Part I

Cybersecurity: Operating in a Threat Laden World. Christopher Buse, Assistant Commissioner & CISO

An ICS Whitepaper Choosing the Right Security Assessment

Integrated Access Management Solutions. Access Televentures

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

MIS5206-Section Protecting Information Assets-Exam 1

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Practical SCADA Cyber Security Lifecycle Steps

The Center for Internet Security

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

NETWORK THREATS DEMAN

Chapter 5: Vulnerability Analysis

White Paper. The North American Electric Reliability Corporation Standards for Critical Infrastructure Protection

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Keys to a more secure data environment

We Make IT Simple. IT Support and Security Specialists.

GCIH. GIAC Certified Incident Handler.

To learn more about Stickley on Security visit You can contact Jim Stickley at

Training UNIFIED SECURITY. Signature based packet analysis

Transcription:

Hacking Demonstration Dr John McCarthy Ph.D. BSc (Hons) MBCS

Demonstration Deploying effective cyber security is one of the 21 st century s greatest challenges for business. The threats facing businesses in the digital sphere are increasing. Whilst awareness of cyber threats is growing an understanding of how we can combat these attacks fall short of the ideal. We face a range of threat actors from governments and cyber criminals through to script kiddies. All of these present challenges 2

Introduction At this event, we will demonstrate a range of hacking techniques and methods commonly used to disrupt or gain entry into IT systems. We will examine the attack vectors hackers use, and through practical demonstrations show how they achieve their goals. Finally, we will offer solutions and guidance on how to mitigate the attacks demonstrates. 3

Clear and Present Danger 12 May 2016 Cyber risk 'a clear and present danger', says Bank of England information security chief He said that cyber risk should not be left to IT teams to manage on their own. "The first thing is to get away from the perception that cyber is just a technology problem that can be solved entirely through engineering solutions, "There is a tendency for boards to look at it, fear that it s too technical to understand, and then delegate the whole issue to technologists who duly deliver some technological fixes. The trouble with that is that most cyber-attacks are not exclusively or even mainly technical in nature. People and processes are every bit as important.

Unknowable Threat Landscape There are well over 100,000 known computer viruses Anti-virus is only 50% effective at best Anti-virus will not protect against zero day attacks Life is getting easier for the hackers and harder for us

The Internet of Things 8.7 billion connected devices in 2012 50 billion devices will be connected by 2020 Due to the nature of the networks we need to protect them globally Whilst a great deal can be done to protect an individual port. Ultimately all networks are connected and therefore have to be viewed in this way

Cyber Reality Cyberspace has become the fifth domain of warfare, after land, sea, air and space Infiltrating networks is pretty easy for those who have the will, the means and the time to spare Governments know this because they are such enthusiastic hackers themselves. Penetrating networks to damage them is not much harder. And, if you take enough care, nobody can prove you did it www.oxfordsystems.eu

Hacking Search Engines

Hacker Sites on the Dark web

The Attack Vectors Reconnaissance - Google Dorking Reputational Damage Defacing of Corporate website Breaking the Perimeter Compromising a network device Network Disruption and Corruption - DNS poisoning Social Engineering The consequences of gaining physical access Physical Hacking Tools Rubber Ducky - Kon-Boot - Lan Turtle 10

Reconnaissance 11

OSINT Open Source Intelligence Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources) It is not related to open-source software or public intelligence. 12

Tools Hackers May Use Hackers can spend months undertaking data gathering about your company. Common Tools Maltego Shodan Social Engineer Toolkit Google Hacking Database Google Dorks 13

Google Dorks Google Dorking, is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use Done carefully the website will never know you have visited it by using the google cached pages. 14

Anatomy of a Google Dork A Google dork is a search string that uses advanced search operators to find information that is not readily available on a website. site: returns files located on a particular website or domain. filetype: followed (without a space) by a file extension returns files of the specified type, such as DOC, PDF, XLS and INI. Multiple file types can be searched for simultaneously by separating extensions with. inurl: followed by a particular string returns results with that sequence of characters in the URL. intext: followed by the searcher s chosen word or phrase returns files with the string anywhere in the text. site:targetwebsite.com inurl:admindork site:publicintelligence.net filetype:pdf intext: sensitive but unclassified 15

Google Hacking Database The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them in a freelyavailable and easy-to-navigate database. 16

Goole Dork Examples 17

Demonstration 1 Using Google Dorks 18

Defacing of a Corporate website Forbes Japanese Govt Barack Obama What's app HSBC Ashley Madison Trump Hotels 19

Reputational Damage Loss of income Bad PR Lack of Public trust Brand Erosion Potential Law suits Crisis Management Increased expenditure 20

Demonstration 2 Defacing a Website 21

Breaking the Perimeter - Compromising a network device 22

Breaking the Perimeter - Compromising a network device Consequences Man in the Middle attacks Complete ownership Entry into the corporate network. Full control of network traffic for whatever is behind the router and access to that infrastructure. Deploying a Kali on the network 23

Demonstration 3 Breaking the Perimeter 24

Network Disruption and Corruption 25

DNS Poisoning Consequences Steal usernames and passwords Redirect to fake sites Steal credit information etc. Redirecting to exploit kits 26

Demonstration 4 DNS Poisoning 27

Once they are past Physical security its game over. Commercial Tools Hackers may use Kon-Boot bypass windows, mac and Linux login Rubber Ducky run scripts as a keyboard Lan Turtle create a shell with remote access 28

Demonstration 5 Commercial Hacking Tools 29

Recommendations Don t underestimate physical security Train all your staff to be aware of Social engineering techniques and remind them! Over 80% of all hacks involve humans Never forget the basics patch management etc. Good Network management can do a great deal to help The necessity of disk encryption Good Cyber Security is a cycle not an end point Good practice can do much to alleviate the problem 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback