Upload
avadanei-andrei
View
513
Download
10
Tags:
Embed Size (px)
Citation preview
How You Can Become a Hacker With No Security Experience
Andrei Avădănei President at [email protected]
Summary
● Short Bio● What is a Cyber Hacker● White Hat vs Black Hat Briefly● Examples of Security Bypasses by 1337 Hackers● Why They Matter? ● Are YOU Safe?● Questions & Conclusions
Short Bio
● President at CCSIR● Founder & Coordinator of DefCamp● Coordinator of Sparks● Ambassador of Talks by Softbinator● Blogger @worldit.info
What is a Cyber Hacker
● seeks and exploits weaknesses in IT infrastructures● motivated by profit, protest, or challenge● computer programmers argues that they should be called
crackers● security culture is often referred to underground hacking
White Hat vs Black Hat
● white-hat breaks security for non-malicious reasons
● black-hat violate computer security for personal benefits BUT
- no phishing/spam/credit card stealling ... ● grey-hat may surf the net in order to find and report bugs
● 1337 hackers use various tools to steal or destroy
#1 Password Reset Services
● What is Your Mother's Name?
● Where is Your Birthday Place?
● Your Favorite Movie?
● Your Loved One?
Yeah, this still works. Don't believe me?
But Now?
#2 Phishing & Scams
#3 Malware
● Tons of Malware Kits free or cheap● Tons of FUD Crypters for AV bypass● Tons of Spreading Methods● Citadel, Zeus, Blackhole Means Something?● 1337++
#4 Wifi Sniffing
● Be The MAN (in the Middle)● Session Hijacking● Credentials Sniffing● Traffic Alteration● Aircrack-ng sounds friendly to you?● 1338++
#5 Hacking Websites
● Free & Easy to use Applications Scanners
● Nmap – old school (but awesome) port scanner
● SQLMap, Havij, Nessus, Acunetix, w3af for web security
● Metasploit – the Honey for Exploitation
● Many more third parties apps based on those above
● + Tons of Others That You Can Discover
● 1339++
#6 - The Insiders
● Do You Trust Your Gf/Bf? You shouldn't! :-) 1339.1++
Why They Matter
● these are really simple examples
● most of the „hackers“ of this kind are 14-20
● they are irresponsible, destructive
● you will see private conversation leaked
● if you have a website they will probably deface it
● if somebody is MitM you might have the chance to see some porn
● if your password is guessed you might loose your accounts (Fb, Y!, GM, Tw, Ppl)
● PLEASE TRY THIS AT HOME, NOT ON YOUR „FRIENDS“!
Are You Safe?
● #1 – Hard to Guess and unrelated answers
● #2 – Don't click on any suspicious stuff
● #3 – Use an AV licensed and updated + forgot Windows
● #4 – VPN Tunnels
● #5 – Firewalls, Code Review, Pentest, Audit
● #6 – Trust nobody, even you + LastPass or others
Questions?