Hackers vs. [email protected]
What can we (as software professionals) do about all this?
What security flaws?
“Lifeisshort.Haveanaffair.Writeinsecuresoftware”
Weakpasswords,APIaccesscredentials,tokens,privatekeys
So what?
If you were a hacker …
“tomakeiteasytosecurelyconfigureRailsapplications”
This only makes sense if youthink like a HACKER
$d2j-dex2jar.sh-oclasses.jar classes.dex$java-jarjd-gui-1.4.0.jar
public class MainActivity extends BaseActivity{
Point size;private BroadcastReceiver terminatorReceiver = new BroadcastReceiver() {public void onReceive(Context paramAnonymousContext,
Intent paramAnonymousIntent) {MainActivity.this.finish();
}};int travel;int width;private void addFragments() {FragmentTransaction localFragmentTransaction =
getSupportFragmentManager().beginTransaction();this.account = ((AccountFragment)getSupportFragmentManager()
.findFragmentByTag("account"));if (this.account == null) {
this.account = new AccountFragment();}
for i in "$HOME"/Music/iTunes/iTunes\Media/Mobile\ Applications/*.ipa; do echo $i; mkdir "$(basename "$i")" && cd "$(basename "$i")"; unzip "$i" >& /dev/null ; strings Payload/*.app/* 2> /dev/null | grep -i secret; cd ..; done
001ac7d0 4d 49 53 53 49 4e 47 20 41 52 43 20 53 54 41 52001ac7e0 54 20 43 4f 4e 46 49 52 4d 3a 37 00 00 00 00 00001ac7f0 41 52 43 20 46 41 49 4c 55 52 45 3a 37 00 00 00001ac800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00001ac810 57 49 52 45 20 53 54 49 43 4b 20 37 2f 20 53 48001ac820 4f 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00001ac830 47 41 53 20 46 41 49 4c 55 52 45 20 28 52 45 53001ac840 54 41 52 54 29 3a 37 00 00 00 00 00 00 00 00 00001ac850 57 49 52 45 20 46 41 49 4c 55 52 45 20 28 52 45001ac860 53 54 41 52 54 29 3a 37 00 00 00 00 00 00 00 00001ac870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NOPCALL JOB:CUBE-1-GRUNDSTELLUNG'Position 1MOVJ C00000 BC00000 VJ=25.00MOVJ C00001 BC00001 VJ=25.00MACRO1 MJ#(11) ARGF25MOVL C00002 BC00002 V=166.7REFP 1 C00003 BC00003REFP 2 C00004 BC00004ARCONWVON WEV#(7)MOVL C00005 BC00005 V=6.7WVOFARCOFWAIT IN#(95)=OFFEND
CNVRT PX031 PX031 UF#(40) TL#(B019)CNVRT PX032 PX032 UF#(40) TL#(B019)CNVRT PX030 PX030 UF#(40) TL#(B019)CNVRT PX033 PX033 UF#(40) TL#(B019)IFTHEN B013<>0
MULMAT P035 P034 P053MULMAT P037 P036 P053 MULMAT P039 P038 P053
ENDIFSET LI000 60SET LI001 0JUMP *DECKLAGE IF B011=0JUMP *komplex IF B013<>0MOVL P030 BP030 V=D003TIMER T=0.10MOVL P031 BP031 V=D003
Weakpasswords,APIaccesscredentials,tokens,privatekeys
What weak password?
Is your system or softwarevulnerable to hacking?
Is it being hacked right now?
Has it already been hacked?
How can you really understand the vulnerabilities in your own system?
Be a HACKER
Withgreatpower..
HackerOnewhoenjoysthe
intellectualchallengeofcreativelyovercoming
limitations.
HackerOnewhoenjoysthe
intellectualchallengeofcreativelyovercoming
limitations.
Where to hack?
BugBountyPrograms
https://technet.microsoft.com/en-US/security/dn425036
https://hackerone.com/yahoo
https://www.google.com/about/appsecurity/programs-home/
https://www.facebook.com/whitehat
BugBountyPrograms
[email protected] | @markkukero