hackers vs hackers

97
Hackers vs. Hackers [email protected]

Upload: jobandesther

Post on 11-Apr-2017

415 views

Category:

Software


2 download

TRANSCRIPT

Page 1: Hackers vs Hackers

Hackers vs. [email protected]

Page 2: Hackers vs Hackers
Page 3: Hackers vs Hackers
Page 4: Hackers vs Hackers
Page 5: Hackers vs Hackers
Page 6: Hackers vs Hackers
Page 7: Hackers vs Hackers
Page 8: Hackers vs Hackers
Page 9: Hackers vs Hackers
Page 10: Hackers vs Hackers
Page 11: Hackers vs Hackers
Page 12: Hackers vs Hackers

What can we (as software professionals) do about all this?

Page 13: Hackers vs Hackers
Page 14: Hackers vs Hackers
Page 15: Hackers vs Hackers
Page 16: Hackers vs Hackers
Page 17: Hackers vs Hackers
Page 18: Hackers vs Hackers
Page 19: Hackers vs Hackers

What security flaws?

Page 20: Hackers vs Hackers
Page 21: Hackers vs Hackers
Page 22: Hackers vs Hackers

“Lifeisshort.Haveanaffair.Writeinsecuresoftware”

Page 23: Hackers vs Hackers

Weakpasswords,APIaccesscredentials,tokens,privatekeys

Page 24: Hackers vs Hackers

So what?

Page 25: Hackers vs Hackers

If you were a hacker …

Page 26: Hackers vs Hackers
Page 27: Hackers vs Hackers
Page 28: Hackers vs Hackers

“tomakeiteasytosecurelyconfigureRailsapplications”

Page 29: Hackers vs Hackers
Page 30: Hackers vs Hackers
Page 31: Hackers vs Hackers
Page 32: Hackers vs Hackers
Page 33: Hackers vs Hackers

This only makes sense if youthink like a HACKER

Page 34: Hackers vs Hackers
Page 35: Hackers vs Hackers
Page 36: Hackers vs Hackers
Page 37: Hackers vs Hackers
Page 38: Hackers vs Hackers
Page 39: Hackers vs Hackers
Page 40: Hackers vs Hackers
Page 41: Hackers vs Hackers

$d2j-dex2jar.sh-oclasses.jar classes.dex$java-jarjd-gui-1.4.0.jar

public class MainActivity extends BaseActivity{

Point size;private BroadcastReceiver terminatorReceiver = new BroadcastReceiver() {public void onReceive(Context paramAnonymousContext,

Intent paramAnonymousIntent) {MainActivity.this.finish();

}};int travel;int width;private void addFragments() {FragmentTransaction localFragmentTransaction =

getSupportFragmentManager().beginTransaction();this.account = ((AccountFragment)getSupportFragmentManager()

.findFragmentByTag("account"));if (this.account == null) {

this.account = new AccountFragment();}

Page 42: Hackers vs Hackers
Page 43: Hackers vs Hackers
Page 44: Hackers vs Hackers
Page 45: Hackers vs Hackers

for i in "$HOME"/Music/iTunes/iTunes\Media/Mobile\ Applications/*.ipa; do echo $i; mkdir "$(basename "$i")" && cd "$(basename "$i")"; unzip "$i" >& /dev/null ; strings Payload/*.app/* 2> /dev/null | grep -i secret; cd ..; done

Page 46: Hackers vs Hackers
Page 47: Hackers vs Hackers
Page 48: Hackers vs Hackers
Page 49: Hackers vs Hackers
Page 50: Hackers vs Hackers
Page 51: Hackers vs Hackers
Page 52: Hackers vs Hackers

001ac7d0 4d 49 53 53 49 4e 47 20 41 52 43 20 53 54 41 52001ac7e0 54 20 43 4f 4e 46 49 52 4d 3a 37 00 00 00 00 00001ac7f0 41 52 43 20 46 41 49 4c 55 52 45 3a 37 00 00 00001ac800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00001ac810 57 49 52 45 20 53 54 49 43 4b 20 37 2f 20 53 48001ac820 4f 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00001ac830 47 41 53 20 46 41 49 4c 55 52 45 20 28 52 45 53001ac840 54 41 52 54 29 3a 37 00 00 00 00 00 00 00 00 00001ac850 57 49 52 45 20 46 41 49 4c 55 52 45 20 28 52 45001ac860 53 54 41 52 54 29 3a 37 00 00 00 00 00 00 00 00001ac870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Page 53: Hackers vs Hackers

NOPCALL JOB:CUBE-1-GRUNDSTELLUNG'Position 1MOVJ C00000 BC00000 VJ=25.00MOVJ C00001 BC00001 VJ=25.00MACRO1 MJ#(11) ARGF25MOVL C00002 BC00002 V=166.7REFP 1 C00003 BC00003REFP 2 C00004 BC00004ARCONWVON WEV#(7)MOVL C00005 BC00005 V=6.7WVOFARCOFWAIT IN#(95)=OFFEND

CNVRT PX031 PX031 UF#(40) TL#(B019)CNVRT PX032 PX032 UF#(40) TL#(B019)CNVRT PX030 PX030 UF#(40) TL#(B019)CNVRT PX033 PX033 UF#(40) TL#(B019)IFTHEN B013<>0

MULMAT P035 P034 P053MULMAT P037 P036 P053 MULMAT P039 P038 P053

ENDIFSET LI000 60SET LI001 0JUMP *DECKLAGE IF B011=0JUMP *komplex IF B013<>0MOVL P030 BP030 V=D003TIMER T=0.10MOVL P031 BP031 V=D003

Page 54: Hackers vs Hackers

Weakpasswords,APIaccesscredentials,tokens,privatekeys

Page 55: Hackers vs Hackers

What weak password?

Page 56: Hackers vs Hackers
Page 57: Hackers vs Hackers
Page 58: Hackers vs Hackers
Page 59: Hackers vs Hackers
Page 60: Hackers vs Hackers
Page 61: Hackers vs Hackers

Is your system or softwarevulnerable to hacking?

Page 62: Hackers vs Hackers

Is it being hacked right now?

Page 63: Hackers vs Hackers

Has it already been hacked?

Page 64: Hackers vs Hackers
Page 65: Hackers vs Hackers

How can you really understand the vulnerabilities in your own system?

Page 66: Hackers vs Hackers
Page 67: Hackers vs Hackers

Be a HACKER

Page 68: Hackers vs Hackers

Withgreatpower..

Page 69: Hackers vs Hackers
Page 70: Hackers vs Hackers
Page 71: Hackers vs Hackers
Page 72: Hackers vs Hackers
Page 73: Hackers vs Hackers

HackerOnewhoenjoysthe

intellectualchallengeofcreativelyovercoming

limitations.

Page 74: Hackers vs Hackers

HackerOnewhoenjoysthe

intellectualchallengeofcreativelyovercoming

limitations.

Page 75: Hackers vs Hackers
Page 76: Hackers vs Hackers
Page 77: Hackers vs Hackers
Page 78: Hackers vs Hackers
Page 79: Hackers vs Hackers
Page 80: Hackers vs Hackers
Page 81: Hackers vs Hackers
Page 82: Hackers vs Hackers
Page 83: Hackers vs Hackers

Where to hack?

Page 84: Hackers vs Hackers
Page 85: Hackers vs Hackers

BugBountyPrograms

https://technet.microsoft.com/en-US/security/dn425036

https://hackerone.com/yahoo

https://www.google.com/about/appsecurity/programs-home/

https://www.facebook.com/whitehat

Page 86: Hackers vs Hackers

BugBountyPrograms

Page 87: Hackers vs Hackers
Page 88: Hackers vs Hackers
Page 89: Hackers vs Hackers
Page 90: Hackers vs Hackers
Page 91: Hackers vs Hackers
Page 92: Hackers vs Hackers
Page 93: Hackers vs Hackers
Page 94: Hackers vs Hackers
Page 95: Hackers vs Hackers
Page 96: Hackers vs Hackers
Page 97: Hackers vs Hackers

[email protected] | @markkukero