How You Can Become a Hacker With No Security Experience

Andrei Avădănei President at CCSIRcontact@ccsir.org

Summary

● Short Bio● What is a Cyber Hacker● White Hat vs Black Hat Briefly● Examples of Security Bypasses by 1337 Hackers● Why They Matter? ● Are YOU Safe?● Questions & Conclusions

Short Bio

● President at CCSIR● Founder & Coordinator of DefCamp● Coordinator of Sparks● Ambassador of Talks by Softbinator● Blogger @worldit.info

What is a Cyber Hacker

● seeks and exploits weaknesses in IT infrastructures● motivated by profit, protest, or challenge● computer programmers argues that they should be called

crackers● security culture is often referred to underground hacking

White Hat vs Black Hat

● white-hat breaks security for non-malicious reasons

● black-hat violate computer security for personal benefits BUT

- no phishing/spam/credit card stealling ... ● grey-hat may surf the net in order to find and report bugs

● 1337 hackers use various tools to steal or destroy

#1 Password Reset Services

● What is Your Mother's Name?

● Where is Your Birthday Place?

● Your Favorite Movie?

● Your Loved One?

Yeah, this still works. Don't believe me?

But Now?

#2 Phishing & Scams

#3 Malware

● Tons of Malware Kits free or cheap● Tons of FUD Crypters for AV bypass● Tons of Spreading Methods● Citadel, Zeus, Blackhole Means Something?● 1337++

#4 Wifi Sniffing

● Be The MAN (in the Middle)● Session Hijacking● Credentials Sniffing● Traffic Alteration● Aircrack-ng sounds friendly to you?● 1338++

#5 Hacking Websites

● Free & Easy to use Applications Scanners

● Nmap – old school (but awesome) port scanner

● SQLMap, Havij, Nessus, Acunetix, w3af for web security

● Metasploit – the Honey for Exploitation

● Many more third parties apps based on those above

● + Tons of Others That You Can Discover

● 1339++

#6 - The Insiders

● Do You Trust Your Gf/Bf? You shouldn't! :-) 1339.1++

Why They Matter

● these are really simple examples

● most of the „hackers“ of this kind are 14-20

● they are irresponsible, destructive

● you will see private conversation leaked

● if you have a website they will probably deface it

● if somebody is MitM you might have the chance to see some porn

● if your password is guessed you might loose your accounts (Fb, Y!, GM, Tw, Ppl)

● PLEASE TRY THIS AT HOME, NOT ON YOUR „FRIENDS“!

Are You Safe?

● #1 – Hard to Guess and unrelated answers

● #2 – Don't click on any suspicious stuff

● #3 – Use an AV licensed and updated + forgot Windows

● #4 – VPN Tunnels

● #5 – Firewalls, Code Review, Pentest, Audit

● #6 – Trust nobody, even you + LastPass or others

Questions?