What is a Realized by @Guiloume Lo! A Honeypot is a "under surveillance” system. that is exposed voluntarily on the interet. Normally these are systems to which people should not have access, this means that any traffic amiving on.a honeypot is considered suspicious. Ina research environment, the goal is to attract attackers to study their attack methods and possibly identify them. This allows us to have statistics on the attacks: what are the mostused ports, ee ey eye ee ie mostotten, ete. Italso uncovers new vulnerabilities jn exposed systems, and uncovers new types of malware never seen before, We ean then protect thie sysiom against discovered faults. Honeypot ? AHoneypotean also be used ina production environment: itcan divert attackers from the main systems of the company and test that the security measures are applied. When the attacker anives on the honeypot, he daes not know that itis one: everything is identical to a normal system, however all the actions of the attacker will be recorded and analyzed. ProductionCrs What is DNS Poisoning & How it works? By @Guillaume_Lpl What is it? Attacker y @ pI Protection measures = This attack deceive DNS servers to make them believe +A secure version of the DNS that they receive a valid response exists, DNSSEC, which is based toa request they make, while on electronic signatures with a the request is fraudulent 4:The attacker _°e'tificate that verifies the authenticity ofthe data. Injects fake + The same goes for other applications such as browsers that can verify the — authenticity of a page thanks to the certificates, 2: The client sendsHow does Mirai botnet works ? Attacker by @Guillaume_Lp! Prog Por lors, Servop, a reg varenet Ml ng the yet forman (28 crt oP mm cing 920 gy SPO * Proce Mtectu re) 2 vinen a conection is established. Mirai sonds the vicim's IP edcress end login credentials to a report server Depending on the architecture found, the program will download malware and run it (Once the infection is Completa, the victim 1 network scans, 1) ‘spartof the botnet connection tests using ir folnet/sshvia bruteforce “0H” 7 Robots attack the target by sending many requests or eae eee eeeWhat is DDoS attack ? 1/2 48 By @Guillaume_Lp/ What is it? Common types of DDoS attacks + A distributed denial of serivce (DDoS) attack is a brute-force attempt to slow down or completely crash a server. + Volume based : include UDP, ICMP and 7 many other spoof-packet floods that attempt to consume bandwidth. + The goal of a DDoS attack is to cut off users from a server or network resource by Bisa Ea witietiests for service. Protocol attacks : go after server ressources directly and include the Smurf DDoS, Ping of ss Death and SYN floods. If a large enough DoS vs DDoS packets-per-second rate is achieved, the server will crash + While a simple denial of service (DoS) involves one attack computer and one victim, distributed danials of service (DDoS) rely on armies (thousands) Application layer : like Zero-Day DoS, they of infected "bot" computers (take a look at the target apps by making what appear to be legitimate infographic about Botnet!) able to carry out requests (GET/POST) but at a very high volume. tasks simultaneousl. If there are enough requests in a short enough time period, the victim's server shuts down. Follow @Guillaume_Lpl on Twitter for more things about InfosectWhat is DDoS attack ? 2/2 $8 By @Guillaume_Lp! eS Impact of DDoS Attacks Some protection measures against DDoS attack + Depending on the severity of an attack, resources could be offline + Limit the number of login attempts any for 24 hours, days, or even weeks. user can make before being "locked out" of an account. + Money, time, clients, reputation can be lost. + Tolerate a web-server configuration against /, DDOS attacks. + During an attack, no employees are d able to access network ressource, an: in the case of Web servers running eCommerce sites, no consumers will bi able to purchase products or receive : assistance. + Tweak a firewall to fight SYN flood attacks. e < eS i + Migrate public resources to another IP address. /@uilaume_Lpl on Twitter for more things about Infosect Rate + Alter an ISP firewall to allow only the ms traffic complimenting to the services on the company side.What is a Botnet & How it works ? 1/2 by @Guillaume_Lpl Detntion: 4 Ws itetenewons senna lll + Commit advertising fraud the intemet for IP add of loTs devices, + Botnets consist of 2 group of computers known ¢ Steal your private data <8) «September 2016 attack on the security blog of as "zombie", computers that Bryan Krebs. (0D0S attack) eateries ana + DD0$ atack thovean econo ty aches & BB tre cxtner2016 stack, tere Dyn DNS as a Ime ober 2018 aac here Dm DNS aS “alae an : « Send spam emais zea a ae capeemackie i oa y bet be fected comptes saute tore atack AG 2... compromised Banko Amerae, NASA, ABC, Smariphones,1oTs (IP cameras, TV, ‘CISCO, Amazon and others wih CyproLocker routers, Follow @Guillaume_Lpi for more Ransomware spreadingWhat is a Botnet & How it works ? by @Guillaume_Lpl oo 1 Infection machine ‘¢ The botmaster sends out malware to Infect devices, by using social media, websites, emails, phising, .. ‘¢ The mawlare will exploit uns in your ‘softwares, looking for backdoor. Attackers Social Medio Infected webstes Spam emis = Matware astribution 4 Multiplication (Botmasters) ‘¢ Inthe meantime, the oS be focussed on recruiting more & more devices to expand the botnet ‘+ As these devices don’ appear to be eee. a” attract intention iow @Guilloume tpl for more 2/2 2.Connection ‘Once in your device, the malware will use your internet connection to make contact with the €2 server, and wait for his instructions, without you knowing it. ‘Command & Control (C2) Server aaa + One the botmaster has a purpose for the botnet, he sends instructions. to the bots via the 2¢ server. + Then the botnet starts carrying ‘out malicious activities ike sending ‘spam emails, DDoS attack...Some good tools useful in infosec Zed Attack Proxy Wireshark i Metasploit || + Web application Scanner + Packets Analyser + Exploitation Tool + Fuzzing * GUI & Command line (rshark) + open Source and huge community + Websocker Testing + Free 4 Multiplatform + Frequently updated + Flexible scan Policy + Can see the tratric Manageme and detailled informations about + Easy to deploy specific packets. You can also use fi! exploit John the Ripper Nmap cs Burp Suite + Security Scanne + Password Cracker Can crack different types of encrypted passwords + Tdentify the devices A iraneet ate iGeer + Web Pentest 1% + Brute Force attack Seer eee + Can detect os running and artack ports open ee + pictiona! (Repeater, In! spider, Scanner...) + cus + wmap can discover services running on a device and the versionSome good tools useful in infosec “> OpenVAS sqimap* yLmap Openvas sql Aicrack-ng + vulnerabilities scanner + patabase exploitation + wifi Network security * Can scan a target or a * Automatic SQL injection + Can recover WEP/WPA Key Bec) ate eels tests * Dump entire or specific * Wireless network ee ee eee ree ee Sis Nessus @J attego MALTEGO cpenssi meee + Date Mining Tool + Tool for remote login + vulnerabilities scanner domain, documents + preserving Terminal SessionsSome Online Tools to Analyze Vulnerabi py vinus Virus Total TOTAL > analyze suspicious les and URLs todetent types of malware, auiomatcaly share tent wth the seuity community * ViusTota inspects tems wth over 70 antivirus scanners and URLidemain blacklisting services, in adcion toa ‘ytiad of tools to extract signals from the studied content. seanmysever S@YOND * Provides one of the most comprehensive reports of varieties of ‘security test ke SQL Injection, XSS, PHP code injection, .. * Scan reports notified by email with a vulnerability summary ‘ies and Malware of Websites 1/2 Realized by @Guillaume_Lp| dotecity Detectify * SaaS-based website seourily scanner > 100+ automated security tests Including OWASP Top 10 & more © 21 days of free trial WPScan_ WPScan » The mast comprehensive Wordpress vulnerabilities scanner » Advanced reports, automatic scans, deep scan technology, instant scans. > Albin-one dashboard (Eg Fetow @cutiaume_ Loi tor more things about intosec Sucuri » The most popular free website ‘malware and security scanner > You can do a quiek tast for Malware, Website blackiisting, injected Spam, Defacements & Others » Clean and protect your website. Works (on any website platforms (WP, Joomla...) st @ » Check website for malware and yulnerabilities expoits * Scan for maliciousisuspicious files, Malware domain list, Safe Browsing.Some Online Tools to Analyze Vulnera! 's and Malware of Websites 2/2 Realized by @Guillaume_Lp! O quays OBSERVATORY mozilla acunetix pare Bees seas Gees Berenice tence security elements for more than 500 vulnerabilities * Provides indepth analysis » OWASP hi including DNS & network of your https URL (Cipher, cae er infrastructure from Acunetix expiry day, overall rating, TLS best practices, SSL, .. servers: SSLITLS version...) * 90% of websites fail this Seater ea el » Quick test test web WW inspector TINFSIL © it ing SteGuardng beblasneeio: soma Tren eaeiaw Siecusralna 3 » Scan your site and provides i F > Sean domain for malware, website a thread report ee ea blacklisting, injected spam, defacement 10 OWASP wuinerabilties and * Detect Phishing, Malware, other known security holes Worms, Backdoors, Trojans, a Suspicious connections, Tabs around) manutes & more > Compatible with WordPress, Joomla, Drupal, Megento & other * Provide a report * Help to remove malware ithe 54 Fotow @cuillaume Lp tor more things about Infosee Sofei ‘2cullaume to + Bxamine register memory, malwares,... values, joints breakpoi + setting up break and/or conditional FTK Imager + Data preview and imaging tool that allows you to examine files and folders on local hard drives, ork CDs/DVDs, images, memory dumps + Can review and recover files were deleted that Some good tools useful for Forensic Volatility voli + Memory forensics framework incident response and digital forensic pr malware analysis to analyze hard driv and smartphones Autopsy + GuI-based cpen source + You can extract information about RAM, running processes, + Used by corporate open network sockets, zk connections. Caine + Network ¢ Packet Analyser Aided Environ + Comput Investiga: * GUI & Command Line + Linux live cD/Iso shark) contains a wealth of dig: forensic tools for Mobile, Network, Data Recovery. Begley eoyillaume te network traffice detailled information ee include a GUItools useful for Some good fenlizes by (@Gullsume to! multiple ork protocols level clude searching, checksums, deft) ExifTool ee tock Deft ExifTool + Linux which bundle: of the most popular free forensic tools + Command-line appl: on used Live cD/1s0 to read, write or edit file metadata informat + Fast, powerful and s lazge range of file fo: network trafic + very powerful Mobile forensics, aga + Used for ¥: k such a drive and creating of a drive Forensic a + Network Forensic Analysis Tool tract applications data fom internat traffic ‘aa Linux + By default on the majority me of Linux distrib Ly Q6ulle te al for ly wipini 2 raw image as fore!Some of the most used Vulnerabilies Scanners eaten :@0uteur it Rotina CS Community © Automated vulnerability ascosament for DBs, web app, workstations & servers © Managing the network security O Free Nikto © Used to perform a variety of tests on web servers in the least possible time (© Can scan multiple protocols like HTTRHTTPS, HTTPd, & multiple ports of a specie server, OFree @ BeyondTrust OpenVAS © Automatically updated by the community © OnenVAS Nexpose © Scans networks, OSes, Web app, DBs, virutal environments © Provide a report detailing any security vulnerabilities discovered and how to correct them OFree QualysGuard SaaS [Software as a Service) vulnerability management © Network discovery & mapping asset prioritization, vulnerability aceeselent reporting, remediation © Cloud-based system © By Rapid? the owners of Metasploit framework © Free version limited to 32 IP addresses at atime Nessus Nessus) Lots of plug-ins/extensions O NASL (Nessus Attack Script Language] designed to quickly write security tests Reskzedy -@Guilaune ipl © Commercial (free trial)Some of the most used Vulnerabilies Scanners Fealzed ty @Guifame to! solarwind SolarWinds NCM © Network security monitoring, IT Services Managment © 10S Vulnerabilities Sanning 0 Packets & Flows capture and analysis © Commercial Wireshark © Can capture issues online and executes the analysis offline Free Bo GFI LanGuard © Patch management, network and software audits, vulnerabily assessments © Centralized Network Analysis, Device Inventory © Commercial Free up to SIP addresses (© Identify the devices on a network, can detect OS running and ports opsn. Discovering services running & versions Nmap © Can use vulnerabilities scan scripts © Free GFi LanGuard” WE HackerProof © Identifiss any security holes by performing « dail Vulnerability Scan © PCI scanning tools included, drive-by-attack prevention Commercial Zed Attack Proxy 9 © Web Application Scanner with flexible scan policy management Realzed yy: @Gullaume_to! © Fuzzing & Websocket Testing © FreeSome terms you may find in Infosec Reazedty OQuileume tot Vulnerability Exploit # A vulnerability is a weakness + An exploit is the next step fn attacker could take advantage = of the attacker's after Gf 1 compromise the confidentiality, finding avulnerability. vailability or integrity of a ressource. 4 An exploit is a specially (hed code atiackere use to # Once the vuineranitity is found, attackers a Gali use it to direct software to act tales edwanteds 204 cette) Bie ite nnt intended to vulnerability and compromise Threat Payload ¢ In the world of maiware ie nomainte the term payload is used exploit a vulnerability { describe et an Seen becuciy ant worm ot other code (exploit) is ee ere ceue peeabis designed to do on a victim's eee t computer ‘esieoy @Gullume tpt A threat can be either ¢ For example, Baya intentional or accidental malicious peouTemaa gg damage to data,Some terms you may find in Infosec Facodoy @Gullmne bp! Spoofing CVE a B. Spoofing ie an attack # CVBis a list of information security np: tslatiny Eranatn teed mation en tht aims to provide common names for ? oe: +250 zeps0s y can be to gain enhanced privileges. ‘Pasiet to share data across separate mechanisms through a spoof requests Wulherability capabilities (tools, that imitate the real ones Boe ortmorsuion’ Hijacking 0-Day exploit # Hijacking is a type of network @ A zero day exploit is an attack attacker takes control of a eo sen oe aon era sac cotnmunseaon ines sae # At that point, it's exploited ene before a fix becomes available Sor exemple : Man in from software creator Middle attackSome terms you may find in Infosec eso: Quart Red Team + The purpose of the Red Team intrusion tests if to assess the overall security of a company by testing its various means of protection, wheter technical, physical or human + with this approach, the company identifies a maximum of wulnerabilities that can be exploited, as well as probable scenarios leading to a compromise of the information system. Blue Team Purple Team +A Blue Team is made up of + Purple Teams are designed a security team that defends to enhance information the organization against real sharing between the Red attackers and even Red Teams. and Blue teams to maximize their respective and + The Blue Team is in charge conbined effectiveness of protecting the information | punpie "REHPIESPPEEL ive for system and must put in place Sagechecking systens in - larger organizations - +She is also involved to incident response, threats hunt, digital forensics, damage controlSome terms you may find ostomy: eae ol Borin n DIGITAL FORENSICS & INCIDENT RESPONSE DFIR + DEIR is a multidisciplinary profession that focuses on ‘identifying, investigating, and reneidating computer/mobi le network exploitation. This can take varied forms and involves a wide variety of skills, kinds of attackers, an kinds of targets + Forensic analysis consists of collecting and analyzing the evidence of a compromise and determining with the maximum precision the operating mode used by the attacker. = Social Engineering + It is a technique that aims to obtain information by manipulating people without ‘them realizing it. Unlike other attacks, it does not require software. + This method essentially consists in provoking in a target a precise and planned behavior such as, for example, giving information, performing a sensitive operation in the ST or following a hypertext Tink. in Infosec OSINT + Open Source intelligence is an intelligence method based on information accessible to all and not classified. Open Source Intelligence is a fundamental element for intelligence operations + OSINT uses all forms of publicly available sources including ; Media such as neuspapers radio, social networks, reports, dark web, articles, conferences+¢ What is a Fork Bomb by @Guillaume_Lpl - The most common form of the fork bomb is: C8 Yi wy - In a more explicit form: The principle of a OL “Fork Bomb" is to 2:8 multiply a process until ly + The restriction of the reaching the limits of the d ‘or & " maximum number system. " of processes instantiated A by the users ~The multiplication of ox & J ‘ore & can be set up, ee scirates |“ peeeitars a via there the system and quickly “/elc/securityllimits.cont”: consumes all available ~ One simple way to protect your system ressources is to set limits on the number of processes that users can instantiate, "max user processes", . ne setleadstoasystem freeze _via the "ulimit" function. a f service.Nine Elements of Digital Forensic Process eee ered 4 INTAKE ne MEE > IDENTIFICATION 4 PREPARATION je device as evidence > Identify device specications & capabilties _» Prepare methods and ools to be used ‘Receive request forexamination ridentity Goals of €xamination Sees ere ener eee ee ee 6 VERIFICATION 5 PROCESSING 4 ISOLATION sores insta or aS Pest oe ES Le helo a Peco ieertrareeen 7 DOCUMENTING © PRESENTATION [iia 9 ARCHIVING IREPORTING coe en a etry Se at aC ls CUE Srebat ist eins tar ca > Present your findings *""""" + Keep data in common formats for futures™ fi ft = The 5 main steps of Hacking Process ug ate eee % ‘ 1. RECONNAISSANCE ——» 2. SCANNING ¢ Tool » The goal is to gather as much infos * Scanning phase allow about the target system as we can. to gather more precise ot (IP addr, DNS, e-mails, websites, ...) information about the target. Fy + Passive & Active reconnaissance using » Using tools include Ao = + == SINT Tools like whois, shodan, google, port scanners (ike nmap]; aye maltego, TheHarveste network mappers, ‘vulnerability scanners... -— oe . 5. CLEARING 4. MAINTAINING 3. GAINING TRACKS ~¢— ACCESS <— ACCESS » The goal ofthis + After gaining acces, In this phase phase is to not be we now try to maintain we try to get into the noticed by the IT that access for return system using all _ # proof the target. to the same level of the info/vulns discovered ¢ access in the future during the scanning phase > Erase system logs, eal by @cuisaune_Ll rs = tempfiles, history, .. Using rootkit, open + Using exploits, DOS attack. ports, trojan, backdoor... session hijacking. phising, ..What is ATM Jackpotting ? by @Guillaume_Lpl How does the theft of money in ATMs using malware ? > 4 The attackers gets access, local (black box) or distant (network) to the ATM. > 2 The malicious code is Injected into the ATM system. > 3 Tho ATM restart Tho system ‘seems to restart in nommal mode but iis under the control of the attacker 4 Attackers send commands ‘and steal money. These infographic is only for learning purpose. Black Box Attack Consist to directly connecting 2 mini-computer to the safe to order him {0 take out the money » 1 The attacker opens the service area, he connects his black box to the ATM which takes the host place and which bypass all security measures > 2A tittle later, individuals who look like clients, approach ATM and withdraw money > 3 Th allackor recover his black box How does a ATM work ? Almost all ATMs are computers that contain * An operating system (mostly Windows XP... > An user interface software > An ATM modalities administration app. » An antivirus > Communication software withthe treatment center. Network Attack x= > vaninthemidde atacs: lit Performing such attacks requires remote access to the device, A fake treatment center appears on the way to the authentic center. This false center then sends the ATM 2 money distribution order. Physical access to network hardware, including the ATM Ethernet cable, can also do the tnck * To find vulnerable ATM, attackers use search engines like shodan io Follow @Gulllaume_Lp! for moreWhat is a Man In The Middle (MITM) Attack ? Realized by @Guillaume_Lp! . elt Lom ao ‘Types of MITM attacks : + IP spoofing : attacker can trick you Into thinking you're interacting with a website or someone you're not + DNS spoofing : force a user to a fake ‘website rather the real one + HTTPS spoofing : attacker can fool your browser into believing i's a trusted website + Email hijacking : attacker can spoof companies ‘and send their own instructions * Wi-Fi eavesdropping : attacker can set up a Wi-Fi ‘email (bank, access point. When a user connects, Intercept login creds, information, for more informative infographics MITM definition + AMan In The Middle attack is a type of cyberattack where a malicious actor inserts herself into a conversation between two parties, impersonates both parties and gains access to Information that the two parties ‘were trying to send to each other + MITM attack allows an attacker to intercept, send and receive data meant for someone else, or not meant to be sent at all, whitout either outside party knowing unti itis too late, Realized by Internet ; Some protective measures against this type of attack : + Make sure HTTPS is always in the URL bar of the websites you visit + Never connect to public WLFI routers directly + Ifyou can, use a VPN + Update your software + Be wary of potential phising ‘emails trom people asking you to update your password or other credentials,Some types of Phishing Attacks by @Guillaume_Lp! What is Phishing ? Phishing is @ cybercrime in which a target cr targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such es personally identifable information, banking and credit card details, and passwords. Spear Phishing » Targets specific individuals instead of a wide group of people. * Attackers research informations about their victims on social media (hobbies, job, family...) * Then, they craft a targeted attack using informations about victim. * Often the first step used to penetrate a company's defenses. Rie Deceptive Phishing * The most common type of phishing. profiling the target to find the * Attackers attempts to obtain confidential Information from the victims. * They use the information to steal money or launch other attacks. * For example: A fake email from a URE) WAKER. bank asking you to click a link and verify your account details. Pharming * Like phising, pharming sends Users to a fake website that appears to be legitimate. * Butin this case, victims do not even have to click on a malicious link. * Attackers infect the user's computer or the website's DNS server and redirect the user to a fake site even if the correct URL is typed in. Whaling » Attackers can target anyone inan organization, even top executives, like a CEO > They often spend lots of time opportune moment. > Whaling is of particular concern because high-level executives are able to access a great deal of company information > Italso makes it possible to usurp the identity of an executives and to send emalis to the members of the company to trap them.The main programming languages in Infosec and their main uses ais Gieecry Low-level programming Janguages “RAM and system processes manipulation -Several security tools (like nmap) created using CH. -Lots of exploit in c (for PrivEsc,...) -Malware Analysis cH -Fast speed object oriented -Structured Interoperability -C# has a major advantage of a strong memory backup Ce Bash & Powershell -Great for system specific things -System administration “Quick to perform tasks “Essential for connections in ssh JavaScript -High-level programing language “Web application exploitation “Server and client-side “Use on our browsers or on webservers Python J “axtensive libraries -kasy to use “automating and more granular control of something “Crossplatform § Powerfull “most used in security, mainly for offensive/exploit on “Manipulating millions of lines of logs or compromised credentials. . automating -Used system commands “Used in legacy web systens, data minding, statistics and statistical analysis of dataSome good practices to avoid social engineering attack DATA = Ba cautious of the amount of personal information you make publicly available through social networking sites and cther methods GENERAL Secure your computing devices, Install anti-virus software, tirewal's, emailfiters and keep these up-to-date Slow down. Spammers want you to aci first and think later. If the messaga conveys @ sense oj urgency or uses high-pressure sales tactios be skeptical never let their urgency influence your careful review PASSWORD - You need passwords - Do not use the same everywhere ‘The more information publicly available about you, the easigr it is for altackers to craft more convincing phishing messages. - Ba careful when a stranger calls or meets you and asks you a lot of questions =f postibio, uso encryption for sending important data long, with numbers, letters, Oy - Always check the recipient (it it's important, call the recipient to be sure that it's really him who sent the mail) - You can receive emails from your contacts who were themselves attacked - Do not click on suspicious links - Delete the emails you no longer need - Do not open attachments received trom unknown senders of unexpected attachments from known senders - Use tools like VirusTotal to.check URL or files uppercase, lowercase, special characters, which have no special meaning (example: do not put the name of your dog and 123) - Do not put a post-it to remember your passwords - Nevergive your password - Change it regularly - If possible, use double identificationQuick presentation of the major flaws in an Information System What is an Information System (IS)? By @Guillaume_Lpl ‘An information system can be defined as a set of physical, organizational, human and technological means used to acquire, store, process, protect, transmit, cisseminate strategic, operational, functional information for an organization. Structural flaws © Management flaws obit, » Not always the technical or financial means to implement a security strategy * Negligence of security in some small and medium-sized enterprises Protection of users stations » Offices access protection » The protection of servers rooms » Protection of entry and exit points of buildings Follow @Guillaume_Lpl on Twitter for more things about Infosec Technical flaws oho > Network flaws (access without identification wifl, and more) > systems flaws (irregular updates, antivirus disabled, _” Not often aware of the risks weak passwords, misallocation , of privileges, and more) > Vulnerable to attacks that use social engineering (phishing, identity theft, manipulation ...) Bad habits (weak passwords, often the same, session not * Web and Application flaws locked when they leave their computers)What are the advantages of a VPN? Online anonymity Throigh a VPM you can browes the web in aronymity, Compared Enhanced eecurity hie IP sofware or wob prose, Be caretul When you conpect he network eee an Yous are ta ut the proreiy tough VEH, the dala kep secured thal telows you to ascons bathwod dosonerevearchavoultbeiore rd ererypted ee ae eee a protel used, dab ett, oto) +fi> = T= @ =r ce APN hides your activi online, In cazo cf acompany, tho great advartage ‘2 nobody cannot tea your acini cof having a VPN fe tat the nformation can Whon yoware ona public network, the be apcessed remctey even from home of bestthing to db s to use a VPM. fom any etre place, this vod aitasks Ike men-in-the-middl ralsise Government attackers spy Unblock websites & bypass fiter men touse a vpn? Pile are great ior accoeing blocko! ‘On pubic wis websites ofr bypassing Ineiret fiers, In afateign country I you ga toa courtry that censors certain “To covmioas /upload \wabsites, orexample Chira with Facabook “To work irom home yu can bypass thatSome of the most common Vulnerabilities in Web Applications Realized ly @Gulllaume_Lp! CSRF Include LFI & RFI (Cross-Site Request Forgery) (Local & Remote File Inclusion) » The purpose of CSRF attack is to have > These inclusions provide access to a user execute an action internal to the site, normally confidential files and internal through a falsified request. to the website (LFI) or include a remote For example : asking an admin to delete file on the victim's server (RFI) @ person on forum, or to transfert an amout They are generally due to the inclusion of of monay to an account (very rare case of course) Parameters in the URI It can be coupled to an XSS attack. > Example Renan = httpy/stte.convindex.php?page=./../passwa View XSS my Pictures! (Cross-Site Scripting) File Upload » Inject code that can be interpreted directly by the web browser, which will not » The forms file uploads are the most differentiate between the site code and the difficult user entries to secure. The upload —_injected code. of a PHP file on a forum as a profile image Consequences : redirection to a trap site, for example, could allow a attacker to retrieve data transmitted by users, execute PHP code. stealing cookies, doing direct actions on the site Realized by @Guillaume_Lpl » How to bypass protection ? » Test injection in any forms (login, psswd, url, ..) *Use double file extension (heyphp.jpg) *Use nulle byte (hey.php%00.jpeq) if this text is bold, the site is potentially vulnerable *Bypass MIME checking (content-type) ‘These infogrephice \a only for learning purposesSome of the most common Vulnerabilities in Web Applications Realized by @Guillaume_Lpl (SQLi, LDAPi, PHPi, OSi...) » Allow respectively to execute code & system commands (bash...) The presence of vulns with eval, assert and preg replace leads to a RCE. > Allow to inject Queries, OS commands codes and URL argument manipulations wherever a user input is required or use can modify data. (text box, login/psewd field, URL, comment field, registration field...) MiGente do eneteener wintne ability to execute malicious code, a SL oe OL reac take control and elevate privileges... » Basic examples of SQLi: — . a ‘OR I=1/f “OR s/ftmt ri OR = Directory Listing XXE » Mostly due to a default configuration (XMI. External Entities) of the web server. It is simply the display of the contents of a folder in the absence » Is a type of attack against an of an index file application that parses XML entries This attack occurs when the XML entry » In some cases, Directory Listing provides containing a reference to an external access to confidential files. entity is processed by a weakly configured XML parser > Example : Realized by @Guillaume_Lpt There is a folder /upload/ with no index file e Eiecta on the website, allowing the attacker to access This attack can result in the discolure of all the files uploaded by all users configential data, DoS, request falsification. eae eae pat eae ene