Attacking and Defending Web Applications on the Internet

Prajal Kulkarni Agenda

● Basic Deﬁnitions of Hacking ● What and Why of Hacking ● Security ● Hacking Methodology ● How to Secure things on the Internet ● How to remain Secure ● Career in Information Security ● Tools of Trade & reading referencing What's not the Agenda?

● How to hack someone’s Facebook / Instagram ? ● How can I ﬁnd someone who hacked me? ● There won’t be any real world hacking demonstration. ● Is Government spying on me and do they have my data? About me

● GEC ETC 2010 ● Security Architect @Flipkart ● Security community - Null, OWASP India ● Grace Hopper In, NullCon In, c0c0n In, Conﬁdence Poland, BlackHat UK, US

Twitter - @prajalkulkarni www.prajalkulkarni.com www.codevigilant.com FYI….

Opinions expressed are solely my own

and not the views of my employer! Disclaimer

This presentation & demos provided are for informational and educational purposes only, and for those who’re willing and curious to know and learn about Ethical Hacking, Cybersecurity, and Penetration Testing.

Please do not misuse this information to gain unauthorized access or any other illegal purposes. Deﬁnitions

● BlackHat ● WhiteHat ● GreyHat BlackHat

Hacker who violates computer security for little reason beyond maliciousness or for personal gain

https://en.wikipedia.org/wiki/Black_hat WhiteHat

An ethical hacker who specializes in security domain that ensures the security of an organization's tech systems.

https://en.wikipedia.org/wiki/White_hat_(computer_security) GreyHat

A grey hat is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker.

https://en.wikipedia.org/wiki/Grey_hat What is the motivation behind Hacking?

● For money $$$ *ransomware (Petya, Bad Rabbit) ● Socially or politically motivated reason * Hacktivism (LulzSec, Anonymous) ● State Sponsored Cyber Attacks *CyberWARfare (Stuxnet) ● Exﬁltrating valuable data and information for personal use (British Airways, Talk Talk) ● Show off (Celebrity Social media proﬁle hacks)

https://en.wikipedia.org/wiki/Stuxnet Why anything gets Hacked? 95% of cybersecurity breaches are due to human error!

https://www.onegreenplanet.org/animalsandnature/confused-animal-lovers/ https://www.cybintsolutions.com/cyber-security-facts-stats/ Can I be 100% Secured?? Can I be 100% Secured on the Internet?

https://i.pinimg.com/ https://www.raconteur.net/technology/is-your-washing-machine-a-security-risk Your Washing Machine can attack you one day!

https://drawception.com/ Some Stats

https://en.wikipedia.org/wiki/Internet_of_things Hacking Methodology

● Reconnaissance ● Scanning ● Gaining Access ● Maintaining Access ● Clearing Track Reconnaissance - Passive

Passive reconnaissance is when you don’t communicate with the target.

- Domain / IP level information - Google Dorks - Social Media - Source Code Version Control Systems Welcome to OSINT -Passive

https://www.greycampus.com/blog/information-security/top-open-source-intelligence-tools Publicly available testing Websites. (Legally)

https://www.checkmarx.com/2015/11/06/13-more-hacking-sites-to- legally-practice-your-infosec-skills/ Whois on www.hackthissite.org -Passive

http://whois.domaintools.com/hackthissite.org Google Hacking Database -Passive

https://www.exploit-db.com/google-hacking-database Google Dorks - Self Learn

https://www.exploit-db.com/google-hacking-database Log File with passwords - Passive Sony Camera’s Online - Passive https://www.reddit.com/r/AskNetsec/comments/abslvj/is_it_legal_to_use_google_dorks/ (Passive) Shodan to rescue! - https://www.shodan.io/explore Github Dorks - Passive Fun Fact! Problem?? Reconnaissance - Active

Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities.

Port Scanning

● Service Enumeration ● Service Version Detection ● Exploitation

https://whatis.techtarget.com/deﬁnition/active-reconnaissance Hi to Nmap! - Active Port Scanning - Guess Who??

https://nmap.org/movies/ Lets RunNmap! Invest in a small home setup Version - Vulnerability mapping Version - Vulnerability mapping Exploitation! Hi to your friend Metasploit!

https://www.metasploit.com/ Example pwning an Apache Centreon Server

https://github.com/rapid7/metasploit-framework/pull/12901 Where can I practice?

+ Docker + Virtual Box https://www.vulnhub.com/ https://portswigger.net/web-security https://www.hackthebox.eu/ Where else?

Take part in Capture the ﬂag events! https://ctftime.org/ https://www.securitynewspaper.com/2015/10/15/how-to-scan-whole-internet-3-7-billion-ip-addresses-in-few-minutes/ https://zmap.io/ How to Secure Web Applications

● Cloud provider ○ Choose wisely ○ Explore all the security features of the cloud platform ○ Enable Firewall and alerting and monitoring capabilities.

● Secure development Practices ○ https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines ○ https://owasp.org/www-project-top-ten/

● ++ on Systems Updates and Upgrades ○ All network and OS components. How to secure self?

● Take interest in learning and protecting personal data. ● Use strong passwords wherever needed. Use a strong Password Manager. ● Use 2nd Factor logins in all apps ● Do Not submit data to random websites ● Always validate lock on the website and the website origin before entering payment information ● Use a good antivirus ● Always keep systems updated Career in Information Security

● Pentesting and Vulnerability Assessment ● Forensic Investigator ● Security Governance and Auditing ● Security Developer ● Bug Bounty Hunter Bug Bounty Programs

https://www.bugcrowd.com/bug-bounty-list/ https://hackerone.com/bug-bounty-programs Tools of Trade

https://nmap.org/

https://www.kali.org/

https://www.maltego.com/

https://www.metasploit.com/

https://github.com/DataSploit/datasploit

https://owasp.org/www-project-top-ten/

https://www.shodan.io/

https://www.exploit-db.com/google-hacking-database

https://portswigger.net/burp Thank You!

Sir Dr. Ganesh Hegde Sir Nitesh Naik Nityam Redkar Viraj Rokde GEC Council 2020 Questions?