Attacking and Defending Web Applications on the Internet
Prajal Kulkarni Agenda
● Basic Definitions of Hacking ● What and Why of Hacking ● Security ● Hacking Methodology ● How to Secure things on the Internet ● How to remain Secure ● Career in Information Security ● Tools of Trade & reading referencing What's not the Agenda?
● How to hack someone’s Facebook / Instagram ? ● How can I find someone who hacked me? ● There won’t be any real world hacking demonstration. ● Is Government spying on me and do they have my data? About me
● GEC ETC 2010 ● Security Architect @Flipkart ● Security community - Null, OWASP India ● Grace Hopper In, NullCon In, c0c0n In, Confidence Poland, BlackHat UK, US
Twitter - @prajalkulkarni www.prajalkulkarni.com www.codevigilant.com FYI….
Opinions expressed are solely my own
and not the views of my employer! Disclaimer
This presentation & demos provided are for informational and educational purposes only, and for those who’re willing and curious to know and learn about Ethical Hacking, Cybersecurity, and Penetration Testing.
Please do not misuse this information to gain unauthorized access or any other illegal purposes. Definitions
● BlackHat ● WhiteHat ● GreyHat BlackHat
Hacker who violates computer security for little reason beyond maliciousness or for personal gain
https://en.wikipedia.org/wiki/Black_hat WhiteHat
An ethical hacker who specializes in security domain that ensures the security of an organization's tech systems.
https://en.wikipedia.org/wiki/White_hat_(computer_security) GreyHat
A grey hat is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker.
https://en.wikipedia.org/wiki/Grey_hat What is the motivation behind Hacking?
● For money $$$ *ransomware (Petya, Bad Rabbit) ● Socially or politically motivated reason * Hacktivism (LulzSec, Anonymous) ● State Sponsored Cyber Attacks *CyberWARfare (Stuxnet) ● Exfiltrating valuable data and information for personal use (British Airways, Talk Talk) ● Show off (Celebrity Social media profile hacks)
https://en.wikipedia.org/wiki/Stuxnet Why anything gets Hacked? 95% of cybersecurity breaches are due to human error!
https://www.onegreenplanet.org/animalsandnature/confused-animal-lovers/ https://www.cybintsolutions.com/cyber-security-facts-stats/ Can I be 100% Secured?? Can I be 100% Secured on the Internet?
https://i.pinimg.com/ https://www.raconteur.net/technology/is-your-washing-machine-a-security-risk Your Washing Machine can attack you one day!
https://drawception.com/ Some Stats
https://en.wikipedia.org/wiki/Internet_of_things Hacking Methodology
● Reconnaissance ● Scanning ● Gaining Access ● Maintaining Access ● Clearing Track Reconnaissance - Passive
Passive reconnaissance is when you don’t communicate with the target.
- Domain / IP level information - Google Dorks - Social Media - Source Code Version Control Systems Welcome to OSINT -Passive
https://www.greycampus.com/blog/information-security/top-open-source-intelligence-tools Publicly available testing Websites. (Legally)
● Hack Yourself First | hackyourselffirst.troyhunt.com ● Juice Shop | github.com/bkimminich/juice-shop ● Hack.me | hack.me ● Hackademic | github.com/Hackademic/hackademic ● Hack This Site | HackThisSite.org ● HackThis!! | https://defendtheweb.net/?hackthis ● Altoro Mutual | http://demo.testfire.net/
https://www.checkmarx.com/2015/11/06/13-more-hacking-sites-to- legally-practice-your-infosec-skills/ Whois on www.hackthissite.org -Passive
http://whois.domaintools.com/hackthissite.org Google Hacking Database -Passive
https://www.exploit-db.com/google-hacking-database Google Dorks - Self Learn
https://www.exploit-db.com/google-hacking-database Log File with passwords - Passive Sony Camera’s Online - Passive https://www.reddit.com/r/AskNetsec/comments/abslvj/is_it_legal_to_use_google_dorks/ (Passive) Shodan to rescue! - https://www.shodan.io/explore Github Dorks - Passive Fun Fact! Problem?? Reconnaissance - Active
Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities.
Port Scanning
● Service Enumeration ● Service Version Detection ● Exploitation
https://whatis.techtarget.com/definition/active-reconnaissance Hi to Nmap! - Active Port Scanning - Guess Who??
https://nmap.org/movies/ Lets RunNmap! Invest in a small home setup Version - Vulnerability mapping Version - Vulnerability mapping Exploitation! Hi to your friend Metasploit!
https://www.metasploit.com/ Example pwning an Apache Centreon Server
https://github.com/rapid7/metasploit-framework/pull/12901 Where can I practice?
+ Docker + Virtual Box https://www.vulnhub.com/ https://portswigger.net/web-security https://www.hackthebox.eu/ Where else?
Take part in Capture the flag events! https://ctftime.org/ https://www.securitynewspaper.com/2015/10/15/how-to-scan-whole-internet-3-7-billion-ip-addresses-in-few-minutes/ https://zmap.io/ How to Secure Web Applications
● Cloud provider ○ Choose wisely ○ Explore all the security features of the cloud platform ○ Enable Firewall and alerting and monitoring capabilities.
● Secure development Practices ○ https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines ○ https://owasp.org/www-project-top-ten/
● ++ on Systems Updates and Upgrades ○ All network and OS components. How to secure self?
● Take interest in learning and protecting personal data. ● Use strong passwords wherever needed. Use a strong Password Manager. ● Use 2nd Factor logins in all apps ● Do Not submit data to random websites ● Always validate lock on the website and the website origin before entering payment information ● Use a good antivirus ● Always keep systems updated Career in Information Security
● Pentesting and Vulnerability Assessment ● Forensic Investigator ● Security Governance and Auditing ● Security Developer ● Bug Bounty Hunter Bug Bounty Programs
https://www.bugcrowd.com/bug-bounty-list/ https://hackerone.com/bug-bounty-programs Tools of Trade
https://nmap.org/
https://www.kali.org/
https://www.maltego.com/
https://www.metasploit.com/
https://github.com/DataSploit/datasploit
https://owasp.org/www-project-top-ten/
https://www.shodan.io/
https://www.exploit-db.com/google-hacking-database
https://portswigger.net/burp Thank You!
Sir Dr. Ganesh Hegde Sir Nitesh Naik Nityam Redkar Viraj Rokde GEC Council 2020 Questions?