SlideShare a Scribd company logo

Hacked - What do you do now?

Tony Perez
Tony Perez

A step by step that allows you to think through the process during and after a Hack takes a hold of your website.

Technology
1 of 40
Download to read offline
Hacked What do you do now?
• Sucuri @sucuri_security @sucurisupport @sucurilabs http://blog.sucuri.net http://labs.sucuri.net • Tony Perez @perezbox @perezbox | @sucuri_security
• Website Security Company • Global Operations • Platform Agnostic (i.e., WordPress, Joomla, etc..) • Scan 2M Unique Domains a Month • Block 4M web attacks a Month • Remediate 400 – 500 websites a day • Signature / Heuristic Based • 24/7 operations @perezbox | @sucuri_security
Implications of a Hack • Emotionally Daunting • Brand Reputation (i.e., Blacklisting) • Direct / Indirect Impacts to your Clients • Technically Exhausting • Resource Overload • Economic Impacts To Your Business @perezbox | @sucuri_security
Most Common Hacks • Malicious Redirects (i.e., abuse your traffic) • Backdoors (i.e., Bypass Access Controls) • Phishing (i.e., Spear Phishing Campaigns) • Search Engine Poisoning (i.e., Pharma, etc…) @perezbox | @sucuri_security
TIPS & TRICKS Clearing Up the Mess @perezbox | @sucuri_security
Tools of the Trade • Terminal • FileZilla • Coda (Some IDE) • Scanners @perezbox | @sucuri_security
Filezilla @perezbox | @sucuri_security
Terminal • Example 1: Dump the content of a site $ curl --location -D - site.com • Example 2: Dump the content of a site, faking Googlebot user agent $ curl --location -D - -A "Googlebot" site.com • Example 3: Dump the content of a site, using Facebook's referrer $ curl --location -D - --referer "http://facebook.com" site.com Command Cheat Sheet: http://files.fosswire.com/2007/08/fwunixref.pdf@perezbox | @sucuri_security
Curl Example @perezbox | @sucuri_security
Terminal, cntd… • Grep $ grep --include "*.php" -r example.com ./ • Diff $ diff –qr /path/dir1 /path/dir2 • Find $ find ./ -name "*.php” $ find / -type f -mtime -7 (7 Days Fewer) $ find / -mmin -10 (last 10 minutes) • SED – Removing <iframe src=http://example.com></iframe> # sed -i".backup" 's#<iframe src=http://example.com></iframe>##' index.php • Combining Commands – Remove an iframe from all PHP files $ find ./ -name "*.php" -print0 | xargs -0 sed -i".backup" 's#<iframe src=http://example.com></iframe>##' @perezbox | @sucuri_security
Online Scanners Unmask Parasites – http://unmaskparasites.com SiteCheck – http://sitecheck.sucuri.net @perezbox | @sucuri_security
INFECTIONS What do they look like? @perezbox | @sucuri_security
Malicious Redirect @perezbox | @sucuri_security
Malicious Redirects • Easy / Medium to Detect – Be mindful of conditionals • Looking for Integrity Issues – Has something been modified? • Common location[s]: – .htaccess – Index.php – Footer.php – Header.php • Biggest Issue – Redirectors are becoming highly complex – Employing heavy conditional elements @perezbox | @sucuri_security
Phishing @perezbox | @sucuri_security
Phishing, Cntd.. • Difficult to Detect Remotely • Looking for Integrity Issues – Is something somewhere it doesn’t belong? • Common location[s]: – WP-Includes – Theme Directories • Biggest Issue – It can be anywhere – Fully contained @perezbox | @sucuri_security
Backdoors @perezbox | @sucuri_security
Backdoors, cntd… • Can’t detect remotely, only locally • Looking for Integrity Issues – Is something somewhere it doesn’t belong? • Common location[s]: – WP-Includes – Root Directory • Biggest Issue – Allows attacker to bypass your access controls – Provides full control of the environment @perezbox | @sucuri_security • Common terms: – Is_bot – Eval – Base64_decode – Fopen – Fclose – readfile – Edoced_46esad – Exec – System – Shell_exec – Gzuncompress – popen – FilesMan grep -RPl --include=*.{php} "(system|exec|passthru|shell_exec|base64_decode|eval|) *(" /var/www
Example of Complexity @perezbox | @sucuri_security
Search Engine Poisoning @perezbox | @sucuri_security
Backdoors, cntd… • Targets Search Engines (i.e., Google, Bing, Yahoo) • Looking for Integrity Issues – Have your posts / pages been modified? • Common location[s]: – Index.php (root, theme, plugins, etc..) – Header.php – Footer.php – Embedded in Database (Posts / Pages) • Biggest Issue – Continuous to evolve – Highly conditional – Not within visible range – often offscreen @perezbox | @sucuri_security
Indicators of a Hack Search Engines have gotten pretty good at detecting issues – Google blacklists over 10 thousand websites a day. @perezbox | @sucuri_security
Forensics • What happened? • When did it happen? • Will it happen again? @perezbox | @sucuri_security
POST-HACK Let’s Talk Posture @perezbox | @sucuri_security
Improve your Posture Posture Risk You were just hacked, Posture is imperative right now!! @perezbox | @sucuri_security
Good Posture Protection Auditing Detection Sustainment @perezbox | @sucuri_security
Protection Website Firewalls - Stop attackers and protect your website from getting hacked: • Denial of Service Attacks • Brute Force Attacks • Software Vulnerability Exploitation • Malware Injections • Direct Backdoor Access • Abusing Access Controls (i.e., wp-admin) @perezbox | @sucuri_security
Auditing • Understand what is going on at all time – Who is logging in? – Who is trying to log in? – What files are changing? – Has a post been created? – Has a page been created? – Are there any integrity issues? @perezbox | @sucuri_security
Detection • Continuous Monitoring – Remote and Server Scans – Heuristic Analysis – Signature Analysis – Change Detection – DNS Reporting – WHOIS Monitoring – SSL Cert Monitoring @perezbox | @sucuri_security
Sustainment • Updates • Backups • Dev / Design Team • Security Team @perezbox | @sucuri_security
Reset Secret Key’s / Salts People don’t think about this, but it’s a necessity to clear any open states – it forces everyone off their session. Source: https://api.wordpress.org/secret-key/1.1/salt/ @perezbox | @sucuri_security
Force Password Resets Many people will reset their password, few will actually reset everyone’s post-hack. @perezbox | @sucuri_security
Sucuri Plugin @perezbox | @sucuri_security
Clean Your House • Least Privileged – Reduce Unnecessary Privileges – everyone does not have to be an admin • Remove unused software – CMS Applications – Extensions (Themes, Plugins, etc..) @perezbox | @sucuri_security
Basic Hardening  Disable PHP Execution  /wp-includes  /wp-content ▪ /themes ▪ /plugins ▪ /uploads << minimum <Files *.php> Deny from all </Files> @perezbox | @sucuri_security
Connection Integrity – Public Wifi’s • https://www.getcloak.com/ | @getcloak @perezbox | @sucuri_security
Good Reading Material Dealing with Malware http://blog.sucuri.net/2012/10/dealing-with-todays- wordpress-malware.html Leveraging Google Webmaster Tools http://www.unmaskparasites.com/malware- warning-guide/ Google Webmaster Tools (Hacked) http://www.google.com/webmasters/hacked/ Understanding Google’s Blacklists http://blog.sucuri.net/2013/11/understanding- googles-blacklist-cleaning-your-hacked-website-and- removing-from-blacklist.html Clearing Your Website with Free Scanner http://blog.sucuri.net/2013/10/cleaning-up-your- wordpress-site-with-the-free-sucuri-plugin.html WordPress Tips & Tricks http://blog.sucuri.net/2012/07/website-malware- removal-wordpress-tips-tricks.html Prepared against a Hack? http://www.smashingmagazine.com/2014/05/30/ar e-you-prepared-against-a-hack/ @perezbox | @sucuri_security
PADS = Sucuri • Complete Website Security with Sucuri • WPSessions Attendees Only – 30% off any plan for life – Contact Tony: tony@sucuri.net – Reference: WPSESS2014 – Include: Email used in WPSessions Account @perezbox | @sucuri_security
Sucuri, Inc. Tony Perez http://sucuri.net http://blog.sucuri.net @perezbox | @sucuri_security @perezbox | @sucuri_security

Recommended

WordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureWordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureTony Perez
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
Website Security - It Begins With Good Posture
Website Security - It Begins With Good PostureWebsite Security - It Begins With Good Posture
Website Security - It Begins With Good PostureTony Perez
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTony Perez
 
Steps to Keep Your Site Clean
Steps to Keep Your Site CleanSteps to Keep Your Site Clean
Steps to Keep Your Site CleanSucuri
 
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit GuideSucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit GuideSucuri
 
Sucuri Webinar: What is SEO Spam and How to Fight It
Sucuri Webinar: What is SEO Spam and How to Fight ItSucuri Webinar: What is SEO Spam and How to Fight It
Sucuri Webinar: What is SEO Spam and How to Fight ItSucuri
 

Recommended

WordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureWordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureTony Perez
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
Website Security - It Begins With Good Posture
Website Security - It Begins With Good PostureWebsite Security - It Begins With Good Posture
Website Security - It Begins With Good PostureTony Perez
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTony Perez
 
Steps to Keep Your Site Clean
Steps to Keep Your Site CleanSteps to Keep Your Site Clean
Steps to Keep Your Site CleanSucuri
 
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit GuideSucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit GuideSucuri
 
Sucuri Webinar: What is SEO Spam and How to Fight It
Sucuri Webinar: What is SEO Spam and How to Fight ItSucuri Webinar: What is SEO Spam and How to Fight It
Sucuri Webinar: What is SEO Spam and How to Fight ItSucuri
 
Sucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri
 
Sucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento WebsiteSucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento WebsiteSucuri
 
Sucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri
 
Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Sucuri
 
Sucuri Webinar: Preventing Cross-Site Contamination for Beginners
Sucuri Webinar: Preventing Cross-Site Contamination for BeginnersSucuri Webinar: Preventing Cross-Site Contamination for Beginners
Sucuri Webinar: Preventing Cross-Site Contamination for BeginnersSucuri
 
Sucuri Webinar: Leveraging Sucuri's API
Sucuri Webinar: Leveraging Sucuri's APISucuri Webinar: Leveraging Sucuri's API
Sucuri Webinar: Leveraging Sucuri's APISucuri
 
Sucuri Webinar: Hacked Website Trend Report Q1/2016
Sucuri Webinar: Hacked Website Trend Report Q1/2016Sucuri Webinar: Hacked Website Trend Report Q1/2016
Sucuri Webinar: Hacked Website Trend Report Q1/2016Sucuri
 
Sucuri Webinar: How to clean hacked WordPress sites
Sucuri Webinar: How to clean hacked WordPress sitesSucuri Webinar: How to clean hacked WordPress sites
Sucuri Webinar: How to clean hacked WordPress sitesSucuri
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri
 
Sucuri Webinar: Is SSL enough to secure your website?
Sucuri Webinar: Is SSL enough to secure your website?Sucuri Webinar: Is SSL enough to secure your website?
Sucuri Webinar: Is SSL enough to secure your website?Sucuri
 
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics ReportsSucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics ReportsSucuri
 
Why Do Hackers Hack?
Why Do Hackers Hack?Why Do Hackers Hack?
Why Do Hackers Hack?Sucuri
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri
 
Sucuri Webinar: How To Know For Sure You Can Trust A Plugin
Sucuri Webinar: How To Know For Sure You Can Trust A PluginSucuri Webinar: How To Know For Sure You Can Trust A Plugin
Sucuri Webinar: How To Know For Sure You Can Trust A PluginSucuri
 
What Are the Most Common Types of Hacks?
What Are the Most Common Types of Hacks?What Are the Most Common Types of Hacks?
What Are the Most Common Types of Hacks?Sucuri
 
Sucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri Webinar: Simple Steps To Secure Your Online StoreSucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri Webinar: Simple Steps To Secure Your Online StoreSucuri
 
Webinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecurityWebinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecuritySucuri
 
WordCamp Baltimore - WordPress Security: Fundamentals for Business
WordCamp Baltimore - WordPress Security: Fundamentals for BusinessWordCamp Baltimore - WordPress Security: Fundamentals for Business
WordCamp Baltimore - WordPress Security: Fundamentals for BusinessJoseph Herbrandson
 
WCEU 2016 - 10 tips to sleep better at night
WCEU 2016 - 10 tips to sleep better at nightWCEU 2016 - 10 tips to sleep better at night
WCEU 2016 - 10 tips to sleep better at nightMaurizio Pelizzone
 
Building a Security Framework for Websites
Building a Security Framework for WebsitesBuilding a Security Framework for Websites
Building a Security Framework for WebsitesTony Perez
 
Beyonce
BeyonceBeyonce
BeyoncePRESENTATIONSFORESL
 

More Related Content

What's hot

Sucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri
 
Sucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento WebsiteSucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento WebsiteSucuri
 
Sucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri
 
Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Sucuri
 
Sucuri Webinar: Preventing Cross-Site Contamination for Beginners
Sucuri Webinar: Preventing Cross-Site Contamination for BeginnersSucuri Webinar: Preventing Cross-Site Contamination for Beginners
Sucuri Webinar: Preventing Cross-Site Contamination for BeginnersSucuri
 
Sucuri Webinar: Leveraging Sucuri's API
Sucuri Webinar: Leveraging Sucuri's APISucuri Webinar: Leveraging Sucuri's API
Sucuri Webinar: Leveraging Sucuri's APISucuri
 
Sucuri Webinar: Hacked Website Trend Report Q1/2016
Sucuri Webinar: Hacked Website Trend Report Q1/2016Sucuri Webinar: Hacked Website Trend Report Q1/2016
Sucuri Webinar: Hacked Website Trend Report Q1/2016Sucuri
 
Sucuri Webinar: How to clean hacked WordPress sites
Sucuri Webinar: How to clean hacked WordPress sitesSucuri Webinar: How to clean hacked WordPress sites
Sucuri Webinar: How to clean hacked WordPress sitesSucuri
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri
 
Sucuri Webinar: Is SSL enough to secure your website?
Sucuri Webinar: Is SSL enough to secure your website?Sucuri Webinar: Is SSL enough to secure your website?
Sucuri Webinar: Is SSL enough to secure your website?Sucuri
 
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics ReportsSucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics ReportsSucuri
 
Why Do Hackers Hack?
Why Do Hackers Hack?Why Do Hackers Hack?
Why Do Hackers Hack?Sucuri
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri
 
Sucuri Webinar: How To Know For Sure You Can Trust A Plugin
Sucuri Webinar: How To Know For Sure You Can Trust A PluginSucuri Webinar: How To Know For Sure You Can Trust A Plugin
Sucuri Webinar: How To Know For Sure You Can Trust A PluginSucuri
 
What Are the Most Common Types of Hacks?
What Are the Most Common Types of Hacks?What Are the Most Common Types of Hacks?
What Are the Most Common Types of Hacks?Sucuri
 
Sucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri Webinar: Simple Steps To Secure Your Online StoreSucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri Webinar: Simple Steps To Secure Your Online StoreSucuri
 
Webinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecurityWebinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecuritySucuri
 
WordCamp Baltimore - WordPress Security: Fundamentals for Business
WordCamp Baltimore - WordPress Security: Fundamentals for BusinessWordCamp Baltimore - WordPress Security: Fundamentals for Business
WordCamp Baltimore - WordPress Security: Fundamentals for BusinessJoseph Herbrandson
 
WCEU 2016 - 10 tips to sleep better at night
WCEU 2016 - 10 tips to sleep better at nightWCEU 2016 - 10 tips to sleep better at night
WCEU 2016 - 10 tips to sleep better at nightMaurizio Pelizzone
 

What's hot (20)

Sucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get Hacked
 
Sucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento WebsiteSucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento Website
 
Sucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital Marketers
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
 
Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?
 
Sucuri Webinar: Preventing Cross-Site Contamination for Beginners
Sucuri Webinar: Preventing Cross-Site Contamination for BeginnersSucuri Webinar: Preventing Cross-Site Contamination for Beginners
Sucuri Webinar: Preventing Cross-Site Contamination for Beginners
 
Sucuri Webinar: Leveraging Sucuri's API
Sucuri Webinar: Leveraging Sucuri's APISucuri Webinar: Leveraging Sucuri's API
Sucuri Webinar: Leveraging Sucuri's API
 
Sucuri Webinar: Hacked Website Trend Report Q1/2016
Sucuri Webinar: Hacked Website Trend Report Q1/2016Sucuri Webinar: Hacked Website Trend Report Q1/2016
Sucuri Webinar: Hacked Website Trend Report Q1/2016
 
Sucuri Webinar: How to clean hacked WordPress sites
Sucuri Webinar: How to clean hacked WordPress sitesSucuri Webinar: How to clean hacked WordPress sites
Sucuri Webinar: How to clean hacked WordPress sites
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! website
 
Sucuri Webinar: Is SSL enough to secure your website?
Sucuri Webinar: Is SSL enough to secure your website?Sucuri Webinar: Is SSL enough to secure your website?
Sucuri Webinar: Is SSL enough to secure your website?
 
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics ReportsSucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
 
Why Do Hackers Hack?
Why Do Hackers Hack?Why Do Hackers Hack?
Why Do Hackers Hack?
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best Performance
 
Sucuri Webinar: How To Know For Sure You Can Trust A Plugin
Sucuri Webinar: How To Know For Sure You Can Trust A PluginSucuri Webinar: How To Know For Sure You Can Trust A Plugin
Sucuri Webinar: How To Know For Sure You Can Trust A Plugin
 
What Are the Most Common Types of Hacks?
What Are the Most Common Types of Hacks?What Are the Most Common Types of Hacks?
What Are the Most Common Types of Hacks?
 
Sucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri Webinar: Simple Steps To Secure Your Online StoreSucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri Webinar: Simple Steps To Secure Your Online Store
 
Webinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecurityWebinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri Security
 
WordCamp Baltimore - WordPress Security: Fundamentals for Business
WordCamp Baltimore - WordPress Security: Fundamentals for BusinessWordCamp Baltimore - WordPress Security: Fundamentals for Business
WordCamp Baltimore - WordPress Security: Fundamentals for Business
 
WCEU 2016 - 10 tips to sleep better at night
WCEU 2016 - 10 tips to sleep better at nightWCEU 2016 - 10 tips to sleep better at night
WCEU 2016 - 10 tips to sleep better at night
 

Viewers also liked

Building a Security Framework for Websites
Building a Security Framework for WebsitesBuilding a Security Framework for Websites
Building a Security Framework for WebsitesTony Perez
 
WordPress Website Security - Trends, Threats, Defenses
WordPress Website Security - Trends, Threats, DefensesWordPress Website Security - Trends, Threats, Defenses
WordPress Website Security - Trends, Threats, DefensesTony Perez
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Facebook Security SMCMIDMO
Facebook Security SMCMIDMOFacebook Security SMCMIDMO
Facebook Security SMCMIDMOJerry Gamblin
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Viewers also liked (8)

Building a Security Framework for Websites
Building a Security Framework for WebsitesBuilding a Security Framework for Websites
Building a Security Framework for Websites
 
Beyonce
BeyonceBeyonce
Beyonce
 
WordPress Website Security - Trends, Threats, Defenses
WordPress Website Security - Trends, Threats, DefensesWordPress Website Security - Trends, Threats, Defenses
WordPress Website Security - Trends, Threats, Defenses
 
Facebook security
Facebook securityFacebook security
Facebook security
 
Information security
Information securityInformation security
Information security
 
Facebook Security SMCMIDMO
Facebook Security SMCMIDMOFacebook Security SMCMIDMO
Facebook Security SMCMIDMO
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to Hacked - What do you do now?

Uweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website ExploitsUweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website Exploitstamuwww
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security IntroCash Williams
 
WordPress Security - A Hacker's Guide - WordCamp 2019 Islamabad
WordPress Security - A Hacker's Guide - WordCamp 2019 IslamabadWordPress Security - A Hacker's Guide - WordCamp 2019 Islamabad
WordPress Security - A Hacker's Guide - WordCamp 2019 IslamabadRF Studio
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksJames Cash
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Gareth Davies
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented DefenceSensePost
 
Заполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не оконченаЗаполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не оконченаPositive Hack Days
 
Demystifying WordPress
Demystifying WordPressDemystifying WordPress
Demystifying WordPressMykl Roventine
 
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017Micro Focus
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
Logging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch themLogging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch themMichael Gough
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsOddvar Moe
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdfMarlboroAbyad
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual AppliancesJeremy Brown
 
2018 Hacked Website Trends
2018 Hacked Website Trends2018 Hacked Website Trends
2018 Hacked Website TrendsSucuri
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 

Similar to Hacked - What do you do now? (20)

Uweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website ExploitsUweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website Exploits
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security Intro
 
WordPress Security - A Hacker's Guide - WordCamp 2019 Islamabad
WordPress Security - A Hacker's Guide - WordCamp 2019 IslamabadWordPress Security - A Hacker's Guide - WordCamp 2019 Islamabad
WordPress Security - A Hacker's Guide - WordCamp 2019 Islamabad
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented Defence
 
Заполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не оконченаЗаполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не окончена
 
Demystifying WordPress
Demystifying WordPressDemystifying WordPress
Demystifying WordPress
 
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in Practice
 
Logging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch themLogging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch them
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows Environments
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual Appliances
 
Confidence web
Confidence webConfidence web
Confidence web
 
2018 Hacked Website Trends
2018 Hacked Website Trends2018 Hacked Website Trends
2018 Hacked Website Trends
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 

More from Tony Perez

A Practical Security Framework for Website Owners
A Practical Security Framework for Website OwnersA Practical Security Framework for Website Owners
A Practical Security Framework for Website OwnersTony Perez
 
2017 WHD - Bridging the Divide Between Behavior and Security
2017 WHD - Bridging the Divide Between Behavior and Security2017 WHD - Bridging the Divide Between Behavior and Security
2017 WHD - Bridging the Divide Between Behavior and SecurityTony Perez
 
Accounting for Website Security in Higher Education
Accounting for Website Security in Higher EducationAccounting for Website Security in Higher Education
Accounting for Website Security in Higher EducationTony Perez
 
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersNavigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersTony Perez
 
Business of People - Lessons Learned Building a Remote Workforce
Business of People - Lessons Learned Building a Remote WorkforceBusiness of People - Lessons Learned Building a Remote Workforce
Business of People - Lessons Learned Building a Remote WorkforceTony Perez
 
Website Security (WordPress) - It's About the Basics
Website Security (WordPress) - It's About the BasicsWebsite Security (WordPress) - It's About the Basics
Website Security (WordPress) - It's About the BasicsTony Perez
 
Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)Tony Perez
 
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri SecurityWordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri SecurityTony Perez
 
Joomla! Day Atlanta 2014 - Website Security - The Basics
Joomla! Day Atlanta 2014 - Website Security - The BasicsJoomla! Day Atlanta 2014 - Website Security - The Basics
Joomla! Day Atlanta 2014 - Website Security - The BasicsTony Perez
 
Word press website security
Word press website securityWord press website security
Word press website securityTony Perez
 
WordPress Security - Dealing With Today's Hacks
WordPress Security - Dealing With Today's HacksWordPress Security - Dealing With Today's Hacks
WordPress Security - Dealing With Today's HacksTony Perez
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionTony Perez
 
Word camp orange county 2012 enduser security
Word camp orange county 2012 enduser securityWord camp orange county 2012 enduser security
Word camp orange county 2012 enduser securityTony Perez
 

More from Tony Perez (13)

A Practical Security Framework for Website Owners
A Practical Security Framework for Website OwnersA Practical Security Framework for Website Owners
A Practical Security Framework for Website Owners
 
2017 WHD - Bridging the Divide Between Behavior and Security
2017 WHD - Bridging the Divide Between Behavior and Security2017 WHD - Bridging the Divide Between Behavior and Security
2017 WHD - Bridging the Divide Between Behavior and Security
 
Accounting for Website Security in Higher Education
Accounting for Website Security in Higher EducationAccounting for Website Security in Higher Education
Accounting for Website Security in Higher Education
 
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersNavigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website Owners
 
Business of People - Lessons Learned Building a Remote Workforce
Business of People - Lessons Learned Building a Remote WorkforceBusiness of People - Lessons Learned Building a Remote Workforce
Business of People - Lessons Learned Building a Remote Workforce
 
Website Security (WordPress) - It's About the Basics
Website Security (WordPress) - It's About the BasicsWebsite Security (WordPress) - It's About the Basics
Website Security (WordPress) - It's About the Basics
 
Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)
 
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri SecurityWordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
 
Joomla! Day Atlanta 2014 - Website Security - The Basics
Joomla! Day Atlanta 2014 - Website Security - The BasicsJoomla! Day Atlanta 2014 - Website Security - The Basics
Joomla! Day Atlanta 2014 - Website Security - The Basics
 
Word press website security
Word press website securityWord press website security
Word press website security
 
WordPress Security - Dealing With Today's Hacks
WordPress Security - Dealing With Today's HacksWordPress Security - Dealing With Today's Hacks
WordPress Security - Dealing With Today's Hacks
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" Version
 
Word camp orange county 2012 enduser security
Word camp orange county 2012 enduser securityWord camp orange county 2012 enduser security
Word camp orange county 2012 enduser security
 

Recently uploaded

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 

Recently uploaded (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 

Hacked - What do you do now?

  • 3. • Website Security Company • Global Operations • Platform Agnostic (i.e., WordPress, Joomla, etc..) • Scan 2M Unique Domains a Month • Block 4M web attacks a Month • Remediate 400 – 500 websites a day • Signature / Heuristic Based • 24/7 operations @perezbox | @sucuri_security
  • 4. Implications of a Hack • Emotionally Daunting • Brand Reputation (i.e., Blacklisting) • Direct / Indirect Impacts to your Clients • Technically Exhausting • Resource Overload • Economic Impacts To Your Business @perezbox | @sucuri_security
  • 5. Most Common Hacks • Malicious Redirects (i.e., abuse your traffic) • Backdoors (i.e., Bypass Access Controls) • Phishing (i.e., Spear Phishing Campaigns) • Search Engine Poisoning (i.e., Pharma, etc…) @perezbox | @sucuri_security
  • 6. TIPS & TRICKS Clearing Up the Mess @perezbox | @sucuri_security
  • 7. Tools of the Trade • Terminal • FileZilla • Coda (Some IDE) • Scanners @perezbox | @sucuri_security
  • 9. Terminal • Example 1: Dump the content of a site $ curl --location -D - site.com • Example 2: Dump the content of a site, faking Googlebot user agent $ curl --location -D - -A "Googlebot" site.com • Example 3: Dump the content of a site, using Facebook's referrer $ curl --location -D - --referer "http://facebook.com" site.com Command Cheat Sheet: http://files.fosswire.com/2007/08/fwunixref.pdf@perezbox | @sucuri_security
  • 10. Curl Example @perezbox | @sucuri_security
  • 11. Terminal, cntd… • Grep $ grep --include "*.php" -r example.com ./ • Diff $ diff –qr /path/dir1 /path/dir2 • Find $ find ./ -name "*.php” $ find / -type f -mtime -7 (7 Days Fewer) $ find / -mmin -10 (last 10 minutes) • SED – Removing <iframe src=http://example.com></iframe> # sed -i".backup" 's#<iframe src=http://example.com></iframe>##' index.php • Combining Commands – Remove an iframe from all PHP files $ find ./ -name "*.php" -print0 | xargs -0 sed -i".backup" 's#<iframe src=http://example.com></iframe>##' @perezbox | @sucuri_security
  • 12. Online Scanners Unmask Parasites – http://unmaskparasites.com SiteCheck – http://sitecheck.sucuri.net @perezbox | @sucuri_security
  • 13. INFECTIONS What do they look like? @perezbox | @sucuri_security
  • 14. Malicious Redirect @perezbox | @sucuri_security
  • 15. Malicious Redirects • Easy / Medium to Detect – Be mindful of conditionals • Looking for Integrity Issues – Has something been modified? • Common location[s]: – .htaccess – Index.php – Footer.php – Header.php • Biggest Issue – Redirectors are becoming highly complex – Employing heavy conditional elements @perezbox | @sucuri_security
  • 17. Phishing, Cntd.. • Difficult to Detect Remotely • Looking for Integrity Issues – Is something somewhere it doesn’t belong? • Common location[s]: – WP-Includes – Theme Directories • Biggest Issue – It can be anywhere – Fully contained @perezbox | @sucuri_security
  • 19. Backdoors, cntd… • Can’t detect remotely, only locally • Looking for Integrity Issues – Is something somewhere it doesn’t belong? • Common location[s]: – WP-Includes – Root Directory • Biggest Issue – Allows attacker to bypass your access controls – Provides full control of the environment @perezbox | @sucuri_security • Common terms: – Is_bot – Eval – Base64_decode – Fopen – Fclose – readfile – Edoced_46esad – Exec – System – Shell_exec – Gzuncompress – popen – FilesMan grep -RPl --include=*.{php} "(system|exec|passthru|shell_exec|base64_decode|eval|) *(" /var/www
  • 20. Example of Complexity @perezbox | @sucuri_security
  • 21. Search Engine Poisoning @perezbox | @sucuri_security
  • 22. Backdoors, cntd… • Targets Search Engines (i.e., Google, Bing, Yahoo) • Looking for Integrity Issues – Have your posts / pages been modified? • Common location[s]: – Index.php (root, theme, plugins, etc..) – Header.php – Footer.php – Embedded in Database (Posts / Pages) • Biggest Issue – Continuous to evolve – Highly conditional – Not within visible range – often offscreen @perezbox | @sucuri_security
  • 23. Indicators of a Hack Search Engines have gotten pretty good at detecting issues – Google blacklists over 10 thousand websites a day. @perezbox | @sucuri_security
  • 24. Forensics • What happened? • When did it happen? • Will it happen again? @perezbox | @sucuri_security
  • 26. Improve your Posture Posture Risk You were just hacked, Posture is imperative right now!! @perezbox | @sucuri_security
  • 27. Good Posture Protection Auditing Detection Sustainment @perezbox | @sucuri_security
  • 28. Protection Website Firewalls - Stop attackers and protect your website from getting hacked: • Denial of Service Attacks • Brute Force Attacks • Software Vulnerability Exploitation • Malware Injections • Direct Backdoor Access • Abusing Access Controls (i.e., wp-admin) @perezbox | @sucuri_security
  • 29. Auditing • Understand what is going on at all time – Who is logging in? – Who is trying to log in? – What files are changing? – Has a post been created? – Has a page been created? – Are there any integrity issues? @perezbox | @sucuri_security
  • 30. Detection • Continuous Monitoring – Remote and Server Scans – Heuristic Analysis – Signature Analysis – Change Detection – DNS Reporting – WHOIS Monitoring – SSL Cert Monitoring @perezbox | @sucuri_security
  • 31. Sustainment • Updates • Backups • Dev / Design Team • Security Team @perezbox | @sucuri_security
  • 32. Reset Secret Key’s / Salts People don’t think about this, but it’s a necessity to clear any open states – it forces everyone off their session. Source: https://api.wordpress.org/secret-key/1.1/salt/ @perezbox | @sucuri_security
  • 33. Force Password Resets Many people will reset their password, few will actually reset everyone’s post-hack. @perezbox | @sucuri_security
  • 34. Sucuri Plugin @perezbox | @sucuri_security
  • 35. Clean Your House • Least Privileged – Reduce Unnecessary Privileges – everyone does not have to be an admin • Remove unused software – CMS Applications – Extensions (Themes, Plugins, etc..) @perezbox | @sucuri_security
  • 36. Basic Hardening  Disable PHP Execution  /wp-includes  /wp-content ▪ /themes ▪ /plugins ▪ /uploads << minimum <Files *.php> Deny from all </Files> @perezbox | @sucuri_security
  • 37. Connection Integrity – Public Wifi’s • https://www.getcloak.com/ | @getcloak @perezbox | @sucuri_security
  • 38. Good Reading Material Dealing with Malware http://blog.sucuri.net/2012/10/dealing-with-todays- wordpress-malware.html Leveraging Google Webmaster Tools http://www.unmaskparasites.com/malware- warning-guide/ Google Webmaster Tools (Hacked) http://www.google.com/webmasters/hacked/ Understanding Google’s Blacklists http://blog.sucuri.net/2013/11/understanding- googles-blacklist-cleaning-your-hacked-website-and- removing-from-blacklist.html Clearing Your Website with Free Scanner http://blog.sucuri.net/2013/10/cleaning-up-your- wordpress-site-with-the-free-sucuri-plugin.html WordPress Tips & Tricks http://blog.sucuri.net/2012/07/website-malware- removal-wordpress-tips-tricks.html Prepared against a Hack? http://www.smashingmagazine.com/2014/05/30/ar e-you-prepared-against-a-hack/ @perezbox | @sucuri_security
  • 39. PADS = Sucuri • Complete Website Security with Sucuri • WPSessions Attendees Only – 30% off any plan for life – Contact Tony: tony@sucuri.net – Reference: WPSESS2014 – Include: Email used in WPSessions Account @perezbox | @sucuri_security
  • 40. Sucuri, Inc. Tony Perez http://sucuri.net http://blog.sucuri.net @perezbox | @sucuri_security @perezbox | @sucuri_security