SlideShare a Scribd company logo

Practical White Hat Hacker Training #1 Overview

PRISMA CSI
PRISMA CSI

This document provides an overview of PRISMA, a cyber security consultancy firm. It discusses PRISMA's penetration testing and training services. It also covers topics related to penetration testing like methodologies, career paths in cyber security, and certifications. The document is intended to introduce PRISMA's services and activities to potential clients or training participants.

Education
1 of 55
www.prismacsi.com © All Rights Reserved. 11 Practical White Hat Hacker Training #1 Introduction This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
www.prismacsi.com © All Rights Reserved. 22 Introduction
www.prismacsi.com © All Rights Reserved. 33 PRISMA : Overview • Cyber security consultancy to over 100 companies in a period of over 5 years • Over 300 penetration testing projects • More than 50 training projects • The organizers and founders of some of the most important teams and activities in the country • Octosec • Canyoupwnme • Hacktrick Cyber Security Conference • Game of Pwners CTF • Hacker Camp
www.prismacsi.com © All Rights Reserved. 44 • Penetration Testing Services • Cyber Security Training • Consultancy services • Research and Development • Cyber Army Infrastructure Systems PRISMA : Activities
www.prismacsi.com © All Rights Reserved. 55 • Network Penetration Test • Web Application Penetration Test • Mobile Application Penetration Test • Banking Regulation and Supervision Agency (BRSA) Compliant Penetration Test • Distributed Denial-of-Service (DDoS) Test • Load and Stress Test • Social EngineeringTest • SCADA Penetration Test • Red Team Penetration Test • APT Attack Simulation • Mail Gateway Security Test • Physical Penetration Test Penetration Tests
www.prismacsi.com © All Rights Reserved. 66 • Practical White Hat Hacker Training • Network Penetration Test Training • Wireless Network Penetration Test Training • Mobile Application Security Training • Web Application Security Training • Advanced Penetration Test Training • DoS & DDoS Attacks and Protection Training • Vulnerability Management Training • Secure Software Development Training • Linux System Hardening Training • Basic Linux Training Trainings
www.prismacsi.com © All Rights Reserved. 77 • Source Code Analysis • Product / Project Consultancy • Vulnerability Management • HR - Recruitment Processes Technical Competence Analysis Consultancy
www.prismacsi.com © All Rights Reserved. 88 Let’s get to know a little about each other… Introduction
www.prismacsi.com © All Rights Reserved. 99 Topics
www.prismacsi.com © All Rights Reserved. 1010 Cyber Security Basics Appendix: Basic Network Information Appendix: Basic Linux Information Passive Information Collection Active Information Collection Vulnerability Discovery Post Exploitation Stage Exploit Stage Network Based Attacks Password Cracking Attacks Agenda
www.prismacsi.com © All Rights Reserved. 1111 Web Application Security Wireless Network Security IPS / IDS / WAF Evasion Techniques Social Engineering Agenda
www.prismacsi.com © All Rights Reserved. 1212 Cyber Security Basics
www.prismacsi.com © All Rights Reserved. 1313 Information Security There are 3 important criteria for information security; • Confidentiality • Integrity • Availability Availability Confidentiality Integrity Security Model
www.prismacsi.com © All Rights Reserved. 1414 Confidentiality • Information should only be accessible to the person or system that is allowed to access it. • Information being able to be read, written and changed by persons other than the targeted endangers this principle. • Important events experienced in the past.
www.prismacsi.com © All Rights Reserved. 1515 Integrity • Consistent transmission of information from the source to the targeted point without any change in its original form. • Partial corruption or partial altering of the original information means that its integrity has been compromised • Important events experienced in the past.
www.prismacsi.com © All Rights Reserved. 1616 Availibility • Information should be accessible and available whenever it is required by an authorized person or system. • DoS , DDoS attacks endanger this principle. • Important events experienced in the past.
www.prismacsi.com © All Rights Reserved. 1717 The Hacking Concept Hacking has more than one meaning; • Use of systems / hardware / software in ways other than the originally intended • Producing a solution for a problem can also be called hacking • Software Piracy = Media language
www.prismacsi.com © All Rights Reserved. 1818 Then who is a hacker? • According to MIT a hacker is any person working on information systems. • Computer Hacker • General description: a person who performs hacks • What’s a hack?
www.prismacsi.com © All Rights Reserved. 1919 Concepts • Penetration Test, Pentest Attempt by hackers to infiltrate targeted systems using various tools and techniques, thereafter reporting all identified vulnerabilities in detail. • Pentester, Penetration Test expert The person who implements/applies the concept of penetration testing and develops themsselves in the field of cyber security. Keeps track of current techniques and researches carried out by hackers hence stays up to date.
www.prismacsi.com © All Rights Reserved. 2020 Concepts • Hacker • White Hat Hacker • Black Hat Hacker • Grey Hat Hacker • Script Kiddie • Cracker
www.prismacsi.com © All Rights Reserved. 2121 General Information on Penetration Testing • Areas • Network Penetration Testing • Web Application Penetration Testing • Mobile Application Penetration Testing • Critical Infrastructure Systems Penetration Testing • DDoS and Load Tests • Risk Analysis • Vulnerability Scanning
www.prismacsi.com © All Rights Reserved. 2222 Types of Penetration Tests • Black Box • Grey Box • White Box
www.prismacsi.com © All Rights Reserved. 2323 Penetration Tests VULNERABILITY SCANNING VS PENETRATION TESTING
www.prismacsi.com © All Rights Reserved. 2424 Cyber Killchain Privilege Escalation Covering Footprints Exploitation Vulnerability Discovery Information Gathering
www.prismacsi.com © All Rights Reserved. 2525 Penetration Test Methodologies • OWASP • Web Security Tests • Mobile Application Security Tests • IoT Security Tests • OSSTMM • Open Source Security Testing Methodology Manual • Pentest-Standard
www.prismacsi.com © All Rights Reserved. 2626 Penetration Test Methodologies • OWASP – Web Application Penetration Testing
www.prismacsi.com © All Rights Reserved. 2727 Penetration Test Methodologies • OSSTMM - http://www.isecom.org/mirror/OSSTMM.3.pdf
www.prismacsi.com © All Rights Reserved. 2828 Penetration Test Report • Tools Used • Discovered devices • Topology • Vulnerabilities • Exploitation methods • Reachable endpoint • Risks • Defense methods • Attack combinations
www.prismacsi.com © All Rights Reserved. 2929 Career in Cyber Security • Offensive • Penetration Testing Expert • Network Penetration Testing Expert • Web Application Penetration Testing Expert • Mobile Application Penetration Testing Expert • Exploit Development • Malware Development
www.prismacsi.com © All Rights Reserved. 3030 Career in Cyber Security • Defensive • SOC – Security Operation Center – Analyst • Forensics Expert • System Security Expert • Vulnerability Management Specialist • Software Security Expert • Malware Analyst
www.prismacsi.com © All Rights Reserved. 3131 Certification Programs • CEH – Certified Ethical Hacker • TSE White Hat Hacker • OSCP – Offensive Security Certified Professional • OSCE – Offensive Security Certified Expert • GWAPT – GIAC Web Application Penetration Tester • GPEN – GIAC Penetration Tester
www.prismacsi.com © All Rights Reserved. 3232 Types of Cyber Attacks by Country • Turkey • Russia • America • Germany • China
www.prismacsi.com © All Rights Reserved. 3333 Turkey • Fraud attacks • Using and writing of malware • Social engineering attacks
www.prismacsi.com © All Rights Reserved. 3434 Russia • Writing and spreading of exploit kits • Malware • Banking attacks • ATM attacks
www.prismacsi.com © All Rights Reserved. 3535 Germany • Exploit Kit / 0day development • Malware • Underground activities • Hackers meeting point • Chaos Computer Club
www.prismacsi.com © All Rights Reserved. 3636 America • Software development • Technology development • APT / 0day development • Cyber war activities • Case of Stuxnet
www.prismacsi.com © All Rights Reserved. 3737 China • Malicious software • Automated software • Nationalist hacker groups • APT / 0day / Exploit development • Cyber war activities
www.prismacsi.com © All Rights Reserved. 3838 Chronology 2010 2018 China's largest search engine Baidu hacked. 2010 DDoS attack affects internet access. 2013 Russia halts Internet access in Estonia 2007 Morris Worm goes online 1998 1998 After the attacks in Gaza, Israel suffered cyber attacks, 5 million websites were hacked. 2009 Stuxnet is out in the wild. 2010 Wannacry paralyzes life all over the world. 2017
www.prismacsi.com © All Rights Reserved. 3939 News https://securityintelligence.com/are-ransomware-attacks-rising-or-falling/
www.prismacsi.com © All Rights Reserved. 4040 Cyber Attacker Profile • Hacker • Target-oriented cyber attack • Government / State-backed cyber attack • Religion / Racial sympathy • Ego satisfaction • Competitors and unfair competition oriented attacks • Cyberterrorism
www.prismacsi.com © All Rights Reserved. 4141 Cyber Attacker Profile • Untrained staff (risk of involuntary attacks) • A fired person X • Insider
www.prismacsi.com © All Rights Reserved. 4242 Cyber Attacker Profile • Malware attacks • If it is target based an APT may be the most likely attacker. • Any malware can affect your systems in some way. • These malware can include a system into a botnet.
www.prismacsi.com © All Rights Reserved. 4343 Cyber Attack Losses • In the past only prestige was lost. • Changing the interface of pages (Defacement) • Today financial loss is the most common form of loss. • After Denial-of-Service attacks companies may experience a service outage or interruption.
www.prismacsi.com © All Rights Reserved. 4444 Some Cyber Security Defense Mechanisms • Security Firewalls • Antivirus • SSL • Intrusion Detection System (IDS) • Intrusion Prevention Systems (IPS) • Security Information and Event Management (SIEM) • Content Filter
www.prismacsi.com © All Rights Reserved. 4545 Some Cyber Security Defense Mechanisms • Web Application Firewall (WAF) • Data Leakage Prevention (DLP) • Advanced Cyber Threat Detection (APT Protection) • Deep Packet Inspection (DPI) • Security Operations Center (SOC)
www.prismacsi.com © All Rights Reserved. 4646 Basic Terminologies • Cryptology. • Password science. • Steganography • Science of hiding data in plain sight. • Encoding • The process of converting data into a different format.. • Base64
www.prismacsi.com © All Rights Reserved. 4747 Terminology • Hash • It is data converted into a unique form. • Data length is fixed. (MD5 32 character) • MD5 • SHA512 • Hash Cracking Attacks • Unidirectional • Wordlist • Rainbow Table
www.prismacsi.com © All Rights Reserved. 4848 Basic Terminologies • Base64 - Encoding • PRISMA -> UFJJU01B • PRISMACSI -> UFJJU01BQ1NJ • UFJJU01B -> PRISMA • UFJJU01BQ1NJ –> PRISMACSI • MD5 • PRISMA -> c636499e580a2d1c4d96af7aacb67ec3 • PRISMACSI -> be92422ae4a6ebba10d743a6213b9793
www.prismacsi.com © All Rights Reserved. 4949 Anonymity Why the need? • They want to hide their personal data. • They want to hide their identity. • They want to hide site preferences. • They have adopted the concept of free internet.
www.prismacsi.com © All Rights Reserved. 5050 Anonymity Communication • Whatsapp • Telegram • Signal • IRC • Jabber
www.prismacsi.com © All Rights Reserved. 5151 Anonymity Deep Web • Underground • Deepweb • Darkweb Area where hackers share information.
www.prismacsi.com © All Rights Reserved. 5252 Anonymity Deep Web • Chaos Network • DN42 • Freenet • Anonet • Tor
www.prismacsi.com © All Rights Reserved. 5353 Demo Practice
www.prismacsi.com © All Rights Reserved. 5454 Questions ?
www.prismacsi.com © All Rights Reserved. 5555 www.prismacsi.com info@prismacsi.com 0 850 303 85 35 /prismacsi Contacts

Recommended

Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPRISMA CSI
 
Practical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - ExploitationPractical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - ExploitationPRISMA CSI
 
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPRISMA CSI
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCanSecWest
 
Web security for developers
Web security for developersWeb security for developers
Web security for developersSunny Neo
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCanSecWest
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
 

Recommended

Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPRISMA CSI
 
Practical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - ExploitationPractical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - ExploitationPRISMA CSI
 
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPRISMA CSI
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCanSecWest
 
Web security for developers
Web security for developersWeb security for developers
Web security for developersSunny Neo
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCanSecWest
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCanSecWest
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCanSecWest
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows toolIntroducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows toolMichael Gough
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active DirectorySunny Neo
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
Shamoon
ShamoonShamoon
ShamoonShakacon
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud HackNotSoSecure Global Services
 
Coporate Espionage
Coporate EspionageCoporate Espionage
Coporate EspionageUTD Computer Security Group
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Network security
Network securityNetwork security
Network securitySri Manakula Vinayagar Engineering College
 

More Related Content

What's hot

CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCanSecWest
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCanSecWest
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows toolIntroducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows toolMichael Gough
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active DirectorySunny Neo
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 

What's hot (20)

CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
 
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows toolIntroducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active Directory
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
 
Shamoon
ShamoonShamoon
Shamoon
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
 
Coporate Espionage
Coporate EspionageCoporate Espionage
Coporate Espionage
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
 

Similar to Practical White Hat Hacker Training #1 Overview

Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalImperva
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHostway|HOSTING
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016Tudor Damian
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud securityPeter Wood
 

Similar to Practical White Hat Hacker Training #1 Overview (20)

Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Network security
Network securityNetwork security
Network security
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack Survival
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
 
2016 to 2021
2016 to 20212016 to 2021
2016 to 2021
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years.
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
 

More from PRISMA CSI

Sysmon ile Log Toplama
Sysmon ile Log ToplamaSysmon ile Log Toplama
Sysmon ile Log ToplamaPRISMA CSI
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma SaldırılarıBeyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma SaldırılarıPRISMA CSI
 
Sızma Testi Metodolojileri
Sızma Testi MetodolojileriSızma Testi Metodolojileri
Sızma Testi MetodolojileriPRISMA CSI
 
Sızma (Penetrasyon) Testi Nedir?
Sızma (Penetrasyon) Testi Nedir?Sızma (Penetrasyon) Testi Nedir?
Sızma (Penetrasyon) Testi Nedir?PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit AşamasıBeyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit AşamasıPRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet KeşfiBeyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet KeşfiPRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit AşamasıBeyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit AşamasıPRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi ToplamaBeyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi ToplamaPRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik TemelleriBeyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik TemelleriPRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)PRISMA CSI
 
Kaynak Kod Analiz Süreci
Kaynak Kod Analiz SüreciKaynak Kod Analiz Süreci
Kaynak Kod Analiz SüreciPRISMA CSI
 

More from PRISMA CSI (12)

Sysmon ile Log Toplama
Sysmon ile Log ToplamaSysmon ile Log Toplama
Sysmon ile Log Toplama
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma SaldırılarıBeyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
 
Sızma Testi Metodolojileri
Sızma Testi MetodolojileriSızma Testi Metodolojileri
Sızma Testi Metodolojileri
 
Sızma (Penetrasyon) Testi Nedir?
Sızma (Penetrasyon) Testi Nedir?Sızma (Penetrasyon) Testi Nedir?
Sızma (Penetrasyon) Testi Nedir?
 
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit AşamasıBeyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
 
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet KeşfiBeyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
 
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit AşamasıBeyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
 
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi ToplamaBeyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
 
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik TemelleriBeyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
 
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
 
Kaynak Kod Analiz Süreci
Kaynak Kod Analiz SüreciKaynak Kod Analiz Süreci
Kaynak Kod Analiz Süreci
 

Recently uploaded

Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 

Recently uploaded (20)

Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 

Practical White Hat Hacker Training #1 Overview

  • 1. www.prismacsi.com © All Rights Reserved. 11 Practical White Hat Hacker Training #1 Introduction This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
  • 2. www.prismacsi.com © All Rights Reserved. 22 Introduction
  • 3. www.prismacsi.com © All Rights Reserved. 33 PRISMA : Overview • Cyber security consultancy to over 100 companies in a period of over 5 years • Over 300 penetration testing projects • More than 50 training projects • The organizers and founders of some of the most important teams and activities in the country • Octosec • Canyoupwnme • Hacktrick Cyber Security Conference • Game of Pwners CTF • Hacker Camp
  • 4. www.prismacsi.com © All Rights Reserved. 44 • Penetration Testing Services • Cyber Security Training • Consultancy services • Research and Development • Cyber Army Infrastructure Systems PRISMA : Activities
  • 5. www.prismacsi.com © All Rights Reserved. 55 • Network Penetration Test • Web Application Penetration Test • Mobile Application Penetration Test • Banking Regulation and Supervision Agency (BRSA) Compliant Penetration Test • Distributed Denial-of-Service (DDoS) Test • Load and Stress Test • Social EngineeringTest • SCADA Penetration Test • Red Team Penetration Test • APT Attack Simulation • Mail Gateway Security Test • Physical Penetration Test Penetration Tests
  • 6. www.prismacsi.com © All Rights Reserved. 66 • Practical White Hat Hacker Training • Network Penetration Test Training • Wireless Network Penetration Test Training • Mobile Application Security Training • Web Application Security Training • Advanced Penetration Test Training • DoS & DDoS Attacks and Protection Training • Vulnerability Management Training • Secure Software Development Training • Linux System Hardening Training • Basic Linux Training Trainings
  • 7. www.prismacsi.com © All Rights Reserved. 77 • Source Code Analysis • Product / Project Consultancy • Vulnerability Management • HR - Recruitment Processes Technical Competence Analysis Consultancy
  • 8. www.prismacsi.com © All Rights Reserved. 88 Let’s get to know a little about each other… Introduction
  • 9. www.prismacsi.com © All Rights Reserved. 99 Topics
  • 10. www.prismacsi.com © All Rights Reserved. 1010 Cyber Security Basics Appendix: Basic Network Information Appendix: Basic Linux Information Passive Information Collection Active Information Collection Vulnerability Discovery Post Exploitation Stage Exploit Stage Network Based Attacks Password Cracking Attacks Agenda
  • 11. www.prismacsi.com © All Rights Reserved. 1111 Web Application Security Wireless Network Security IPS / IDS / WAF Evasion Techniques Social Engineering Agenda
  • 12. www.prismacsi.com © All Rights Reserved. 1212 Cyber Security Basics
  • 13. www.prismacsi.com © All Rights Reserved. 1313 Information Security There are 3 important criteria for information security; • Confidentiality • Integrity • Availability Availability Confidentiality Integrity Security Model
  • 14. www.prismacsi.com © All Rights Reserved. 1414 Confidentiality • Information should only be accessible to the person or system that is allowed to access it. • Information being able to be read, written and changed by persons other than the targeted endangers this principle. • Important events experienced in the past.
  • 15. www.prismacsi.com © All Rights Reserved. 1515 Integrity • Consistent transmission of information from the source to the targeted point without any change in its original form. • Partial corruption or partial altering of the original information means that its integrity has been compromised • Important events experienced in the past.
  • 16. www.prismacsi.com © All Rights Reserved. 1616 Availibility • Information should be accessible and available whenever it is required by an authorized person or system. • DoS , DDoS attacks endanger this principle. • Important events experienced in the past.
  • 17. www.prismacsi.com © All Rights Reserved. 1717 The Hacking Concept Hacking has more than one meaning; • Use of systems / hardware / software in ways other than the originally intended • Producing a solution for a problem can also be called hacking • Software Piracy = Media language
  • 18. www.prismacsi.com © All Rights Reserved. 1818 Then who is a hacker? • According to MIT a hacker is any person working on information systems. • Computer Hacker • General description: a person who performs hacks • What’s a hack?
  • 19. www.prismacsi.com © All Rights Reserved. 1919 Concepts • Penetration Test, Pentest Attempt by hackers to infiltrate targeted systems using various tools and techniques, thereafter reporting all identified vulnerabilities in detail. • Pentester, Penetration Test expert The person who implements/applies the concept of penetration testing and develops themsselves in the field of cyber security. Keeps track of current techniques and researches carried out by hackers hence stays up to date.
  • 20. www.prismacsi.com © All Rights Reserved. 2020 Concepts • Hacker • White Hat Hacker • Black Hat Hacker • Grey Hat Hacker • Script Kiddie • Cracker
  • 21. www.prismacsi.com © All Rights Reserved. 2121 General Information on Penetration Testing • Areas • Network Penetration Testing • Web Application Penetration Testing • Mobile Application Penetration Testing • Critical Infrastructure Systems Penetration Testing • DDoS and Load Tests • Risk Analysis • Vulnerability Scanning
  • 22. www.prismacsi.com © All Rights Reserved. 2222 Types of Penetration Tests • Black Box • Grey Box • White Box
  • 23. www.prismacsi.com © All Rights Reserved. 2323 Penetration Tests VULNERABILITY SCANNING VS PENETRATION TESTING
  • 24. www.prismacsi.com © All Rights Reserved. 2424 Cyber Killchain Privilege Escalation Covering Footprints Exploitation Vulnerability Discovery Information Gathering
  • 25. www.prismacsi.com © All Rights Reserved. 2525 Penetration Test Methodologies • OWASP • Web Security Tests • Mobile Application Security Tests • IoT Security Tests • OSSTMM • Open Source Security Testing Methodology Manual • Pentest-Standard
  • 26. www.prismacsi.com © All Rights Reserved. 2626 Penetration Test Methodologies • OWASP – Web Application Penetration Testing
  • 27. www.prismacsi.com © All Rights Reserved. 2727 Penetration Test Methodologies • OSSTMM - http://www.isecom.org/mirror/OSSTMM.3.pdf
  • 28. www.prismacsi.com © All Rights Reserved. 2828 Penetration Test Report • Tools Used • Discovered devices • Topology • Vulnerabilities • Exploitation methods • Reachable endpoint • Risks • Defense methods • Attack combinations
  • 29. www.prismacsi.com © All Rights Reserved. 2929 Career in Cyber Security • Offensive • Penetration Testing Expert • Network Penetration Testing Expert • Web Application Penetration Testing Expert • Mobile Application Penetration Testing Expert • Exploit Development • Malware Development
  • 30. www.prismacsi.com © All Rights Reserved. 3030 Career in Cyber Security • Defensive • SOC – Security Operation Center – Analyst • Forensics Expert • System Security Expert • Vulnerability Management Specialist • Software Security Expert • Malware Analyst
  • 31. www.prismacsi.com © All Rights Reserved. 3131 Certification Programs • CEH – Certified Ethical Hacker • TSE White Hat Hacker • OSCP – Offensive Security Certified Professional • OSCE – Offensive Security Certified Expert • GWAPT – GIAC Web Application Penetration Tester • GPEN – GIAC Penetration Tester
  • 32. www.prismacsi.com © All Rights Reserved. 3232 Types of Cyber Attacks by Country • Turkey • Russia • America • Germany • China
  • 33. www.prismacsi.com © All Rights Reserved. 3333 Turkey • Fraud attacks • Using and writing of malware • Social engineering attacks
  • 34. www.prismacsi.com © All Rights Reserved. 3434 Russia • Writing and spreading of exploit kits • Malware • Banking attacks • ATM attacks
  • 35. www.prismacsi.com © All Rights Reserved. 3535 Germany • Exploit Kit / 0day development • Malware • Underground activities • Hackers meeting point • Chaos Computer Club
  • 36. www.prismacsi.com © All Rights Reserved. 3636 America • Software development • Technology development • APT / 0day development • Cyber war activities • Case of Stuxnet
  • 37. www.prismacsi.com © All Rights Reserved. 3737 China • Malicious software • Automated software • Nationalist hacker groups • APT / 0day / Exploit development • Cyber war activities
  • 38. www.prismacsi.com © All Rights Reserved. 3838 Chronology 2010 2018 China's largest search engine Baidu hacked. 2010 DDoS attack affects internet access. 2013 Russia halts Internet access in Estonia 2007 Morris Worm goes online 1998 1998 After the attacks in Gaza, Israel suffered cyber attacks, 5 million websites were hacked. 2009 Stuxnet is out in the wild. 2010 Wannacry paralyzes life all over the world. 2017
  • 39. www.prismacsi.com © All Rights Reserved. 3939 News https://securityintelligence.com/are-ransomware-attacks-rising-or-falling/
  • 40. www.prismacsi.com © All Rights Reserved. 4040 Cyber Attacker Profile • Hacker • Target-oriented cyber attack • Government / State-backed cyber attack • Religion / Racial sympathy • Ego satisfaction • Competitors and unfair competition oriented attacks • Cyberterrorism
  • 41. www.prismacsi.com © All Rights Reserved. 4141 Cyber Attacker Profile • Untrained staff (risk of involuntary attacks) • A fired person X • Insider
  • 42. www.prismacsi.com © All Rights Reserved. 4242 Cyber Attacker Profile • Malware attacks • If it is target based an APT may be the most likely attacker. • Any malware can affect your systems in some way. • These malware can include a system into a botnet.
  • 43. www.prismacsi.com © All Rights Reserved. 4343 Cyber Attack Losses • In the past only prestige was lost. • Changing the interface of pages (Defacement) • Today financial loss is the most common form of loss. • After Denial-of-Service attacks companies may experience a service outage or interruption.
  • 44. www.prismacsi.com © All Rights Reserved. 4444 Some Cyber Security Defense Mechanisms • Security Firewalls • Antivirus • SSL • Intrusion Detection System (IDS) • Intrusion Prevention Systems (IPS) • Security Information and Event Management (SIEM) • Content Filter
  • 45. www.prismacsi.com © All Rights Reserved. 4545 Some Cyber Security Defense Mechanisms • Web Application Firewall (WAF) • Data Leakage Prevention (DLP) • Advanced Cyber Threat Detection (APT Protection) • Deep Packet Inspection (DPI) • Security Operations Center (SOC)
  • 46. www.prismacsi.com © All Rights Reserved. 4646 Basic Terminologies • Cryptology. • Password science. • Steganography • Science of hiding data in plain sight. • Encoding • The process of converting data into a different format.. • Base64
  • 47. www.prismacsi.com © All Rights Reserved. 4747 Terminology • Hash • It is data converted into a unique form. • Data length is fixed. (MD5 32 character) • MD5 • SHA512 • Hash Cracking Attacks • Unidirectional • Wordlist • Rainbow Table
  • 48. www.prismacsi.com © All Rights Reserved. 4848 Basic Terminologies • Base64 - Encoding • PRISMA -> UFJJU01B • PRISMACSI -> UFJJU01BQ1NJ • UFJJU01B -> PRISMA • UFJJU01BQ1NJ –> PRISMACSI • MD5 • PRISMA -> c636499e580a2d1c4d96af7aacb67ec3 • PRISMACSI -> be92422ae4a6ebba10d743a6213b9793
  • 49. www.prismacsi.com © All Rights Reserved. 4949 Anonymity Why the need? • They want to hide their personal data. • They want to hide their identity. • They want to hide site preferences. • They have adopted the concept of free internet.
  • 50. www.prismacsi.com © All Rights Reserved. 5050 Anonymity Communication • Whatsapp • Telegram • Signal • IRC • Jabber
  • 51. www.prismacsi.com © All Rights Reserved. 5151 Anonymity Deep Web • Underground • Deepweb • Darkweb Area where hackers share information.
  • 52. www.prismacsi.com © All Rights Reserved. 5252 Anonymity Deep Web • Chaos Network • DN42 • Freenet • Anonet • Tor
  • 53. www.prismacsi.com © All Rights Reserved. 5353 Demo Practice
  • 54. www.prismacsi.com © All Rights Reserved. 5454 Questions ?
  • 55. www.prismacsi.com © All Rights Reserved. 5555 www.prismacsi.com info@prismacsi.com 0 850 303 85 35 /prismacsi Contacts