dss itsec 2013 conference 07.11.2013 - gubarevich peter - ceh - insecurity of applications
DESCRIPTION
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.TRANSCRIPT
![Page 1: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/1.jpg)
Application Insecurity
Presented by Peter Gubarevich
MCT, CCSI, MVP: Enterprise Security
Certified EC-Council Instructor
Certified Ethical Hacker
![Page 2: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/2.jpg)
2 Agenda
Most common attacks vectors today
Demo: Exploiting Mozilla Firefox Remote Code Execution vulnerability
Demo: Exploiting Adobe Flash and Oracle Java vulnerabilities
Demo: Exploiting Adobe Reader and Foxit Reader vulnerabilities
Certified Ethical Hacker v8 Course Contents
Q&A
![Page 3: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/3.jpg)
3Quick Statistics+5 to Knowledge Skill
![Page 4: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/4.jpg)
4 Industry-wide operating system, browser, and application vulnerabilities, 2H10–1H13
Source: Microsoft Security Intelligence Report vol.15
![Page 5: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/5.jpg)
5 Drive-by download: Latvia is the world’s 2nd with 6.6 drive-by URLs for every 1,000 URLs
Source: Microsoft Security Intelligence Report vol.15
![Page 6: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/6.jpg)
6
A surprising number of administrators and end-users only update Operating Systems,
while leaving Browsers, Plugins and Office Suits unpatched.Now let’s see what hacker can do with this software.
![Page 7: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/7.jpg)
7
Demo: exploiting Firefox vulnerabilityActually, it’s about any of your favorite browsers
![Page 8: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/8.jpg)
8
Demo: exploiting Flash Player & JavaRemote Code Execution that even bypasses sandbox
![Page 9: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/9.jpg)
9
Demo: exploiting popular PDF readersBecause 0wning browser is not enough
![Page 10: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/10.jpg)
10
Ethical Hacking and Countermeasures v8+8 to Attack Skill
![Page 11: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/11.jpg)
11 CEHv8 Contents at a GlanceANSI 17024-accredited course
Ethical Hacking
Scanning Networks and Enumeration
System Hacking
Trojans, Viruses and Worms
Sniffing Networks
Cross-Site Scripting Attacks
SQL Injection
Buffer Overflow
Countermeasures
Limiting Privileges
Managing Updates
Application Whitelisting
Implementing Cryptography
Securing Traffic with IPSec
… and more
![Page 12: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/12.jpg)
12 EC-Council Accredited Training Center New Horizons Latvia
To enroll for your CEH training,
call: +371 67847600, mail to: [email protected]
or visit: Elizabetes 65-10, Rīga, Latvia
![Page 13: DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications](https://reader035.vdocuments.mx/reader035/viewer/2022062702/554a52a5b4c905572f8b49b1/html5/thumbnails/13.jpg)
Q&A