exploiting companies, the human side
TRANSCRIPT
![Page 1: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/1.jpg)
Exploiting companies...the human side!
Pawel Zorzan Urban @pawelzorzanLunedì 21 Novembre 2016
![Page 2: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/2.jpg)
Tutte le aziende che hanno involontariamente contribuito alla nostra ricerca!
B3rito – Mes3HackLab – Concept
m – Mes3HackLab – Testi vari
![Page 3: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/3.jpg)
Chi sono
Security Manager & Security Researcherhttps://www.wearesegment.com/
Socio Italian Grappahttps://www.italiangrappa.it/
Membro Mestre Hack Labhttp://mes3hacklab.org/
![Page 4: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/4.jpg)
Phishing
● Il phishing è un tipo di truffa effettuata su Internet attraverso la quale un malintenzionato cerca di ingannare la vittima convincendola a fornire informazioni personali, dati finanziari o codici di accesso, fingendosi un ente affidabile in una comunicazione digitale.
● Si tratta di una attività illegale che sfrutta una tecnica di ingegneria sociale: il malintenzionato effettua un invio massivo di messaggi di posta elettronica che imitano, nell'aspetto e nel contenuto, messaggi legittimi di fornitori di servizi; tali messaggi fraudolenti richiedono di fornire informazioni riservate come, ad esempio, il numero della carta di credito o la password per accedere ad un determinato servizio. Per la maggior parte è una truffa perpetrata usando la posta elettronica, ma non mancano casi simili che sfruttano altri mezzi, quali i messaggi SMS.
![Page 5: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/5.jpg)
Informazioni Ricevute
x.x.x.x - - [20/Nov/2016:08:12:21 -0700] "GET /1/ HTTP/1.1" 200 21234 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0\r"
● x.x.x.x- - [20/Nov/2016:08:12:21 -0700] "GET /2/ HTTP/1.1" 200 21197 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.101 Safari/537.36\r"
● x.x.x.x - - [20/Nov/2016:08:12:21 -0700] "GET /3/ HTTP/1.1" 200 21234 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.101 Safari/537.36\r"
● x.x.x.x - - [20/Nov/2016:08:12:21 -0700] "GET /4/ HTTP/1.1" 200 21197 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36\r"
● x.x.x.x - - [20/Nov/2016:08:12:21 -0700] "GET /5/ HTTP/1.1" 200 21234 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0\r"
● x.x.x.x - - [20/Nov/2016:08:12:21 -0700] "GET /6/ HTTP/1.1" 200 21197 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0\r"
● x.x.x.x - - [20/Nov/2016:08:12:22 -0700] "GET /7/ HTTP/1.1" 200 21234 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36\r"
● x.x.x.x - - [20/Nov/2016:08:12:21 -0700] "GET /8/ HTTP/1.1" 200 21234 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0\r"
● x.x.x.x - - [20/Nov/2016:08:12:21 -0700] "GET /9/ HTTP/1.1" 200 21234 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\r"
● x.x.x.x - - [20/Nov/2016:08:12:22 -0700] "GET /0/ HTTP/1.1" 200 21234 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0\r"
![Page 6: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/6.jpg)
Target : Hotel
![Page 7: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/7.jpg)
Target : Hotel
![Page 8: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/8.jpg)
Target : Hotel
![Page 9: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/9.jpg)
Target : Hotel
![Page 10: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/10.jpg)
Target : Centro Commerciale
![Page 11: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/11.jpg)
Target : Web Agency
![Page 12: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/12.jpg)
Target : BananaWare ;)
![Page 13: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/13.jpg)
Target : BananaWare ;)Connessione stabilita con Enrico Amarry.
A: ciao Enrico
mi può aiutare?
M: Buonasera, benvenuto al servizio commerciale online
Banana.
certamente
come?
A: un mio amico ha un computer della Banana
lo ha comprato attraverso il vostro sito
volevo chiederle se poteva aiutarmi
aspetta che chiedo a mio a amico il modello
...
non mi risponde però
mi può aiutare a trovarlo
sono imbranatissimo
è già un miracolo che abbia trovato la chat
![Page 14: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/14.jpg)
Target : BananaWare ;)
M: a voi cosa serve ?
A: un computer
ho trovato la foto su internet
questo qui
http://antani.esc/XfdTwB
è un bananawair
se non mi sbaglio
quello con la lucetta a forma di banana
M: si
Bananaware
....
![Page 15: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/15.jpg)
Target : Autoconcessionario
![Page 16: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/16.jpg)
Target : Giornale Locale
![Page 17: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/17.jpg)
Target : Azienda Trasporti
![Page 18: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/18.jpg)
Success Rate!
![Page 19: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/19.jpg)
Come Segnalare?!
https://www.commissariatodips.it/collabora.html
![Page 20: Exploiting companies, the Human Side](https://reader031.vdocuments.mx/reader031/viewer/2022021918/5885e8cc1a28ab906d8b78e1/html5/thumbnails/20.jpg)
Questions ?!?!