Hackers vs Hackers

Download Hackers vs Hackers

Post on 11-Apr-2017

339 views

Category:

Software

0 download

Embed Size (px)

TRANSCRIPT

  • Hackers vs. Hackersmarkku.kero@eqela.com

  • What can we (as software professionals) do about all this?

  • What security flaws?

  • Lifeisshort.Haveanaffair.Writeinsecuresoftware

  • Weakpasswords,APIaccesscredentials,tokens,privatekeys

  • So what?

  • If you were a hacker

  • tomakeiteasytosecurelyconfigureRailsapplications

  • This only makes sense if youthink like a HACKER

  • $d2j-dex2jar.sh-oclasses.jar classes.dex$java-jarjd-gui-1.4.0.jar

    public class MainActivity extends BaseActivity{

    Point size;private BroadcastReceiver terminatorReceiver = new BroadcastReceiver() {public void onReceive(Context paramAnonymousContext,

    Intent paramAnonymousIntent) {MainActivity.this.finish();

    }};int travel;int width;private void addFragments() {FragmentTransaction localFragmentTransaction =

    getSupportFragmentManager().beginTransaction();this.account = ((AccountFragment)getSupportFragmentManager()

    .findFragmentByTag("account"));if (this.account == null) {

    this.account = new AccountFragment();}

  • for i in "$HOME"/Music/iTunes/iTunes\Media/Mobile\ Applications/*.ipa; do echo $i; mkdir "$(basename "$i")" && cd "$(basename "$i")"; unzip "$i" >& /dev/null ; strings Payload/*.app/* 2> /dev/null | grep -i secret; cd ..; done

  • 001ac7d0 4d 49 53 53 49 4e 47 20 41 52 43 20 53 54 41 52001ac7e0 54 20 43 4f 4e 46 49 52 4d 3a 37 00 00 00 00 00001ac7f0 41 52 43 20 46 41 49 4c 55 52 45 3a 37 00 00 00001ac800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00001ac810 57 49 52 45 20 53 54 49 43 4b 20 37 2f 20 53 48001ac820 4f 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00001ac830 47 41 53 20 46 41 49 4c 55 52 45 20 28 52 45 53001ac840 54 41 52 54 29 3a 37 00 00 00 00 00 00 00 00 00001ac850 57 49 52 45 20 46 41 49 4c 55 52 45 20 28 52 45001ac860 53 54 41 52 54 29 3a 37 00 00 00 00 00 00 00 00001ac870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  • NOPCALL JOB:CUBE-1-GRUNDSTELLUNG'Position 1MOVJ C00000 BC00000 VJ=25.00MOVJ C00001 BC00001 VJ=25.00MACRO1 MJ#(11) ARGF25MOVL C00002 BC00002 V=166.7REFP 1 C00003 BC00003REFP 2 C00004 BC00004ARCONWVON WEV#(7)MOVL C00005 BC00005 V=6.7WVOFARCOFWAIT IN#(95)=OFFEND

    CNVRT PX031 PX031 UF#(40) TL#(B019)CNVRT PX032 PX032 UF#(40) TL#(B019)CNVRT PX030 PX030 UF#(40) TL#(B019)CNVRT PX033 PX033 UF#(40) TL#(B019)IFTHEN B0130

    MULMAT P035 P034 P053MULMAT P037 P036 P053 MULMAT P039 P038 P053

    ENDIFSET LI000 60SET LI001 0JUMP *DECKLAGE IF B011=0JUMP *komplex IF B0130MOVL P030 BP030 V=D003TIMER T=0.10MOVL P031 BP031 V=D003

  • Weakpasswords,APIaccesscredentials,tokens,privatekeys

  • What weak password?

  • Is your system or softwarevulnerable to hacking?

  • Is it being hacked right now?

  • Has it already been hacked?

  • How can you really understand the vulnerabilities in your own system?

  • Be a HACKER

  • Withgreatpower..

  • HackerOnewhoenjoysthe

    intellectualchallengeofcreativelyovercoming

    limitations.

  • HackerOnewhoenjoysthe

    intellectualchallengeofcreativelyovercoming

    limitations.

  • Where to hack?

  • BugBountyPrograms

    https://technet.microsoft.com/en-US/security/dn425036

    https://hackerone.com/yahoo

    https://www.google.com/about/appsecurity/programs-home/

    https://www.facebook.com/whitehat

  • BugBountyPrograms

  • markku.kero@eqela.com | @markkukero