20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security...
Transcript of 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security...
![Page 1: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/1.jpg)
TRUE | MANAGED HOSTING
ATTACKING WORDPRESS
LOOKING BACK
PresentatorEddie BijnenSecurity Engineer
![Page 2: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/2.jpg)
TRUE | MANAGED HOSTINGATTACKING WORDPRESS
Security engineer¿?!!
Penetratie testen
Ontwikkelen van security oplossingen
Opsporen van hacks
Abuse meldingen
![Page 3: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/3.jpg)
TRUE | MANAGED HOSTING
My website isn’t that interesting
ATTACKING WORDPRESS
![Page 4: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/4.jpg)
TRUE | MANAGED HOSTING
My website isn’t that interesting
DDoS
Cryptocoin-mining
Spam
Randsom
ATTACKING WORDPRESS
![Page 5: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/5.jpg)
TRUE | MANAGED HOSTING
Admin Panel Available
https://www.my-website.nl
/wp-login.php
Unlimited login attempts
Lack of HTTPS
ATTACKING WORDPRESS
![Page 6: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/6.jpg)
TRUE | MANAGED HOSTING
Password Reuse
Myspace
Linked-In
Adobe
Dropbox
220+ andere websites
ATTACKING WORDPRESS
![Page 7: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/7.jpg)
TRUE | MANAGED HOSTING
Am In Now What?
A valid admin is by default allowed to change files on disk.
ATTACKING WORDPRESS
![Page 8: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/8.jpg)
TRUE | MANAGED HOSTING
Backdoor in pirated software
ATTACKING WORDPRESS
![Page 9: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/9.jpg)
TRUE | MANAGED HOSTING
I know what you didn’t do last summer
ATTACKING WORDPRESS
![Page 10: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/10.jpg)
TRUE | MANAGED HOSTING
Vulnerable Plugins
ATTACKING WORDPRESS
![Page 11: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/11.jpg)
TRUE | MANAGED HOSTING
What are the risks
ATTACKING WORDPRESS
“Meldplicht” and possible fine from the Dutch Autoriteit persoonsgegevens
Brand reputation
Additional data cost
Blacklisting of domains
![Page 12: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks](https://reader035.fdocuments.in/reader035/viewer/2022071110/5fe5806586a9ce60e64025ba/html5/thumbnails/12.jpg)
TRUE | MANAGED HOSTING
https://haveibeenpwned.com/
https://premium.wpmudev.org/wp-checkup/
https://premium.wpmudev.org/blog/ultimate-wordpress-security-
checklist/
TITEL PRESENTATIE
Homework & Questions