Digital security

24
DIGITAL SECURITY Marc Rivero López

TAGS:

Transcript of Digital security

Page 1: Digital security

DIGITAL SECURITYMarc Rivero López

Page 2: Digital security

About me…

• E-crime intelligence

analyst

• Fraud researcher

• Crazy Drummer

• DragonJAR, Flu-

Project, Security by

Default

@seifreed

Page 3: Digital security

Índice de la charla

• Metodología

• Fingerprinting

• Intrusión por el aire

• Ya estamos dentro

• Recogida de información

Page 4: Digital security

Metodología

• El estudio o elección de un método

pertinente para un determinado objetivo

• Checklist

• Resultados

Page 5: Digital security

Footprinting/Fingerprinting

• Extracción de información pública

• Metadatos

• Google Hacking

• Bing Hacking

• Escaneo de servicios/puertos

• Etc…

Page 6: Digital security

Metadatos

• Información que se almacena

en los documentos: office, imágenes, PDF

• Información sobre el autor,

versión de software, fecha de creación,

usuario propietario del documento

Page 7: Digital security

Ejemplos de metadatos

• Hacker capturado por

culpa de los

metadatos

• Información EXIF

Page 8: Digital security

Ejemplos de metadatos

• "CENATIC es el Centro Nacional de Referencia de Aplicación

de las Tecnologías de la Información y la Comunicación

(TIC) basadas en fuentes abiertas."

Page 9: Digital security

Ejemplos de metadatos

• Guía de instalación de Linux,

Page 10: Digital security

Ejemplos de metadatos

• Jhon Macafee capturado por los metadatos

Page 11: Digital security

Información de la red corporativa

Page 12: Digital security

Versiones de software

Page 13: Digital security

Google Hacking/Bing Hacking

Page 14: Digital security

Intrusión desde el aire

• Elección del

objetivo

Page 15: Digital security

Intrusión desde el aire

• Autenticación

falsa contra

el AP

• Inyección de

paquetes

Page 16: Digital security

Intrusión desde el aire

CLAVE CONSEGUIDA!!!!

Page 17: Digital security

Ya estamos dentro

• Equipos

Internos

• Direccione

s IP

• Tipos de

dispositivo

s

Page 18: Digital security

Ya estamos dentro

• 2010-07-24 00:36:26,739 SECURE

POST Data (www.google.com):

ltmpl=default&ltmplcache=2&continue=

http%3A%2F%2Fmail.google.com%2F

mail%2F%3F&service=mail&rm=false&

dsh=6669774865561864179&ltmpl=def

ault&ltmpl=default&scc=1&timeStmp=&

secTok=&GALX=dPSLG5jykg8&Email=

mriverolopez&Passwd=CONTRASEÑ

A&rmShown=1&signIn=Acceder&asts=

• Captura de credenciales

Page 19: Digital security

Ya estamos dentro

• Descubrimiento

de equipos

Page 20: Digital security

Ya estamos dentro

• Objetivos

interesante

s…

Page 21: Digital security

Ya estamos dentro

Page 22: Digital security

Recogida de información

Page 23: Digital security

Recogida de información

Page 24: Digital security

¿Preguntas?

Marc Rivero López

@seifreed

[email protected]

http://seifreed.com

mailto:[email protected]

Smart Card Digital Security Initiative Charles Cagliostro Executive Director of Digital Security Initiative ccagliostro@smarcardalliance.org.

Smart Card Digital Security Initiative Charles Cagliostro Executive Director of Digital Security Initiative [email protected].

DIGITAL BUSINESS SECURITY

DIGITAL BUSINESS SECURITY

Digital security

Digital security

Digital Security Lock

Digital Security Lock

Digital SignaturesOutline Logistics Overview Introduction Definition Security Security experiments Formal security definition Relations among security definitions Digital Signatures

Digital SignaturesOutline Logistics Overview Introduction Definition Security Security experiments Formal security definition Relations among security definitions Digital Signatures

Retirement Security Guaranteed Digital

Retirement Security Guaranteed Digital

Workshop on Digital Security and Resilience in Critical ... · Digital Security and Resilience in Critical Infrastructure and Essential Services Digital Security in Energy, Transport,

Workshop on Digital Security and Resilience in Critical ... · Digital Security and Resilience in Critical Infrastructure and Essential Services Digital Security in Energy, Transport,

DIGITAL SAFETY & SECURITY @ AIT · DIGITAL SAFETY & SECURITY @ AIT Helmut Leopold . Head of Center for Digital Safety & Security . AIT Austrian Institute of Technology . Institute

DIGITAL SAFETY & SECURITY @ AIT · DIGITAL SAFETY & SECURITY @ AIT Helmut Leopold . Head of Center for Digital Safety & Security . AIT Austrian Institute of Technology . Institute

Wireless Home Security Systems - Digital Security Concepts Inc.

Wireless Home Security Systems - Digital Security Concepts Inc.

Digital Spotlight ClouD SeCurity Computerworldscheierassociates.com › ... › 2012 › 10 › CW-Cloud-Security... · A startup tackles cloud security. | editor’s note: This digital

Digital Spotlight ClouD SeCurity Computerworldscheierassociates.com › ... › 2012 › 10 › CW-Cloud-Security... · A startup tackles cloud security. | editor’s note: This digital

Robustness and security of digital watermarksprofs.sci.univr.it/~giaco/download/Watermarking-Obfuscation... · Robustness and Security of Digital Watermarks ... Abstract. Digital

Robustness and security of digital watermarksprofs.sci.univr.it/~giaco/download/Watermarking-Obfuscation... · Robustness and Security of Digital Watermarks ... Abstract. Digital

Digital Security Legislative Text

Digital Security Legislative Text

Security for the Digital Economy - Risk...Security for the Digital Economy - Risk - Stephen Dane Managing Director –Global Security Sales Organisation Rapid Digital Disruption on

Security for the Digital Economy - Risk...Security for the Digital Economy - Risk - Stephen Dane Managing Director –Global Security Sales Organisation Rapid Digital Disruption on

Security within digital infrastructure

Security within digital infrastructure

The Future is Now Physical & Digital Passport …...Physical Security and Digital Security Digital Security Substrate Paper PVC Polycarbonate Smartcard Security Features Laminates

The Future is Now Physical & Digital Passport …...Physical Security and Digital Security Digital Security Substrate Paper PVC Polycarbonate Smartcard Security Features Laminates

Digital Security WebQuest

Digital Security WebQuest

Societal Security in the Digital World · 2021. 2. 1. · Societal Security in the Digital World Feb2021, Josef Noll PostDoc research Societal Security in the digital age! Resilient

Societal Security in the Digital World · 2021. 2. 1. · Societal Security in the Digital World Feb2021, Josef Noll PostDoc research Societal Security in the digital age! Resilient

Digital Security Management

Digital Security Management

DIGITAL SECURITY 101

DIGITAL SECURITY 101

Digital Security Cyber Security and Fraud Prevention · Digital Security – Cyber Security and Fraud Prevention Citi Online Academy ... Elizabeth Petrie . Director Strategic Analysis

Digital Security Cyber Security and Fraud Prevention · Digital Security – Cyber Security and Fraud Prevention Citi Online Academy ... Elizabeth Petrie . Director Strategic Analysis