Hacking with paper

Post on 18-Aug-2015

428 views 2 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

HACKING WITH PAPER

By Sumedt JitpukdebodinWeb Application Security Specialist, ACIS i-Secure

LPIC-1, NCLA, C|EHv6, Sec+, eCPPT

WHO AM I?

▪ Learning Guy▪ Activities Guy▪ Writer

▫ Thai And English Article For Penetration Testing.▪ My book “Basic Hacking And Security”(THAI)▪ Gray Hat in sometimes.

▪ CITEC▫ Writer Of Linux Security In Hackazine.▫ Lecturer Of Ethical Hacking and Master Of Exploitation Courses.▫ One Of CITEC Live Team.▫ Security And Linux Consultant in the community.

MY JOB

i-Secure▪ Web Application Security Specialist▫ Security Research▫ Web Attacking Analysis▫ Web Application Firewall Engineer▫ Etc.

WHAT IS PAPER HACKING?

▪ Not new.▪ Not hard.▪ New target.▪ New way?

QR-CODE

▪ Barcode 2 Dimention▪ Japan▪ QR = Quick Response▪ Message, Contact, Picture anything that can be

the “characters” even “URL”▪ Maximum data 7089 numeric characters or

4296 alphanumeric characters = 2KB▪ Easy to read with Android and iOS Mobile and

Tablet.

QR-CODE(2)

▪ QR-Code In Korea▪ Every train station▪ Scan to buy▪ Pay by mobile

QR-CODE(3)

▪ QR-Code in Thailand▪ Magazine can talk!!!▪ http://www.youtube.com/v=X62xhsDqdBQ

TREND OF MOBILE

▪ Speed▪ Popular▪ Price

▪ Protection▪ Awareness

WHAT IS PAPER HACKING?

▪ QR-Code▪ Mobile▪ Social Engineering

STEP OF ATTACK

1. Create the evil site(s).2. Mapping the site into the real world.3. Create the QR-Code.4. Lure the people.5. Happy Time ☺

1) CREATE EVIL SITE.

▪ Android▫ Android Content Provider File Disclosure With

Metasploit▫ Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit

By MJ Keith▪ iPhone▫ iPhone MobileSafari LibTIFF Buffer Overflow

▪ Phishing▫ Gmail▫ Apple Store

1) CREATE EVIL SITE(2)

▪ Create script for detect any device with $_SERVER[‘HTTP_USER_AGENT’]▫ Redirect it to the match page.

1) CREATE EVIL SITE(3)

1) CREATE EVIL SITE(4)

iPhone

Android

Others

Evilsite:8081

Evilsite:8080

Evilsite/phishing2

2) MAPPING TO THE PUBLIC

▪ Forward Connections.▪ Dydns▪ NoIP

2) MAPPING TO THE PUBLIC

3) CREATE QR-CODE

▪ Web▫ http://qrcode.kaywa.com/▫ http://goqr.me/

▪ Android▫ QR Droid▫ QR Code Generator

▪ iPhone▫ Optiscan▫ Qrafter

http://qrcode.kaywa.com/
http://goqr.me/

3) CREATE QR-CODE(2)

4) LURE THE PEOPLE

▪ Social Engineering▫ Event▫ Interesting Word.▫ Negative Word.▫ Social Network.

5) HAPPY TIME ☺

Detect Device

Android

iPhone Others

Phishing2

Evilsite:8080Evilsite:8081

Phishing

5) HAPPY TIME ☺(1)

5) HAPPY TIME ☺(2)

5) HAPPY TIME ☺(3)

5) HAPPY TIME ☺(4)

Q&A

Top related

Hacking the Industrial Network - 2009 White Paper
Documents
Hacking Cars with Python - Evenchick
Documents
Hacking: Hacking With Python - The Complete Beginner's ...webéducation.com/wp-content/uploads/2020/06/Get... · HACKING WITH PYTHON The Complete Beginner's Course to Learn Ethical
Documents
Happy hacking with Plone
Software
Hacking The World With Flash
Technology
Hacking BLE devices with Btlejack
Documents
Hacking with NodeJS
Technology
Hacking with life
Self Improvement
hacking with node.JS
Technology
Process Hacking With Rangle Flow
Internet
Hacking with drBrian
Science
Deceptive Hacking White Paper - The Grymoire!
Documents
Hacking RFID with NodeJS
Technology
Hacking with hhvm
Technology
Hacking PostgreSQL with · Hacking PostgreSQL with Eclipse Metin Döşlü metin@citusdata.com PGCONF.EU 2017 1
Documents
Hoshin Hacking White Paper - Business Centered …bclearning.com/.../uploads/2016/11/Hoshin-Hacking-White-Paper.pdf · Strategic Planning Using Hoshin Kanri Hoshin Hacking: Six Strategic
Documents
Hacking with Raspberry
Documents
Hacking Parse.y with ujihisa
Technology
Car Hacking: For Poories - IOActive · TECHNICAL WHITE PAPER.- 1 - Car Hacking: For Poories a.k.a. Car Hacking Too: Electric Boogaloo Chris Valasek, Director of Vehicle Security Research
Documents
Wi-fi Hacking with Wireshark
Documents

Copyright © 2018 DOCUMENTS