SlideShare a Scribd company logo

Deep Knowledge on Network Hacking Philosopy

Don Anto
Don Anto

Presentation about network hacking philosopy in deep!

Technology
1 of 24
Download to read offline
DEEP KNOWLEDGE ON NETWORK HACKING PHILOSOPY ATIK PILIHANTO MAKASAR, DEC 2010 http://ipsecs.com
PHILOSOPY Pengetahuan secara general dan fundamental mengenai g g g objective dari sebuah masalah Network Hacking Philosopy?? Dasar dan pemahaman fundamental mengenai j jaringan komputer dan vulnerability pada protokol komunikasi Let s Let’s start to understand our network!
OSI MODEL OSI MODEL OSI model 7 layer : physical, data link, network, transport, y p y p session, presentation, dan application
RELASI HACKING DAN OSI OSI mendeskripsikan secara general dan fundamental bagaimana komunikasi g digital bekerja Teknologi pada setiap layer?? Is this technology exist in your network? Or which technology is used? Vulnerability, Vulnerability attack vector impact dan vector, impact, how to exploit?
OSI : Layer #1 ‐ OSI : Layer #1  OSI : Layer #1 ‐ Physical Contoh Teknologi; IEEE 802.3, IEEE 802.11, IEEE 802.16; SONET/SDH, ADSL / Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #1? physical access? Impact; sebagian besar besar Denial of Service. Contoh Vulnerability; N/A How to exploit; pemotongan kabel fiber dan wireless (802.11/802.16) signal jamming Not so interesting, but sometimes occurred!
OSI : Layer #2 – OSI : Layer #2  Data Link OSI : Layer #2 – Data Link Contoh T k l i L C t h Teknologi; Layer 2 switch (IEEE 802 3) ARP ATM d it h 802.3), ARP, ATM, dan frame relay. Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #2? Local Area Network? Impact; Pelanggaran confidentiality dan integrity, Denial of Service Contoh Vulnerability; Limitasi switch CAM table dan ARP cache poisoning How to exploit; Flooding CAM table dan ARP cache poisoning dengan tujuan DoS atau Man in The Middle, yersinia L2 attack toolkit Exploitasi d l E l i i pada layer #2 sering di k bi ik d # i kombinasikan dengan b b i berbagai serangan lain misalnya sniffing dan replay attack.
OSI : Layer #3 – OSI : Layer #3  OSI : Layer #3 – Network Contoh Teknologi; IP ICMP IPSEC d R i protocol. C h T k l i IP, ICMP, IPSEC, dan Routing l Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #3? Remotely accessible? Impact; Pelanggaran confidentiality dan integrity, Denial of Service Contoh Vulnerability; packet spoofing, celah keamanan routing protocol, dan celah kemanan ipsec How to exploit; IP spoofing, IP fragmentation, ICMP smurfing, BGP man in the middle, BGP NLRI injection, LDP injection on MPLS, GRE traffic tunneling, dan loki project Exploitasi pada layer #3 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing
OSI : Layer #4 – OSI : Layer #4  OSI : Layer #4 – Transport Contoh Teknologi; UDP TCP, SCTP C h T k l i UDP, TCP Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #4? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, Denial of Service, dan gaining access. Contoh Vulnerability; packet spoofing, d session hij ki C h l bili k fi dan i hijacking How to exploit; SYN flooding, UDP flooding, TCP session hijacking, SCTP scanning to find SS7 network entry point j g, g f yp
OSI : Layer #5 – OSI : Layer #5  Session  OSI : Layer #5 – Session Contoh Teknologi; N BIOS L TP PPTP C h T k l i NetBIOS, L2TP, Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #5? Remotely accessible? y y Impact; Pelanggaran confidentiality dan gaining access. Contoh Vulnerability; User enumeration How to exploit; Enumerate user using NetBIOS
OSI : Layer #6 – OSI : Layer #6  OSI : Layer #6 – Presentation Contoh Teknologi; SSL, TLS C h T k l i SSL Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #6? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, dan gaining access. Contoh Vulnerability; SS Man i The Middle C h l bili SSL in h iddl How to exploit; Doing SSL Man in The Middle, dsniff, sslstrip Exploitasi pada layer #6 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing
OSI : Layer #7 – OSI : Layer #7  OSI : Layer #7 – Application Contoh Teknologi; HTTP SMTP, DNS, SSH, FTP C h T k l i HTTP, SMTP DNS SSH Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #7? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, Denial of Service, dan gaining access. Contoh Vulnerability; b ff overflow, f C h l bili buffer fl format string, web i b application vulnerability. How to exploit; Exploiting buffer overflow /format string to gain p p g ff f f g g access or doing service denial, exploiting web application to gain access
KNOWING YOURSELF  KNOWING YOURSELF In which layer you have access? On layer 1, 2, 3, 4, 5, 6, 7 or all? The more you close to lowest layer, the more your chance o lo est la er o r to win the war
KNOWING YOUR ENEMY KNOWING YOUR ENEMY Reconaisance to gain as much as possible information about the enemy Scanning to gain information which host is ali e and hich alive which service is running The more you have information about your enemy the enemy, more your chance to win the war
IF YOU KNOW BOTH YOURSELF AND YOUR ENEMY – YOU  IF YOU KNOW BOTH YOURSELF AND YOUR ENEMY – WILL WIN IN MANY WARS ‐ WILL WIN IN MANY WARS ‐ SUNTZU
THINGS TO REMEMBER  THINGS TO REMEMBER Transport set vulnerability: p y Easy to prevent (Firewall, ACL) Hard to fix (Update, Patch) Application set vulnerability: Hard to prevent (Firewall, ACL) Easy to fix (Update, Patch)
THINGS TO REMEMBER THINGS TO REMEMBER Keep anonymous and stealth, don’t be so rough! Man in the middle example on Layer #2 : ARP cache poisoning OR CAM table flooding? Exploiting remote buffer overflow on Layer #7: Evading IDS/IPS/IDP Polymorphic, Encoded shell code OR IP fragmentation??
AN EXAMPLE Router A, B, C, D mengaktifkan layanan BGP dan SSH dan bisa diakses dari laptop attacker dan admin Attacker tidak terkoneksi ke laptop admin dan berbeda jaringan dengan router A,B,C, dan D
KNOWING YOUR ENEMY Attacker (you) want to compromise VPN MPLS network He can’t directly attack administrator computer After doing host enumeration, he knows that there’s four g routers on the network After doing service scanning, he knows all routers activating SSH and BGP as its service i i d i i After doing vulnerability scanning, he knows some routers has vulnerability Attacker search in search engine all information related to administrator, email address, and many others
KNOWING YOURSELF KNOWING YOURSELF Do you have access to layer #1? No y y Do you have access to layer #2? No Do you have access to layer #3? Yes, useful for exploitation y y # , p Do you have access to layer #4? Yes, useful for exploitation Do you have access to layer #5? Yes, Not Applicable Yes Do you have access to layer #6? Yes, Not Applicable Do you have access to layer #7? Yes useful for exploitation Yes, SO WHAT??
LAYER #3 ATTACK Border Gateway Attack? BGP Man In The Middle BGP NLRI injection to reroute traffic BGP MD5 crack if applicable MPLS Attack? LDP i j i to rewrite label injection i l b l ICMP? ICMP flooding and denial of service Will be really useful if one router has been compromised!
LAYER #4 ATTACK LAYER #4 ATTACK TCP? SYN Flooding to SSH and BGP port causing denial of service TCP FIN/RST to close BGP Established session UDP and others layer #4 protocol is not applicable
LAYER #7 ATTACK LAYER #7 ATTACK Exploiting routers vulnerability to gain access p g y g Buffer overflow? Format string? Denial of service? Guessing routers user and password to gain access NCRAK? THC-Hydra YES! You can use social engineering but it’s different topic from hacking the network!
QUESTION AND ANSWER 
THANK YOU

Recommended

Cryptanalysis by savyasachi
Cryptanalysis by savyasachiCryptanalysis by savyasachi
Cryptanalysis by savyasachiSavyasachi14
 
Cryptography Training Level 1 : Tonex Training
Cryptography Training Level 1 : Tonex TrainingCryptography Training Level 1 : Tonex Training
Cryptography Training Level 1 : Tonex TrainingBryan Len
 
Introduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIIntroduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIMaksim Djackov
 
661 665
661 665661 665
661 665Editor IJARCET
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security IXatierlike Lee
 
Cryptography & network security
Cryptography & network securityCryptography & network security
Cryptography & network securitysathu30
 
Introduction to Cryptography Part I
Introduction to Cryptography Part IIntroduction to Cryptography Part I
Introduction to Cryptography Part IMaksim Djackov
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 

Recommended

Cryptanalysis by savyasachi
Cryptanalysis by savyasachiCryptanalysis by savyasachi
Cryptanalysis by savyasachiSavyasachi14
 
Cryptography Training Level 1 : Tonex Training
Cryptography Training Level 1 : Tonex TrainingCryptography Training Level 1 : Tonex Training
Cryptography Training Level 1 : Tonex TrainingBryan Len
 
Introduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIIntroduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIMaksim Djackov
 
661 665
661 665661 665
661 665Editor IJARCET
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security IXatierlike Lee
 
Cryptography & network security
Cryptography & network securityCryptography & network security
Cryptography & network securitysathu30
 
Introduction to Cryptography Part I
Introduction to Cryptography Part IIntroduction to Cryptography Part I
Introduction to Cryptography Part IMaksim Djackov
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
Cisel1 d
Cisel1 dCisel1 d
Cisel1 dchandu_sai
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosOuthai SAIOUDOM
 
IP spoofing .pptx
IP spoofing .pptxIP spoofing .pptx
IP spoofing .pptxAbhishekPatwardhan10
 
ip spoofing
ip spoofingip spoofing
ip spoofingmohan babu
 
ip spoofing
ip spoofingip spoofing
ip spoofingvipin soni
 
Presentation1
Presentation1Presentation1
Presentation1Rahul Polara
 
Os Saintandre
Os SaintandreOs Saintandre
Os Saintandreoscon2007
 
Secure Communications with Jabber
Secure Communications with JabberSecure Communications with Jabber
Secure Communications with Jabberstpeter
 
Sudheer tech seminor
Sudheer tech seminorSudheer tech seminor
Sudheer tech seminorcharankumarreddy muddarla
 
Ipspoofing
IpspoofingIpspoofing
IpspoofingAkhil Kumar
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Ciscoguestd05b31
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
Raphel 1 . A covert channel is a communication channel that vio.docx
Raphel 1 . A covert channel is a communication channel that vio.docxRaphel 1 . A covert channel is a communication channel that vio.docx
Raphel 1 . A covert channel is a communication channel that vio.docxcatheryncouper
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)Wail Hassan
 
Sectools
SectoolsSectools
Sectoolssecuredome
 
aaa
aaaaaa
aaahungnhatban
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.RAVI RAJ
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
 
Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceDon Anto
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesDon Anto
 

More Related Content

Similar to Deep Knowledge on Network Hacking Philosopy

How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosOuthai SAIOUDOM
 
Os Saintandre
Os SaintandreOs Saintandre
Os Saintandreoscon2007
 
Secure Communications with Jabber
Secure Communications with JabberSecure Communications with Jabber
Secure Communications with Jabberstpeter
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
Raphel 1 . A covert channel is a communication channel that vio.docx
Raphel 1 . A covert channel is a communication channel that vio.docxRaphel 1 . A covert channel is a communication channel that vio.docx
Raphel 1 . A covert channel is a communication channel that vio.docxcatheryncouper
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)Wail Hassan
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.RAVI RAJ
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
 

Similar to Deep Knowledge on Network Hacking Philosopy (20)

Cisel1 d
Cisel1 dCisel1 d
Cisel1 d
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
 
IP spoofing .pptx
IP spoofing .pptxIP spoofing .pptx
IP spoofing .pptx
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
Presentation1
Presentation1Presentation1
Presentation1
 
Os Saintandre
Os SaintandreOs Saintandre
Os Saintandre
 
Secure Communications with Jabber
Secure Communications with JabberSecure Communications with Jabber
Secure Communications with Jabber
 
Sudheer tech seminor
Sudheer tech seminorSudheer tech seminor
Sudheer tech seminor
 
Ipspoofing
IpspoofingIpspoofing
Ipspoofing
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 
Raphel 1 . A covert channel is a communication channel that vio.docx
Raphel 1 . A covert channel is a communication channel that vio.docxRaphel 1 . A covert channel is a communication channel that vio.docx
Raphel 1 . A covert channel is a communication channel that vio.docx
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)
 
Sectools
SectoolsSectools
Sectools
 
aaa
aaaaaa
aaa
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
 

More from Don Anto

Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceDon Anto
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesDon Anto
 
Network & Computer Forensic
Network & Computer Forensic Network & Computer Forensic
Network & Computer Forensic Don Anto
 
BGP Vulnerability
BGP VulnerabilityBGP Vulnerability
BGP VulnerabilityDon Anto
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless HackingDon Anto
 
Spying The Wire
Spying The WireSpying The Wire
Spying The WireDon Anto
 
Distributed Cracking
Distributed CrackingDistributed Cracking
Distributed CrackingDon Anto
 

More from Don Anto (7)

Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in Cyberspace
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
 
Network & Computer Forensic
Network & Computer Forensic Network & Computer Forensic
Network & Computer Forensic
 
BGP Vulnerability
BGP VulnerabilityBGP Vulnerability
BGP Vulnerability
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless Hacking
 
Spying The Wire
Spying The WireSpying The Wire
Spying The Wire
 
Distributed Cracking
Distributed CrackingDistributed Cracking
Distributed Cracking
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 

Deep Knowledge on Network Hacking Philosopy

  • 2. PHILOSOPY Pengetahuan secara general dan fundamental mengenai g g g objective dari sebuah masalah Network Hacking Philosopy?? Dasar dan pemahaman fundamental mengenai j jaringan komputer dan vulnerability pada protokol komunikasi Let s Let’s start to understand our network!
  • 3. OSI MODEL OSI MODEL OSI model 7 layer : physical, data link, network, transport, y p y p session, presentation, dan application
  • 4. RELASI HACKING DAN OSI OSI mendeskripsikan secara general dan fundamental bagaimana komunikasi g digital bekerja Teknologi pada setiap layer?? Is this technology exist in your network? Or which technology is used? Vulnerability, Vulnerability attack vector impact dan vector, impact, how to exploit?
  • 5. OSI : Layer #1 ‐ OSI : Layer #1  OSI : Layer #1 ‐ Physical Contoh Teknologi; IEEE 802.3, IEEE 802.11, IEEE 802.16; SONET/SDH, ADSL / Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #1? physical access? Impact; sebagian besar besar Denial of Service. Contoh Vulnerability; N/A How to exploit; pemotongan kabel fiber dan wireless (802.11/802.16) signal jamming Not so interesting, but sometimes occurred!
  • 6. OSI : Layer #2 – OSI : Layer #2  Data Link OSI : Layer #2 – Data Link Contoh T k l i L C t h Teknologi; Layer 2 switch (IEEE 802 3) ARP ATM d it h 802.3), ARP, ATM, dan frame relay. Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #2? Local Area Network? Impact; Pelanggaran confidentiality dan integrity, Denial of Service Contoh Vulnerability; Limitasi switch CAM table dan ARP cache poisoning How to exploit; Flooding CAM table dan ARP cache poisoning dengan tujuan DoS atau Man in The Middle, yersinia L2 attack toolkit Exploitasi d l E l i i pada layer #2 sering di k bi ik d # i kombinasikan dengan b b i berbagai serangan lain misalnya sniffing dan replay attack.
  • 7. OSI : Layer #3 – OSI : Layer #3  OSI : Layer #3 – Network Contoh Teknologi; IP ICMP IPSEC d R i protocol. C h T k l i IP, ICMP, IPSEC, dan Routing l Attack vector; apakah attacker mungkin mengakses teknologi pada Layer #3? Remotely accessible? Impact; Pelanggaran confidentiality dan integrity, Denial of Service Contoh Vulnerability; packet spoofing, celah keamanan routing protocol, dan celah kemanan ipsec How to exploit; IP spoofing, IP fragmentation, ICMP smurfing, BGP man in the middle, BGP NLRI injection, LDP injection on MPLS, GRE traffic tunneling, dan loki project Exploitasi pada layer #3 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing
  • 8. OSI : Layer #4 – OSI : Layer #4  OSI : Layer #4 – Transport Contoh Teknologi; UDP TCP, SCTP C h T k l i UDP, TCP Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #4? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, Denial of Service, dan gaining access. Contoh Vulnerability; packet spoofing, d session hij ki C h l bili k fi dan i hijacking How to exploit; SYN flooding, UDP flooding, TCP session hijacking, SCTP scanning to find SS7 network entry point j g, g f yp
  • 9. OSI : Layer #5 – OSI : Layer #5  Session  OSI : Layer #5 – Session Contoh Teknologi; N BIOS L TP PPTP C h T k l i NetBIOS, L2TP, Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #5? Remotely accessible? y y Impact; Pelanggaran confidentiality dan gaining access. Contoh Vulnerability; User enumeration How to exploit; Enumerate user using NetBIOS
  • 10. OSI : Layer #6 – OSI : Layer #6  OSI : Layer #6 – Presentation Contoh Teknologi; SSL, TLS C h T k l i SSL Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #6? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, dan gaining access. Contoh Vulnerability; SS Man i The Middle C h l bili SSL in h iddl How to exploit; Doing SSL Man in The Middle, dsniff, sslstrip Exploitasi pada layer #6 sering di kombinasikan dengan berbagai serangan lain misalnya sniffing
  • 11. OSI : Layer #7 – OSI : Layer #7  OSI : Layer #7 – Application Contoh Teknologi; HTTP SMTP, DNS, SSH, FTP C h T k l i HTTP, SMTP DNS SSH Attack vector; apakah attacker mungkin mengakses teknologi p pada Layer #7? Remotely accessible? y y Impact; Pelanggaran confidentiality dan integrity, Denial of Service, dan gaining access. Contoh Vulnerability; b ff overflow, f C h l bili buffer fl format string, web i b application vulnerability. How to exploit; Exploiting buffer overflow /format string to gain p p g ff f f g g access or doing service denial, exploiting web application to gain access
  • 12. KNOWING YOURSELF  KNOWING YOURSELF In which layer you have access? On layer 1, 2, 3, 4, 5, 6, 7 or all? The more you close to lowest layer, the more your chance o lo est la er o r to win the war
  • 13. KNOWING YOUR ENEMY KNOWING YOUR ENEMY Reconaisance to gain as much as possible information about the enemy Scanning to gain information which host is ali e and hich alive which service is running The more you have information about your enemy the enemy, more your chance to win the war
  • 15. THINGS TO REMEMBER  THINGS TO REMEMBER Transport set vulnerability: p y Easy to prevent (Firewall, ACL) Hard to fix (Update, Patch) Application set vulnerability: Hard to prevent (Firewall, ACL) Easy to fix (Update, Patch)
  • 16. THINGS TO REMEMBER THINGS TO REMEMBER Keep anonymous and stealth, don’t be so rough! Man in the middle example on Layer #2 : ARP cache poisoning OR CAM table flooding? Exploiting remote buffer overflow on Layer #7: Evading IDS/IPS/IDP Polymorphic, Encoded shell code OR IP fragmentation??
  • 17. AN EXAMPLE Router A, B, C, D mengaktifkan layanan BGP dan SSH dan bisa diakses dari laptop attacker dan admin Attacker tidak terkoneksi ke laptop admin dan berbeda jaringan dengan router A,B,C, dan D
  • 18. KNOWING YOUR ENEMY Attacker (you) want to compromise VPN MPLS network He can’t directly attack administrator computer After doing host enumeration, he knows that there’s four g routers on the network After doing service scanning, he knows all routers activating SSH and BGP as its service i i d i i After doing vulnerability scanning, he knows some routers has vulnerability Attacker search in search engine all information related to administrator, email address, and many others
  • 19. KNOWING YOURSELF KNOWING YOURSELF Do you have access to layer #1? No y y Do you have access to layer #2? No Do you have access to layer #3? Yes, useful for exploitation y y # , p Do you have access to layer #4? Yes, useful for exploitation Do you have access to layer #5? Yes, Not Applicable Yes Do you have access to layer #6? Yes, Not Applicable Do you have access to layer #7? Yes useful for exploitation Yes, SO WHAT??
  • 20. LAYER #3 ATTACK Border Gateway Attack? BGP Man In The Middle BGP NLRI injection to reroute traffic BGP MD5 crack if applicable MPLS Attack? LDP i j i to rewrite label injection i l b l ICMP? ICMP flooding and denial of service Will be really useful if one router has been compromised!
  • 21. LAYER #4 ATTACK LAYER #4 ATTACK TCP? SYN Flooding to SSH and BGP port causing denial of service TCP FIN/RST to close BGP Established session UDP and others layer #4 protocol is not applicable
  • 22. LAYER #7 ATTACK LAYER #7 ATTACK Exploiting routers vulnerability to gain access p g y g Buffer overflow? Format string? Denial of service? Guessing routers user and password to gain access NCRAK? THC-Hydra YES! You can use social engineering but it’s different topic from hacking the network!