Download - R u hacked
![Page 1: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/1.jpg)
R U Hacked? You website has gone?Sumedt Jitpukdebodin Senior Security Researcher CompTIA Security+, LPIC-1 , NCLA, C|EHv6, eCPPT, eWPT, IWSS, CPTE, GIAC GPEN
![Page 2: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/2.jpg)
Whoami
Name: Sumedt Jitpukdebodin
Jobs: Senior Security Researcher
Nonprofit jobs: OWASP Thailand - Leader Technical Part, admin of 2600Thailand
Hobby: Hacking stuff, Malware analysis, Python programming, read the security news, etc.
![Page 3: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/3.jpg)
#redpill 2016
![Page 4: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/4.jpg)
#redpill 2016
![Page 5: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/5.jpg)
AgendaThe rise of cybersecurity
Internet of things
Ransomware
DDoS
Web Application Attack
Conclusion
![Page 6: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/6.jpg)
The rise of cybersecurity
![Page 7: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/7.jpg)
Trend of technology 2015Computing Everywhere
Internet of things
3D Printing
Advanced, Pervasive and Invisible Analytics
Context-Rich Systems
Smart Machines
Cloud/Client Computing
Software-Defined Applications and Infrastructure
Web-Scale IT
Risk-Based Security and Self-Protection • Reference:: http://www.itbusinessedge.com/slideshows/top-10-strategic-technology-trends-for-2015-02.html
![Page 8: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/8.jpg)
Internet of things around the world
![Page 9: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/9.jpg)
Internet of things in Thailand
![Page 10: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/10.jpg)
More detail of Internet of Things
![Page 11: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/11.jpg)
Easy to hack, right?
![Page 12: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/12.jpg)
Ransomware
![Page 13: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/13.jpg)
Well-known ransomware
TorrentLocker (CryptoLocker)
CryptoWall (Crowti)
CTB-Locker
![Page 14: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/14.jpg)
Top 10 Ransomware By Microsoft
![Page 15: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/15.jpg)
CryptoWall
![Page 16: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/16.jpg)
CrytoLocker
![Page 17: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/17.jpg)
Android/Lockerpin.A
![Page 18: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/18.jpg)
iOS Ransomware
![Page 19: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/19.jpg)
Why it’s so famous?
![Page 20: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/20.jpg)
Attacking with Ransomware
Phishing Attack with attachment file
Website Attack (Exploit Kit)
(New) Mobile Application Attack
![Page 21: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/21.jpg)
Demo for simple phishing
![Page 22: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/22.jpg)
Demo with WINRAR exploit
![Page 23: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/23.jpg)
What can I do about it?Backup your data
Show hidden file-extension
Filters EXE in email
Disable files running from AppData/LocalAppData folders
Use the CryptoLocker Prevention Kit(http://community.spiceworks.com/topic/396103-cryptolocker-prevention-kit-updated)
Disable RDP
Patch or update software
Use a AntiVirus
Scan the file with many online scanner (http://www.virustotal.com, https://malwr.com)
Use System Restore to get back to a known-clean state
![Page 24: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/24.jpg)
Denial of Service (DoS)
By VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 2, ISSUE 3 – 3RD QUARTER 2015
![Page 25: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/25.jpg)
Attack Size BPS
By ATLAS Q2 2015 Global DDoS Attack Trends (http://www.slideshare.net/Arbor_Networks/atlas-q2-2015final)
![Page 26: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/26.jpg)
Largest Attack Sizes Year on Year by Arbor
![Page 27: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/27.jpg)
Top source of DDoS
![Page 28: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/28.jpg)
DDoS in Thailand
![Page 29: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/29.jpg)
Attacking with DDoS
Cybercrime-as-a-service
Zombie or Botnet
Tools
![Page 30: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/30.jpg)
Cybercrime as a service
![Page 31: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/31.jpg)
DDoS as a service
![Page 32: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/32.jpg)
DDoS by Tool
![Page 33: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/33.jpg)
DDoS by Tool (2)
![Page 34: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/34.jpg)
Logstalgia Analysis
![Page 35: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/35.jpg)
What can I do about it?Black-Holing
Firewall ACL
Intrusion Detection/Prevention Systems
Servers tuning
DDoS Mitigating Appliances + Scrubbing Centre
Buy more link
![Page 36: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/36.jpg)
Web Application Attack
![Page 37: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/37.jpg)
Web Application Attack
![Page 38: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/38.jpg)
Hosting service Attack
![Page 39: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/39.jpg)
When will you get hack?
Digital Ocean Incident
Try to attack the VPS after 10 minutes
Got root in 2 days
Use the host to be the botnet in 1 days after got root.
![Page 40: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/40.jpg)
Brute forcing Log
![Page 41: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/41.jpg)
Got root Log
![Page 42: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/42.jpg)
Using VPS to be a DDoS Tool
![Page 43: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/43.jpg)
Damage of website got hack
Defame the company [Defacement]
Stealing information
Stealing internal information
Use as DDoS Tool
Spread the malware
![Page 44: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/44.jpg)
Web Application Defending
Secure Coding
Web Application Firewall
Penetration Testing
![Page 45: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/45.jpg)
Conclusion
More awareness, more security
Don’t have anything secure 100%, we just want to closely 100%
Always think like an attacker perspective.
Risk Management
![Page 46: R u hacked](https://reader034.vdocuments.net/reader034/viewer/2022052117/58890ceb1a28ab4a5c8b50e1/html5/thumbnails/46.jpg)
Question and answer time.