hanssens telecom roadshow 2015 - hacking 101
TRANSCRIPT
h@Cking l0l
Malik Mesellem
Ethical Hacker
MME BVBA
° 2010
Security audits
and training
Objective
approach
Focus is
to advise
No-nonsense
mentality
What are we afraid of?
Buffer
overflows
DoS
Port
scans
Trojans
IP spoofing
We all have
firewalls ;)
(since 1990)
I don’t think so…
Old skool
attacks✝
So WTH(ack) is the problem?
And who is
the enemy?
A new wave of client-side threats…
Complex application-level attacks
Complex application-level attacks
Your secure (?) infrastructure
IP PBX / Web apps
DC
Member computers
Firewall
Hacker’s attack plan?
ATTACK
the border
= web apps
Application-level attack
SQL injection
SELECT * FROM
… WHERE …
‘ OR 1=1--
Web server DOWN ;(
Hacker’s attack plan?
ATTACK
the weakest
= humans
Client-side attacks
Social engineering
Phishing,
malware,
exploits
Member computers DOWN ;(
You’ve just lost several assets!
They are inside
the network…
Now they go for the GOLD!
Credentials, hashes,
and tokens…
GAME OVER
You’ve lost
everything $$$
GAME OVER
You’ve lost
everything $$$
OMG… we definitely need heroes!
What if…
Secure Telecom &
VoIP Solutions
Security Audits
& Training
www.mmebvba.com
linkedin.com/in/malikmesellem
twitter.com/MME_IT
PING me! (by clicking the icons)
Our Heartbeat Scan is a complete audit
Critical and vital parts are scanned and analyzed
Potential threats and vulnerabilities are identified
Spread over several days for a fixed price
Comprehensive checkpoints
Report contains at least 100 pages!
Executive summary
Technical findings
Remediations
Security Audits
Security Audits Checkpoints in this Heartbeat Scan
Vulnerability Assessment (LAN/WAN)
Penetration Testing (LAN/WAN)
Web Application Scans (OWASP Top 10)
Active Directory Review and Password Audit
Business Continuity - Disaster Recovery Check
Software Updates Compliance Check
Malware and Endpoint Inspection
Firewall Configuration Review
Wireless Security Survey
Email spear phishing campaign
SPECIAL OFFER
