SlideShare une entreprise Scribd logo

Hacking WordPress... and countermeasures.

Nestor Angulo de Ugarte
Nestor Angulo de Ugarte

A beginners intro to cybersecurity in WordPress environment, showing how the hacking process works using the Art of War as the driving theme. Also, there are some examples to make conscious of what could happen if we don't care about this. This talk was presented in the WordCamp Osaka 2019.

Technologie
1  sur  69
Télécharger pour lire hors ligne
4
Hacking WordPress & Countermeasures NESTOR ANGULO DE UGARTE WORDCAMP OSAKA 2019 #WCOSAKA
こんにちわ! 6
Who I am 7 u Computer Science Engineer & Technology consultant u Photographer & Early Adopter u Truly curious guy u 2015: SUCURI Incident Response & Easy SSL u 2019: GoDaddy Spain Interim Head of IT @ GoDaddy Spain
Where is カ ナリア諸島 8
9 About u Sucuri: Anaconda (No Securi / Security) u Website security u Fully remote (people from > 25 countries around the world) u 2008: Foundation u 2017: Proud part of the GoDaddy family u Free scanners: u Sitecheck (sitecheck.sucuri.net) u Performance (performance.sucuri.net)
10 #WCOsaka2019 Nestor Angulo (@pharar)
Concepts GIVING CONTEXT 11 #WCOsaka2019NestorAngulo(@pharar)
DISCLAIMER 12 #WCOsaka2019 Nestor Angulo (@pharar) Any sensitive information has been protected/encrypted to preserve privacy. Any similiarity with reality is a coincidence. I’m responsible of what I say, not what you interpret. Always ask an expert.
#WCOsaka2019 Nestor Angulo (@pharar) 13
#WCOsaka2019 Nestor Angulo (@pharar) 14 ハッキングされた企業と、 ハッキングされたことをま だ知らない企業の2種類があ ります。
HACKER VS Cyberterrorist 15 #WCOsaka2019 Nestor Angulo (@pharar) Hacker: Curious person who loves to go beyond limits or convetionalisms. Cyberterrorist / Cracker: Computer Hacker, whom intentions are always aligned to enrich himself in a zero- sum game situation. The bad guy
Hacker Hat Colours 16 u Black Hat Cyberterrorist, thief u Grey Hat White Hat using illegal procedures u White Hat Security Analyst, ethical hacker
Malware u Software intentionally designed to cause damage to a computer, client, or computer network. u Some types: u Backdoors, zero-day u Exploits u Trojan horses, Fremium plugins u Ransomware, Spyware u Adware, Scareware 17
CyberSecurity & Web Security 18 u Cybersecurity: Security in the digital world u Web Security: Field of Cybersecurity u Covers what happens through port 80 / 443
FACTS 19 Site hacking almost never is client-oriented (98% of cases) Almost always happens due to a deficient monitoring / maintenance A SSL certificate is not an antihacking shield Patches & security updates appear almost always after hacking exploits Errare Humanum Est (Human being fails) Security never is (nor will be) 100% effective
FACTS 20 Source: Website Hack Trend Report 2018 – sucuri.net
The Art of War IN THE MIND OF YOUR ENEMY
Common Targets 22 #WCOsaka2019 Nestor Angulo (@pharar) Users info Database Website Content Infrastructure Bot Net Reputation
Know your weaknesses 23 u You are your weakest point u You can be scammed u Passwords. u Vulnerable to brute force attacks u Leftovers u Admin users u Outdated/vulnerable software u Enabled/Disabled not-in-use plugins/themes u Non-secure connection (avoid public wifi) u Vulnerable to Man-In-the-Middle attacks
Hacking WordPress. The Process 24 Vulnerability ->Exploit Injection Final code Backdoor Spam / defacement BotNode Final code
Definitions 25 u Vulnerability u Bug in the code or posibility of misuse that can be exploited to perform unauthorized actions within a computer system. u Exploit u Software that leverages a vulnerability u Backdoor u Malware which allows remote execution of code
WPScan Vulnerability Database wpvulndb.com 26
Gallery of Horrors 27 #WCOsaka2019NestorAngulo(@pharar)
Defacements
Defacements
Example 1: Photographer Gallery 30
31 #WCOsaka2019NestorAngulo(@pharar)
32 #WCOsaka2019NestorAngulo(@pharar)
Example 2: Pet food store 33
34
35
Bonus 36
37
DEFACEMENTS 38 #WCOsaka2019 Nestor Angulo (@pharar) Partial / full replacement of website frontend. Very obvious Easy detection: - Users (hear them!) - Scanners Target: Awareness or social/political revindication
Black Hat SEO / Spam
40
41
42
43
44
BLACK HAT SEO / SPAM 45 #WCOsaka2019 Nestor Angulo (@pharar) Spam/unwanted content in your site Detection: - Scanners (Easy) - Users (hear them!) - Search Engine warnings Target: Your SEO and reputation
DDoS Attacks / BotNets
Definitions 47 u DoS attack - Denial of Service - Overhelmed application due to a huge amount of petitions u DDoS attack u Distributed DoS u BotNet u Net of websites linked to act coordinated u Have bot nodes and a bot master
Normal, tending to calm 48
49
50
BOTNETS, CRYPTOMINERS, DDOS 51 #WCOsaka2019 Nestor Angulo (@pharar) Affecting to your infrastructure Detection: - Usually difficult - Strange use of resources - File Integrity Scanner WAF recommended Target: - Your server’s resources - User’s resources. - Zombie node
Countermeasures REACTIVES AND PROACTIVE MEASURES 52 #WCOsaka2019NestorAngulo(@pharar)
Characters in the Story (if something happens) 53 You • Owner / Admins • Developer & Designer • Users/clients Hosting Provider • Agent / C3 • Support & Backups Security Expert • Security department • External services
Security in Layers 54 u You ( the weakest layer ) u Your device ( Antivirus ) u Your connection ( SSL ) u Your website ( WAF ) u Your credentials ( Strong Passwords / 2FA ) u Your site security ( monitor / updates ) u Your server security ( monitor / updates ) u Your database ( monitor ) u Maintenance tasks
Measures: Reactive vs Proactive 55 #WCOsaka2019 Nestor Angulo (@pharar) Reactive: When bad things have already happened Pain mitigation Proactive: Before anything bad happens Risk mitigation
#WCOsaka2019 Nestor Angulo (@pharar) Reactive measures u Scan your site: uStatus: Sitecheck.sucuri.net uBlacklist: Virustotal.com u CRC: Check, Remove and Change u Update u Restore a backup 56
57 #WCOsaka2019NestorAngulo(@pharar)
#WCOsaka2019 Nestor Angulo (@pharar) Proactive measures u Reduce admins, plugins and themes u Backups u Updates u Invest in Hosting & Security u WAF 58
The more Doors, the higher Risk 59 #WCOsaka2019 Nestor Angulo (@pharar) “To Caesar, what is Caesar’s”. Admin stuff with admin account. The rest, with a limited account The more admins, plugins and themes the more risk (even when disabled). All user’s passwords MUST be unique and strong (better with 2FA when possible) Applied to all layers (wp-admin, [S]FTP, cPanel, dashboard, db, …)
BACKUPS 60 u Have a backups strategy uNEVER store the backups in your production server uA clean and FUNCTIONAL backup will be your best friend a bad day
BACKUPS 61 u Have a backups strategy uNEVER store the backups in your production server uA clean and backup will be your best friend a bad day
Updates 62 u PLUGINS u THEMES u CORE u PHP u APACHE / NGINX u SERVER u CPANEL / PLESK u …
Updates 63 Source: Web Professional Security Survey 2019 – Sucuri.net
Remember to Invest in 64 #WCOsaka2019 Nestor Angulo (@pharar) SECURITY HOSTING
Hosting 65 #WCOsaka2019 Nestor Angulo (@pharar) FIRST LAYER OF YOUR SITE’S DEFENSE BALANCE BETWEEN PRICE AND FEATURES THEY ARE IN CHARGE OF THE SERVER’S SERVICES, DATABASE AND MAINTENANCE
Shared hosting vs dedicated #WCOsaka2019NestorAngulo(@pharar) 66
Source: 2019 Sucuri survey to ecommerce owners. 67
WAF Your guard dog 68 #WCOsaka2019 Nestor Angulo (@pharar) FILTERS ALL YOUR WEB TRAFFIC PROTECTS AGAINST XSS, DDOS, … PATCHS VIRTUALLY WIDELY KNOWN SOFTWARE VULNERABILITIES IF IT INCLUDES CDN, IMPROVES YOUR SITE’S SPEED & PERFORMANCE FORENSIC ANALISYS TOOL ALLOWS MANUAL BLOCKING
WAF Your guard dog 69 #WCOsaka2019 Nestor Angulo (@pharar) FILTERS ALL YOUR WEB TRAFFIC PROTECTS AGAINST XSS, DDOS, … PATCHS VIRTUALLY WELL KNOWN SOFTWARE VULNERABILITIES IF IT INCLUDES CDN, YOUR SITE WILL IMPROVE ITS SPEED AND PERFORMANCE FORENSIC ANALISYS TOOL ALLOWS MANUAL BLOCKING
70 #WCOsaka2019 Nestor Angulo (@pharar)
71 #WCOsaka2019NestorAngulo(@pharar)
ありがとうござ いました︕ ご質問は︖ 72 @pharar #WCOSAKA2019

Recommandé

2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober20152016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015Saumil Shah
 
The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016Saumil Shah
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeEC-Council
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testingNowSecure
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsSaumil Shah
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017Saumil Shah
 

Recommandé

2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober20152016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015
2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015Saumil Shah
 
The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016Saumil Shah
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeEC-Council
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testingNowSecure
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsSaumil Shah
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017Saumil Shah
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013Ben Ten (0xA)
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentJames Wickett
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookNowSecure
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptxPeter Yaworski
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universeSébastien GIORIA
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of SecuritySaumil Shah
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteSaumil Shah
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014Sebastien Gioria
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAvkash Kathiriya
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection☁️Seyfallah Tagrerout☁ [MVP]
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)Phillip Maddux
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSebastien Gioria
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013IGN MANTRA
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Nestor Angulo de Ugarte
 
I've been hacked! So, now, what!?
I've been hacked! So, now, what!?I've been hacked! So, now, what!?
I've been hacked! So, now, what!?Nestor Angulo de Ugarte
 

Contenu connexe

Tendances

It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013Ben Ten (0xA)
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentJames Wickett
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookNowSecure
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptxPeter Yaworski
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universeSébastien GIORIA
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of SecuritySaumil Shah
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteSaumil Shah
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014Sebastien Gioria
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAvkash Kathiriya
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection☁️Seyfallah Tagrerout☁ [MVP]
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)Phillip Maddux
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSebastien Gioria
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013IGN MANTRA
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 

Tendances (20)

It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptx
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universe
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of Security
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
APT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APTAPT(Advanced Persistent Threats) & strategies to counter APT
APT(Advanced Persistent Threats) & strategies to counter APT
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
 
Securiser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat ProtectionSecuriser son digital workplace avec Microsoft Threat Protection
Securiser son digital workplace avec Microsoft Threat Protection
 
HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)HoneyPy Honeypot (OWASP Triangle Chapter)
HoneyPy Honeypot (OWASP Triangle Chapter)
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
 
Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013Seminar enkripsi unsyiah 15 nov 2013
Seminar enkripsi unsyiah 15 nov 2013
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers Job
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 

Similaire à Hacking WordPress... and countermeasures.

OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA
 
QAing the security way!
QAing the security way!QAing the security way!
QAing the security way!Amit Gundiyal
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short VersionValerie Houghton
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short VersionValerie Houghton
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...Cyber Security Alliance
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksCiNPA Security SIG
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaGilles Sgro
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can youShakacon
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfKerimBozkanli
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
Secure Coding for Java - An introduction
Secure Coding for Java - An introductionSecure Coding for Java - An introduction
Secure Coding for Java - An introductionSebastien Gioria
 

Similaire à Hacking WordPress... and countermeasures. (20)

Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.Hacking WordPress & countermeasures.
Hacking WordPress & countermeasures.
 
I've been hacked! So, now, what!?
I've been hacked! So, now, what!?I've been hacked! So, now, what!?
I've been hacked! So, now, what!?
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security way
 
QAing the security way!
QAing the security way!QAing the security way!
QAing the security way!
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pj
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
 
Mission Impossible Short Version
Mission Impossible Short VersionMission Impossible Short Version
Mission Impossible Short Version
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Secure Coding for Java - An introduction
Secure Coding for Java - An introductionSecure Coding for Java - An introduction
Secure Coding for Java - An introduction
 

Plus de Nestor Angulo de Ugarte

¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?Nestor Angulo de Ugarte
 
Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.Nestor Angulo de Ugarte
 
WordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las BackdoorsWordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las BackdoorsNestor Angulo de Ugarte
 

Plus de Nestor Angulo de Ugarte (6)

¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?¿Cuál es el coste real de un hackeo en web?
¿Cuál es el coste real de un hackeo en web?
 
Limpiar Sitios Hackeados
Limpiar Sitios HackeadosLimpiar Sitios Hackeados
Limpiar Sitios Hackeados
 
Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.Hacking WordPress. El Arte de La Guerra.
Hacking WordPress. El Arte de La Guerra.
 
Me han Hackeado... ¿Y ahora qué?
Me han Hackeado... ¿Y ahora qué?Me han Hackeado... ¿Y ahora qué?
Me han Hackeado... ¿Y ahora qué?
 
WordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las BackdoorsWordCamp Madrid CSI: El caso de las Backdoors
WordCamp Madrid CSI: El caso de las Backdoors
 
Backdoor: El Bueno, El Feo y el Malo
Backdoor: El Bueno, El Feo y el MaloBackdoor: El Bueno, El Feo y el Malo
Backdoor: El Bueno, El Feo y el Malo
 

Dernier

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Dernier (20)

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Hacking WordPress... and countermeasures.