SlideShare a Scribd company logo

Breakdown on Breaking In...2 Most Common Attack Vectors Explained.pptx

Download as PPTX, PDF
A
AdityaChawan4

Explore the dark side of cybersecurity with our compelling PowerPoint presentation! Delve into the world of attack vectors, from brute-forcing Tomcat server login pages to Wi-Fi deauthentication attacks. Gain insights into the techniques used by cybercriminals to exploit vulnerabilities and compromise systems. Whether you're a security professional or a curious enthusiast, this presentation sheds light on the threats lurking in the digital landscape. Join us as we uncover the tactics, tools, and countermeasures essential for defending against cyber threats. Don't miss out on this eye-opening journey into the realm of cyber warfare!

Technology
1 of 16
Breakdown on Breaking In
Meet & Greet Meet Alice He is our attacker Meet Victor He is our victim I am evil I am an ignorant web user
BEEF Attack • User's browser is hooked by sending a malicious link • Browser Exploitation Framework(BEEF) • Attacker then has complete access to the user's system • Attacker can also escalate the attack from here
BEEF Attack This deal looks tempting Complete Access 1 2 3 4 5
Steps • sudo apt-get install beef-xss • Type beef-xss to run the program • Login with the password just set by you • Create a malicious web page with the hook URL • Enter a password for the default user "beef" • Beef UI will open automatically in your browser • Send it to the user • Boom! Browser Hooked
Wifi Deauth Attack • Deauth means to disconnect • Spoof victim MAC address and send deauth packets to the router • To disconnect deauth packet is sent
Wifi Deauth Attack Scene 1 Coffee Shop
Wifi Deauth Attack I am Victor & I want to disconnect Scene 2 Coffee Shop
Steps • Kill all the processes running on the wireless network interface(NIC) • Put the Wireless NIC in monitor mode • Start listening in monitor mode • Start listening on the target network specifically • Identify the victim MAC address • Deauth
Bruteforce Attack • Test Server:Tomcat Server • Found is Metasploitable Linux • Intentionally vulnerable • Bruteforcing from a wordlist • Wordlist:File containing all the possible combinations
username password 1 3 Correct Hit: tomcat tomcat Login Page 2 4
Steps • Set up the Tomcat Server • Scan Metasploitable Machine using NMAP • Open up login page of Tomcat Server • Open msfconsole and use the required auxiliary • Set required options for the auxiliary • Bruteforce • Fire up Postgresql service
Malicious Android APK • Create an APK for a third party app • APK contains malicious code • Initiates a reverse connection to the attacker • App can be beautified and customised
generates sends Reverse Connection evil configured 1 2 3 4 5
Steps • Fire up postgresql service • Create the malicious APK • Send it to the victim • Social Engineer him/her to install the app • Create a listener for incoming connections • Connection coming from phone to the attacker is connected
Thank You Vinita Bhandiwad Mam Neha Kudu Mam & Also the audience

Recommended

Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...APNIC
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsLeveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsDiogo Mónica
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat Security Conference
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNorth Texas Chapter of the ISSA
 
DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET Sukhdeep Singh Sandhu
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptxMuhammadRehan856177
 

Recommended

Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...APNIC
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsLeveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsDiogo Mónica
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat Security Conference
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNorth Texas Chapter of the ISSA
 
DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET Sukhdeep Singh Sandhu
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptxMuhammadRehan856177
 
PPIT Lecture 20
PPIT Lecture 20PPIT Lecture 20
PPIT Lecture 20Kashif Sohail
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016Earl Carter
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
How i'm going to own your organization v2
How i'm going to own your organization v2How i'm going to own your organization v2
How i'm going to own your organization v2RazorEQX
 
Avirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirupRay2
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network SecurityUC San Diego
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton
 
Botnets presentation
Botnets presentationBotnets presentation
Botnets presentationMahmoud Ibra
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...JosephTesta9
 
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVCNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVSam Bowne
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3Setia Juli Irzal Ismail
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.Senad Aruc
 
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...OWASP Delhi
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

More Related Content

Similar to Breakdown on Breaking In...2 Most Common Attack Vectors Explained.pptx

How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
How i'm going to own your organization v2
How i'm going to own your organization v2How i'm going to own your organization v2
How i'm going to own your organization v2RazorEQX
 
Avirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirupRay2
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network SecurityUC San Diego
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton
 
Botnets presentation
Botnets presentationBotnets presentation
Botnets presentationMahmoud Ibra
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...JosephTesta9
 
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVCNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVSam Bowne
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.Senad Aruc
 
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...OWASP Delhi
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 

Similar to Breakdown on Breaking In...2 Most Common Attack Vectors Explained.pptx (20)

PPIT Lecture 20
PPIT Lecture 20PPIT Lecture 20
PPIT Lecture 20
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
 
How i'm going to own your organization v2
How i'm going to own your organization v2How i'm going to own your organization v2
How i'm going to own your organization v2
 
Avirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptx
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
 
Botnets presentation
Botnets presentationBotnets presentation
Botnets presentation
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
 
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVCNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
 
Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.Famous C&C servers from inside to outside.
Famous C&C servers from inside to outside.
 
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Breakdown on Breaking In...2 Most Common Attack Vectors Explained.pptx

  • 2. Meet & Greet Meet Alice He is our attacker Meet Victor He is our victim I am evil I am an ignorant web user
  • 3. BEEF Attack • User's browser is hooked by sending a malicious link • Browser Exploitation Framework(BEEF) • Attacker then has complete access to the user's system • Attacker can also escalate the attack from here
  • 5. Steps • sudo apt-get install beef-xss • Type beef-xss to run the program • Login with the password just set by you • Create a malicious web page with the hook URL • Enter a password for the default user "beef" • Beef UI will open automatically in your browser • Send it to the user • Boom! Browser Hooked
  • 6. Wifi Deauth Attack • Deauth means to disconnect • Spoof victim MAC address and send deauth packets to the router • To disconnect deauth packet is sent
  • 7. Wifi Deauth Attack Scene 1 Coffee Shop
  • 8. Wifi Deauth Attack I am Victor & I want to disconnect Scene 2 Coffee Shop
  • 9. Steps • Kill all the processes running on the wireless network interface(NIC) • Put the Wireless NIC in monitor mode • Start listening in monitor mode • Start listening on the target network specifically • Identify the victim MAC address • Deauth
  • 10. Bruteforce Attack • Test Server:Tomcat Server • Found is Metasploitable Linux • Intentionally vulnerable • Bruteforcing from a wordlist • Wordlist:File containing all the possible combinations
  • 11. username password 1 3 Correct Hit: tomcat tomcat Login Page 2 4
  • 12. Steps • Set up the Tomcat Server • Scan Metasploitable Machine using NMAP • Open up login page of Tomcat Server • Open msfconsole and use the required auxiliary • Set required options for the auxiliary • Bruteforce • Fire up Postgresql service
  • 13. Malicious Android APK • Create an APK for a third party app • APK contains malicious code • Initiates a reverse connection to the attacker • App can be beautified and customised
  • 15. Steps • Fire up postgresql service • Create the malicious APK • Send it to the victim • Social Engineer him/her to install the app • Create a listener for incoming connections • Connection coming from phone to the attacker is connected
  • 16. Thank You Vinita Bhandiwad Mam Neha Kudu Mam & Also the audience