Antonio de Mello & Amine Abed

The attacker's footprint

Chaining low-severity bugs can lead to a full system compromise. We'll show you how to trace the attacker's every step.

The attacker's footprint
#1about 10 minutes

Defining key cybersecurity tools and terminology

An overview of essential information security concepts and tools is provided, including nmap, Burp Suite, IDOR, LFI, and SIEM platforms.

#2about 16 minutes

Performing reconnaissance with an nmap port scan

The initial attack phase begins with an nmap scan to discover open ports and services, identifying potential web applications and an Apache server.

#3about 11 minutes

Gaining initial access with default credentials

After failed SQL injection attempts, access is gained by logging in with common default credentials and a path disclosure vulnerability is found via a malformed JSON.

#4about 13 minutes

Exploiting broken access control with cookie tampering

A base64-encoded cookie is manipulated to access another organization's data, and fuzzing reveals a hidden admin parameter to view sensitive information.

#5about 10 minutes

Reading sensitive files with a path traversal exploit

A known path traversal vulnerability in the Apache server is exploited to read the `/etc/passwd` file and a sensitive configuration file containing credentials.

#6about 1 minute

Achieving remote access via SSH with guessed credentials

Using the leaked username, the password from the configuration file is modified by incrementing the year to successfully log into the server via SSH.

#7about 21 minutes

Analyzing API logs to trace the attacker's steps

The defender analyzes API logs to identify failed SQL injection attempts, a successful login, parameter fuzzing, and cookie manipulation by observing response codes and body sizes.

#8about 15 minutes

Correlating web server and authentication logs

Apache and authentication logs are examined to find evidence of the nmap scan, the path traversal exploit, and the final successful SSH login after several failed attempts.

#9about 13 minutes

Demonstrating a SIEM for automated threat detection

A Security Information and Event Management (SIEM) tool is shown to automatically detect and flag suspicious activity, such as the nmap user agent, in real-time.

#10about 18 minutes

Summarizing vulnerabilities and key security recommendations

The workshop concludes with a summary of the attack chain and provides key recommendations for developers and defenders, such as patch management and maintaining high-quality logs.

Related jobs
Jobs that call for the skills explored in this talk.

Job ad Dark

SabIna compys

SabIna compys
Vienna, Austria

Remote
20-100K
Intermediate
JavaScript
.NET
+1

Matching moments

Hands-on security training for developers
04:38 MIN

Hands-on security training for developers

How GitHub secures open source

Applying security tools in test and delivery phases
05:25 MIN

Applying security tools in test and delivery phases

Securing Your Web Application Pipeline From Intruders

How attackers exploit developers and packages
05:43 MIN

How attackers exploit developers and packages

Vue3 practical development

Common attacks targeting software developers
05:49 MIN

Common attacks targeting software developers

Vulnerable VS Code extensions are now at your front door

A practical demonstration of exploiting IDOR vulnerabilities
14:52 MIN

A practical demonstration of exploiting IDOR vulnerabilities

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR

Examining high-impact path traversal exploits in the wild
02:38 MIN

Examining high-impact path traversal exploits in the wild

Hack-Proof The Node.js runtime: The Mechanics and Defense of Path Traversal Attacks

Exploring specific web vulnerabilities and filtering issues
03:17 MIN

Exploring specific web vulnerabilities and filtering issues

WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking

Live hack: Recreating the Apache Struts vulnerability
11:24 MIN

Live hack: Recreating the Apache Struts vulnerability

Stranger Danger: Your Java Attack Surface Just Got Bigger

Featured Partners

Related Videos

See all videos
Getting under the skin: The Social Engineering techniques43:56

Getting under the skin: The Social Engineering techniques

Mauro Verderosa

Stranger Danger: Your Java Attack Surface Just Got Bigger1:58:59

Stranger Danger: Your Java Attack Surface Just Got Bigger

Vandana Verma Sehgal

Walking into the era of Supply Chain Risks37:36

Walking into the era of Supply Chain Risks

Vandana Verma

Cracking the Code: Decoding Anti-Bot Systems!57:47

Cracking the Code: Decoding Anti-Bot Systems!

Fabien Vauchelles

Hack-Proof The Node.js runtime: The Mechanics and Defense of Path Traversal Attacks27:10

Hack-Proof The Node.js runtime: The Mechanics and Defense of Path Traversal Attacks

Sonya Moisset

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

You click, you lose: a practical look at VSCode's security29:47

You click, you lose: a practical look at VSCode's security

Thomas Chauchefoin & Paul Gerste

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
WeAreDevelopers LIVE days are changing - get ready to take part
Starting with this week's Web Dev Day edition of WeAreDevelopers LIVE Days, we changed the the way we run these online conferences. The main differences are:Shorter talks (half an hour tops)More interaction in Q&AA tips and tricks "Did you know" sect...
WeAreDevelopers LIVE days are changing - get ready to take part
CH
Chris Heilmann
Dev Digest 110 - XY marks the spotty security
This time we give you a collection of links about the XZ backdoor, solve the last CODE100 puzzle, announce the next round of it, let you play with colours and explain why Lava lamps are great to keep the web secure.News and ArticlesThe big piece of n...
Dev Digest 110 - XY marks the spotty security
CH
Chris Heilmann
Dev Digest 134 - Where pixels sing?
News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
Dev Digest 134 - Where pixels sing?

From learning to earning

Jobs that call for the skills explored in this talk.

WAD Dev Test

WAD Dev Test

Agency Name 1
Atlanta, United States of America

Remote
55-90K
Senior
Ruby
Backbone.js