nethemba profil
TRANSCRIPT
www.nethemba.com www.nethemba.com
Why choose
Nethemba s.r.o.
(company introduction)
Ing. Pavol Lupták, CISSP, CEH
www.nethemba.com
Who we are? a group of computer security experts from
Czech/Slovak republic with more than 10 years of experience
holders of world renowned security certifications – CISSP (Certified Information System Security Professional), CEH (Certified Ethical Hacker), SCSecA (Sun Certified Security Administrator), LPIC3 (Linux Professional Institute Certification)
www.nethemba.com
Our core business penetration tests comprehensive web application security audits design and implementation of ultrasecure and
highavailability systems security training & courses design and development of secure VoIP
solutions highly skilled Unix/Linux outsourcing
www.nethemba.com
Penetration tests a method of evaluating the security of a
computer system or network by simulating an attack by a malicious hacker
involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities and exploitation
experiences with almost all OS, smartphones, PDAs
OSSTMM methodology is used
www.nethemba.com
Penetration test approaches Black box a zeroknowledge attack no
relevant information about the target environment is provided, the most realistic external penetration test
White box a fullknowledge attack all the security information related to an environment and infrastructure is considered
Grey box a partialknowledge attack
www.nethemba.com
Penetration test phases Discovery information about the target system is identified
and documented (WHOIS service, public search engines, domain registrators, etc.)
Enumeration using intrusive methods and techniques to gain more information about the target system (port scanning, fingerprinting)
Vulnerability mapping mapping the findings from the enumeration to known and potential vulnerabilities
Exploitation attempting to gain access through vulnerabilities identified in the vulnerabilitymapping phase. The goal is to gain userlevel and privileged (administrator) access to the system (custom exploit scripts or exploit frameworks are used)
www.nethemba.com
Comprehensive web application audits the most comprehensive and deepest web
application audit on Czech/Slovak market strictly follows the OWASP Testing Guide practical hacking demonstration (writing exploit
codes, database dump, XSS/CSRF demonstration etc)
oneday meeting with application's developers comprehensive report in English/Czech/Slovak
www.nethemba.com
OWASP involvement OWASP (Open Web Application Security
Project) – the biggest and most respected free and open application security community
our employees are OWASP chapter leaders for Czech and Slovak republic attending OWASP security conferences / trainings
we are OWASP Testing Guide (the best web application security testing guide) contributors
www.nethemba.com
Advanced security testing comprehensive source code audit wireless network testing smartphone / PDAs testing war dialing social engineering
www.nethemba.com
Ultra secure OSes experts in design and implementation of ultra
secure OS (NSA SELinux, TrustedBSD, Trusted Solaris)
suitable solution for highrisk critical environment (banks, insurance companies)
providing full support and outsourcing of these systems
www.nethemba.com
Customized security solutions LAMP security hardening configuration and implementation of: WAF (Web Application Firewalls) IDS (Intrusion Detection System) and IPS
(Intrusion Prevention System) Honeypot & Honeynet we are vendor independent and unbiased !
www.nethemba.com
Loadbalanced and highavailability clusters
design and implementation of big multiservers redundant loadbalancer and high availability clusters
based on Linux or any Unix system ideal solution for the most visited web portals,
database clusters or redundant mail servers that require high availability and security
www.nethemba.com
AntiDDoS hardening suitable for customers that are threatened by
strong Distributed Denial Of Service attacks (online casinos, banks, popular eshops)
provide antiDDoS server housing design and implementation of geographical
clusters own antiDDoS plugin to HAProxy (load
balancer) development
www.nethemba.com
VoIP design and implementation design and implementation of complex VoIP
call centers based on Asterisk and OpenSER focused on VoIP security (secure encrypted
calls, secure authentication) we are Asterisk contributors (responsible for
T38 fax gateway development) ideal for companies that do not trust their PSTN
lines or mobile phones
www.nethemba.com
Security training & courses we offer security training and courses in many
security areas including: web application security secure programming wireless network security ultra secure NSA SELinux penetration tests & web application hacking
www.nethemba.com
Highly skilled Unix/Linux outsourcing
highly skilled and certified administrators support of all UNIX systems permanent monitoring of availability, security
patches etc. good SLA conditions, 24x7 web / email /
telephone support still on the top of “bleedingedge” technologies
www.nethemba.com
Security Research I we have cracked the most used Czech and
Slovak Mifare Classic smartcards we are the first ones in the world who have
implemented and publicly released our own Mifare Classic Offline Cracker that can gain all keys to all sectors from 1 billion smartcards(!!!) in a few minutes
see https://www.nethemba.com/research
www.nethemba.com
Security research II we have revealed a serious inherent
vulnerability in public transport SMS tickets which is described in our paper “Public transport SMS ticket hacking”
Public transport companies in Prague, Bratislava, Vienna, Kosice, Usti nad Labem are still vulnerable
we are open for any security research
www.nethemba.com
Presentations at security conferences
our employees are frequent presenters on many worldrenowned security conferences (Confidence, Hacking At Random, SASIB, Network Security Congress, OpenWeekend, Barcamp, CVTSS, ..)
do not miss our upcoming presentation about “Mifare Classic Attacks in Practice” at Confidence 2.0 in Warsaw
www.nethemba.com
References TMobile Czech Republic a.s.
NBS (National Bank of Slovakia)
ICZ, a.s
ITEG, a.s.
IPEX a.s.
Limba s.r.o.
Profesia, AUTOVIA, ui42, Ringier Slovakia, KROS, Pantheon Technologies, Avion Postproduction, Faculty of Philosophy / Comenius University etc.
www.nethemba.com
Any questions?
Thank you for listening
Ing. Pavol Lupták, CISSP CEH