security awareness training
TRANSCRIPT
SUMEDT JITPUKDEBODIN SENIOR WEB APPLICATION SECURITY SPECIALIST
NCLA,LPIC-1 ,COMPTIA SEC+,C|EH,ECPPT
Fundamental Of Computer Security
Who am I?
● Sumedt Jitpukdebodin ● Jobs
○ Senior Web Application Security Specialist @ACIS i-Secure ○ Instructor Of “Introduction to Ethical Hacking, Mastering in Exploitation” Course Of
CITEC ○ One Of Committee Of CSAT(Cyber Security Association of Thailand) ○ Writer Of Information Security and Linux forum of Hackazine ○ Writer Of “Hacking & Security – First Step Of Penetration Tester” Book.
● Hobby ○ Hacking ○ Whitehat ○ Writing
● Experience ○ Speaker in many universities ○ Speaker at “Hacker Secret #2,#3” seminar ○ Speaker at “Computer Security” seminar at BOI Fair. ○ Writer Of “How to pentest famous CMS” in Web App. Pentest Magazine. ○ Etc.
Threats Of Today
1. Social Engineering ○ Phishing ○ Owning with PDF
2. HTTP, HTTPS 3. Fake Wireless 4. Encryption Of Wireless Network 5. Strength Password 6. Fake Call Center 7. Social Network Threats
Phishing
● How ○ Spam mail ○ Same or similar interface
● For ○ Steal credential ○ Exploit the web browser
Phishing Video
● Example 1 ● Example 2 ● Real Case (http://r00tsec.blogspot.com/2012/04/phishing-
site.html)
Owning with PDF
● How ○ Exploit PDF Reader Software ○ Use the interesting name ○ Use the interesting content email
● For ○ Take the Bot ○ Compromise
Fake Wireless Access Point
● How ○ Similar name of true hotspot ○ Use ‘Public’ name
● For ○ Steal credential ○ Change destination to hacker website
Encryption Of Wireless
● Mode ○ Public ○ WEP
! RC4 Streaming Encryption ○ 64,128bits Encryption. ○ IV
○ WPA ! TKIP Encryption (Base on RC4) ! AES(Advance Encryption Standard) Encryption ! ICV
○ WPA2 ! AES Encryption
○ 256bit Encryption
○ *WPS(Wifi Protected Setup)
Strength Password
● 1 Website/Username/Password ● > 8 Characters ● Upper Case ● Lower Case ● Special Characters: @, #, !, $, etc. ● Not in dictionary and personal information, company
name.
Fake Call Center
● How ○ ถกูรางวลัตา่งๆ ○ คนืภาษี ○ หนี4บตัรเครดติ ○ แอบอา้งเป็น DSI
● Fr0m ○ จีน ○ ไต้หวัน
Example Of Social Network Threats
● Likejacking ○ Facebook User ○ Interesting Picture ○ Spread to friends and user’s group.