• Home

  • Documents

  • festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)
18

festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)
Page 2: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

• Web Application Security, Sviluppo di software sicuro,

Vulnerability Assessment, Analisi dei Rischi

• ♥

Giuseppe TROTTA

Page 3: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

LE APPLICAZIONI WEB VULNEARBILI

Mettere in pratica le conoscenze acquisite

Testare i vari strumenti

Page 4: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

LE APPLICAZIONI WEB VULNEARBILI

Page 5: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

Piattaforma dove creare, condividere e utilizzare applicazioni web

vulnerabili

Non sono solo contenuti gratuiti, ma veri e propri laboratori gratis

Niente da scaricare/installare. Solo il browser web

Accesso isolato ad ogni applicazione web vulnerabile

House of the rising sandbox!

HACK ME

Page 6: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

HACK ME

Page 7: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

Apprendimento pratico in laboratori virtuali

Online

Sicuro

Accesso ad una moltitudine di applicazioni COTS

per trovare nuovi exploit

In sandbox e in pochi secondi

Test degli ultimi exploit contro i CMS

Riproduzione dell’ambiente del cliente

Per chi e’

Page 8: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

Apprendimento pratico in laboratori virtuali

Online

Sicuro

Accesso ad una moltitudine di applicazioni COTS

per trovare nuovi exploit

In sandbox e in pochi secondi

Test degli ultimi exploit contro i CMS

Riproduzione dell’ambiente del cliente

Per chi e’

Page 9: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

HTML/PHP/JS/CSS..

0/1+

COME FUNZIONA

Page 10: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

Hai un ambiente sempre pulito e riservato

Nessuno può interferire con i tuoi strumenti

COME FUNZIONA

Page 11: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

IL MIO PRIMO HACKME

Page 12: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

(~3 con il Coliseum)

Sviluppare nuove funzionalità (PHP)

Migliorare interfaccia utente

Moderare i nuovi hackme

Creare nuovi hackme!

IL PROGETTO

Page 13: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

EXPLORING

Page 14: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

HACKING TIME

Page 15: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

HACKING LAB

Page 16: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

SCENARIO

Page 17: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)

SCENARIO

1

Attaccante

Utente

2

3

Page 18: festival ICT 2013: Hack.me The house of the rising sandbox (Speech + LAB: 90 minuti)
https://hack.me/
mailto:[email protected]
http://twitter.com/giutro
http://twitter.com/giutro
mailto:[email protected]
http://twitter.com/hackmeproject
http://twitter.com/hackmeproject

DISCLAIMER - Minuti Coffeeminuticoffee.com/wp-content/uploads/2018/01/Minuti-Franchise-Doc-v...Minuti & you... Minuti Coffee is a premium American/Italian coffee shop concept, combining

DISCLAIMER - Minuti Coffeeminuticoffee.com/wp-content/uploads/2018/01/Minuti-Franchise-Doc-v...Minuti & you... Minuti Coffee is a premium American/Italian coffee shop concept, combining

Documents
I Portici Hotel Bologna Bologna From Bologna Milano Venezia Padova Firenze Roma Napoli in treno by train 60 minuti 90 minuti 60 minuti 35 minuti 150 minuti 200 minuti in auto by car

I Portici Hotel Bologna Bologna From Bologna Milano Venezia Padova Firenze Roma Napoli in treno by train 60 minuti 90 minuti 60 minuti 35 minuti 150 minuti 200 minuti in auto by car

Documents
Sandbox workshop

Sandbox workshop

Education
MiniBox: A Two-Way Sandbox for x86 Native Code...Combine Sandbox and Isolation • Deploy sandbox in an isolated environment – Avoid porting effort – Sandbox exposes large interface

MiniBox: A Two-Way Sandbox for x86 Native Code...Combine Sandbox and Isolation • Deploy sandbox in an isolated environment – Avoid porting effort – Sandbox exposes large interface

Documents
Minuti rottamatutto

Minuti rottamatutto

Documents
Sandbox Helmets

Sandbox Helmets

Documents
Sandbox Portfolio

Sandbox Portfolio

Documents
DIGITAL SANDBOX WORKSHOP - Carnegie Mellon …sandbox/news/SDX2004_CAD_print.pdf1 DIGITAL SANDBOX WORKSHOP Summer 2004 Sandbox CAD Support Digital Sandbox Mission The virtual SoC design

DIGITAL SANDBOX WORKSHOP - Carnegie Mellon …sandbox/news/SDX2004_CAD_print.pdf1 DIGITAL SANDBOX WORKSHOP Summer 2004 Sandbox CAD Support Digital Sandbox Mission The virtual SoC design

Documents
Android sandbox

Android sandbox

Technology
Cuckoo sandbox

Cuckoo sandbox

Education
Innovation SANDBOX Operating Guidelines Sandbox_Operating... · Innovation Sandbox Operating Guidelines 1. Overview “Innovation Sandbox” is a testing environment where Fintech

Innovation SANDBOX Operating Guidelines Sandbox_Operating... · Innovation Sandbox Operating Guidelines 1. Overview “Innovation Sandbox” is a testing environment where Fintech

Documents
Healthcare Services Platform Sandbox. The HSPC Sandbox HSPC Sandbox Architecture : Scot Post van der Burg Asthma Ally

Healthcare Services Platform Sandbox. The HSPC Sandbox HSPC Sandbox Architecture : Scot Post van der Burg Asthma Ally

Documents
SANDBOX EXPERIMENTS

SANDBOX EXPERIMENTS

Documents
Strumenti di misura della temperatura nell'industria di ...Tempo di risposta > 3 minuti > 3 minuti > 3 minuti > 3 minuti < 3 minuti Classe di precisione ±1 % del valore

Strumenti di misura della temperatura nell'industria di ...Tempo di risposta > 3 minuti > 3 minuti > 3 minuti > 3 minuti < 3 minuti Classe di precisione ±1 % del valore

Documents
Sandbox Calibration

Sandbox Calibration

Documents
MINUTI - FrancoAngeli

MINUTI - FrancoAngeli

Documents
Enter Sandbox: Android Sandbox Comparison · Enter Sandbox: Android Sandbox Comparison Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, ... •Weaknesses in

Enter Sandbox: Android Sandbox Comparison · Enter Sandbox: Android Sandbox Comparison Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, ... •Weaknesses in

Documents
sandbox documento

sandbox documento

Documents
Gruppo minuti

Gruppo minuti

Documents
Inputs Verifier Tool (IVT) Sandbox Testing · • Scope of sandbox: Sandbox addresses only IVT. The following additional RY14 features are not part of the sandbox: • Reporting of

Inputs Verifier Tool (IVT) Sandbox Testing · • Scope of sandbox: Sandbox addresses only IVT. The following additional RY14 features are not part of the sandbox: • Reporting of

Documents
Due minuti Dedica due minuti a questa lettura, è molto bella

Due minuti Dedica due minuti a questa lettura, è molto bella

Documents
SandboxLIVE Maples PPT · Sandbox Social Media Sandbox Webinar Sandbox Resource Library Sandbox Exhibitor Academy Sandbox TV Sandbox LIVE. Sandbox Exchange. Sandbox Social Media

SandboxLIVE Maples PPT · Sandbox Social Media Sandbox Webinar Sandbox Resource Library Sandbox Exhibitor Academy Sandbox TV Sandbox LIVE. Sandbox Exchange. Sandbox Social Media

Documents
New Presentation Sandbox - WordPress.com...Menu MyFirst Presentation 8:35 PM Sandbox Key Word Sandbox Word Sandbox Word Records My First Presentation Search Dec 23 By DateBy Date A

New Presentation Sandbox - WordPress.com...Menu MyFirst Presentation 8:35 PM Sandbox Key Word Sandbox Word Sandbox Word Records My First Presentation Search Dec 23 By DateBy Date A

Documents
Science Sandbox

Science Sandbox

Education
Chromium Sandbox

Chromium Sandbox

Documents
sandbox informational

sandbox informational

Documents
VMWare Sandbox

VMWare Sandbox

Documents
Sandbox Experimentacion

Sandbox Experimentacion

Documents
Enter Sandbox: Android Sandbox Comparison - … Sandbox: Android Sandbox Comparison Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin

Enter Sandbox: Android Sandbox Comparison - … Sandbox: Android Sandbox Comparison Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin

Documents
Sandbox kiev

Sandbox kiev

Internet