Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a...

60
Keren Elazari aka @K3r3n3

Transcript of Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a...

Page 1: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Keren Elazari aka @K3r3n3

Page 2: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 3: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

www.K3r3n3.com

Page 4: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

@K3r3n3

Page 5: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 6: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 7: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 8: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 9: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 10: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 11: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 12: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

� TAKE THE RED PILL?

Page 13: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 14: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 15: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 16: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 17: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 18: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Source : “25 Years Of Vulnerabilities: 1988-2012 Sourcefire Research Report”

Page 19: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 20: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 21: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Solution: Secure What Matters!

Page 22: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Life Rights CritInfr IP PII CCN

Counter- measures

Situational Awareness

Operational Excellence

Defensible Infrastructure

REPLACEABILITY

Original Model by Joshua Corman

Page 23: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

https://www.iamthecavalry.org/

Page 24: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 25: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 26: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Solution: Don’t Keep Your Bugs To Yourself

Page 27: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 28: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

https://bugcrowd.com/list-of-bug-bounty-programs

Page 29: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

The Internet Bug Bounty

https://hackerone.com/ibb

Page 30: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 31: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 32: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 33: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 34: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 35: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 36: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 37: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Solution: Stop, Collaborate and Share

Page 38: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 39: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 40: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 41: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Image by Chris Halderman CC BY 3.0

Page 42: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Solution : Empower The Masses

Image by Scoobay CC BY-NC-SA 2.0

Page 43: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 44: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 45: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 46: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 47: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 48: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Image: Crobis, The Economist

Page 49: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Solution: Mind The Gap

Page 50: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 51: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 52: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 53: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 54: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 55: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Secure What Matters

Don’t Keep Your Bugs To Yourself

Collaborate & Share

Empower The Masses

Stop The Spread Of FUD

Page 56: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Bonus Points: One Million

Security Professionals

Needed!

Source : Cisco 2014 Annual Security Report

Page 57: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 58: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 59: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,
Page 60: Keren Elazari aka @K3r3n3 - DEF CON Media Server CON 22/DEF CON 22...Empowering Hackers to Create a Positive Impact, Keren Elazari, DEFCON, DEF CON, Hacker, Security Conference, Presentations,

Kiosk Security - DEF CON

Kiosk Security - DEF CON

Detecting Blue Team Recon With Ads - media.defcon.org CON 26/DEF CON 26 presentations/DEF… · Title: DEF CON 26 Hacking Conference Author: DEF CON Speaker Subject: DEF CON 26 Presentation

Detecting Blue Team Recon With Ads - media.defcon.org CON 26/DEF CON 26 presentations/DEF… · Title: DEF CON 26 Hacking Conference Author: DEF CON Speaker Subject: DEF CON 26 Presentation

802.11 Massive Monitoring - Paper Conf/Defcon/2015/DEFCON … · managed by a Python framework ... DEF CON 23 Presentation ... Subject: DEF CON 23 Presentation Keywords: DEF CON Conference,

802.11 Massive Monitoring - Paper Conf/Defcon/2015/DEFCON … · managed by a Python framework ... DEF CON 23 Presentation ... Subject: DEF CON 23 Presentation Keywords: DEF CON Conference,

Infrared - Def Con

Infrared - Def Con

Hacking MANET - Def Con

Hacking MANET - Def Con

DEF CON 26 Hacking Conference - DEF CON Media Server CON 26/DEF CON 26 presentations/DEF… · started in late 2017 to prepare for the 2018 CCDC season. We ended up using the BETA

DEF CON 26 Hacking Conference - DEF CON Media Server CON 26/DEF CON 26 presentations/DEF… · started in late 2017 to prepare for the 2018 CCDC season. We ended up using the BETA

DEF CON 26 Voting Village - DEF CON® Hacking Conference CON 26 voting... · 2018-09-27 · DEF CON 26 Voting Village Report on Cyber Vulnerabilities in U.S. Election Equipment, Databases,

DEF CON 26 Voting Village - DEF CON® Hacking Conference CON 26 voting... · 2018-09-27 · DEF CON 26 Voting Village Report on Cyber Vulnerabilities in U.S. Election Equipment, Databases,

DEF CON 23 Presentation CON 23/DEF CON 23 presentations/DEF… · Don’t"believe"anything"I"Say • Also,"hold"those"around"you"accountable

DEF CON 23 Presentation CON 23/DEF CON 23 presentations/DEF… · Don’t"believe"anything"I"Say • Also,"hold"those"around"you"accountable

DEF CON 20 Run Down

DEF CON 20 Run Down

DEF CON 23 Presentation CON 23/DEF CON 23... · DEF CON 23 Presentation Keywords: DEF CON Conference, DEF CON, DEFCON, Speeches, Hacking, Hackers, Hacker Conference, Computer Security,

DEF CON 23 Presentation CON 23/DEF CON 23... · DEF CON 23 Presentation Keywords: DEF CON Conference, DEF CON, DEFCON, Speeches, Hacking, Hackers, Hacker Conference, Computer Security,

Cracking Cryptocurrency Brainwallets - DEF CON CON 23/DEF CON 23 presentations/DEF… · Cracking Cryptocurrency Brainwallets Ryan Castellucci ... pass a file with pubkeyhashs, ...

Cracking Cryptocurrency Brainwallets - DEF CON CON 23/DEF CON 23 presentations/DEF… · Cracking Cryptocurrency Brainwallets Ryan Castellucci ... pass a file with pubkeyhashs, ...

Download - Def Con

Download - Def Con

DEF CON 26 HACKING CONFERENCE CON 26/DEF CON 26 receipt.pdf · Title: DEF CON 26 HACKING CONFERENCE Author: DEF CON 26 Subject: DEF CON 26 RECEIPT Keywords: DEF CON Conference, DEF

DEF CON 26 HACKING CONFERENCE CON 26/DEF CON 26 receipt.pdf · Title: DEF CON 26 HACKING CONFERENCE Author: DEF CON 26 Subject: DEF CON 26 RECEIPT Keywords: DEF CON Conference, DEF

Eric Sesterhenn 2018 CON 26/DEF CON 26 presentations/DEFCON-26... · DEF CON 26 Hacking Conference Author DEF CON Speaker Subject DEF CON 26 Presentation

Eric Sesterhenn 2018 CON 26/DEF CON 26 presentations/DEFCON-26... · DEF CON 26 Hacking Conference Author DEF CON Speaker Subject DEF CON 26 Presentation

DEF CON 24 Hacking Conference CON 24/DEF CON 24 presentations/DEF CON 24...RDS-1 or "Stalin's Jet Engine" Inside knowledge of the Manhattan Project combined with looting Germany's

DEF CON 24 Hacking Conference CON 24/DEF CON 24 presentations/DEF CON 24...RDS-1 or "Stalin's Jet Engine" Inside knowledge of the Manhattan Project combined with looting Germany's

Abusing Firefox Extensions - DEF CON

Abusing Firefox Extensions - DEF CON

DEF CON 24 Hacking Conference CON 24/DEF CON 24 presentations/DEF… · •Dummy frame injection •Delaying acknowledgments ECU CAN High CAN Low ... #wireshark -X lua_script:ethcan.lua

DEF CON 24 Hacking Conference CON 24/DEF CON 24 presentations/DEF… · •Dummy frame injection •Delaying acknowledgments ECU CAN High CAN Low ... #wireshark -X lua_script:ethcan.lua

Keren Elazari aka @K3r3n3 - DEF CON · Keren Elazari: Hackers: the ... SECOND EDITION Norbert Wiener . y.airï4Ž @ Connect # Discover Curiosity Rover ... steal your secrets is

Keren Elazari aka @K3r3n3 - DEF CON · Keren Elazari: Hackers: the ... SECOND EDITION Norbert Wiener . y.airï4Ž @ Connect # Discover Curiosity Rover ... steal your secrets is

HACKING HOTEL KEYS - DEF CON CON 24/DEF CON 24 presentations/DEF… · HACKING HOTEL KEYS Security Consultant ... Researcher. 9About 11 years pen-testing, Security Research, ... 912

HACKING HOTEL KEYS - DEF CON CON 24/DEF CON 24 presentations/DEF… · HACKING HOTEL KEYS Security Consultant ... Researcher. 9About 11 years pen-testing, Security Research, ... 912

Secure Tokin’ & Doobiekeys - DEF CON CON 25/DEF CON 25... · 2020. 5. 16. · Insecure Boot Spliff Trusted Platform Module Doobiekey Altered State. Title: Untitled Author: DEF CON

Secure Tokin’ & Doobiekeys - DEF CON CON 25/DEF CON 25... · 2020. 5. 16. · Insecure Boot Spliff Trusted Platform Module Doobiekey Altered State. Title: Untitled Author: DEF CON