Explain Hacking in 10 minutes Lorenzo Grespan. OWASP Newcastle November 2017

Similar documents
Oxford compiles top 10 irritating phrases

About the Author. Support. Transcript

IoT and the Implications for Security Inside and Outside the Enterprise. Richard Boyer CISO & Chief Architect, Security

5 girls sitting in classroom and 1 teacher. (In a car: Mom, dad, 2 kids)

The Most Discouraged Christian Ever by Rene Gutteridge

Judy Croon. View Speaker Profile. Language Spoken. Travel s From

10 Steps To Effective Listening

I'm going to keep things simple. The main purpose of this tactic to show that how the story is framed makes a big difference.

Phase III & IV. appreciation. Tia Blunden grad project process book

The Art and Science of Technical Presentations

6 Public Speaking Tips for Conquering Your Fear and Captivating Your Audience

Copyright Corwin 2017

The Talent Store. by Rene Gutteridge. Cash register and table Cash Three colorful sacks of different sizes Three boxes of different sizes

Operating Instructions DCI-50-CT Cable Identifier

100% Effective Natural Hormone Treatment Menopause, Andropause And Other Hormone Imbalances Impair Healthy Healing In People Over The Age Of 30!

The Doctors Book Of Humorous Quotations, 1e By Howard J. Bennett MD READ ONLINE

Presentations- Correct the Errors

Operating Instructions DCI-50-CT Cable Identifier

The Meaningless-Filler Gratuitous-Phrases Vocabulary List: - How Your Demos Are Impacted by, um, like, you know, the Words You Use

Toner [Laughing] And this week I am very excited because I am recording a piece for In Touch. [Laughter]

TALKING ABOUT MOVIES, -ED / -ING ADJECTIVES, EXTREME ADJECTIVES

-1- It's Up To You: Choose Your Own Adventure

Jacob listens to his inner wisdom

Alice in Wonderland, Jr. Dallastown Area Middle School 2018 Musical February 22-24, 2018

I Wish I Had... Preparatory Reading TALK ABOUT REGRETS, UNREAL PAST CONDITIONAL, EXPRESSING REGRETS

KNX Dimmer RGBW - User Manual

Securing IoT in the Enterprise

Next Level Practitioner

Control devices and functions

Ten Tips to Prepare Yourself to Get In Front Of A Crowd And WOW Them Out Of Their Seats

How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling

Pronouns. *when nouns go pro*

+ It s My Life, Bon Jovi. + Song Choice

Feeling Your Feels, or the Psychoanalysis of Group Critiques

CS 5014: Research Methods in Computer Science

MetaLib and Your Resources

Lovereading4kids Reader reviews of Diary of a Wimpy Kid: Double Down by Jeff Kinney

Liberty View Elementary. Social Smarts

Tinnitus-Terminator.com 1

Playing Piano By Ear Practice Guide Chord Style Piano Made Easy

WHEN AMOEBAS ATTACK By Jerry Rabushka

BOBBY S BRAIN A Comedy In One Act By Bruce Kane

Graphic Features of Text-based Computer-Mediated Communication

Female Psychic Attack

Duncan Wheeler, Associate Professor, Spanish Literature. How do you make sure your students can relate to your subject?

ANDROID LOVE ROBERT A. BRAVERMAN

Buy The Complete Version of This Book at Booklocker.com:

Google delays book scanning

ASB Active Signal Box - CROSSOVER (July 2013)

A Mann s Guide to getting healthier on the inside. Rick Plant Healthy Prison Coordinator

DOWNLOAD OR READ : FUNNY QUESTIONS TO ASK MYSELF PDF EBOOK EPUB MOBI

A Fourth Grade Nevada Sparkler

HOW TO ENJOY LIFE. We didn t ask to be born, but now that we re alive we should enjoy life to the fullest maximum. 1. Make art

Music. Making. The story of a girl, a paper piano, and a song that sends her soaring to the moon WRITTEN AND ILLUSTRATED BY GRACE LIN

The Art & Science of Technical Presentations. Frank J. De Gilio IBM Corporation August 9, 2012 Session: 11747

EPISODE 26: GIVING ADVICE. Giving Advice Here are several language choices for the language function giving advice.

HTP1502W1 Remote Controlled Multicolor Lighting System

YOUR CHRISTIANITY IS SHOWING!

VAI. Instructions Answer each statement truthfully. Your records may be reviewed to verify the information you provide.

Survival Theory: A Preparedness Guide PDF

Telephone Messages: Evidences of Harvesting Organs from Live Falun Gong Practitioners in China

CORPORATE IDENTITY PROGRAM

Drug giant Merck loses negligence case

Living With Each Energy Type

Contents Introduction Safety Cleaning Connections Cartridge gain and loading Technical specification Fig.1 PS.30R/ PS.30RDT rear panel Fig.

First Steps TM Baby Walker

An Introduction to PHP. Slide 1 of :31:37 PM]

Experience Shevet Achim

CS 61C: Great Ideas in Computer Architecture

AUDITION WORKSHOP By Prof. Ken Albers, Milwaukee Repertory Theatre. The two most important elements for the actor in any audition process are:

EM7680 TV Streamer powered by LibreELEC Kodi

Infographic: Would You Want a Robot for a Friend? p. 2. Nonfiction: The Snake That s Eating Florida, p. 4

Writing a literature review for a research paper. Teaching My Elementary School Teacher Good research Everyone has written an For in his paper..

About You: How Music Affects Your Moods

Silly vs. Funny. But Friends can still be funny with each other. What is the difference between being Silly and being Funny?

10 COMEDY CONCEPT EXCERCISES. 1. The Switch This comedy starting point has antecedents. in stories like The Prince and the Pauper and the movie,

Little Jack receives his Call to Adventure

`Health Literacy Quizzes Project

Power Performance Drill Upgrades. TorqReg. ARDVARC Advanced Rotary Drill Vector Automated Radio Control. Digital Drives Upgrade

Here is a short recap of the steps of this program:

Study Notes: Pull the Finger out

Humor in the Learning Environment: Increasing Interaction, Reducing Discipline Problems, and Speeding Time

Essentials to a benchmark humourous contest speech

Men In Black. J I'm just saying it was cold. I think she kind of liked me.

Heart Department. by Johnny Baker, Eddie James, and Tommy Woodard

Digital Initiatives & Scholar Commons

SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings.

Fly Away Home Literary Essay #1 By: Brendan VerLee & Trey Wayment

Using the Brain to Learn, Laugh, and Continuously Improve

Pink Elephants Running Amuck

Skills 360 Levels of Formality in English (Part 2)

EM7580 TV Streamer powered by OpenELEC Kodi

articles 1

E4P EFFECTUATION THEORY and LEAN STARTUP

AMERICAN NATIONAL STANDARD

TINNITUS & HYPERACUSIS THERAPY MASTERCLASS

Bringing an all-in-one solution to IoT prototype developers

Personality Portrait. Joyce Ma and Fay Dearborn. November 2005

Dave Barry Is From Mars And Venus PDF

IoT Toolbox Mobile Application User Manual

Transcription:

Explain Hacking in 10 minutes Lorenzo Grespan OWASP Newcastle November 2017

The Challenge Do a live hack In front of a public audience Business students and academics Ten minutes Bonus points: in a different language

Live hacking demo LORENZO GRESPAN

In popular culture

What my parents think I do https://www.teachprivacy.com/wp-content/uploads/hacker-8.jpg

What I want to do sometimes http://gizmodo.com/why-hollywood-hacking-is-so-hilariously-horrible- 1524469666

Reality

CYA warning It s illegal to hack We have SIGNED permission https://c1.staticflickr.com/1/436/18742779822_67c359ba21_b.jpg

Target Sample e-commerce website Contains vulnerabilities https://github.com/rapid7/hackazon

Typical web application set-up

The attacker s perspective What is the objective? Disrupt business Exfiltrate intellectual property Gain control of the network ( persistence ) Use as a stepping stone towards other targets (suppliers, customers) Implant ransomware

Demo Time!

The penetration tester s perspective Report the problem to the customer Evaluate its risk: from informative.. to critical Provide proof-of-concept Avoid damage! Suggest remediation Re-test: validation of fixes

Understanding risk Risk: odds known Uncertainty: odds unknown When it comes to security, companies often are uncertainty averse rather than risk averse Informed decisions require data points or information on the odds A penetration test helps in quantifying the risks

End (of part 1)

Part 2: let s talk about the talk META META META META META

About me Now Finding bugs (a.k.a. penetration tester ) Previously Making bugs (a.k.a. developer ) Something something patient safety in robotic surgery something UNIX guy, networking, OpenBSD Also Computers > People* Technical accuracy > Marketing Definitely an impostor, shouldn t be here, no idea what I m doing

Challenge & buts Do a live hack OMG DEMO In front of a public audience What if it goes wrong? Business audience They ll never understand what I am doing Ten minutes Yea, right

But! I can t explain hacking in 10 minutes I ll need to explain all the basics What is a website What is a server What is a firewall What is a reverse connection What is a database What is SQL What is source code What is an image Why an image is not an image What is that black blinking thing Why am I wearing a hoodie

Turns out Nobody really cared about the technical details Because: It s either too fast to follow Or too simple If you have the same technical background and can follow all technical details, you are probably doing the presentation Most people just nod during a presentation What my (non technical) audiences wanted were emotions

What did not get the point across Hackery things

What maybe got the point across Source code? Database access?

What was necessary (but nobody looked at) Blah blah diagrams blah

What got the point across? This: I had no idea what you were doing until I saw the price change So it s really not like in the movies?! What was that black screen anyway?

Post-talk chill What my audience remembered: Emotions: Fear (OMG HAX0RZ) Laughter (LOL hoodie) The close to home feeling Common ground/experience (e-commerce) Colour Price tag

Lessons Learned (1) Watching myself on video is cringeworthy and embarrassing And the best way to improve Kinda like potty training Let s not go there, shall we Technical accuracy helps me feel better Not the audience Practice the talk blindfolded Don t read from the slides

Lessons Learned (2) Pushing myself out of my comfort zone made me a better tester Because I can explain things better IRL So I write better reports Which make the customer happier More interesting challenges When talking to a non-technical audience there s no right answer Real life does not compile And you can t make nerd jokes to non techies Because they re boring

Take home messages Talk to non techies about your work Practice on friends and relatives first Stop when their eyes start glazing over You can t explain everything The brain fills in the gaps Be memorable ( hack the human brain ) Accent Clothing Humour!= nerd jokes Yes that was a nerd joke Get out of your comfort zone: record yourself on video We re all impostors anyway

Thank you. 0800 231 5977 enquiries@secarma.co.uk

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback