Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Come to the dark side, they have cookies

Tim Nash
April 06, 2019

Come to the dark side, they have cookies

Everyone should be a little bit worried about the security of their site, and at conferences, lots of security talks focus on practical steps people can take.

In this talk, Tim will flip the norms and instead focus on several real examples of sites being hacked but from the attackers perspective. We will see the whole attacks from the bad actors view identifying targets, analysing vulnerable sites, adding payload, exploiting in doing so showing how sites are infected, how some tools do prevent certain attacks and how clever and indeed not so clever bad actors can circumvent lots of hardening done.

Each step we can analyse what could have been put in place to prevent and frustrate the attack and then look at how this can be implemented on your site.

Tim Nash

April 06, 2019
Tweet

More Decks by Tim Nash

Other Decks in Education

Transcript

  1. Client email Hi, we are going to be on the

    One Show in about two hours. Do you need to do anything?
  2. function df_save_options() { $fields = $_REQUEST; foreach($fields as $key =>

    $field) { if($key!="action") { echo $key."-".$field; update_option($key,$field); } } die(); } Totally legit...
  3. WordPress Platform Lead 
 at 34SP.com Former Pen Tester co-run

    WordPress Leeds Ran a small dev agency Speaks about security 
 around the country
  4. Take aways from TV wonder Use a child theme Regularly

    code audit Have control of your WAF Get a disaster plan in place
  5. Small print firm moved online Mom and Pop shop
 Uses

    a single WordPress site Shared hosting
 No in house "dev" team
  6. [+] Name: jetpack - v6.3.2 | Latest version: 6.3.2 (up

    to date) | Last updated: 2018-07-04T10:01:00.000Z | Location: https://magazine.com/wp-content/plugins/jetpack/ | Readme: https://magazine.com/wp-content/plugins/jetpack/ readme.txt | Changelog: https://magazine.com/wp-content/plugins/jetpack/ changelog.txt
  7. [+] Name: jetpack - v6.3.2 | Latest version: 6.3.2 (up

    to date) | Last updated: 2018-07-04T10:01:00.000Z | Location: https://magazine.com/wp-content/plugins/jetpack/ | Readme: https://magazine.com/wp-content/plugins/jetpack/ readme.txt | Changelog: https://magazine.com/wp-content/plugins/jetpack/ changelog.txt
  8. Please update your site at timstest.ismysite.co.uk to WordPress 4.9.7. Updating

    with Jetpack installed is easy and only takes a few moments: https://jetpack-wordpress.com/update/ timstest.isymsite.co.uk If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help. https://wordpress.org/support/ Keeping your site updated is important for security. It also makes the internet a safer place for you and your readers. The WordPress Team
  9. >> From: WordPress.com <[email protected]> >> Date: 21 September 2018 at

    05:18:53 BST >> To: [email protected] >> Subject: wordpress database upgrade required ! >> >> >> >> DataBase Upgrade Required >> >> Dear Customer, >> >> Your WordPress database is out-of-date, and must be upgrade before 29/09/2018. >> >> The upgrade process may take a while, so please be patient. >> >> Click here to Upgrade Wordpress >> >> >> Download our free mobile app today. >> View stats, moderate comments, create and edit posts, and upload media. >> Click here to learn more. >> Automattic Inc. | 60 29th St. #343, San Francisco, CA 94110
  10. Take aways from our spear phishing attack Never click untrusted

    links Enable two-factor authentication Limit administrator users Don't use the same password on ever site
  11. <?php .... // ** MySQL settings ** // /** The

    name of the database for WordPress */ define( 'DB_NAME', 'watford' ); /** MySQL database username */ define( 'DB_USER', 'watford' ); /** MySQL database password */ define( 'DB_PASSWORD', 'totallysecure' ); /** MySQL hostname */ define( 'DB_HOST', 'db.watfordcharity.com' );
  12. Take aways from our slider attack Always keep things up

    to date Never rely on themes licenses to get bundled plugins The DB is not a safe place to store credentials
  13. E-commerce site hack WooCommerce Powered Hop 100s of customers Small

    Dev Team Custom Theme and a range of plugins
  14. Take aways from our SQL attack Custom Code is our

    responsibility Never Rely on a WAF thats in the application Always check endpoints for SQL injections
  15. Poisoning the well Small blogger Running WordPress the first time

    Get's supports mainly from Facebook forums
  16. Take aways from our poison well If someone says there

    an issue, DO NOT DISMISS IT Help people to understand security Security is everyone responsibility