최근 자료이면 좋겠지만 오래된 자료입니다. 최근에 일어나는 중국발 해킹과는 부분적으로 다른 점이 많습니다. 하지만 이 파일안에서도 유용하고 쓸모있는 부분이 존재합니다.

예전과 비슷한 부분도 다른점 만큼이나 많기 때문입니다. 참고용 문서로 보시면 좋을 것 같습니다.


아이피를 역추적한다고 적혀있었습니다만, 역추적보다는 해외아이피에 대해서 빠르게 파악해서 방어하는 것에 중점을 두고 있습니다.

해외아이피를 차단함으로써 다른 보안 문제를 막는 것이지요. 물론 해외접속자가 차단이 되어 불편할 수 있겠지만, 은행사이트는 대부분 국내에서 이루어 지는 점을 본다면 해외접속자 차단의 불편함보다는 돈을 지킬수 있는 보안이 더 크다고 보여집니다.


관리의 편의성을 위하여 제공하는 아파치의 서비스인 디렉토리 리스닝이 취약점이 많아서 논란이 되기도 했습니다.

개인적으로 중요한 파일이 있는 서버가 아닌이상 저는 리스닝을 자주 쓰는 편입니다.(ftp 접속없이 디렉토리 구조 파악이 가능합니다.) 그런데 이것이 익명으로도 접속을 할 수 있기 때문에가 문제인 것이지요.

실제로 웹쉘이 설치된 서버를 찾기 위해서 구글에서 디렉토리 리스닝 검색을 통하여 알아내기도 합니다.

대부분의 중요 게임서버에서는 디렉토리 리스닝을 끄고 있는데, 끄지 않은 몇몇 서버가 해킹당한 사례를 잘 정리한 흥미있는 PDF 파일입니다.


리버싱 하시는 분들에게 매우 유용하게 쓰일 것 같습니다. EAX 같은 레지스터 용어를 SIS 카페 어느분께서 깔끔하게 정리해 놓으셨습니다.

저도 프린트해서 사용해야 겠네요. 요즘 리버싱을 배우고 있고.....




출처 : http://cafe.naver.com/nsis/46493

Defacon 18 에서 발표되었던 발표자료, 오디오파일, 비디오 파일 등이 제공되고 있습니다.

 

http://contagiodump.blogspot.com/2010/09/defcon-18-audio-in-mp3-files.html

발표 자료들 : http://www.defcon.org/html/links/dc-archives/dc-18-archive.html

 

TRACK 1
  1. Track-1_Perspectives_in_Cybersecurity_and_Cyberwarfare_Max_Kelly
  2. Track 1 Meet the Feds - CSITCPIP Panel
  3. Track 1 DNS Systemic Vulnerabilities and Risk Management A Discussion Panel
  4. Track 1 Meet the Feds - Policy, Privacy, Deterrence and Cyber War Panel 
  5. Track 1 Enough Cyber Talk Already! Help Get this Collaboration Engine Running Riley Repko 
  6. Track 1 Open Letter - Call to Action Panel
  7. Track 1 Of Bytes and Bullets Panel 
  8. Track 1 Exploiting WebSphere Application Server’s JSP Engine Ed Schaller
  9. Track 1 Mastering the Nmap Scripting Engine Fyodor David Fifield
  10. Track 1 Meet the EFF Kevin Bankston- Eva Galperin- Jennifer Granick- Marcia Hofmann- Kurt Opsahl
  11. Track 1 Black Ops Of Fundamental Defense Web Edition Dan Kaminsky
  12. Track 1 Legal Developments in Hardware Hacking Jennifer Granick Matt Zimmerman
  13. Track 1 App Attack Surviving the Mobile Application Explosion Kevin Mahaffey John Hering
  14. Track 1 This is Not the Droid You’re Looking For Nicholas J. Percoco- Christian Papathanasiou
  15. Track 1 Practical Cellphone Spying Chris Paget
  16. Track 1 HD Voice - The Overdue Revolution Doug Mohney
  17. Track 1 These Aren’t the Permissions You’re Looking For  Anthony Lineberry- David Luke Richardson- Tim Wyatt
  18. Track 1 Mobile Privacy Tor on the iPhone and Other Unusual Devices Marco Bonetti
  19. Track 1 Resilient Botnet Command and Control with Tor
  20. Track 1 Ripping Media Off Of the Wire HONEY
  21. Track 1 The Search for Perfect Handcuffs... and the Perfect Handcuff Key Deviant Ollam- Dave- Dr. Tran- Ray
  22. Track 1 Attack the Key, Own the Lock Schuyler Towne- datagram
  23. Track 1 PCI Compromising Controls and Compromising Security Jack Daniel Panel
  24. Track 1 How I Met Your Girlfriend Samy Kamkar
  25. Track 1 Decoding reCAPTCHA Chad Houck- Jason Lee
  26. Track 1 So Many Ways to Slap A Yo-Ho Xploiting Yoville and Facebook for Tom Stracener Strace- Sean Barnum- Chris Peterson
  27. Track 1 Social Networking Special Ops Extending Data Visualization Tools The Suggmeister
  28. Track 1 Getting Social with the Smart Grid Justin Morehouse Tony Flick
TRACK 2

  1. Track 2 An Examination of the Adequacy of the Laws Related to Cyber Warfare Dondi West
  2. Track 2 Balancing the Pwn Trade Deficit Val Smith- Colin Ames- Anthony Lai
  3. Track 2 Build Your Own Security Operations Center for Little or No Money
  4. Track 2 Cloud Computing, a Weapon of Mass Destruction David VideoMan- M. N.Bryan- Michael Anderson
  5. Track 2 Cyber CrimeWarCharting Dangerous Waters Iftach Ian Amit
  6. Track 2 Cyberterrorism and the Security of the National Drinking Water Infrastructure John McNabb
  7. Track 2 Drivesploit Circumventing Both Automated AND Manual Wayne Huang
  8. Track 2 Exploiting SCADA Systems Jeremy Brown
  9. Track 2 Hacking and Protecting Oracle Database Vault Esteban Martínez Fayó
  10. Track 2 Hacking Oracle From Web Apps
  11. Track 2 How Unique Is Your Browser Peter Eckersley
  12. Track 2 Industrial Cyber Security Wade Polk- Paul Malkewicz- J. Novak
  13. Track 2 Kim Jong-il and Me How to Build a Cyber Army to Defeat the U.S. Charlie Miller
  14. Track 2 Lord of the Bing Taking Back Search Engine Hacking Rob Ragan- Francis Brown
  15. Track 2 Multiplayer Metasploit Tag-Team Penetration and Information Gathering Ryan Linn
  16. Track 2 NoSQL, No Injection Wayne Huang, Kuon Ding
  17. Track 2 Passive DNS Hardening Robert Edmonds- Paul Vixie
  18. Track 2 Powershell...omfg David Kennedy ReL1K-, Josh Kelley
  19. Track 2 SCADA and ICS for Security Experts How to Avoid Cyberdouchery James Arlen
  20. Track 2 Seccubus - Analyzing Vulnerability Assessment Data the Easy Way Frank Breedijk
  21. Track 2 SHODAN for Penetration Testers Michael Schearer
  22. Track 2 Tales from the Crypto G. Mark Hardy
  23. Track 2 The Night The Lights Went Out In Vegas Demystifying The Night The Lights Went Out In Vegas Demystifying  Barrett Weisshaar, Garret Picchioni
  24. Track 2 The Power of Chinese Security Anthony Lai-Jake Appelbaum- Jon Oberheide.
  25. Track 2 Token Kidnapping's Revenge Cesar Cerrudo
  26. Track 2 Toolsmithing an IDA Bridge, Case Study for Building a RE tool Adam Pridgen, Matt Wollenweber
  27. Track 2 Wardriving the Smart Grid Practical Approaches to Attacking Utilit Shawn Moyer- Nathan Keltner
  28. Track 2 You Spent All That Money and You Still Got Owned Joseph McCray
TRACK 3
  1.     Track 3 0box Analyzer AfterDark Runtime Forensics for Automated Malware Analysis and Clustering Wayne Huang, Jeremy Chiu, Benson Wu
  2.     Track 3 A New Approach to Forensic Methodology - !!BUSTED!! Case Studies David C. Smith, Samuel Petreski
  3.     Track 3 Advanced Format String Attacks Paul Haas
  4.     Track 3 An Observatory for the SSLiverse Peter Eckersley, Jesse Burns
  5.     Track 3 Bad Memories Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, Dan Boneh
  6.     Track 3 Big Brother on the Big Screen FactFiction Nicole Ozer, Kevin Bankston
  7.     Track 3 Browser Based Defenses James Shewmaker
  8.     Track 3 Changing Threats To Privacy From TIA to Google Moxie Marlinspike
  9.     Track 3 Connection String Parameter Attacks Chema Alonso, José Palazón "Palako"
  10.     Track 3 Constricting the Web Offensive Python for Web Hackers Nathan Hamiel, Marcin Wielgoszewski
  11.     Track 3 Exploiting Internet Surveillance Systems Decius
  12.     Track 3 FOCA2 The FOCA Strikes Back Chema Alonso, José Palazón "Palako"
  13.     Track 3 Hacking DOCSIS For Fun and Profit Blake Self, bitemytaco
  14.     Track 3 Hacking Facebook Privacy Chris Conley
  15.     Track 3 How To Get Your FBI File (and Other Information You Want from the Federal Government) Marcia Hofmann
  16.     Track 3 How to Hack Millions of Routers Craig Heffner
  17.     Track 3 masSEXploitation Michael Brooks "The Rook"
  18.     Track 3 Open Source Framework for Advanced Intrusion Detection Solutions Patrick Mullen, Ryan Pentney
  19.     Track 3 Our Instrumented Lives Sensors, Sensors, Everywhere...Greg Conti
  20.     Track 3 pyREtic - In-memory Reverse Engineering for Obfuscated Python Bytecode Rich Smith
  21.     Track 3 Repelling the Wily Insider Matias Madou, Jacob West
  22.     Track 3 Search & Seizure & Golfballs Jim Rennie, Eric Rachner
  23.     Track 3 The Anatomy of Drug Testing Jimi Fiekert
  24.     Track 3 The Law of Laptop Search and Seizure Jennifer Granick, Kevin Bankston, Marcia Hofmann, Kurt Opsahl
  25.     Track 3 This Needs to be Fixed, and Other Jokes in Commit Statements Bruce Potter, Logan Lodge
  26.     Track 3 WPA Too Md Sohail Ahmad
  27.     Track 3 Your ISP and the Government Best Friends Forever Christopher Soghoian
TRACK 4
  1. track 4    Breaking Bluetooth by Being Bored JP Dunning
  2. track 4    Build a Lie Detector/Beat a Lie Detector Rain- urbanmonkey
  3. track 4    Build your own UAV 2.0 - Wireless Mayhem from the Heavens Michael Weigand- Renderman- Mike Kershaw
  4. track 4    Bypassing Smart-Card Authentication and Blocking Debiting Vulnerabilities in Atmel Cryptomemory-Based Stored-Value Systems Jonathan Lee- Neil Pahl
  5. track 4    DCFluX in: Moon-Bouncer Matt Krick
  6. track 4    Deceiving the Heavens to Cross the Sea Using the 36 Stratagems for Social Engineering Jayson E. Street
  7. track 4    Exploitation on ARM - Technique and Bypassing Defense Mechanisms Itzhak “zuk”” Avraham
  8. track 4    Exploiting Digital Cameras Oren Isacson- Alfredo Ortega
  9. track 4    ExploitSpotting: Locating Vulnerabilities Out of Vendor Patches Automatically Jeongwook Oh
  10. track 4    Extreme-Range RFID Tracking Chris Paget
  11. track 4    Function Hooking for Mac OSX and Linux Joe Damato
  12. track 4    Getting Root: Remote Viewing- Non-Local Consciousness Richard Thieme
  13. track 4    Hacking with Hardware: Introducing the Universal RF Usb Keboard Emulation Device - URFUKED Monta Elkins
  14. track 4    How Hackers Won the Zombie Apocalypse Dennis Brown
  15. track 4    Implementing IPv6 at ARIN Matt Ryanczak
  16. track 4    Insecurity Engineering of Physical Security Systems: Locks- Lies- and Videotape Marc Weber Tobias- Tobias Bluzmanis- Matt Fiddler
  17. track 4    IPv6: No Longer Optional John Curran
  18. track 4    Jackpotting Automated Teller Machines Redux Barnaby Jack
  19. track 4    Live Fire Exercise: Baltic Cyber Shield 2010 Kenneth Geers
  20. track 4    Physical Computing- Virtual Security: Adding the Arduino Microcontroller Leigh Honeywell- follower
  21. track 4    Physical Security Youre Doing It Wrong A.P. Delchi
  22. track 4    Programmable HID USB Keystroke Dongle Using the Teensy as a Pen Testing Device Adrian Crenshaw
  23. track 4    SMART Project: Applying Reliability Metrics to Security Vulnerabilities Blake Self- Wayne Zage- Dolores Zage
  24. track 4    VirGraff101: An Introduction to Virtual Graffiti Tottenkoph
  25. track 4    We Don’t Need No Stinkin Badges: Hacking Electronic Door Access Controllers Shawn Merdinger
  26. track 4    Weaponizing Lady GaGa- Psychosonic Attacks Brad Smith
  27. track 4    Web Services We Just Don’t Need Mike “mckt” Bailey
  28. track 4    Welcome and Making the DEF CON 18 Badge Dark Tangent- Joe Grand
TRACK 5
  1. Track 5 Air Traffic Control Insecurity 2.0 Righter Kunkel
  2. Track 5 Antique Exploitation aka Terminator 3.1.1 for Workgroups Jon Oberheide
  3. Track 5 Be a Mentor Marisa Fagan
  4. Track 5 Blitzableiter - the Release Felix FX Lindner
  5. Track 5 ChaosVPN for Playing CTFs mc.fly, ryd, vyrus, no_maam
  6. Track 5 Crawling BitTorrent DHTs for Fun Scott Wolchok
  7. Track 5 Defcon Security Jam III: Now in 3-D Panel
  8. Track 5 Electronic Weaponry or How to Rule the World While Shopping at Radio Shack Mage2
  9. Track 5 Evilgrade, You Still Have Pending Upgrades Francisco Amato- Federico Kirschbaum
  10. Track 5 Facial Recognition: Facts, Fiction; and Fcsk-Ups Joshua Marpet
  11. Track 5 FOE‚ The Release of Feed Over Email Sho Ho
  12. Track 5 From No Way to 0-day Weaponizing the Unweaponizable Joshua Wise
  13. Track 5 Gaming in the Glass Safe - Games DRM and Privacy Ferdinand Schober
  14. Track 5 Google Toolbar The NARC Within Jeff Bryner
  15. Track 5 Hacking .Net Applications A Dynamic Attack Jon McCoy
  16. Track 5 Hardware Hacking for Software Guys Dave King
  17. Track 5 Kartograph Finding a Needle in a Haystack or How to Apply Reverse Engineering Techniques to Cheat at Video Games Elie Bursztein Jocelyn Lagarenne
  18. Track 5 Katana Portable Multi-Boot Security Suite JP Dunning
  19. Track 5 Letting the Air Out of Tire Pressure Monitoring Systems Mike Metzger
  20. Track 5 Like a Boss: Attacking JBoss Tyler Krpata
  21. Track 5 Malware Freak Show 2 The Client-Side Boogaloo Nicholas J. Percoco, Jibran Ilyas
  22. Track 5 Malware Migrating to Gaming Consoles Embedded Devices an Antivirus-Free Safe Hideout For Malware Ahn Ki-Chan Ha Dong-Joo
  23. Track 5 My Life as a Spyware Developer Garry Pejski
  24. Track 5 oCTF: 5 years in 50 minutes Panel
  25. Track 5 Open Public Sensors and Trend Monitoring Daniel Burroughs
  26. Track 5 Operating System Fingerprinting for Virtual Machines Nguyen Anh Quynh
  27. Track 5 Pwned By The Owner What Happens When You Steal a Hacker’s Computer Zoz
  28. Track 5 Searching for Malware A Review of Attackers’ Use of Search Engines to Lure Victims David Maynor, Paul Judge, PhD
  29. Track 5 Securing MMOs A Security Professional’s View from the Inside metr0
  30. Track 5 The Games We Play Brandon Nesbit
  31. Track 5 Training the Next Generation of Hardware Hackers Andrew Kongs- Dr. Gerald Kane
  32. Track 5 Web Application Fingerprinting with Static Files Patrick Thomas
  33. Track 5 Who Cares About IPv6 Sam Bowne
  34. Track 5 WiMAX Hacking 2010 Pierce, Goldy, aSmig, sanitybit
  35. Track 5 Your Boss is a Douchebag... How About You Luiz effffn Eduardo
Early video from Defcon.org
  1. DEFCON 18 Hacking Conference Presentation By Joe Grand and Dark Tangent - Welcome And Behind The Scenes Of The DEFCON Badge - Slides.m4v
  2. DEFCON 18 Hacking Conference Presentation By Barnaby Jack - Jackpotting Automated Teller Machines Redux - Slides.m4v
  3. DEFCON 18 Hacking Conference Presentation By David Maynor and Paul Judge - Searching For Malware - Slides.m4v
  4. DEFCON 18 Hacking Conference Presentation By Chris Paget - Practical Cellphone Spying - Slides.m4v 
  5. DEFCON 18 Hacking Conference Presentation By Md Sohail Ahmad - WPA Too! - Slides.m4v
  1. 2011.12.05 06:43

    비밀댓글입니다


kcert 에서 마침 제가 관심있어 하던 USB 바이러스에 대해서 분석한 자료가 나왔습니다.

상당히 재미있는 문서입니다. PHP 이야기도 나오고.... 많은 도움이 되었으면 좋겠습니다.
  1. jame 2015.12.15 22:18 신고

    헝....제가 다운 받으면 한글이 깨지면서 열리지도 않네여...


인터넷침해사고대응센터와 한국정보보호진흥원에서 발표한 각종 웹서버 해킹 사례입니다.

원리 및 용어가 잘 설명되어 있으니 참고하시기 바랍니다.


이 문서내용에 등장하는 웹쉘은 약간 고전적인 면이 있어 대부분의 사이트에서는 보안이 되어있지만,

혹시라도 보안이 되지 않은 사이트에 대해서는 상당히 치명적으로 작용할 수 있는 것이 웹쉘입니다.

웹쉘의 원리 파악 정도로 읽어보는 것도 좋을 것 같습니다.


2007년도 자료라 시대와 뒤떨어지는 감이 있긴 하지만, 90% 는 아직도 유효한 내용입니다.

웹서버 구축시에 반드시 확인해 보아야 할 보안에 대한 PDF 문서입니다.

OWASP 이린 웹표준화 단체이자 보안취약점 연구 기관으로써 가장 시도가 많았던 웹해킹 TOP 10 을 발표,

PDF와 시연동영상을 같이 만들어 배포하였다.

많은 도움이 되길 바랍니다. :)

동영상 보러가기 ( http://i2sec.co.kr/board/view.php?&bbs_id=community_01&page=&doc_num=11 )

+ Recent posts