0 -...

32
0 Auditorias de Seguridad Informática: Herramientas y alcances actuales www.enhacke.com

Transcript of 0 -...

Page 1: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

0

Auditorias de Seguridad Informática:

Herramientas y alcances actuales

www.enhacke.com

Page 2: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Temas a tocar

• Seguridad Informática en Latinoamérica

• Mafias y hacking underground

• Hacking malicioso en Perú

• Auditorías - Metodología del Hacking

• Herramientas

• Aporte enHacke - Demo

Estructura de la exposición:

2

Page 3: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

1001110010101010111110111100110100000110001111000011010100111100011100010111000000111111001101100010100111001001110100001111010100100001100111011000111001010000111011111101010011101100000001100101010100010001100000110001110000110011110101001000011101011110000100001010000001010111011100100011111011000111010100101110011011000001100011110000011100101000010000100001011110111011001100101111011110001000010101100010111111111111110101010100011001001101101011100011110000011111001111010001010111000100110111111100011011011111011100111000001001111110101110110001000101000110010010101100101100001000011111111101011100000110000010010110111000000101011110011110110101010000000100011000010100011110010001000000100110100111110011101001011000100100011111101100110100010001011101101111000100100000001100001001001101101110010100111010001000010001000010101001111011000001001110000101000010011111000011101000011111011001011110101101101001000101010000011000001101101111101000111000011111100111101010000100110001101011011000110101011110101111101010011101110011011111111101001100111110100000001011000111001011001010010001000011111011101000110100101100101000101100100110100011010001000011011001000110101111111011001001010111000100010101111111000110010001001010010100100101111100001000111100011011001100110010101001001011101110111011100001001000011001100011110101100011111100101101000001011011100000111011110000010110110101101100000011101110111101111100101010100101111000101011001101011110111111010101011010000101001101110010011000101000101101101011101101001000010010000011011011110011110011001110000011011011111001001010101011011111110010010100101000111111101000110101000101110101001011010110101010011011101000000111111001110010101011100010001101001110110111011101100010010010011100110000010011101001001001100111100000100011000110010101111001101011010000101111011011100100111000100011011000111011010101000101001111000110000100110010101111000111100000100010011100011011111111111000000001000101101110111110100110101010101110001101101000000110010100001100001111100110110010101010001100101111011010101001010001011110110001101100100010000101001110011010100000100001101001101001111110001010001110111111100011110101000111111010101110000101111111000011110001110001101100100111011100100110001001101010000100110100110011010110000101011001100011001010010110111011101101000100010011000010100111101100100111100100001111100010011101000011001001100101101011011000101001001110101111000001110100001110101110111000011010101110010000000101100110100101000010010100110010101111011110110000001100101010100001110010011110100111000001101001000010101011101011000101011101000101001100001001011000111000001110000100001011110111011111001100111101100010000100110100101000010101010010110100001000000011000111001100100010111011100011011100110000000111110011011010100110010111000001100101100001001000011010001000001001010111011110000010010001100101111011011001011100000111110011000110011010110011001000010011000111100000011001011001100111011001100011011101011101111000110000011110011111111111101111000100000110001010100111000100110101000000011101100011110000011100100110010110110100110010001010001100000110001010110110011100111111100110010110110100000001111101001010111001000011001110011110001010010011110110010011010001110111011111101110101111011100100001001110011001111011101111100110110111010110000000101000100101010001000010100000111001111010101110101010110001010111001000000011101100100000110100001110000111100100111001110000001111000010011001001010011101100111001111001001111001110101101000000111010010110011011110101110100011111111011011111001110010011110110010001010001011111011110100100011101001000111111100100101101111000000011111000011101010101110000101100110010011011111000111010110101010111010000000001101101101111000111001110010111101010101110100101001010111000010001100000101110010110010111001010111111010110011010111010101100111011001110100011110011111111001111011001111101011100100000100011101011100100001011100011100110011001100111100100010111111100000101101011001001011110000111011110100100001011010010011010001001101001011101011101000001110111011100000101110111011001111111010000011000110000101111010001100100101100000101001001110110101111110100000011111111000011010010001101110110011111100100010000111000010111101010000010011110111100010101010111000101001101000110001100111011000001111001111101101111101111000111110110010011110010011111100000111010000

Seguridad Informática en Latinoamérica

3

Page 4: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Seguridad en la nube

4

Servidores en la nube serán menos seguros que los equipos físicos

en el 2012

60% de los servidores virtualizados serán menos seguros

Porque?

No se incluye a un equipo de seguridad informática en la implementación

Page 5: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Que preocupa a los directivos?

5

Page 6: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Presupuesto anual

6

Page 7: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Pymes vs corporate

7

Page 8: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Se quiere evitar…

8

Page 9: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

1001110010101010111110111100110100000110001111000011010100111100011100010111000000111111001101100010100111001001110100001111010100100001100111011000111001010000111011111101010011101100000001100101010100010001100000110001110000110011110101001000011101011110000100001010000001010111011100100011111011000111010100101110011011000001100011110000011100101000010000100001011110111011001100101111011110001000010101100010111111111111110101010100011001001101101011100011110000011111001111010001010111000100110111111100011011011111011100111000001001111110101110110001000101000110010010101100101100001000011111111101011100000110000010010110111000000101011110011110110101010000000100011000010100011110010001000000100110100111110011101001011000100100011111101100110100010001011101101111000100100000001100001001001101101110010100111010001000010001000010101001111011000001001110000101000010011111000011101000011111011001011110101101101001000101010000011000001101101111101000111000011111100111101010000100110001101011011000110101011110101111101010011101110011011111111101001100111110100000001011000111001011001010010001000011111011101000110100101100101000101100100110100011010001000011011001000110101111111011001001010111000100010101111111000110010001001010010100100101111100001000111100011011001100110010101001001011101110111011100001001000011001100011110101100011111100101101000001011011100000111011110000010110110101101100000011101110111101111100101010100101111000101011001101011110111111010101011010000101001101110010011000101000101101101011101101001000010010000011011011110011110011001110000011011011111001001010101011011111110010010100101000111111101000110101000101110101001011010110101010011011101000000111111001110010101011100010001101001110110111011101100010010010011100110000010011101001001001100111100000100011000110010101111001101011010000101111011011100100111000100011011000111011010101000101001111000110000100110010101111000111100000100010011100011011111111111000000001000101101110111110100110101010101110001101101000000110010100001100001111100110110010101010001100101111011010101001010001011110110001101100100010000101001110011010100000100001101001101001111110001010001110111111100011110101000111111010101110000101111111000011110001110001101100100111011100100110001001101010000100110100110011010110000101011001100011001010010110111011101101000100010011000010100111101100100111100100001111100010011101000011001001100101101011011000101001001110101111000001110100001110101110111000011010101110010000000101100110100101000010010100110010101111011110110000001100101010100001110010011110100111000001101001000010101011101011000101011101000101001100001001011000111000001110000100001011110111011111001100111101100010000100110100101000010101010010110100001000000011000111001100100010111011100011011100110000000111110011011010100110010111000001100101100001001000011010001000001001010111011110000010010001100101111011011001011100000111110011000110011010110011001000010011000111100000011001011001100111011001100011011101011101111000110000011110011111111111101111000100000110001010100111000100110101000000011101100011110000011100100110010110110100110010001010001100000110001010110110011100111111100110010110110100000001111101001010111001000011001110011110001010010011110110010011010001110111011111101110101111011100100001001110011001111011101111100110110111010110000000101000100101010001000010100000111001111010101110101010110001010111001000000011101100100000110100001110000111100100111001110000001111000010011001001010011101100111001111001001111001110101101000000111010010110011011110101110100011111111011011111001110010011110110010001010001011111011110100100011101001000111111100100101101111000000011111000011101010101110000101100110010011011111000111010110101010111010000000001101101101111000111001110010111101010101110100101001010111000010001100000101110010110010111001010111111010110011010111010101100111011001110100011110011111111001111011001111101011100100000100011101011100100001011100011100110011001100111100100010111111100000101101011001001011110000111011110100100001011010010011010001001101001011101011101000001110111011100000101110111011001111111010000011000110000101111010001100100101100000101001001110110101111110100000011111111000011010010001101110110011111100100010000111000010111101010000010011110111100010101010111000101001101000110001100111011000001111001111101101111101111000111110110010011110010011111100000111010000

Mafias y Hacking Underground

9

Page 10: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Botnets y Botmasters

10

Hackers maliciosos ofrecen

sus botnets con miles de

esclavos para alquiler

Atacan también a pedido

Ofrecen sus servicios

mediante canales de chat en

el internet

El pago es anonimo por

medio de egold, moneygram,

western union.

Page 11: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Venta y distrib. de TARJETAS DE CREDITO

11

Page 12: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

1001110010101010111110111100110100000110001111000011010100111100011100010111000000111111001101100010100111001001110100001111010100100001100111011000111001010000111011111101010011101100000001100101010100010001100000110001110000110011110101001000011101011110000100001010000001010111011100100011111011000111010100101110011011000001100011110000011100101000010000100001011110111011001100101111011110001000010101100010111111111111110101010100011001001101101011100011110000011111001111010001010111000100110111111100011011011111011100111000001001111110101110110001000101000110010010101100101100001000011111111101011100000110000010010110111000000101011110011110110101010000000100011000010100011110010001000000100110100111110011101001011000100100011111101100110100010001011101101111000100100000001100001001001101101110010100111010001000010001000010101001111011000001001110000101000010011111000011101000011111011001011110101101101001000101010000011000001101101111101000111000011111100111101010000100110001101011011000110101011110101111101010011101110011011111111101001100111110100000001011000111001011001010010001000011111011101000110100101100101000101100100110100011010001000011011001000110101111111011001001010111000100010101111111000110010001001010010100100101111100001000111100011011001100110010101001001011101110111011100001001000011001100011110101100011111100101101000001011011100000111011110000010110110101101100000011101110111101111100101010100101111000101011001101011110111111010101011010000101001101110010011000101000101101101011101101001000010010000011011011110011110011001110000011011011111001001010101011011111110010010100101000111111101000110101000101110101001011010110101010011011101000000111111001110010101011100010001101001110110111011101100010010010011100110000010011101001001001100111100000100011000110010101111001101011010000101111011011100100111000100011011000111011010101000101001111000110000100110010101111000111100000100010011100011011111111111000000001000101101110111110100110101010101110001101101000000110010100001100001111100110110010101010001100101111011010101001010001011110110001101100100010000101001110011010100000100001101001101001111110001010001110111111100011110101000111111010101110000101111111000011110001110001101100100111011100100110001001101010000100110100110011010110000101011001100011001010010110111011101101000100010011000010100111101100100111100100001111100010011101000011001001100101101011011000101001001110101111000001110100001110101110111000011010101110010000000101100110100101000010010100110010101111011110110000001100101010100001110010011110100111000001101001000010101011101011000101011101000101001100001001011000111000001110000100001011110111011111001100111101100010000100110100101000010101010010110100001000000011000111001100100010111011100011011100110000000111110011011010100110010111000001100101100001001000011010001000001001010111011110000010010001100101111011011001011100000111110011000110011010110011001000010011000111100000011001011001100111011001100011011101011101111000110000011110011111111111101111000100000110001010100111000100110101000000011101100011110000011100100110010110110100110010001010001100000110001010110110011100111111100110010110110100000001111101001010111001000011001110011110001010010011110110010011010001110111011111101110101111011100100001001110011001111011101111100110110111010110000000101000100101010001000010100000111001111010101110101010110001010111001000000011101100100000110100001110000111100100111001110000001111000010011001001010011101100111001111001001111001110101101000000111010010110011011110101110100011111111011011111001110010011110110010001010001011111011110100100011101001000111111100100101101111000000011111000011101010101110000101100110010011011111000111010110101010111010000000001101101101111000111001110010111101010101110100101001010111000010001100000101110010110010111001010111111010110011010111010101100111011001110100011110011111111001111011001111101011100100000100011101011100100001011100011100110011001100111100100010111111100000101101011001001011110000111011110100100001011010010011010001001101001011101011101000001110111011100000101110111011001111111010000011000110000101111010001100100101100000101001001110110101111110100000011111111000011010010001101110110011111100100010000111000010111101010000010011110111100010101010111000101001101000110001100111011000001111001111101101111101111000111110110010011110010011111100000111010000

Perú y Latinoamerica

12

Page 13: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Perú? Hackers? Aquí?

13

Crecimiento económico en el Perú

Perú en la mira del mundo

Pero no solo de inversionistas

Sino también de ciberdelincuentes

Las grandes inversiones vienen de la mano de grandes implementaciones IT

Cibercrimen en Perú

Alquiler de botnets para sabotear empresas

Phishing y carding

Paginas defaceadas (modificadas)

Secuestro de información

Skimming

Extorsion

Por videos

Por información sensible

Page 14: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Botnets latinas

14

En latinoamerica

Hasta 12 dólares por mails

corporativos con contraseña

400 dolares por botnets de más

de 200 máquinas

Incriminación a pedido

Secuestro de información

Venta de BD de tarjetas de

crédito

Page 15: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Y en el Perú pasa algo??

15

Page 16: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com16

Page 17: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com17

Page 18: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com18

Page 19: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com19

Page 20: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

TQM ;) Te conectas mañana :-*

20

Personas sin moral y con

fines delictivos

Extorsion

Secuestros

Medios por donde actuan?

Hi5

Facebook

Redes sociales

Page 21: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Uy! Una chica me esta agregando!!!

21

Page 22: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

1001110010101010111110111100110100000110001111000011010100111100011100010111000000111111001101100010100111001001110100001111010100100001100111011000111001010000111011111101010011101100000001100101010100010001100000110001110000110011110101001000011101011110000100001010000001010111011100100011111011000111010100101110011011000001100011110000011100101000010000100001011110111011001100101111011110001000010101100010111111111111110101010100011001001101101011100011110000011111001111010001010111000100110111111100011011011111011100111000001001111110101110110001000101000110010010101100101100001000011111111101011100000110000010010110111000000101011110011110110101010000000100011000010100011110010001000000100110100111110011101001011000100100011111101100110100010001011101101111000100100000001100001001001101101110010100111010001000010001000010101001111011000001001110000101000010011111000011101000011111011001011110101101101001000101010000011000001101101111101000111000011111100111101010000100110001101011011000110101011110101111101010011101110011011111111101001100111110100000001011000111001011001010010001000011111011101000110100101100101000101100100110100011010001000011011001000110101111111011001001010111000100010101111111000110010001001010010100100101111100001000111100011011001100110010101001001011101110111011100001001000011001100011110101100011111100101101000001011011100000111011110000010110110101101100000011101110111101111100101010100101111000101011001101011110111111010101011010000101001101110010011000101000101101101011101101001000010010000011011011110011110011001110000011011011111001001010101011011111110010010100101000111111101000110101000101110101001011010110101010011011101000000111111001110010101011100010001101001110110111011101100010010010011100110000010011101001001001100111100000100011000110010101111001101011010000101111011011100100111000100011011000111011010101000101001111000110000100110010101111000111100000100010011100011011111111111000000001000101101110111110100110101010101110001101101000000110010100001100001111100110110010101010001100101111011010101001010001011110110001101100100010000101001110011010100000100001101001101001111110001010001110111111100011110101000111111010101110000101111111000011110001110001101100100111011100100110001001101010000100110100110011010110000101011001100011001010010110111011101101000100010011000010100111101100100111100100001111100010011101000011001001100101101011011000101001001110101111000001110100001110101110111000011010101110010000000101100110100101000010010100110010101111011110110000001100101010100001110010011110100111000001101001000010101011101011000101011101000101001100001001011000111000001110000100001011110111011111001100111101100010000100110100101000010101010010110100001000000011000111001100100010111011100011011100110000000111110011011010100110010111000001100101100001001000011010001000001001010111011110000010010001100101111011011001011100000111110011000110011010110011001000010011000111100000011001011001100111011001100011011101011101111000110000011110011111111111101111000100000110001010100111000100110101000000011101100011110000011100100110010110110100110010001010001100000110001010110110011100111111100110010110110100000001111101001010111001000011001110011110001010010011110110010011010001110111011111101110101111011100100001001110011001111011101111100110110111010110000000101000100101010001000010100000111001111010101110101010110001010111001000000011101100100000110100001110000111100100111001110000001111000010011001001010011101100111001111001001111001110101101000000111010010110011011110101110100011111111011011111001110010011110110010001010001011111011110100100011101001000111111100100101101111000000011111000011101010101110000101100110010011011111000111010110101010111010000000001101101101111000111001110010111101010101110100101001010111000010001100000101110010110010111001010111111010110011010111010101100111011001110100011110011111111001111011001111101011100100000100011101011100100001011100011100110011001100111100100010111111100000101101011001001011110000111011110100100001011010010011010001001101001011101011101000001110111011100000101110111011001111111010000011000110000101111010001100100101100000101001001110110101111110100000011111111000011010010001101110110011111100100010000111000010111101010000010011110111100010101010111000101001101000110001100111011000001111001111101101111101111000111110110010011110010011111100000111010000

Metodología del Hacking

22

Page 23: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Metodologia del Hacking

1. Reconocimiento

2. Escaneo

3. Obtener Acceso

4. Mantener el acceso

5. Limpiar huellas

1. Reconocimiento

• Activo

• Pasivo

2. Escaneo

3. Obtener acceso

• A nivel de Sistema

Operativo / a nivel de

aplicación

• A nivel de red

• Denegación de servicio

4. Mantener el acceso

• Subir / alterar / bajar

programas o data

5. Limpiar huellas

Page 24: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

1001110010101010111110111100110100000110001111000011010100111100011100010111000000111111001101100010100111001001110100001111010100100001100111011000111001010000111011111101010011101100000001100101010100010001100000110001110000110011110101001000011101011110000100001010000001010111011100100011111011000111010100101110011011000001100011110000011100101000010000100001011110111011001100101111011110001000010101100010111111111111110101010100011001001101101011100011110000011111001111010001010111000100110111111100011011011111011100111000001001111110101110110001000101000110010010101100101100001000011111111101011100000110000010010110111000000101011110011110110101010000000100011000010100011110010001000000100110100111110011101001011000100100011111101100110100010001011101101111000100100000001100001001001101101110010100111010001000010001000010101001111011000001001110000101000010011111000011101000011111011001011110101101101001000101010000011000001101101111101000111000011111100111101010000100110001101011011000110101011110101111101010011101110011011111111101001100111110100000001011000111001011001010010001000011111011101000110100101100101000101100100110100011010001000011011001000110101111111011001001010111000100010101111111000110010001001010010100100101111100001000111100011011001100110010101001001011101110111011100001001000011001100011110101100011111100101101000001011011100000111011110000010110110101101100000011101110111101111100101010100101111000101011001101011110111111010101011010000101001101110010011000101000101101101011101101001000010010000011011011110011110011001110000011011011111001001010101011011111110010010100101000111111101000110101000101110101001011010110101010011011101000000111111001110010101011100010001101001110110111011101100010010010011100110000010011101001001001100111100000100011000110010101111001101011010000101111011011100100111000100011011000111011010101000101001111000110000100110010101111000111100000100010011100011011111111111000000001000101101110111110100110101010101110001101101000000110010100001100001111100110110010101010001100101111011010101001010001011110110001101100100010000101001110011010100000100001101001101001111110001010001110111111100011110101000111111010101110000101111111000011110001110001101100100111011100100110001001101010000100110100110011010110000101011001100011001010010110111011101101000100010011000010100111101100100111100100001111100010011101000011001001100101101011011000101001001110101111000001110100001110101110111000011010101110010000000101100110100101000010010100110010101111011110110000001100101010100001110010011110100111000001101001000010101011101011000101011101000101001100001001011000111000001110000100001011110111011111001100111101100010000100110100101000010101010010110100001000000011000111001100100010111011100011011100110000000111110011011010100110010111000001100101100001001000011010001000001001010111011110000010010001100101111011011001011100000111110011000110011010110011001000010011000111100000011001011001100111011001100011011101011101111000110000011110011111111111101111000100000110001010100111000100110101000000011101100011110000011100100110010110110100110010001010001100000110001010110110011100111111100110010110110100000001111101001010111001000011001110011110001010010011110110010011010001110111011111101110101111011100100001001110011001111011101111100110110111010110000000101000100101010001000010100000111001111010101110101010110001010111001000000011101100100000110100001110000111100100111001110000001111000010011001001010011101100111001111001001111001110101101000000111010010110011011110101110100011111111011011111001110010011110110010001010001011111011110100100011101001000111111100100101101111000000011111000011101010101110000101100110010011011111000111010110101010111010000000001101101101111000111001110010111101010101110100101001010111000010001100000101110010110010111001010111111010110011010111010101100111011001110100011110011111111001111011001111101011100100000100011101011100100001011100011100110011001100111100100010111111100000101101011001001011110000111011110100100001011010010011010001001101001011101011101000001110111011100000101110111011001111111010000011000110000101111010001100100101100000101001001110110101111110100000011111111000011010010001101110110011111100100010000111000010111101010000010011110111100010101010111000101001101000110001100111011000001111001111101101111101111000111110110010011110010011111100000111010000

Herramientas Open Source en la Metodología del

Hacking

24

Page 25: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

• Dig

• Nslookup

• Maltego

• google hacking

Reconocimiento

• Red

• angryIP

• autoScan

• Puertos

• Nmap

• Hping

• Amap

• Vulnerabilidades

• Nikto

• Nessus

• openVas

Escaneo

• Hydra

• Metasploit

Obteniendo acceso

• Cryptcat

• Rootkit (evaluar)

Manteniendo acceso

Algunas herramientas usadas

25

Page 26: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

1001110010101010111110111100110100000110001111000011010100111100011100010111000000111111001101100010100111001001110100001111010100100001100111011000111001010000111011111101010011101100000001100101010100010001100000110001110000110011110101001000011101011110000100001010000001010111011100100011111011000111010100101110011011000001100011110000011100101000010000100001011110111011001100101111011110001000010101100010111111111111110101010100011001001101101011100011110000011111001111010001010111000100110111111100011011011111011100111000001001111110101110110001000101000110010010101100101100001000011111111101011100000110000010010110111000000101011110011110110101010000000100011000010100011110010001000000100110100111110011101001011000100100011111101100110100010001011101101111000100100000001100001001001101101110010100111010001000010001000010101001111011000001001110000101000010011111000011101000011111011001011110101101101001000101010000011000001101101111101000111000011111100111101010000100110001101011011000110101011110101111101010011101110011011111111101001100111110100000001011000111001011001010010001000011111011101000110100101100101000101100100110100011010001000011011001000110101111111011001001010111000100010101111111000110010001001010010100100101111100001000111100011011001100110010101001001011101110111011100001001000011001100011110101100011111100101101000001011011100000111011110000010110110101101100000011101110111101111100101010100101111000101011001101011110111111010101011010000101001101110010011000101000101101101011101101001000010010000011011011110011110011001110000011011011111001001010101011011111110010010100101000111111101000110101000101110101001011010110101010011011101000000111111001110010101011100010001101001110110111011101100010010010011100110000010011101001001001100111100000100011000110010101111001101011010000101111011011100100111000100011011000111011010101000101001111000110000100110010101111000111100000100010011100011011111111111000000001000101101110111110100110101010101110001101101000000110010100001100001111100110110010101010001100101111011010101001010001011110110001101100100010000101001110011010100000100001101001101001111110001010001110111111100011110101000111111010101110000101111111000011110001110001101100100111011100100110001001101010000100110100110011010110000101011001100011001010010110111011101101000100010011000010100111101100100111100100001111100010011101000011001001100101101011011000101001001110101111000001110100001110101110111000011010101110010000000101100110100101000010010100110010101111011110110000001100101010100001110010011110100111000001101001000010101011101011000101011101000101001100001001011000111000001110000100001011110111011111001100111101100010000100110100101000010101010010110100001000000011000111001100100010111011100011011100110000000111110011011010100110010111000001100101100001001000011010001000001001010111011110000010010001100101111011011001011100000111110011000110011010110011001000010011000111100000011001011001100111011001100011011101011101111000110000011110011111111111101111000100000110001010100111000100110101000000011101100011110000011100100110010110110100110010001010001100000110001010110110011100111111100110010110110100000001111101001010111001000011001110011110001010010011110110010011010001110111011111101110101111011100100001001110011001111011101111100110110111010110000000101000100101010001000010100000111001111010101110101010110001010111001000000011101100100000110100001110000111100100111001110000001111000010011001001010011101100111001111001001111001110101101000000111010010110011011110101110100011111111011011111001110010011110110010001010001011111011110100100011101001000111111100100101101111000000011111000011101010101110000101100110010011011111000111010110101010111010000000001101101101111000111001110010111101010101110100101001010111000010001100000101110010110010111001010111111010110011010111010101100111011001110100011110011111111001111011001111101011100100000100011101011100100001011100011100110011001100111100100010111111100000101101011001001011110000111011110100100001011010010011010001001101001011101011101000001110111011100000101110111011001111111010000011000110000101111010001100100101100000101001001110110101111110100000011111111000011010010001101110110011111100100010000111000010111101010000010011110111100010101010111000101001101000110001100111011000001111001111101101111101111000111110110010011110010011111100000111010000

Aporte enHacke

26

Page 27: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Condiciones determinantes

27

Escena de la seguridad informática en el Perú

Gente muy capaz

Falta de motivación y perseverancia

Barreras de lenguaje

Universidades no incorporan cursos de seguridad informática en su

currícula

Falsa percepción de seguridad

Existe material en español pero la mayoría esta en ingles y otros idiomas

Ganas de hacer crecer la comunidad de seguridad informática

…….

Page 28: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com28

Page 29: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Que se puede hacer con NinjaSec

Reconocimiento Escaneo

AccesoMantener el

acceso

29

Page 30: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com

Que haremos?

Reconocimiento

• Dig

• Nslookup

• Maltego

• googleHacking

Escaneo

• Red angryIp

• Puertos nmap

• Vuln. metasploit

Acceso

• Hydra

• Metasploit

Mantener Acceso

• Cryptcat

30

Page 31: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

www.enHacke.com31

ATAQUE!!!

Page 32: 0 - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2010/jueves/GabrielLazoRa… · Herramientas y alcances actuales . Temas a tocar •Seguridad Informática en

0

#>echo MUCH4S GR4C14S !!!

www.enhacke.com


6to no tocar

6to no tocar

Ley Alcances Set2011

Ley Alcances Set2011

Alcances sobre epistemología

Alcances sobre epistemología

LIMITES Y ALCANCES

LIMITES Y ALCANCES

Imagenes para tocar

Imagenes para tocar

LACRISISENCENTROAMERICA: ORIGENES,ALCANCES …

LACRISISENCENTROAMERICA: ORIGENES,ALCANCES …

Como tocar el_piano

Como tocar el_piano

DAMN SMALL LINUX - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2009/LinuxWeek2009... · El Damn Small Linux es una remasterización del knoppix, ... programas

DAMN SMALL LINUX - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/linuxweek2009/LinuxWeek2009... · El Damn Small Linux es una remasterización del knoppix, ... programas

Tocar mirar sentir

Tocar mirar sentir

Para Tocar Más

Para Tocar Más

A tocar, señoritas

A tocar, señoritas

Tocar Piano

Tocar Piano

Tocar el violin.pdf

Tocar el violin.pdf

Introducción a Android - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/.../01_Lunes/03_Aplicacion_Android.pdf · Pasos • Instalar JDK • Instalar Plugin ADT en Eclipse

Introducción a Android - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe/.../01_Lunes/03_Aplicacion_Android.pdf · Pasos • Instalar JDK • Instalar Plugin ADT en Eclipse

Tocar el Tres

Tocar el Tres

Tocar la poesía

Tocar la poesía

_ Vamos a Tocar !

_ Vamos a Tocar !

SQUID - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe › talleres › servicios › lides_Squid_200… · SQUID Prueba hecha en Ubuntu Feisty 7,04. Utilidades ... Controlar

SQUID - downloads.tuxpuc.pucp.edu.pedownloads.tuxpuc.pucp.edu.pe › talleres › servicios › lides_Squid_200… · SQUID Prueba hecha en Ubuntu Feisty 7,04. Utilidades ... Controlar

Tocar El Cielo

Tocar El Cielo

Alcances ley comercio_exterior

Alcances ley comercio_exterior