Security Street Knowledge
  • Video Viewer
  • All of My YouTube Videos smashed together

    ————————————————————————————

    Hacking Industrial Control & Building Automation Systems

    The rapidly changing world of technology makes computer systems more vulnerable to cyber-attacks. Valuable business data is increasingly being exposed as a trade-off for manageability and access while targeted attacks are increasing against Internet-connected companies.  The future is an integrated architecture where Industrial Control Systems may no longer be isolated from traditional networking equipment.  Subsequently, a weakness within a product or automation system could allow an attacker access to important building environmental controls.  These automation devices and software consoles are being used to control HVAC, Lighting, CCTV, Energy Efficiency systems and more.  What is more troubling is that many of these devices are being exposed to the public Internet with little to no security controls.  The presenter will illustrate how an attacker can leverage multiple weaknesses to own a buildings’ automation system and wreak havoc. The objective is to give security professionals a peek into the world of vulnerable industrial control systems so that they may understand the importance of assessing and protecting their Industrial Control & Automation networks.

     

     

    You need to install or upgrade Flash Player to view this content, install or upgrade by clicking here.

     

    ————————————————————————————

    XSS Attack: Busting Browsers to Root!

    This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.

     1)   We will use a cross-site scripting vulnerability as the initial attack vector

    2)   Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)

    3)    Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access

    4)    Elevate our privileges to system-level

    5)   Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer

    GAME OVER!

    You need to install or upgrade Flash Player to view this content, install or upgrade by clicking here.

    ————————————————————————————

     

    ————————————————————————————

    MetaSploit Advanced: Exploit Target > Get Shell > Add Route to Internal Host> Scan with Internal Host > Find MySQL > Bruteforce MySQL > GOT ROOT!

    You need to install or upgrade Flash Player to view this content, install or upgrade by clicking here.

    ————————————————————————————

    HackThisSite.org JavaScript Challenge

    You need to install or upgrade Flash Player to view this content, install or upgrade by clicking here.

    ————————————————————————————

    Use TOR to Hide your IP Address while Scanning with NMAP

    You need to install or upgrade Flash Player to view this content, install or upgrade by clicking here.

    ————————————————————————————

    Cross Site Scripting Exploit Example

    You need to install or upgrade Flash Player to view this content, install or upgrade by clicking here.

    ————————————————————————————

    XSSF (Cross Site Scripting) Framework

    You need to install or upgrade Flash Player to view this content, install or upgrade by clicking here.

    ————————————————————————————

     

cyber3.jpg