herakty 2 Report post Posted November 26, 2010 Recently, we saw the indictment of cybercrime kingpin Albert Gonzalez, one of the accused masterminds behind high-profile data breaches at Heartland Payment Systems, Hannaford Bros. Supermarkets, 7-Eleven, and TJX. Next week, Core Security Technologies will present a hands-on look at the attacks Gonzalez and his co-conspirators are believed to have used in breaching these organizations. Leveraging the actual indictment document as a guide, Core Security senior product manager Alex Horan will use CORE IMPACT Pro penetration testing software to demonstrate the techniques by which Gonzales allegedly stole millions of credit card numbers* - showing you how to identify IT exposures in your own environment before cybercriminals do. During the webcast, you'll see a step-by-step depiction of an attack similar to that described in the Gonzalez indictment, including the following critical stages: * the initial web application compromise via SQL Injection * the use of a well-known backend database command to make the attacks even * more invasive * the planting of malware on the backend database server * the collection and transmission of credit card transactions to the * attackers Through the demonstration, you'll also learn how commercial-grade penetration testing software enables you to see your IT systems as an attacker would -- not only by determining if the kinds of issues that Gonzalez reportedly leveraged are present in your environment, but also by ... * assessing how deployed defenses react to specific threats * revealing what systems and data would be exposed by a breach * depicting how chains of vulnerabilities open paths to mission-critical * systems and information * providing actionable data for immediately mitigating critical exposures * repeating tests to ensure the effectiveness of remediation efforts This webcast is ideal for anyone interested in proactively assessing their security posture against real-world cyber threats. disponibilizo um WebCast gravado onde se pode VER, ver mesmo técnicas brutais que todos deveriam ver, sejam testadores de intrusão ou administradores de sistemas e claro tb os programadores... este é considerado um ATAQUE EXEMPLO e por foi muito falado e debatido nos locais próprios... como já trabalhei oficialmente/profissionalmente com os produtos da Core Security sei que eles disponibilizaram um WEBCAST gravado, onde são exemplificados em imagem as técnicas usadas... um must, para falar à TIA mas é mesmo processo chato de preencher dados mas podem colocar qualquer coisa... para ver precisam instalar um NetworkRecord especial, cujo URL apresento: https://coresecurity.webex.com/client/T27LB/nbr2player.msi O WEB CAST IMPERDIVEL http://na-d.marketo.com/lp/coresecurity/ReplicatingGonzalezCyberAttacks.html teckV Share this post Link to post Share on other sites
