Computer Security
Buffer Overflow and weakness in security practices
Playstation3 buffer overflow incident
EternalBlue (2017)
Types of weakness in security practices
Capital One incident (2019)
How did capital one tackle this attack?
 Recommendations for Prevention & Mitigation
References
565.35K
Similar presentations:
Database Security
Database Security
What’s this course about?
What’s this course about?
Common network attacks
Common network attacks
Hacking Lab
Hacking Lab
Intrusion Detection. Chapter 8. Computer Security: Principles and Practice
Intrusion Detection. Chapter 8. Computer Security: Principles and Practice
Windows Post Exploitation
Windows Post Exploitation
Malicious Software. Chapter 6. Computer Security: Principles and Practice
Malicious Software. Chapter 6. Computer Security: Principles and Practice
Cybersecurity threats to P&C systems
Cybersecurity threats to P&C systems
Introduction to Information Security Challenges
Introduction to Information Security Challenges
The Role of Programming in Cyber Security
The Role of Programming in Cyber Security

CompSec project

1. Computer Security

By: Mazen Fallatah and Raef Adnan

2. Buffer Overflow and weakness in security practices

Buffer overflow basically spilling data in a computers
memory that causes unintended consequences
Weaknesses in security practices are systematic flaws that
make organization vulnerable to Cyberattacks

3. Playstation3 buffer overflow incident

In 2010, a group called fail0verflow
stole the ECDSA key for the ps3
this allowed the potential custom
firmware development and these
exploits resulted in the
development of (Jailbreaks) the
ability to install other operating
systems like Linux on the ps3

4. EternalBlue (2017)

Eternal Blue was one of the tools that was made by the
NSA(national security agency) but was stolen by a group of
hackers called the “shadow brokers” this ransomware attack
infected over 200,000 computers in 150 countries this exploit used
Buffer Overflow in Microsoft Windows Server Message block
(SMB) protocol
How was the eternal blue attack stopped?
Microsoft (ms17-010) released the security patch a month before
the exploit was leaked to the public Only people that were not
affected by this attack are the ones that updated their Computer
prior to the attack

5. Types of weakness in security practices

Social engineering (phishing) attacker exploit
human trust and curiosity. Employees should get
a realistic training on how to avoid them.
Poor password hygiene: The use of easily
guessable passwords, Or using the same
password across multiple accounts such as,
using the same password for all your social
media accounts and bank accounts.

6. Capital One incident (2019)

A data breach in 2019 where a former Amazon employee,
exploited a misconfigured cloud access control to access
sensitive customer data stored in AWS. As a result,
personal information of over 100 million customers was
exposed

7. How did capital one tackle this attack?

Fixing access control
misconfiguration and closing
the vulnerability
Notifying affected customers
enhancing security including
stricter access controls,
continuous monitoring and
improved logging
How did capital one tackle this
attack?
Cooperating with law
enforcements

8.  Recommendations for Prevention & Mitigation

Recommendations for
Prevention & Mitigation
Make strong passwords
mandatory
Turn on 2 factor
authentication 2FA
Keep everything
updated
Teach people especially
the elders about scam
calls

9. References

– https://malpedia.caad.fkie.fraunhofer.de/actor/fail0verflow#:~:text=Fail0ve
rflow%20is%20a%20hacking%20group,litigation%20in%20the%20gamin
g%20community.
– https://www.psdevwiki.com/ps3/Vulnerabilities
– https://fraseprotection.com/common-home-securitymistakes/#:~:text=Weak%20locks%20can%20also%20leave%20your%2
0home,aren't%20tough%20enough%20to%20keep%20burglars%20out.
– https://www.avast.com/ceternalblue#:~:text=Microsoft's%20patch%20closes%20the%20security,i
n%20order%20to%20provide%20protection
– https://ctf101.org/binary-exploitation/buffer-overflow/
English     Русский Rules