Dear Colleagues,
We invite you to a SEMINAR of the Institute of Informatics of the Slovak Academy of Sciences, v. v. i., Jean Rosemond Dora, PhD (dept. of L.Hluchý), which will take place on Monday June 9th, 2025 o 10. 30 in conference room no. 102.
Program:
Ing. Mgr. Jean Rosemond Dora, PhD. (dept. L.Hluchý)
Attack Methodology (10 – 15 min)
Live real-time attacks (NOT simulation) against websites hosted on Ubuntu 20+, Windows 10+, etc. (50 – 65 min)
ABSTRACT
Nowadays, the Internet is considered the highway of information and communication. That implies thousands of activities are going through the Internet. We can generally subdivide them into two (2) categories: genuine activities and malicious activities. To be done, internet users need to resort to other technologies such as computers, tablets, mobile phones, etc, to achieve their goals. Each tool uses software (Web browsers, desktop applications, web applications, etc.) that serves as a client to interact with a web application. From an offensive perspective, plenty of attacks can be deployed to grant the attackers unauthorized access to a target device. Client-side attacks, Remote Code Execution (a.k.a, RCE), Command Injection (CI), Local and Remote File Inclusion (LFI, RFI) are some of them. For this seminar, we will exploit everything possible. Our goal is to obtain access to the backend device that hosts the web application. Having such access, we can perform post-exploitation techniques, i.e., privilege escalation, encrypting files and folders, delete web server files, delete users, performing lateral movement to obtain access on other devices inside the compromised environment.
We look forward to meet you over a cup of coffee or tea.
Ing. Mgr. Robert Andok, PhD., director
