
Dear Colleagues,
We invite you to a SEMINAR of the Institute of Informatics of the Slovak Academy of Sciences, v. v. i., Jean Rosemond Dora, PhD (dept. of L.Hluchý), which will take place on Monday June 9th, 2025 o 10. 30 in conference room no. 102.
Program:
Ing. Mgr. Jean Rosemond Dora, PhD. (dept. L.Hluchý)
Attack Methodology (10 – 15 min)
Live real-time attacks (NOT simulation) against websites hosted on Ubuntu 20+, Windows 10+, etc. (50 – 65 min)
ABSTRACT
Nowadays, the Internet is considered the highway of information and communication. That implies that thousands of activities are being conducted over the Internet. We can generally subdivide them into two (2) categories: genuine activities and malicious activities. To achieve their goals, internet users often rely on other technologies, such as computers, tablets, and mobile phones. Each tool uses software (Web browsers, desktop applications, web applications, etc.) that serves as a client to interact with a web application. From an offensive perspective, numerous attacks can be deployed to grant attackers unauthorized access to a target device. Client-side attacks, such as Remote Code Execution (RCE), Command Injection (CI), Local and Remote File Inclusion (LFI, RFI), are among them. For this seminar, we will exploit everything possible. Our goal is to obtain access to the backend device that hosts the web application. With such access, we can perform post-exploitation techniques, including privilege escalation, encrypting files and folders, deleting web server files, deleting users, and performing lateral movement to obtain access to other devices within the compromised environment.
We look forward to meet you over a cup of coffee or tea.
Ing. Mgr. Robert Andok, PhD., director