Vážené kolegyne a kolegovia,
Pozývame Vás na SEMINÁR Ústavu informatiky SAV, v. v. i., Jeana Rosemonda Doru, PhD. (odd. L.Hluchý), ktorý bude v pondelok 9. 6. 2025 o 10. 30 hod. v zasadačke č. 102.
Program:
Ing. Mgr. Jean Rosemond Dora, PhD. (odd. L.Hluchý)
Metodika útokov (10 – 15 min)
Živé útoky v reálnom čase (NIE simulácia) proti webovým stránkam hostovaným na operačnom systéme Ubuntu 20+, Windows 10+ atď. (50 – 65 min)
ABSTRAKT
Nowadays, the Internet is considered the highway of information and communication. That implies thousands of activities are going through the Internet. We can generally subdivide them into two (2) categories: genuine activities and malicious activities. To be done, internet users need to resort to other technologies such as computers, tablets, mobile phones, etc, to achieve their goals. Each tool uses software (Web browsers, desktop applications, web applications, etc.) that serves as a client to interact with a web application. From an offensive perspective, plenty of attacks can be deployed to grant the attackers unauthorized access to a target device. Client-side attacks, Remote Code Execution (a.k.a, RCE), Command Injection (CI), Local and Remote File Inclusion (LFI, RFI) are some of them. For this seminar, we will exploit everything possible. Our goal is to obtain access to the backend device that hosts the web application. Having such access, we can perform post-exploitation techniques, i.e., privilege escalation, encrypting files and folders, delete web server files, delete users, performing lateral movement to obtain access on other devices inside the compromised environment.
Tešíme sa na stretnutie s Vami pri šálke kávy alebo čaju.
Ing. Mgr. Robert Andok, PhD.,riaditeľ
