Description: WhiteHat Security founder and CTO, Jeremiah Grossman made a really great presentation at Blackhat this year titled "Get Rich or Die Trying - Making Money on the Web the Blackhat Way". The talk enlightens us about the fact that if one really wants to make money the blackhat way, one need not look into sophisticated hacking techniques such as 0 Days, SQL Injection, vulnerability exploitation etc., instead, all one needs to be armed with is a web browser and some common sense. Jeremiah hammers home the point that most online heists are not really that sophisticated from a technical standpoint, instead they exploit "business logic flaws". Alarmingly, these flaws cannot be detected during product testing because QA tests what a product should do and what not it can be made to do, also, automated vulnerability scanners are too dumb to be able to think through and find such vulnerabilities.
In the talk Jeremiah runs us through various hacks requiring low technical skills, which people have done to rip companies off for money - Online ballot stuffing, Solving captchas for cash, Recovering passwords for cash, Hire to hack, Monetizing ecoupons, Affiliate scams, Trading on semi public information and many others. The entire presentation is in a case study mode with real life examples of the hacks, which is what probably makes it very interesting to watch.
You can download the presentation here.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.