Abstract image of a woman sitting on books and studying on a laptop

How to train your ninja

idsecconf, profile picture
idsecconf

This document outlines an agenda for conducting an e-banking security assessment. It discusses various aspects of assessing security such as session management, access control, authentication, and technical vulnerabilities. The document recommends delivering management and technical reports with findings, risks, values, technical details, and patching/coding recommendations. It emphasizes pentester ethics and non-disclosure agreements when conducting such assessments.

TechnologyEconomy & Finance
1 of 33
Downloaded 166 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
HOW TO TRAIN E-banking Security Assessment K-159 <k-159@echo.or.id> Your Ninja
2 A Ninja?
The Agenda 3 NO HIDDEN AGENDA
#WHOAMI A FATHER RESEARCHER SOCIAL ENGINEER GOSSIPER noosc
PROLOG
6 EVER CHOOSED A BANK ‘COZ THEIR SECURE IT SYSTEM?
7 EVER DREAMED TO HACK YOUR OWN BANK?
8 SOMEBODY DOES ..
9 John Dilinger - Public Enemy (2010)
10 Inside Man (2006)
INSIDE THE BANK
THE BANK IS .. Deposits,Loan,prosperity
Old Management New Management Technology dollar stingy Aggressive visionary technical savvy SHIFTING ORG.BEHAVIOUR
COMMON SITUATION High risk.The IT department is high risk The Data Center is small and crowded There is no Help Desk system Most of the communication lines are at speeds of 64 K The core banking system is old and obsolete The Trade Finance System is old and obsolete The ATM switch is old and cannot support many of the new ATM functions required The Call Center is obsolete and supports only 8 agents
E-Banking Is ..
How to train your ninja
Bank Central Regulation Peraturan BI No. 5/8/PBI/2003 Surat Edaran BI No. 6/18/DPNP, tanggal 20 April 2004
THREAD INCRESE EACH HOUR
PENTESTER ETHICS
NON -DISCLOSURE AGREEMENT
Ebanking Assessment Activity
SESSION MANAGEMENT ACCESS CONTROL AUTHENTICATION MANAGEMENT
Deliverable ..
MANAGEMENT REPORT RISK+ASSET+VALUES
TECHNICAL REPORT TECHNICAL DETAIL+PATCHING+CODING
WELL KNOWN PENTESTER
JIM GEOVEDI
Y3DIPS
Conclusion..
Please Be Safe!
Q&A
Thanks Twitter.com/159k
CreditsPage1: http://www.ninjaonline.co.uk/media/gbu0/prodlg/ninjasuit.jpg Page2: http://alformer259.files.wordpress.com/2009/11/dsc001511.jpg Page3: http://www.flickr.com/photos/wienwardana/3165753895/ Page4: Kendi Demonic Photograph Page5: http://www.flickr.com/photos/anonymouscollective/2291139919 Page6: http://www.flickr.com/photos/anonymouscollective/2291896028/sizes/l/in/photostream/ Page7: http://www.flickr.com/photos/cverdier/4837773532/sizes/l/in/photostream/ Page8: http://www.detikfinance.com/read/2010/10/05/183003/1456367/68/akhir-kisah-si-pembobol-bank-rp-67-triliun Page9: http://www.flickr.com/photos/37021726@N07/3595094343/sizes/l/in/photostream/ Page10: http://cdn-images.hollywood.com/site/insideman_dc.jpg Page11: http://www.familieharmsen.nl/vakanties/Zomer2001/TikabooValley/MVC-288F.JPG Page12: http://www.primaironline.com/images_content/20100525BankIndonesia%20bankir-indonesia.org.jpg Page14:http://www.flickr.com/photos/sutje/1315711528 Page15: http://www.flickr.com/photos/seier/3463984860/sizes/z/in/photostream/ Page16: http://www.flickr.com/photos/fabiano/2783656239/sizes/l/in/photostream/ Page18: http://www.flickr.com/photos/felixtito/334828049 Page19: http://www.files.chem.vt.edu/chem-dept/tissue/images/ethics180x120.png Page20 : http://2.bp.blogspot.com/_VbdMFZn0qEM/TAHiacMpj9I/AAAAAAAAAmQ/OBKaqC0SN9g/s320/ ethics_header.jpgs Page21: http://www.flickr.com/photos/dcdead/4527722719 Page22: http://www.flickr.com/photos/sugree/3024642081 Page23: http://www.flickr.com/photos/tatraskoda/2057210204/sizes/o/in/photostream/ Page24: http://www.flickr.com/photos/meetings/2073768553/sizes/o/in/photostream/ Page25: http://www.flickr.com/photos/thecrimsonbat/4627770158 Page26: http://www.flickr.com/photos/ingythewingy/4660595849/sizes/l/in/photostream/ Page27: http://www.flickr.com/photos/gvd06a/408242761/ page28: http://sphotos.ak.fbcdn.net/hphotos-ak-ash1/ hs062.ash1/6926_149011886357_693241357_2571740_7209947_n.jpg Page29: http://www.flickr.com/photos/shadphotos/207233715/sizes/m/in/photostream/ Page30: http://www.flickr.com/photos/rundstedt/4412545871/sizes/l/in/photostream/

More Related Content

PPT
Tech developments in banking sector
suhasmcomplex
 
PPTX
Trends and technology in banking
PRIYANT RANJAN
 
DOCX
Easy paisa
irfan aleem
 
PPTX
Technology and the Changing face of Banking Sector
Hirni Mewada
 
PPTX
Technology upgradation and its impact on banks
ப்ரீத்தி அண்ணாமலை
 
PPTX
Role of technology in banking
Er Kakkar
 
PDF
Information technology in banking system
PriyangaRajaram
 
PPT
Impact of technology on banking operations
Anil Chaurasiya
 
Tech developments in banking sector
suhasmcomplex
 
Trends and technology in banking
PRIYANT RANJAN
 
Easy paisa
irfan aleem
 
Technology and the Changing face of Banking Sector
Hirni Mewada
 
Technology upgradation and its impact on banks
ப்ரீத்தி அண்ணாமலை
 
Role of technology in banking
Er Kakkar
 
Information technology in banking system
PriyangaRajaram
 
Impact of technology on banking operations
Anil Chaurasiya
 

What's hot (12)

PPTX
New innovations in banking industry
Hemanth Shenoy
 
DOCX
Introduction (1) ME ppt
Ananthapadmanabhan Gopalan
 
PPTX
Banking law emerging trends
Deepika Tripathi
 
PPTX
E banking p pt sst nwc
siya pillai
 
PPTX
Banking technology in india slide show
Lalit Sanagavarapu
 
DOCX
New banking technology
Kumar Nirmal Prasad
 
PPTX
E banking
JPEAGLES
 
PPT
E-BANKING EMERGING ISSUES AND OPPORTUNITIES
Vinit Varma
 
PDF
Use of technologies in the banking sector of Bangladesh
Masum Hussain
 
PDF
Technology in-banking-insight-and-foresight-idrbt-ey-report
Rohit Sharma
 
PPTX
E banking-techonology and prospect in bBangladesh
MD. Baharul Alam
 
DOC
It in banking industry
Dharmik
 
New innovations in banking industry
Hemanth Shenoy
 
Introduction (1) ME ppt
Ananthapadmanabhan Gopalan
 
Banking law emerging trends
Deepika Tripathi
 
E banking p pt sst nwc
siya pillai
 
Banking technology in india slide show
Lalit Sanagavarapu
 
New banking technology
Kumar Nirmal Prasad
 
E banking
JPEAGLES
 
E-BANKING EMERGING ISSUES AND OPPORTUNITIES
Vinit Varma
 
Use of technologies in the banking sector of Bangladesh
Masum Hussain
 
Technology in-banking-insight-and-foresight-idrbt-ey-report
Rohit Sharma
 
E banking-techonology and prospect in bBangladesh
MD. Baharul Alam
 
It in banking industry
Dharmik
 
Ad

Viewers also liked (7)

PPT
070726 Mobile Social Networking Stephen Johnston
Stephen Johnston
 
PPTX
Social media strategy for Nokia
sajithkaimal
 
PPTX
IT in Healthcare
NetApp
 
PDF
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
PDF
2015 Upload Campaigns Calendar - SlideShare
SlideShare
 
PPTX
What to Upload to SlideShare
SlideShare
 
PDF
Getting Started With SlideShare
SlideShare
 
070726 Mobile Social Networking Stephen Johnston
Stephen Johnston
 
Social media strategy for Nokia
sajithkaimal
 
IT in Healthcare
NetApp
 
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
2015 Upload Campaigns Calendar - SlideShare
SlideShare
 
What to Upload to SlideShare
SlideShare
 
Getting Started With SlideShare
SlideShare
 
Ad

More from idsecconf (20)

PDF
IDSECCONF2024 Capture The FLag Write up - 3 MAS MAS
idsecconf
 
PDF
IDSECCONF2024 - Rifqi Hilmy Zhafrant - Hunting and Exploiting GraphQL Vulnera...
idsecconf
 
PDF
IDSECCONF2024 - Arief Karfianto - AI-Enhanced Security Analysis in Requiremen...
idsecconf
 
PDF
IDSECCONF2024 - Ryan Fabella, Daniel Dhaniswara - Keamanan Siber Pada Kendara...
idsecconf
 
PDF
IDSECCONF2024 - Angela Oryza - ITS Nabu-Platform Pelatihan Keamanan Siber den...
idsecconf
 
PDF
IDSECCONF2024 - Rama Tri Nanda - MQTT hacking, RCE in Smart Router.pdf
idsecconf
 
PDF
IDSECCONF2024 - Muhammad Dwison - The Implementation Of One Pixel Attack To S...
idsecconf
 
PDF
IDSECCONF2024 - Kang Ali - Local LLM can Simulate Apt Malware With Jailbreak ...
idsecconf
 
PDF
IDSECCONF2024 - Brian Nasywa - Comparison of Quantum Key Distribution Protoco...
idsecconf
 
PDF
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf
 
PDF
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf
 
PDF
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf
 
PDF
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf
 
PDF
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf
 
PDF
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf
 
PDF
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf
 
PDF
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
idsecconf
 
PDF
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
idsecconf
 
PDF
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
idsecconf
 
PDF
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
idsecconf
 
IDSECCONF2024 Capture The FLag Write up - 3 MAS MAS
idsecconf
 
IDSECCONF2024 - Rifqi Hilmy Zhafrant - Hunting and Exploiting GraphQL Vulnera...
idsecconf
 
IDSECCONF2024 - Arief Karfianto - AI-Enhanced Security Analysis in Requiremen...
idsecconf
 
IDSECCONF2024 - Ryan Fabella, Daniel Dhaniswara - Keamanan Siber Pada Kendara...
idsecconf
 
IDSECCONF2024 - Angela Oryza - ITS Nabu-Platform Pelatihan Keamanan Siber den...
idsecconf
 
IDSECCONF2024 - Rama Tri Nanda - MQTT hacking, RCE in Smart Router.pdf
idsecconf
 
IDSECCONF2024 - Muhammad Dwison - The Implementation Of One Pixel Attack To S...
idsecconf
 
IDSECCONF2024 - Kang Ali - Local LLM can Simulate Apt Malware With Jailbreak ...
idsecconf
 
IDSECCONF2024 - Brian Nasywa - Comparison of Quantum Key Distribution Protoco...
idsecconf
 
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
idsecconf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
idsecconf
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
idsecconf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
idsecconf
 

Recently uploaded (20)

PDF
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
PPTX
Internet of Everything -Basic concepts details
sendilkumar66
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PPTX
future_of_ai_comprehensive_20250822032121.pptx
forrandomuse090
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
PDF
INTERSPEECH 2025 「Recent Advances and Future Directions in Voice Conversion」
NU_I_TODALAB
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week IV
NewMind AI
 
PDF
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
PDF
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
PDF
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PPTX
MuleSoft-Compete-Deck for midddleware integrations
zupittejas
 
PDF
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
PPTX
Module 1 Introduction to Web Programming .pptx
kamleshkc191
 
PDF
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PPTX
SGT Report The Beast Plan and Cyberphysical Systems of Control
hopegirl587
 
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
Internet of Everything -Basic concepts details
sendilkumar66
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
future_of_ai_comprehensive_20250822032121.pptx
forrandomuse090
 
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
INTERSPEECH 2025 「Recent Advances and Future Directions in Voice Conversion」
NU_I_TODALAB
 
NewMind AI Weekly Chronicles – August ’25 Week IV
NewMind AI
 
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
MuleSoft-Compete-Deck for midddleware integrations
zupittejas
 
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
Module 1 Introduction to Web Programming .pptx
kamleshkc191
 
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
SGT Report The Beast Plan and Cyberphysical Systems of Control
hopegirl587
 

How to train your ninja