HOW
TO TRAIN
E-banking Security Assessment
K-159 <k-159@echo.or.id> Your Ninja
2
A Ninja?
The Agenda
3
NO HIDDEN AGENDA
#WHOAMI
A FATHER
RESEARCHER
SOCIAL
ENGINEER
GOSSIPER
noosc
PROLOG
6
EVER
CHOOSED
A BANK
‘COZ THEIR
SECURE IT
SYSTEM?
7
EVER
DREAMED
TO HACK
YOUR
OWN
BANK?
8
SOMEBODY DOES ..
9
John Dilinger - Public Enemy (2010)
10
Inside Man (2006)
INSIDE THE BANK
THE BANK IS ..
Deposits,Loan,prosperity
Old Management New Management
Technology dollar stingy
Aggressive
visionary
technical savvy
SHIFTING ORG.BEHAVIOUR
COMMON SITUATION
High risk.The IT department is high risk
The Data Center is small and crowded
There is no Help Desk system
Most of the communication lines are at speeds of 64 K
The core banking system is old and obsolete
The Trade Finance System is old and obsolete
The ATM switch is old and cannot support many of the
new ATM functions required
The Call Center is obsolete and supports only 8 agents
E-Banking Is ..
How to train your ninja
Bank Central Regulation
Peraturan BI No. 5/8/PBI/2003
Surat Edaran BI No. 6/18/DPNP, tanggal 20 April 2004
THREAD INCRESE EACH HOUR
PENTESTER ETHICS
NON -DISCLOSURE AGREEMENT
Ebanking Assessment
Activity
SESSION MANAGEMENT
ACCESS CONTROL
AUTHENTICATION
MANAGEMENT
Deliverable ..
MANAGEMENT REPORT
RISK+ASSET+VALUES
TECHNICAL REPORT
TECHNICAL DETAIL+PATCHING+CODING
WELL KNOWN PENTESTER
JIM GEOVEDI
Y3DIPS
Conclusion..
Please Be Safe!
Q&A
Thanks
Twitter.com/159k
CreditsPage1: http://www.ninjaonline.co.uk/media/gbu0/prodlg/ninjasuit.jpg
Page2: http://alformer259.files.wordpress.com/2009/11/dsc001511.jpg
Page3: http://www.flickr.com/photos/wienwardana/3165753895/
Page4: Kendi Demonic Photograph
Page5: http://www.flickr.com/photos/anonymouscollective/2291139919
Page6: http://www.flickr.com/photos/anonymouscollective/2291896028/sizes/l/in/photostream/
Page7: http://www.flickr.com/photos/cverdier/4837773532/sizes/l/in/photostream/
Page8: http://www.detikfinance.com/read/2010/10/05/183003/1456367/68/akhir-kisah-si-pembobol-bank-rp-67-triliun
Page9: http://www.flickr.com/photos/37021726@N07/3595094343/sizes/l/in/photostream/
Page10: http://cdn-images.hollywood.com/site/insideman_dc.jpg
Page11: http://www.familieharmsen.nl/vakanties/Zomer2001/TikabooValley/MVC-288F.JPG
Page12: http://www.primaironline.com/images_content/20100525BankIndonesia%20bankir-indonesia.org.jpg
Page14:http://www.flickr.com/photos/sutje/1315711528
Page15: http://www.flickr.com/photos/seier/3463984860/sizes/z/in/photostream/
Page16: http://www.flickr.com/photos/fabiano/2783656239/sizes/l/in/photostream/
Page18: http://www.flickr.com/photos/felixtito/334828049
Page19: http://www.files.chem.vt.edu/chem-dept/tissue/images/ethics180x120.png
Page20 : http://2.bp.blogspot.com/_VbdMFZn0qEM/TAHiacMpj9I/AAAAAAAAAmQ/OBKaqC0SN9g/s320/
ethics_header.jpgs
Page21: http://www.flickr.com/photos/dcdead/4527722719
Page22: http://www.flickr.com/photos/sugree/3024642081
Page23: http://www.flickr.com/photos/tatraskoda/2057210204/sizes/o/in/photostream/
Page24: http://www.flickr.com/photos/meetings/2073768553/sizes/o/in/photostream/
Page25: http://www.flickr.com/photos/thecrimsonbat/4627770158
Page26: http://www.flickr.com/photos/ingythewingy/4660595849/sizes/l/in/photostream/
Page27: http://www.flickr.com/photos/gvd06a/408242761/
page28: http://sphotos.ak.fbcdn.net/hphotos-ak-ash1/
hs062.ash1/6926_149011886357_693241357_2571740_7209947_n.jpg
Page29: http://www.flickr.com/photos/shadphotos/207233715/sizes/m/in/photostream/
Page30: http://www.flickr.com/photos/rundstedt/4412545871/sizes/l/in/photostream/

More Related Content

PPT
Tech developments in banking sector
PPTX
Trends and technology in banking
DOCX
Easy paisa
PPTX
Technology and the Changing face of Banking Sector
PPTX
Technology upgradation and its impact on banks
PPTX
Role of technology in banking
PDF
Information technology in banking system
PPT
Impact of technology on banking operations
Tech developments in banking sector
Trends and technology in banking
Easy paisa
Technology and the Changing face of Banking Sector
Technology upgradation and its impact on banks
Role of technology in banking
Information technology in banking system
Impact of technology on banking operations

What's hot (12)

PPTX
New innovations in banking industry
DOCX
Introduction (1) ME ppt
PPTX
Banking law emerging trends
PPTX
E banking p pt sst nwc
PPTX
Banking technology in india slide show
DOCX
New banking technology
PPTX
E banking
PPT
E-BANKING EMERGING ISSUES AND OPPORTUNITIES
PDF
Use of technologies in the banking sector of Bangladesh
PDF
Technology in-banking-insight-and-foresight-idrbt-ey-report
PPTX
E banking-techonology and prospect in bBangladesh
DOC
It in banking industry
New innovations in banking industry
Introduction (1) ME ppt
Banking law emerging trends
E banking p pt sst nwc
Banking technology in india slide show
New banking technology
E banking
E-BANKING EMERGING ISSUES AND OPPORTUNITIES
Use of technologies in the banking sector of Bangladesh
Technology in-banking-insight-and-foresight-idrbt-ey-report
E banking-techonology and prospect in bBangladesh
It in banking industry
Ad

Viewers also liked (7)

PPT
070726 Mobile Social Networking Stephen Johnston
PPTX
Social media strategy for Nokia
PPTX
IT in Healthcare
PDF
How to Become a Thought Leader in Your Niche
PDF
2015 Upload Campaigns Calendar - SlideShare
PPTX
What to Upload to SlideShare
PDF
Getting Started With SlideShare
070726 Mobile Social Networking Stephen Johnston
Social media strategy for Nokia
IT in Healthcare
How to Become a Thought Leader in Your Niche
2015 Upload Campaigns Calendar - SlideShare
What to Upload to SlideShare
Getting Started With SlideShare
Ad

More from idsecconf (20)

PDF
IDSECCONF2024 Capture The FLag Write up - 3 MAS MAS
PDF
IDSECCONF2024 - Rifqi Hilmy Zhafrant - Hunting and Exploiting GraphQL Vulnera...
PDF
IDSECCONF2024 - Arief Karfianto - AI-Enhanced Security Analysis in Requiremen...
PDF
IDSECCONF2024 - Ryan Fabella, Daniel Dhaniswara - Keamanan Siber Pada Kendara...
PDF
IDSECCONF2024 - Angela Oryza - ITS Nabu-Platform Pelatihan Keamanan Siber den...
PDF
IDSECCONF2024 - Rama Tri Nanda - MQTT hacking, RCE in Smart Router.pdf
PDF
IDSECCONF2024 - Muhammad Dwison - The Implementation Of One Pixel Attack To S...
PDF
IDSECCONF2024 - Kang Ali - Local LLM can Simulate Apt Malware With Jailbreak ...
PDF
IDSECCONF2024 - Brian Nasywa - Comparison of Quantum Key Distribution Protoco...
PDF
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
PDF
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
PDF
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
PDF
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
PDF
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
PDF
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
PDF
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
PDF
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
PDF
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
PDF
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
PDF
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
IDSECCONF2024 Capture The FLag Write up - 3 MAS MAS
IDSECCONF2024 - Rifqi Hilmy Zhafrant - Hunting and Exploiting GraphQL Vulnera...
IDSECCONF2024 - Arief Karfianto - AI-Enhanced Security Analysis in Requiremen...
IDSECCONF2024 - Ryan Fabella, Daniel Dhaniswara - Keamanan Siber Pada Kendara...
IDSECCONF2024 - Angela Oryza - ITS Nabu-Platform Pelatihan Keamanan Siber den...
IDSECCONF2024 - Rama Tri Nanda - MQTT hacking, RCE in Smart Router.pdf
IDSECCONF2024 - Muhammad Dwison - The Implementation Of One Pixel Attack To S...
IDSECCONF2024 - Kang Ali - Local LLM can Simulate Apt Malware With Jailbreak ...
IDSECCONF2024 - Brian Nasywa - Comparison of Quantum Key Distribution Protoco...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Recently uploaded (20)

PDF
4 layer Arch & Reference Arch of IoT.pdf
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
PPTX
Internet of Everything -Basic concepts details
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
PPTX
future_of_ai_comprehensive_20250822032121.pptx
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
PDF
INTERSPEECH 2025 「Recent Advances and Future Directions in Voice Conversion」
PDF
NewMind AI Weekly Chronicles – August ’25 Week IV
PDF
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
PDF
Early detection and classification of bone marrow changes in lumbar vertebrae...
PDF
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
PPTX
MuleSoft-Compete-Deck for midddleware integrations
PDF
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
PDF
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
PPTX
Module 1 Introduction to Web Programming .pptx
PDF
Co-training pseudo-labeling for text classification with support vector machi...
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
PPTX
SGT Report The Beast Plan and Cyberphysical Systems of Control
4 layer Arch & Reference Arch of IoT.pdf
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Internet of Everything -Basic concepts details
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
future_of_ai_comprehensive_20250822032121.pptx
Data Virtualization in Action: Scaling APIs and Apps with FME
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
INTERSPEECH 2025 「Recent Advances and Future Directions in Voice Conversion」
NewMind AI Weekly Chronicles – August ’25 Week IV
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Early detection and classification of bone marrow changes in lumbar vertebrae...
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
MuleSoft-Compete-Deck for midddleware integrations
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Module 1 Introduction to Web Programming .pptx
Co-training pseudo-labeling for text classification with support vector machi...
Enhancing plagiarism detection using data pre-processing and machine learning...
SGT Report The Beast Plan and Cyberphysical Systems of Control

How to train your ninja