Sveriges mest populära poddar
Start / Hacker Talk / Compromising covid 19 systems with pavol luptak

Hacker Talk

Compromising Covid-19 systems with Pavol Luptak

54 min • 16 maj 2022

Buckle in for a great episode of Hacker Talk! Pavol Luptak, CEO of Nethemba joins us, and

walks us through the vulnerabilities that were found in Slovakia's covid-19  PCR and anti-gen authority.



Tune into the most technical and detailed covid-19 hacking episode, right here on Hacker Talk.




In this episode we cover:

Pavol's journey into it-security

old-school Unix

privilege escalation attacks

Traditional C and Assembly, shellcodes

Becoming a penetration tester

Rfid

Finding vulnerabilities in parking system, parking in Bratislava for free

Hacking Slovakia's covid-19 systems

extracting PCR and anti-gen covid-19 tests for all Slovakian citizens.

Finding vulnerabilities in PCR test authorities.

enumeration attacks.

Slovakian eHranica forms.

Generating birthdate number.

Finding birthdates on Facebook and Wikipedia

Leveraging different parts of the systems to make them work together

Impersonation attacks

OWASP Web Security Testing Guide

Cracking Captcha's

Rate limiting requests

Security mitigations that you can user

Central European Bug Bounty programs

Hacktrophy

Best practices for bug bounties for enterprises

How to get started with penetration testing

The new smart contract security field






Personal number generation script:

#!/bin/bash

for (( year=54; year < 100; year++)));

to

for (( month=1; month < 13; month++)));

to

for (( day=1; day < 32; day++)));

to

for (( suffix=0; suffix < 10000; suffix++))

to

final=$(( $year*100000000+$month*1000000+$day*10000+$suffix ));

if (( final % 11 == 0 )); then printf "%010d\n" $final;

fi

done

done

done

done






External Links:

https://nethemba.com/possibility-of-widespread-leak-and-misuse-of-eu-vaccination-certificates/

https://nethemba.com/kriticka-zranitelnost-v-aplikacii-moje-ezdravie-unik-databazy-pacientov-testovanych-na-covid-19/

https://slides.com/nethemba/how-trivial-critical-vulnerabilities-can-lead-to-a-complete-leak-of-sensitive-covid-19-data-on-all-citizens-of-the-country

https://spectator.sme.sk/c/22722505/serious-flaw-in-ehranica-form-attackers-able-to-send-people-into-self-isolation.html

https://wilderko.medium.com/

https://owasp.org/www-project-web-security-testing-guide/

https://nginx.org/

https://docs.nginx.com/nginx-waf/

https://en.wikipedia.org/wiki/Cloudflare

https://hacktrophy.com/en/

https://nethemba.com/resources/ehranice-critical-vulnerabilities.pdf

Kategorier
PoddarTeknologi
Förekommer på
Teknik
00:00 -00:00
Hur lyssnar jag på podcast?

En liten tjänst av I'm With Friends. Finns även på engelska.