Compromising Covid-19 systems with Pavol Luptak

Update: 2022-05-16

Description

Buckle in for a great episode of Hacker Talk! Pavol Luptak, CEO of Nethemba joins us, and

walks us through the vulnerabilities that were found in Slovakia's covid-19 PCR and anti-gen authority.

Tune into the most technical and detailed covid-19 hacking episode, right here on Hacker Talk.

In this episode we cover:

Pavol's journey into it-security

old-school Unix

privilege escalation attacks

Traditional C and Assembly, shellcodes

Becoming a penetration tester

Rfid

Finding vulnerabilities in parking system, parking in Bratislava for free

Hacking Slovakia's covid-19 systems

extracting PCR and anti-gen covid-19 tests for all Slovakian citizens.

Finding vulnerabilities in PCR test authorities.

enumeration attacks.

Slovakian eHranica forms.

Generating birthdate number.

Finding birthdates on Facebook and Wikipedia

Leveraging different parts of the systems to make them work together

Impersonation attacks

OWASP Web Security Testing Guide

Cracking Captcha's

Rate limiting requests

Security mitigations that you can user

Central European Bug Bounty programs

Hacktrophy

Best practices for bug bounties for enterprises

How to get started with penetration testing

The new smart contract security field

Personal number generation script:

#!/bin/bash

for (( year=54; year < 100; year++)));

for (( month=1; month < 13; month++)));

for (( day=1; day < 32; day++)));

for (( suffix=0; suffix < 10000; suffix++))

final=$(( $year*100000000+$month*1000000+$day*10000+$suffix ));

if (( final % 11 == 0 )); then printf "%010d\n" $final;

done

External Links:

https://nethemba.com/possibility-of-widespread-leak-and-misuse-of-eu-vaccination-certificates/

https://nethemba.com/kriticka-zranitelnost-v-aplikacii-moje-ezdravie-unik-databazy-pacientov-testovanych-na-covid-19/

https://slides.com/nethemba/how-trivial-critical-vulnerabilities-can-lead-to-a-complete-leak-of-sensitive-covid-19-data-on-all-citizens-of-the-country

https://spectator.sme.sk/c/22722505/serious-flaw-in-ehranica-form-attackers-able-to-send-people-into-self-isolation.html

https://wilderko.medium.com/

https://owasp.org/www-project-web-security-testing-guide/

https://nginx.org/

https://docs.nginx.com/nginx-waf/

https://en.wikipedia.org/wiki/Cloudflare

https://hacktrophy.com/en/

https://nethemba.com/resources/ehranice-critical-vulnerabilities.pdf

Comments

In Channel

New Year special 2024

2024-12-2902:04:30

Cat shaped hardware hacking with Alex Lynd

2023-04-1459:56

Darknet Operation Security with Sam Bent Part 1

2022-12-2701:12:07

Bug Bounty Bootcamp with Vickie lii

2022-11-2438:02

CodeQL with Alvaro Munoz

2022-10-2453:38

SecBSD - The penetration testing distribution for the BSD community | BSDBandit on Hacker Talk

2022-09-2601:02:15

Podman with Daniel Walsh

2022-09-1958:25

Social engineering | Scam calls with Mattias Borg

2022-09-0651:23

Vulnhub | G0t mi1k on Hacker Talk

2022-08-2335:40

Wifi Wardriving with Mike Spicer | d4rkm4tter

2022-08-0848:28

AI-Powered Super Hackers | Steve Phillips Part 2

2022-07-1101:08:46

Scanning the internet with Lucas Lundgren

2022-07-0558:44

Hackers on Planet Earth with Greg Newby and Mitch Altman

2022-06-2001:05:26

Black Hat Python with Tim Arnold and Justin Seitz

2022-05-3101:04:04

Ben Kurtz - Golang Malware part 2

2022-04-1901:06:48

Golang Malware with Ben Kurtz Part 1

2022-03-1601:06:07

Programmable Philosophy with Steve Phillips - Part 1

2022-06-1401:02:48

Compromising Covid-19 systems with Pavol Luptak

2022-05-1653:56

David Jacoby

2022-05-0201:13:18

Threat intelligence with Dan Demeter

2022-03-0301:35:02

00:00

Compromising Covid-19 systems with Pavol Luptak

#box-pro-ellipsis-175688081157533{-webkit-line-clamp:2;}Compromising Covid-19 systems with Pavol Luptak

Compromising Covid-19 systems with Pavol Luptak

Firo Solutions LTD

Compromising Covid-19 systems with Pavol Luptak