WHO WE ARE

  • 10 computer security experts (penetration testers, security consultant, social engineers, ...) from Slovakia, UK, Argentina
  • Established in Central Europe covering German-speaking market through Nethemba GmbH
  • Holders of renowned security certifications including OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), CISSP (Certified Information System Security Professional), CEH (Certified Ethical Hacker), SCSecA (Sun Certified Security Administrator), CCNP Security, CCSP (Cisco Certified Security Professional), ...

NETHEMBA HISTORY

NETHEMBA HISTORY

NETHEMBA HISTORY

  • 2019 We revealed a critical vulnerability in eKasa (massively used payment system in Slovakia)
  • It affected 100 000+ devices (in the project that costs approx. 70 millions EUR)
  • Probably the biggest "IT security scandal" in Slovakia

RESEARCH:

IMPLEMENTATION OF MIFARE CLASSIC CRACKER

  • Research: Implementation of Mifare Classic cracker
  • In 2009 we demonstrated critical vulnerabilities in RFID smartcards massively used in Slovakia and Czech Republic (public transport, Czech/Slovak rails, and buses, parking cards)
  • We released the first world's implementation of Mifare Classic cracker (as opensource) capable to crack all keys to all sector for 1 billion of Mifare cards (!) in a few minutes
  • Paper available at https://nethemba.com/resources/mifare-classic-slides.pdf

RESEARCH:

PUBLIC TRANSPORT SMS TICKET HACKING

  • In 2008 revealed serious inherent vulnerabilities in public transport SMS tickets
  • We contacted public transport companies in Prague, Bratislava, Vienna, but they decided not to fix these vulnerabilities
  • Few years after first implementations (e.g. FareBandit) appeared
  • Paper available at https://nethemba.com/resources/SMS-ticket-hack4.pdf

RESEARCH:

SMS PARKING TICKET VULNERABILITIES

  • In 2010 we revealed critical vulnerabilities in SMS mobile parking
  • All big cities (including Bratislava and Košice) were affected
  • We waited a few years the service provider could fix this vulnerability
  • Paper available at https://nethemba.com/resources/SMS-parking-hack.pdf

RESEARCH:

SECURITY ANALYSIS OF NFC PAYMENT CARDS

  • We have analyzed almost 60 Slovak NFC payment cards and 30 Czech ones
  • For all tested cards, it was possible to read card number, expiration date, PIN tries
  • For almost half of them, it was possible to read "transaction history", For some of them, "owner name"
  • The article is available at nethemba.com.

DIGITAL PRIVACY

For Slovak and Czech customers we started to offer digital privacy enhancing services:

  • end-to-end encrypted calls (including design and implementation of call centers)
  • end-to-end encrypted emails, chat, SMS text communication
  • full disk encryption (including mobile phones)
  • desktop / mobile security hardening

For more information see https://www.chrantesvojesukromie.sk or https://www.chrantesvesoukromi.cz

OUR CORE BUSINESS

  • All kinds of penetration tests
  • Comprehensive web application security audits
  • Smart Contracts security audits
  • Mobile application security audits (iOS, Android, Windows Phone, Blackberry)
  • Local system, wireless security audits, Social engineering
  • Computer forensic analysis
  • Professional IT security training & courses
  • Design and development of secure VoIP solutions
  • Systems hardening, HA/LB cloud computing

OUR SPECIALITIES

  • Smart card (RFID) security audits
  • Smart contract security audits
  • Hardware firmware reverse engineering and security audit
  • SAP system penetration tests and security audits
  • Security research in many areas
  • Secure Android hardening
  • Standard and comprehensive AirGap security analysis
  • TETRA analysis

CODE OF ETHICS

  • We strictly follow the rules of responsible vulnerability disclosure (and always contact affected vendors few months before)
  • We follow the Code of Ethics (not only because we are CISSPs and CEHs)
  • We strongly respect mutual NDAs and security assessment contracts
  • We DO NOT work for the government and government institutions due to various ethical and economical reasons

OWASP INVOLVEMENT

  • OWASP (Open Web Application Security Project) – the biggest and most respected free and open application security community
  • We are OWASP Testing Guide v3 and v4 (the best web application security testing guide) contributors
  • Our employees are OWASP chapter leaders for Slovakia attending many OWASP security conferences / trainings

COMMUNITY

  • Sponsorship of public security research (financially supporting of open-source IT security projects)
  • Artistic projects (visual crypto-anarchist manifesto secondrealm.is, GUIDE, Zvuk for Štiavnica, Sensorium)
  • Economical projects (Conservative Institute of M.R.Štefánik)
  • Crypto related projects (Bitcoin je Retro! Libertas film, Slovak Students for Liberty)
  • Progressbar hackerspace in Bratislava
  • Parallel Polis hackerspace in Prague in Bratislava
  • Digital privacy workshops for investigative journalists (e.g. Investigative Center of Jan Kuciak )

PENETRATION TESTS

  • A method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker
  • Involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities and exploitation
  • OSSTMM methodology or OWASP Testing Guide is used

TEST APPROACHES

  • Black box - a zero-knowledge attack - no relevant information about the target environment is provided, the most realistic external penetration test
  • White box - a full-knowledge attack - all the security information related to an environment and infrastructure is considered
  • Grey box - a partial-knowledge attack 

TEST PHASES

Discovery - information about the target system is identified and documented (WHOIS service, public search engines, domain registrators, etc.).

Enumeration - using intrusive methods and techniques to gain more information about the target system (port scanning, fingerprinting).

Vulnerability mapping - mapping the findings from the enumeration to known and potential vulnerabilities. Exploitation - attempting to gain access through vulnerabilities identified in the vulnerability-mapping phase. The goal is to gain user-level and privileged (administrator) access to the system (custom exploit scripts or exploit frameworks are used).

STANDARD WEB APPLICATION TEST

  • Reveal as much as possible the most critical security vulnerabilities in the web application/web server during 3 days
  • Exploit them and gain privileged access if it is possible
  • Reveals the most serious vulnerabilities (SQL/LDAP injections, XSS/CSRF, buffer overflows, business logical flaws, authentication bypass, local file inclusions)

Due to the fact that a manual inspection is used, the test is highly recommended when you automatized security scanners have already failed. Provides a technical report with an executive summary, all revealed vulnerabilities, risk levels, and recommendations.

WEB APPLICATIONS

COMPREHENSIVE WEB APPLICATION AUDIT

  • The most comprehensive and deepest web application audit on the market
  • Strictly follows the OWASP Testing Guide v4
  • Practical hacking demonstration (writing exploit codes, database dump, XSS/CSRF demonstration etc)
  • One-day meeting with application's developers
  • Comprehensive report in English/Czech/Slovak
  • It takes 2-4 weeks per one application

WEB APPLICATIONS

SMARTPHONE APPLICATION SECURITY AUDIT

  • Smartphone security audit system involves a technical security audit of the mobile application itself and appropriate server web services (REST / SOAP).
  • During testing we follow the OWASP Mobile Security Project mainly focusing on the Top Ten Mobile Controls
  • Suitable for any company that develops or operates its own mobile applications
  • Testing time: 1-3 weeks depending on the complexity

SMARTPHONE AUDIT

USED TOOLS AND METHODOLOGY

  • We strictly follow OSSTMM and OWASP Testing Guide
  • We use many commercial and opensource  tools
  • We develop own ones (NSQL – time delay blind SQL injector)
  • We use manual inspection and can reveal many critical security vulnerabilities that automated tools do not

METHODOLOGY

  • Financial sector - banking groups, banks, and insurance companies in Central Europe 
  • Telco sector - telecommunications and mobile operators in the Czech Republic and Slovakia
  • Other corporations - transport, energy, development companies, e-shops, online casinos, .. in the USA, Canada, Panama, UK, and Central Europe
  • For more references see https://nethemba.com/references/

REFERENCES