WHO WE ARE

  • 10 computer security experts (penetration testers, security consultant, social engineers, ...) from Slovakia, the Czech Republic, UK, Georgia
  • Established in Central Europe
  • Holders of renowned security certifications including OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), CISSP (Certified Information System Security Professional), CEH (Certified Ethical Hacker), SCSecA (Sun Certified Security Administrator), CCNP Security, CCSP (Cisco Certified Security Professional), ...

NETHEMBA HISTORY

NETHEMBA HISTORY

NETHEMBA HISTORY

RESEARCH:

IMPLEMENTATION OF MIFARE CLASSIC CRACKER

  • Research: Implementation of Mifare Classic cracker
  • In 2009 we demonstrated critical vulnerabilities in RFID smartcards massively used in Slovakia and Czech Republic (public transport, Czech/Slovak rails, and buses, parking cards)
  • We released the first world's implementation of Mifare Classic cracker (as opensource) capable to crack all keys to all sector for 1 billion of Mifare cards (!) in a few minutes
  • Paper available at https://nethemba.com/resources/mifare-classic-slides.pdf

RESEARCH:

PUBLIC TRANSPORT SMS TICKET HACKING

  • In 2008 revealed serious inherent vulnerabilities in public transport SMS tickets
  • We contacted public transport companies in Prague, Bratislava, Vienna, but they decided not to fix these vulnerabilities
  • Few years after first implementations (e.g. FareBandit) appeared
  • Paper available at https://nethemba.com/resources/SMS-ticket-hack4.pdf

RESEARCH:

SMS PARKING TICKET VULNERABILITIES

  • In 2010 we revealed critical vulnerabilities in SMS mobile parking
  • All big cities (including Bratislava and Košice) were affected
  • We waited a few years the service provider could fix this vulnerability
  • Paper available at https://nethemba.com/resources/SMS-parking-hack.pdf

RESEARCH:

SECURITY ANALYSIS OF NFC PAYMENT CARDS

  • We have analyzed almost 60 Slovak NFC payment cards and 30 Czech ones
  • For all tested cards, it was possible to read card number, expiration date, PIN tries
  • For almost half of them, it was possible to read "transaction history", For some of them, "owner name"
  • The article is available at nethemba.com.

RESEARCH:

SECURITY ANALYSIS OF MY EHEALTH APPLICATION – a leak of the Slovak database of patients tested for COVID-19

In the Moje eZdravie application, we identified a trivial vulnerability that allowed us to obtain personal information about more than 390,000 patients who were tested for COVID-19 in Slovakia (for the demonstration we managed to get personal information about more than 130,000 patients, of which more than 1600 COVID-19 positive).

RESEARCH:

POSSIBILITY OF WIDESPREAD LEAK AND MISUSE OF EU VACCINATION CERTIFICATES

We have identified a way for the EU to obtain vaccination certificates of all vaccinated citizens by exploiting several critical vulnerabilities:

1. We identified a critical vulnerability in eHranica https://korona.gov.sk/ehranica/

2. Using the portal https://www.portaludzs.sk/web/eportal/, we again found a way to use an enumeration attack to obtain the birth number of any person based only on their name and date of birth.

OUR CORE BUSINESS

OUR SPECIALITIES

  • Smart card (RFID) security audits
  • Smart contract security audits
  • Hardware firmware reverse engineering and security audit
  • SAP system penetration tests and security audits
  • Security research in many areas
  • Secure Android hardening
  • Standard and comprehensive AirGap security analysis
  • TETRA analysis

CODE OF ETHICS

  • We strictly follow the rules of responsible vulnerability disclosure (and always contact affected vendors few months before)
  • We follow the Code of Ethics (not only because we are CISSPs and CEHs)
  • We strongly respect mutual NDAs and security assessment contracts
  • We DO NOT work for the government and government institutions due to various ethical and economical reasons

OWASP INVOLVEMENT

  • OWASP (Open Web Application Security Project) – the most prominent and most respected free and open application security community
  • We are OWASP Testing Guide v3 and v4 (the best web application security testing guide) contributors.
  • Our employees were OWASP chapter leaders for Slovakia, attending many OWASP security cconferences/trainings

COMMUNITY

  • Sponsorship of public security research (financially supporting of open-source IT security projects)
  • Artistic projects (visual crypto-anarchist manifesto secondrealm.is, GUIDE, Zvuk for Štiavnica, Sensorium)
  • Economical projects (Conservative Institute of M.R.Štefánik)
  • Crypto related projects (Bitcoin je Retro! Libertas film, Slovak Students for Liberty)
  • Progressbar hackerspace in Bratislava
  • Parallel Polis hackerspace in Prague in Bratislava
  • Digital privacy workshops for investigative journalists (e.g. Investigative Center of Jan Kuciak )

PENETRATION TESTS

  • A method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker
  • Involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities and exploitation
  • OSSTMM methodology or OWASP Testing Guide is used

TEST APPROACHES

  • Black box - a zero-knowledge attack - no relevant information about the target environment is provided, the most realistic external penetration test
  • White box - a full-knowledge attack - all the security information related to an environment and infrastructure is considered
  • Grey box - a partial-knowledge attack 

TEST PHASES

Discovery - information about the target system is identified and documented (WHOIS service, public search engines, domain registrators, etc.).

Enumeration - using intrusive methods and techniques to gain more information about the target system (port scanning, fingerprinting).

Vulnerability mapping - mapping the findings from the enumeration to known and potential vulnerabilities. Exploitation - attempting to gain access through vulnerabilities identified in the vulnerability-mapping phase. The goal is to gain user-level and privileged (administrator) access to the system (custom exploit scripts or exploit frameworks are used).

STANDARD WEB APPLICATION TEST

  • Reveal as much as possible the most critical security vulnerabilities in the web application/web server during 3 days
  • Exploit them and gain privileged access if it is possible
  • Reveals the most serious vulnerabilities (SQL/LDAP injections, XSS/CSRF, buffer overflows, business logical flaws, authentication bypass, local file inclusions)

Due to the fact that a manual inspection is used, the test is highly recommended when you automatized security scanners have already failed. Provides a technical report with an executive summary, all revealed vulnerabilities, risk levels, and recommendations.

WEB APPLICATIONS

COMPREHENSIVE WEB APPLICATION AUDIT

  • The most comprehensive and deepest web application audit on the market
  • Strictly follows the OWASP Testing Guide v4
  • Practical hacking demonstration (writing exploit codes, database dump, XSS/CSRF demonstration etc)
  • Comprehensive report in English/Czech/Slovak
  • It takes 2-4 weeks per one application

WEB APPLICATIONS

CAN YOU WITHSTAND A PROFESSIONALLY LED ATTACK?

1. Information Gathering (Reconnaissance)

2. Targeted attack on the infrastructure and employees of the organization

  • Blackbox Penetration test of External Infrastructure
  • Social Engineering (e.g. Spear/Phishing)

3. Authorization Escalation and further infiltration

  • Internal Network Attack
  • Continuation of physical infiltration

4. Final Report

 

RED TEAMING

  • Each area of risk is analyzed using the DREAD framework.
  • Risk Categories (Critical, Severe, Moderate, Low)
  • Remediation Effort (High, Medium, Low)
  • The goal is to avoid Blue Team's detection

  • In addition to a management summary, the final report contains a list of all paths (most of which are dead ends) that the Red Team tested. It documents the exact process by which the Red Team achieved its goal and the obstacles it faced during this process.

    • It includes a list of exploited vulnerabilities, including how to fix the vulnerability either completely or at least partially.

RED TEAMING II

SMARTPHONE APPLICATION SECURITY AUDIT

  • Smartphone security audit system involves a technical security audit of the mobile application itself and appropriate server web services (REST / SOAP).
  • During testing we follow the OWASP Mobile Security Project mainly focusing on the Top Ten Mobile Controls
  • Suitable for any company that develops or operates its own mobile applications
  • Testing time: 1-3 weeks depending on the complexity

SMARTPHONE AUDIT

USED TOOLS AND METHODOLOGY

  • We follow OWASP Testing Guide
  • We use many commercial and open-source tools
  • We develop our own (NSQL – time delay blind SQL injector)
  • We use manual inspection and can reveal many critical security vulnerabilities that automated tools do not

METHODOLOGY

  • Financial sector - banking groups, banks, and insurance companies in Central Europe 
  • Telco sector - telecommunications and mobile operators in the Czech Republic and Slovakia
  • Other corporations - transport, energy, development companies, e-shops, online casinos, .. in the USA, Canada, Panama, UK, and Central Europe
  • For more references see https://nethemba.com/references/

REFERENCES