Making Money on the Web the Blackhat Way

WhiteHat Security founder and CTO, Jeremiah Grossman made a really great presentation at Blackhat this year titled "Get Rich or Die Trying - Making Money on the Web the Blackhat Way". The talk enlightens us about the fact that if one really wants to make money the blackhat way, one need not look into sophisticated hacking techniques such as 0 Days, SQL Injection, vulnerability exploitation etc., instead, all one needs to be armed with is a web browser and some common sense. Jeremiah hammers home the point that most online heists are not really that sophisticated from a technical standpoint, instead they exploit "business logic flaws". Alarmingly, these flaws cannot be detected during product testing because QA tests what a product should do and what not it can be made to do, also, automated vulnerability scanners are too dumb to be able to think through and find such vulnerabilities.

In the talk Jeremiah runs us through various hacks requiring low technical skills, which people have done to rip companies off for money - Online ballot stuffing, Solving captchas for cash, Recovering passwords for cash, Hire to hack, Monetizing ecoupons, Affiliate scams, Trading on semi public information and many others. The entire presentation is in a case study mode with real life examples of the hacks, which is what probably makes it very interesting to watch.

You can download the presentation here.

Related Videos from: Blackhat 2009 Attacks


Defeating SSL using SSLStrip (Marlinspike Blackhat)	Attacking Intel Trusted Execution Technology (Wojtczuk Rukowska)	Anti Forensics techniques for OSX (Vincenzo Blackhat DC)	You are Viewing this Video Now!	Attacking Internet Backbone Technologies (Blackhat 2009)
22193 views	2416 views	3656 views	3863 views	2740 views

Author