So You Want to be a Hacker?

If you like this presentation – show it...

Slide 0

So You Want to be a Hacker? Then let’s get started October 16, 2014

Slide 1

A Brief Introduction Gotta start somewhere

Slide 2

Introduction The necessary prerequisites Immersing yourself Educating yourself Places to practice responsibly Common tools Making it count The road to brighter pastures? The Talk’s Agenda

Slide 3

Down in front Who Am I? Christopher Grayson cgrayson@bishopfox.com @_lavalamp Senior Security Analyst at Bishop Fox (Pen-Testing FTW) MSCS, BSCM from GT Former Research Scientist from GT Former president, GT hacking club

Slide 4

I currently have my dream job I’ve never had to choose between education and safety I had the good fortune of attending SkyDogCon in 2012 But the story continues… Little bit of luck, little bit of skill Why am I Here Today?

Slide 5

3 teams at SkyDogCon Duplicity CTF, got 2nd, 3rd and 4th place …out of 4 teams Received tickets to Shmoocon 2013, Offensive Security training Competed in TOOOL Master Keying competition Received ticket to Shmoocon 2014 The plot thickens… Many Reasons

Slide 6

We work in the coolest industry. Period. We need more talented individuals. We need safe places to hone our skills. Hopefully not by accident Why are YOU Here?

Slide 7

Lots of debate around the term Commonly used by the media to refer to malicious people with technical skills Used in the community to show reverence towards another’s capabilities Not to start a debate… The Term “Hacker”

Slide 8

Three cheers for the media What a Hacker Certainly Isn’t

Slide 9

The Approach Comfort zones to the wind

Slide 10

Patience Enthusiasm Perseverance Interest Keeping it zen What Does it Take to Break?

Slide 11

You will get frustrated. You will not learn everything overnight. You will get ridiculed. Nothing worth doing was ever easy Be Wary…

Slide 12

Becoming a “hacker” is not so much a profession as it is a way of life. It requires mental fortitude and patience above all else. Expertise comes slowly. It’s entirely worth the journey. Still interested? Takeaways

Slide 13

The Environment In over Y(our) head

Slide 14

Expertise requires a lot of technical knowledge. This can’t be gained overnight. The first step is to listen to the lingo. Care to go for a swim? The Word of the Day is Immersion

Slide 15

Powerful message board Lots of infosec boards /r/hacking /r/netsec /r/howtohack /r/websec /r/sysadmin /r/blackhat Ever heard of it before? Reddit

Slide 16

Hang out on Freenode to talk through challenges and difficulties you have trouble with. #metasploit – Metasploit developers #corelan – Folks from Corelan team #vulnhub – Folks from Vulnhub team #offsec – Folks from Offensive Security Not all that dissimilar to pirate ships Freenode

Slide 17

Good way to keep track of the industry’s pulse Lots of mailing lists for all skill levels and areas of interest http://seclists.org/ #SPAMSPAMSPAM Mailing Lists

Slide 18

Ghost in the Wires The Art of Intrusion The Art of Deception Kingpin The Cuckoo’s Egg Code Hacking – The Art of Exploitation What are those again? Books

Slide 19

Sneakers http://www.imdb.com/title/tt0105435/ Hackers http://www.imdb.com/title/tt0113243/ War Games http://www.imdb.com/title/tt0086567/ The good, the bad, and the ugly Movies

Slide 20

DEF CON https://www.defcon.org/ Black Hat https://www.blackhat.com/ Shmoocon http://www.shmoocon.org/ Meet your fellow nerds Conferences

Slide 21

Some of the venues listed previously are less friendly towards new-comers than others. General rule of thumb is to research any questions that you have prior to asking them. Showing that you’ve done your own work before asking for the help of others goes a long way in this community. Armor of thick skin+3 Disclaimer

Slide 22

Lessons to be Learned Straight Edumacated

Slide 23

The hardest part is having the gumption to stick with it. Technical skills can be learned (even if learned slowly). Technical skills are required, and typically the more the better. Perhaps, Perhaps, Perhaps So Now we Get Into the Difficult Stuff?

Slide 24

Incredibly-thorough course on Computer Science https://www.edx.org/course/harvardx/harvardx-cs50x-introduction-computer-1022 Learn from the best of them Harvard Introduction to CS

Slide 25

Fundamental understanding of networking is important https://www.coursera.org/course/comnetworks One bytes two bytes three bytes four Computer Networks on Coursera

Slide 26

The ability to write code greatly helps in this field. https://www.coursera.org/course/pythonlearn From script kiddie to script master Programming for Everybody on Coursera

Slide 27

OpenSecurityTraining can be found online http://opensecuritytraining.info/ “Is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long.” Has free, professional courses on all matters hacking Even has course outlines and pre-requisites! Hardly known but hugely helpful OpenSecurityTraining.info

Slide 28

SecurityTube can be found online http://www.securitytube.net/ Large amounts of free videos created by the site’s founder Aggregation of conference videos and lectures Full primers on lots of different hacking areas Aggregate those videos! SecurityTube.net

Slide 29

Corelan can be found online https://www.corelan.be/ In-depth tutorials detailing exploit-writing and binary exploitation Tons of other educational resources, primarily focused on binary and RE topics Write yourself some exploits Corelan.be

Slide 30

Offensive Security can be found online http://www.offensive-security.com/ The group that created Backtrack and Kali Linux distributions Training is not free, but the training you get from their courses is top-notch and well-managed. Has an IRC channel that you can hang out in! The authors of kali, Backtrack Offensive Security

Slide 31

Has a number of certifications for security training Not free, must pay to maintain certifications http://www.sans.org/ Getting certified SANS Institute

Slide 32

Cisco has a number of certifications in the security space. Not free, must pay to maintain certifications https://learningnetwork.cisco.com/community/certifications/security MOAR CERTIFICATIONS?! Cisco Certifications

Slide 33

Go to Work Getting your hands not-so-dirty

Slide 34

VulnHub can be found online: http://vulnhub.com/ A large repository of software images that are created solely to be vulnerable Great place to get software packages to hack on Has an IRC channel you can hang out in! Stand up your own lab Vulnerable Images

Slide 35

Web application that is built specifically to have lots of vulnerabilities Great starting place for beginning to hack Web applications http://www.dvwa.co.uk/ Emphasis on the d DVWA

Slide 36

CTF365 can be found online: http://ctf365.com/ Touts a massive online, persistent CTF CTFTime can be found online: https://ctftime.org/ Keeps track of CTF competitions worldwide, maintains scores for teams across different CTFs Brutal training grounds Ongoing Competitions

Slide 37

We Chall can be found online: https://www.wechall.net/ Is an aggregation site for individual challenges Advertises a total of 133 challenges available Short, sweet, and to the point Stand-Alone Challenges

Slide 38

Managed service provider that consolidates bug bounty programs Go and hack things in real life and get $$$ https://bugcrowd.com/ Industry experience Bugcrowd

Slide 39

Tools of the Trade An awfully full bag of tricks

Slide 40

Used for monitoring local network traffic Great way to learn more about network protocols https://www.wireshark.org/ Networks are chattier than you may think Wireshark

Slide 41

An HTTP proxy with lots of hacky bells and whistles Used universally across the professional security industry http://portswigger.net/burp/ Web app hacker’s swiss army knife Burp Suite

Slide 42

Packaged in with all modern browsers Used mostly by developers for testing functionality during the development process Repurposing tools for fun and profit! Browser Developer Tools

Slide 43

Good tool for generating password lists Made by yours truly ? https://github.com/lavalamp-/LavaPasswordFactory A good password list is nice to have LavaPasswordFactory

Slide 44

Where LavaPasswordFactory generates password lists, John the Ripper cracks them! http://www.openwall.com/john/ Crack goes the password John the Ripper

Slide 45

The de facto standard penetration testing Linux distribution Comes with all of the bells and whistles at installation http://www.kali.org/ Bells and whistles galore Kali Linux

Slide 46

Great platform for virtualization If you don’t know what virtualization, check it out! http://www.vmware.com/ Virtualization is your friend VMWare Fusion / Workstation

Slide 47

Making it Count What next?

Slide 48

Penetration testing Security analyst Security engineer All the technical things! Hacking for good Positions in the Field

Slide 49

Doing this stuff maliciously is a bad idea Far too many opportunities to help others and the community Don’t let it go to waste We’ve already got enough bad guys Don’t Let it go to Waste

Slide 50

References A Centralized Story

Slide 51

The Electronic Frontier Foundation on the Computer Fraud and Abuse Act https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_(CFAA) Wikipedia on Aaron Swartz http://en.wikipedia.org/wiki/Aaron_Swartz H3 at Georgia Tech Research Institute http://h3.gatech.edu/ The UCSB iCTF http://ictf.cs.ucsb.edu/ SECCDC http://www.seccdc.org/ Take One References

Slide 52

VulnHub – Vulnerable by Design http://vulnhub.com/ CTF365 http://ctf365.com/ CTF Time! https://ctftime.org/ WeChall – A Challenge Aggregation Site http://www.wechall.net/ Take two References

Slide 53

Atlanta OWASP https://www.owasp.org/index.php/Atlanta_Georgia Security Mailing Lists http://seclists.org/ Sneakers movie on IMDB http://www.imdb.com/title/tt0105435/ Hackers movie on IMDB http://www.imdb.com/title/tt0113243/ Take three References

Slide 54

War Games movie on IMDB http://www.imdb.com/title/tt0086567/ Hacking movies list on IMDB http://www.imdb.com/list/ls055167700/ DEF CON https://www.defcon.org/ Black Hat https://www.blackhat.com/ Take four References

Slide 55

Shmoocon http://www.shmoocon.org/ Harvard Introduction to Computer Science https://www.edx.org/course/harvardx/harvardx-cs50x-introduction-computer-1022 Computer Networks on Coursera https://www.coursera.org/course/comnetworks Programming for Everybody on Coursera https://www.coursera.org/course/pythonlearn Take five References

Slide 56

OpenSecurityTraining http://opensecuritytraining.info/ Security Tube http://www.securitytube.net/ Corelan.be http://corelan.be/ Offensive Security http://www.offensive-security.com/ Take six References

Slide 57

SANS Security Training http://www.sans.org/ Cisco Security Training https://learningnetwork.cisco.com/community/certifications/security DVWA http://www.dvwa.co.uk/ BugCrowd https://bugcrowd.com/ Take seven References

Slide 58

Wireshark https://www.wireshark.org/ Burp Suite http://portswigger.net/burp/ Reddit http://www.reddit.com/ Freenode IRC http://freenode.net/ Take eight References

Slide 59

Questions? Hopefully you’ve got a few

Slide 60

Thank you @_lavalamp