So You Want to be a Hacker?

Понравилась презентация – покажи это...

Слайд 0

So You Want to be a Hacker? Then let’s get started October 16, 2014

Слайд 1

A Brief Introduction Gotta start somewhere

Слайд 2

Introduction The necessary prerequisites Immersing yourself Educating yourself Places to practice responsibly Common tools Making it count The road to brighter pastures? The Talk’s Agenda

Слайд 3

Down in front Who Am I? Christopher Grayson cgrayson@bishopfox.com @_lavalamp Senior Security Analyst at Bishop Fox (Pen-Testing FTW) MSCS, BSCM from GT Former Research Scientist from GT Former president, GT hacking club

Слайд 4

I currently have my dream job I’ve never had to choose between education and safety I had the good fortune of attending SkyDogCon in 2012 But the story continues… Little bit of luck, little bit of skill Why am I Here Today?

Слайд 5

3 teams at SkyDogCon Duplicity CTF, got 2nd, 3rd and 4th place …out of 4 teams Received tickets to Shmoocon 2013, Offensive Security training Competed in TOOOL Master Keying competition Received ticket to Shmoocon 2014 The plot thickens… Many Reasons

Слайд 6

We work in the coolest industry. Period. We need more talented individuals. We need safe places to hone our skills. Hopefully not by accident Why are YOU Here?

Слайд 7

Lots of debate around the term Commonly used by the media to refer to malicious people with technical skills Used in the community to show reverence towards another’s capabilities Not to start a debate… The Term “Hacker”

Слайд 8

Three cheers for the media What a Hacker Certainly Isn’t

Слайд 9

The Approach Comfort zones to the wind

Слайд 10

Patience Enthusiasm Perseverance Interest Keeping it zen What Does it Take to Break?

Слайд 11

You will get frustrated. You will not learn everything overnight. You will get ridiculed. Nothing worth doing was ever easy Be Wary…

Слайд 12

Becoming a “hacker” is not so much a profession as it is a way of life. It requires mental fortitude and patience above all else. Expertise comes slowly. It’s entirely worth the journey. Still interested? Takeaways

Слайд 13

The Environment In over Y(our) head

Слайд 14

Expertise requires a lot of technical knowledge. This can’t be gained overnight. The first step is to listen to the lingo. Care to go for a swim? The Word of the Day is Immersion

Слайд 15

Powerful message board Lots of infosec boards /r/hacking /r/netsec /r/howtohack /r/websec /r/sysadmin /r/blackhat Ever heard of it before? Reddit

Слайд 16

Hang out on Freenode to talk through challenges and difficulties you have trouble with. #metasploit – Metasploit developers #corelan – Folks from Corelan team #vulnhub – Folks from Vulnhub team #offsec – Folks from Offensive Security Not all that dissimilar to pirate ships Freenode

Слайд 17

Good way to keep track of the industry’s pulse Lots of mailing lists for all skill levels and areas of interest http://seclists.org/ #SPAMSPAMSPAM Mailing Lists

Слайд 18

Ghost in the Wires The Art of Intrusion The Art of Deception Kingpin The Cuckoo’s Egg Code Hacking – The Art of Exploitation What are those again? Books

Слайд 19

Sneakers http://www.imdb.com/title/tt0105435/ Hackers http://www.imdb.com/title/tt0113243/ War Games http://www.imdb.com/title/tt0086567/ The good, the bad, and the ugly Movies

Слайд 20

DEF CON https://www.defcon.org/ Black Hat https://www.blackhat.com/ Shmoocon http://www.shmoocon.org/ Meet your fellow nerds Conferences

Слайд 21

Some of the venues listed previously are less friendly towards new-comers than others. General rule of thumb is to research any questions that you have prior to asking them. Showing that you’ve done your own work before asking for the help of others goes a long way in this community. Armor of thick skin+3 Disclaimer

Слайд 22

Lessons to be Learned Straight Edumacated

Слайд 23

The hardest part is having the gumption to stick with it. Technical skills can be learned (even if learned slowly). Technical skills are required, and typically the more the better. Perhaps, Perhaps, Perhaps So Now we Get Into the Difficult Stuff?

Слайд 24

Incredibly-thorough course on Computer Science https://www.edx.org/course/harvardx/harvardx-cs50x-introduction-computer-1022 Learn from the best of them Harvard Introduction to CS

Слайд 25

Fundamental understanding of networking is important https://www.coursera.org/course/comnetworks One bytes two bytes three bytes four Computer Networks on Coursera

Слайд 26

The ability to write code greatly helps in this field. https://www.coursera.org/course/pythonlearn From script kiddie to script master Programming for Everybody on Coursera

Слайд 27

OpenSecurityTraining can be found online http://opensecuritytraining.info/ “Is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long.” Has free, professional courses on all matters hacking Even has course outlines and pre-requisites! Hardly known but hugely helpful OpenSecurityTraining.info

Слайд 28

SecurityTube can be found online http://www.securitytube.net/ Large amounts of free videos created by the site’s founder Aggregation of conference videos and lectures Full primers on lots of different hacking areas Aggregate those videos! SecurityTube.net

Слайд 29

Corelan can be found online https://www.corelan.be/ In-depth tutorials detailing exploit-writing and binary exploitation Tons of other educational resources, primarily focused on binary and RE topics Write yourself some exploits Corelan.be

Слайд 30

Offensive Security can be found online http://www.offensive-security.com/ The group that created Backtrack and Kali Linux distributions Training is not free, but the training you get from their courses is top-notch and well-managed. Has an IRC channel that you can hang out in! The authors of kali, Backtrack Offensive Security

Слайд 31

Has a number of certifications for security training Not free, must pay to maintain certifications http://www.sans.org/ Getting certified SANS Institute

Слайд 32

Cisco has a number of certifications in the security space. Not free, must pay to maintain certifications https://learningnetwork.cisco.com/community/certifications/security MOAR CERTIFICATIONS?! Cisco Certifications

Слайд 33

Go to Work Getting your hands not-so-dirty

Слайд 34

VulnHub can be found online: http://vulnhub.com/ A large repository of software images that are created solely to be vulnerable Great place to get software packages to hack on Has an IRC channel you can hang out in! Stand up your own lab Vulnerable Images

Слайд 35

Web application that is built specifically to have lots of vulnerabilities Great starting place for beginning to hack Web applications http://www.dvwa.co.uk/ Emphasis on the d DVWA

Слайд 36

CTF365 can be found online: http://ctf365.com/ Touts a massive online, persistent CTF CTFTime can be found online: https://ctftime.org/ Keeps track of CTF competitions worldwide, maintains scores for teams across different CTFs Brutal training grounds Ongoing Competitions

Слайд 37

We Chall can be found online: https://www.wechall.net/ Is an aggregation site for individual challenges Advertises a total of 133 challenges available Short, sweet, and to the point Stand-Alone Challenges

Слайд 38

Managed service provider that consolidates bug bounty programs Go and hack things in real life and get $$$ https://bugcrowd.com/ Industry experience Bugcrowd

Слайд 39

Tools of the Trade An awfully full bag of tricks

Слайд 40

Used for monitoring local network traffic Great way to learn more about network protocols https://www.wireshark.org/ Networks are chattier than you may think Wireshark

Слайд 41

An HTTP proxy with lots of hacky bells and whistles Used universally across the professional security industry http://portswigger.net/burp/ Web app hacker’s swiss army knife Burp Suite

Слайд 42

Packaged in with all modern browsers Used mostly by developers for testing functionality during the development process Repurposing tools for fun and profit! Browser Developer Tools

Слайд 43

Good tool for generating password lists Made by yours truly ? https://github.com/lavalamp-/LavaPasswordFactory A good password list is nice to have LavaPasswordFactory

Слайд 44

Where LavaPasswordFactory generates password lists, John the Ripper cracks them! http://www.openwall.com/john/ Crack goes the password John the Ripper

Слайд 45

The de facto standard penetration testing Linux distribution Comes with all of the bells and whistles at installation http://www.kali.org/ Bells and whistles galore Kali Linux

Слайд 46

Great platform for virtualization If you don’t know what virtualization, check it out! http://www.vmware.com/ Virtualization is your friend VMWare Fusion / Workstation

Слайд 47

Making it Count What next?

Слайд 48

Penetration testing Security analyst Security engineer All the technical things! Hacking for good Positions in the Field

Слайд 49

Doing this stuff maliciously is a bad idea Far too many opportunities to help others and the community Don’t let it go to waste We’ve already got enough bad guys Don’t Let it go to Waste

Слайд 50

References A Centralized Story

Слайд 51

The Electronic Frontier Foundation on the Computer Fraud and Abuse Act https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_(CFAA) Wikipedia on Aaron Swartz http://en.wikipedia.org/wiki/Aaron_Swartz H3 at Georgia Tech Research Institute http://h3.gatech.edu/ The UCSB iCTF http://ictf.cs.ucsb.edu/ SECCDC http://www.seccdc.org/ Take One References

Слайд 52

VulnHub – Vulnerable by Design http://vulnhub.com/ CTF365 http://ctf365.com/ CTF Time! https://ctftime.org/ WeChall – A Challenge Aggregation Site http://www.wechall.net/ Take two References

Слайд 53

Atlanta OWASP https://www.owasp.org/index.php/Atlanta_Georgia Security Mailing Lists http://seclists.org/ Sneakers movie on IMDB http://www.imdb.com/title/tt0105435/ Hackers movie on IMDB http://www.imdb.com/title/tt0113243/ Take three References

Слайд 54

War Games movie on IMDB http://www.imdb.com/title/tt0086567/ Hacking movies list on IMDB http://www.imdb.com/list/ls055167700/ DEF CON https://www.defcon.org/ Black Hat https://www.blackhat.com/ Take four References

Слайд 55

Shmoocon http://www.shmoocon.org/ Harvard Introduction to Computer Science https://www.edx.org/course/harvardx/harvardx-cs50x-introduction-computer-1022 Computer Networks on Coursera https://www.coursera.org/course/comnetworks Programming for Everybody on Coursera https://www.coursera.org/course/pythonlearn Take five References

Слайд 56

OpenSecurityTraining http://opensecuritytraining.info/ Security Tube http://www.securitytube.net/ Corelan.be http://corelan.be/ Offensive Security http://www.offensive-security.com/ Take six References

Слайд 57

SANS Security Training http://www.sans.org/ Cisco Security Training https://learningnetwork.cisco.com/community/certifications/security DVWA http://www.dvwa.co.uk/ BugCrowd https://bugcrowd.com/ Take seven References

Слайд 58

Wireshark https://www.wireshark.org/ Burp Suite http://portswigger.net/burp/ Reddit http://www.reddit.com/ Freenode IRC http://freenode.net/ Take eight References

Слайд 59

Questions? Hopefully you’ve got a few

Слайд 60

Thank you @_lavalamp