OpenWest 2014/Hacking

"Beginners Introduction to Hacking and Information Security Using Open Source Tools."

by Lance Buttars

Surface Areas of Attack:

• Network
• Operating system
• Software
• Users
• Hardware

Penetration test (aka. pen test)

Do you really trust your own computer? Have you read ever line of source code? Traced every circuit?

CVE - database of vulnerabilities

• http://wiki.alpinelinux.org/wiki/Cvechecker

Exploit Development Resources:

• http://exploit-exercises.com/

Tools:

• Kali Linux OS - http://www.kali.org/

Metasploit:

• http://www.offensive-security.com/metasploit-unleashed/

Privilege Escalation - process of acquiring system rights of another target user

Passive Attacking - ease dropping packet sniffing

• Man in the middle
• SSL strip
• Wireshark
• dsniff

Denial of Service (DoS)

Social Engineering Tool Kit

• https://www.trustedsec.com/downloads/social-engineer-toolkit/
• installed on Kali
• ?? Capture Facebook credentials and other stuff ??

OWASP

Web Attacks

• The Open Web Application Security Project (OWASP) Top 10
• https://www.owasp.org/index.php/Top10

SQL Injection attacks

Broken Authentications and Session Management

Cross-Site Request Forgery (CSRF)

• easily to fight against - just include a random number for each request that the user has to respond with