OpenWest 2014/Hacking
Jump to navigation
Jump to search
"Beginners Introduction to Hacking and Information Security Using Open Source Tools."
- by Lance Buttars
Surface Areas of Attack:
- Network
- Operating system
- Software
- Users
- Hardware
Penetration test (aka. pen test)
Do you really trust your own computer? Have you read ever line of source code? Traced every circuit?
CVE - database of vulnerabilities
Exploit Development Resources:
Tools:
- Kali Linux OS - http://www.kali.org/
Metasploit:
Privilege Escalation - process of acquiring system rights of another target user
Passive Attacking - ease dropping packet sniffing
- Man in the middle
- SSL strip
- Wireshark
- dsniff
Denial of Service (DoS)
Social Engineering Tool Kit
- https://www.trustedsec.com/downloads/social-engineer-toolkit/
- installed on Kali
- ?? Capture Facebook credentials and other stuff ??
OWASP
Web Attacks
- The Open Web Application Security Project (OWASP) Top 10
- https://www.owasp.org/index.php/Top10
SQL Injection attacks
Broken Authentications and Session Management
Cross-Site Request Forgery (CSRF)
- easily to fight against - just include a random number for each request that the user has to respond with