OpenWest 2014/Hacking

From Omnia
Jump to navigation Jump to search

"Beginners Introduction to Hacking and Information Security Using Open Source Tools."

by Lance Buttars

Surface Areas of Attack:

  • Network
  • Operating system
  • Software
  • Users
  • Hardware

Penetration test (aka. pen test)

Do you really trust your own computer? Have you read ever line of source code? Traced every circuit?

CVE - database of vulnerabilities

Exploit Development Resources:

Tools:

Metasploit:

Privilege Escalation - process of acquiring system rights of another target user

Passive Attacking - ease dropping packet sniffing

  • Man in the middle
  • SSL strip
  • Wireshark
  • dsniff

Denial of Service (DoS)

Social Engineering Tool Kit

OWASP

Web Attacks

SQL Injection attacks

Broken Authentications and Session Management

Cross-Site Request Forgery (CSRF)

  • easily to fight against - just include a random number for each request that the user has to respond with