https://aznot.com/index.php?action=history&feed=atom&title=OpenWest_2014%2FHackingOpenWest 2014/Hacking - Revision history2026-04-30T05:51:35ZRevision history for this page on the wikiMediaWiki 1.41.0https://aznot.com/index.php?title=OpenWest_2014/Hacking&diff=43&oldid=prevKenneth at 15:19, 11 May 20142014-05-11T15:19:26Z<p></p>
<p><b>New page</b></p><div>"Beginners Introduction to Hacking and Information Security Using Open Source Tools."<br />
:by Lance Buttars<br />
<br />
Surface Areas of Attack:<br />
* Network<br />
* Operating system<br />
* Software<br />
* Users<br />
* Hardware<br />
<br />
Penetration test (aka. pen test)<br />
<br />
Do you really trust your own computer? Have you read ever line of source code? Traced every circuit?<br />
<br />
CVE - database of vulnerabilities<br />
* http://wiki.alpinelinux.org/wiki/Cvechecker<br />
<br />
Exploit Development Resources:<br />
* http://exploit-exercises.com/<br />
<br />
Tools:<br />
* Kali Linux OS - http://www.kali.org/<br />
<br />
Metasploit:<br />
* http://www.offensive-security.com/metasploit-unleashed/<br />
<br />
Privilege Escalation - process of acquiring system rights of another target user<br />
<br />
Passive Attacking - ease dropping packet sniffing<br />
* Man in the middle<br />
* SSL strip<br />
* Wireshark<br />
* dsniff<br />
<br />
Denial of Service (DoS)<br />
<br />
Social Engineering Tool Kit<br />
* https://www.trustedsec.com/downloads/social-engineer-toolkit/<br />
* installed on Kali<br />
* ?? Capture Facebook credentials and other stuff ??<br />
<br />
OWASP<br />
<br />
Web Attacks<br />
* The Open Web Application Security Project (OWASP) Top 10<br />
* https://www.owasp.org/index.php/Top10<br />
<br />
SQL Injection attacks<br />
<br />
Broken Authentications and Session Management<br />
<br />
Cross-Site Request Forgery (CSRF)<br />
* easily to fight against - just include a random number for each request that the user has to respond with</div>Kenneth