Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

So You Want to be a Hacker?

10 419 vues

Publié le

This talk by Chris Grayson contains lots of information about how to enter the so-called "hackerspace." From mental approaches to books, movies, and other media to online courses and knowledge repositories, this presentation is intended to be the one-stop-shop for anyone trying to become a penetration tester.

Publié dans : Ingénierie, Formation
  • Login to see the comments

So You Want to be a Hacker?

  1. 1. So You Want to be a Hacker? THEN LET’S GET STARTED October 16, 2014
  3. 3. 3 The Talk’s Agenda 1. Introduction 2. The necessary prerequisites 3. Immersing yourself 4. Educating yourself 5. Places to practice responsibly 6. Common tools 7. Making it count THE ROAD TO BRIGHTER PASTURES?
  4. 4. 4 Who Am I? DOWN IN FRONT Christopher Grayson • cgrayson@bishopfox.com • @_lavalamp Senior Security Analyst at Bishop Fox (Pen-Testing FTW) MSCS, BSCM from GT Former Research Scientist from GT Former president, GT hacking club
  5. 5. 5 I currently have my dream job I’ve never had to choose between education and safety I had the good fortune of attending SkyDogCon in 2012 But the story continues… Why am I Here Today? LITTLE BIT OF LUCK, LITTLE BIT OF SKILL
  6. 6. 6 Many Reasons THE PLOT THICKENS… 3 teams at SkyDogCon Duplicity CTF, got 2nd, 3rd and 4th place • …out of 4 teams Received tickets to Shmoocon 2013, Offensive Security training Competed in TOOOL Master Keying competition Received ticket to Shmoocon 2014
  7. 7. 7 We work in the coolest industry. Period. We need more talented individuals. We need safe places to hone our skills. Why are YOU Here? HOPEFULLY NOT BY ACCIDENT
  8. 8. 8 The Term “Hacker” NOT TO START A DEBATE… Lots of debate around the term Commonly used by the media to refer to malicious people with technical skills Used in the community to show reverence towards another’s capabilities
  9. 9. 9 What a Hacker Certainly Isn’t THREE CHEERS FOR THE MEDIA
  11. 11. 11 What Does it Take to Break? KEEPING IT ZEN Patience Enthusiasm Perseverance Interest
  12. 12. 12 You will get frustrated. You will not learn everything overnight. You will get ridiculed. Be Wary… NOTHING WORTH DOING WAS EVER EASY
  13. 13. 13 Takeaways STILL INTERESTED? Becoming a “hacker” is not so much a profession as it is a way of life. It requires mental fortitude and patience above all else. Expertise comes slowly. It’s entirely worth the journey.
  15. 15. 15 The Word of the Day is Immersion Expertise requires a lot of technical knowledge. This can’t be gained overnight. The first step is to listen to the lingo. CARE TO GO FOR A SWIM?
  16. 16. 16 Reddit EVER HEARD OF IT BEFORE? Powerful message board Lots of infosec boards • /r/hacking • /r/netsec • /r/howtohack • /r/websec • /r/sysadmin • /r/blackhat
  17. 17. 17 Hang out on Freenode to talk through challenges and difficulties you have trouble with. • #metasploit – Metasploit developers • #corelan – Folks from Corelan team • #vulnhub – Folks from Vulnhub team • #offsec – Folks from Offensive Security Freenode NOT ALL THAT DISSIMILAR TO PIRATE SHIPS
  18. 18. 18 Mailing Lists #SPAMSPAMSPAM Good way to keep track of the industry’s pulse Lots of mailing lists for all skill levels and areas of interest http://seclists.org/
  19. 19. 19 Ghost in the Wires The Art of Intrusion The Art of Deception Kingpin The Cuckoo’s Egg Code Hacking – The Art of Exploitation Books WHAT ARE THOSE AGAIN?
  20. 20. 20 Movies THE GOOD, THE BAD, AND THE UGLY Sneakers • http://www.imdb.com/title/tt 0105435/ Hackers • http://www.imdb.com/title/tt 0113243/ War Games • http://www.imdb.com/title/tt 0086567/
  21. 21. 21 DEF CON • https://www.defcon.org/ Black Hat • https://www.blackhat.com/ Shmoocon • http://www.shmoocon.org/ Conferences MEET YOUR FELLOW NERDS
  22. 22. 22 Disclaimer ARMOR OF THICK SKIN+3 Some of the venues listed previously are less friendly towards new-comers than others. General rule of thumb is to research any questions that you have prior to asking them. Showing that you’ve done your own work before asking for the help of others goes a long way in this community.
  24. 24. 24 So Now we Get Into the Difficult Stuff? PERHAPS, PERHAPS, PERHAPS The hardest part is having the gumption to stick with it. Technical skills can be learned (even if learned slowly). Technical skills are required, and typically the more the better.
  25. 25. 25 Harvard Introduction to CS Incredibly-thorough course on Computer Science https://www.edx.org/c ourse/harvardx/harvar dx-cs50x-introduction-computer- 1022 LEARN FROM THE BEST OF THEM
  26. 26. 26 Computer Networks on Coursera ONE BYTES TWO BYTES THREE BYTES FOUR Fundamental understanding of networking is important https://www.coursera. org/course/comnetwor ks
  27. 27. 27 Programming for Everybody on Coursera The ability to write code greatly helps in this field. https://www.coursera. org/course/pythonlear n FROM SCRIPT KIDDIE TO SCRIPT MASTER
  28. 28. 28 OpenSecurityTraining.info HARDLY KNOWN BUT HUGELY HELPFUL OpenSecurityTraining can be found online • http://opensecuritytraining.info/ “Is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long.” Has free, professional courses on all matters hacking Even has course outlines and pre-requisites!
  29. 29. 29 SecurityTube can be found online • http://www.securitytube.net/ Large amounts of free videos created by the site’s founder Aggregation of conference videos and lectures Full primers on lots of different hacking areas SecurityTube.net AGGREGATE THOSE VIDEOS!
  30. 30. 30 Corelan.be WRITE YOURSELF SOME EXPLOITS Corelan can be found online • https://www.corelan.be/ In-depth tutorials detailing exploit-writing and binary exploitation Tons of other educational resources, primarily focused on binary and RE topics
  31. 31. 31 Offensive Security can be found online • http://www.offensive-security. com/ The group that created Backtrack and Kali Linux distributions Training is not free, but the training you get from their courses is top-notch and well-managed. Has an IRC channel that you can hang out in! Offensive Security THE AUTHORS OF KALI, BACKTRACK
  32. 32. 32 SANS Institute GETTING CERTIFIED Has a number of certifications for security training Not free, must pay to maintain certifications http://www.sans.org/
  33. 33. 33 Cisco has a number of certifications in the security space. Not free, must pay to maintain certifications https://learningnetwork. cisco.com/community/c ertifications/security Cisco Certifications MOAR CERTIFICATIONS?!
  35. 35. 35 VulnHub can be found online: • http://vulnhub.com/ A large repository of software images that are created solely to be vulnerable Great place to get software packages to hack on Has an IRC channel you can hang out in! Vulnerable Images STAND UP YOUR OWN LAB
  36. 36. 36 DVWA EMPHASIS ON THE D Web application that is built specifically to have lots of vulnerabilities Great starting place for beginning to hack Web applications http://www.dvwa.co.uk/
  37. 37. 37 Ongoing Competitions CTF365 can be found online: • http://ctf365.com/ Touts a massive online, persistent CTF CTFTime can be found online: • https://ctftime.org/ Keeps track of CTF competitions worldwide, maintains scores for teams across different CTFs BRUTAL TRAINING GROUNDS
  38. 38. 38 Stand-Alone Challenges SHORT, SWEET, AND TO THE POINT We Chall can be found online: • https://www.wechall.net/ Is an aggregation site for individual challenges Advertises a total of 133 challenges available
  39. 39. 39 Managed service provider that consolidates bug bounty programs Go and hack things in real life and get $$$ https://bugcrowd.com/ Bugcrowd INDUSTRY EXPERIENCE
  41. 41. 41 Wireshark NETWORKS ARE CHATTIER THAN YOU MAY THINK Used for monitoring local network traffic Great way to learn more about network protocols https://www.wireshark .org/
  42. 42. 42 An HTTP proxy with lots of hacky bells and whistles Used universally across the professional security industry http://portswigger.net/bu rp/ Burp Suite WEB APP HACKER’S SWISS ARMY KNIFE
  43. 43. 43 Browser Developer Tools REPURPOSING TOOLS FOR FUN AND PROFIT! Packaged in with all modern browsers Used mostly by developers for testing functionality during the development process
  44. 44. 44 LavaPasswordFactory Good tool for generating password lists Made by yours truly  https://github.com/lav alamp- /LavaPasswordFactor y A GOOD PASSWORD LIST IS NICE TO HAVE
  45. 45. 45 John the Ripper CRACK GOES THE PASSWORD Where LavaPasswordFactory generates password lists, John the Ripper cracks them! http://www.openwall.c om/john/
  46. 46. 46 The de facto standard penetration testing Linux distribution Comes with all of the bells and whistles at installation http://www.kali.org/ Kali Linux BELLS AND WHISTLES GALORE
  47. 47. 47 VMWare Fusion / Workstation VIRTUALIZATION IS YOUR FRIEND Great platform for virtualization If you don’t know what virtualization, check it out! http://www.vmware.co m/
  49. 49. 49 Penetration testing Security analyst Security engineer All the technical things! Positions in the Field HACKING FOR GOOD
  50. 50. 50 Don’t Let it go to Waste WE’VE ALREADY GOT ENOUGH BAD GUYS Doing this stuff maliciously is a bad idea Far too many opportunities to help others and the community Don’t let it go to waste
  52. 52. 52 References TAKE ONE The Electronic Frontier Foundation on the Computer Fraud and Abuse Act • https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_(CFAA) Wikipedia on Aaron Swartz • http://en.wikipedia.org/wiki/Aaron_Swartz H3 at Georgia Tech Research Institute • http://h3.gatech.edu/ The UCSB iCTF • http://ictf.cs.ucsb.edu/ SECCDC • http://www.seccdc.org/
  53. 53. 53 References TAKE TWO VulnHub – Vulnerable by Design • http://vulnhub.com/ CTF365 • http://ctf365.com/ CTF Time! • https://ctftime.org/ WeChall – A Challenge Aggregation Site • http://www.wechall.net/
  54. 54. 54 References TAKE THREE Atlanta OWASP • https://www.owasp.org/index.php/Atlanta_Georgia Security Mailing Lists • http://seclists.org/ Sneakers movie on IMDB • http://www.imdb.com/title/tt0105435/ Hackers movie on IMDB • http://www.imdb.com/title/tt0113243/
  55. 55. 55 References TAKE FOUR War Games movie on IMDB • http://www.imdb.com/title/tt0086567/ Hacking movies list on IMDB • http://www.imdb.com/list/ls055167700/ DEF CON • https://www.defcon.org/ Black Hat • https://www.blackhat.com/
  56. 56. 56 References TAKE FIVE Shmoocon • http://www.shmoocon.org/ Harvard Introduction to Computer Science • https://www.edx.org/course/harvardx/harvardx-cs50x-introduction- computer-1022 Computer Networks on Coursera • https://www.coursera.org/course/comnetworks Programming for Everybody on Coursera • https://www.coursera.org/course/pythonlearn
  57. 57. 57 References TAKE SIX OpenSecurityTraining • http://opensecuritytraining.info/ Security Tube • http://www.securitytube.net/ Corelan.be • http://corelan.be/ Offensive Security • http://www.offensive-security.com/
  58. 58. 58 References TAKE SEVEN SANS Security Training • http://www.sans.org/ Cisco Security Training • https://learningnetwork.cisco.com/community/certifications/ security DVWA • http://www.dvwa.co.uk/ BugCrowd • https://bugcrowd.com/
  59. 59. 59 References TAKE EIGHT Wireshark • https://www.wireshark.org/ Burp Suite • http://portswigger.net/burp/ Reddit • http://www.reddit.com/ Freenode IRC • http://freenode.net/