Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Introduction to Exploitation

101 vues

Publié le

How to get started in learning offensive security. An opinionated selection of self learning tools.

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Introduction to Exploitation

  1. 1. Intro to Exploitation September 12th, 2018
  2. 2. Get Involved ● Discord - discord.gg/kuejt8p ● Fire Talks - October 24th, 2018 ● Live Stream - Whenever you want* ● CSG CTF - ctf.utdcsg.club
  3. 3. Events ● Hardware Hacking Hangout - Friday @ 7 pm in ECSS 4.619 ● CSAW CTF - Saturday @ 1 pm to 5 pm in ECSS 4.619 ● Elastic - Next Wednesday @ 7 pm in MC 2.410
  4. 4. Goal for tonight: Answer the question “How do I get started?”
  5. 5. Getting started in Computer Security ● Plenty of resources exist to get started with different areas of security ● You get out what you put into it
  6. 6. Intro to Exploitation ● General Goals: ○ Lateral Movement ○ Command and Control ○ Data Exfiltration
  7. 7. General Tools ● Kali Linux - contains many exploitation tools pre-installed ● FLARE VM - contains many security tools for use in a Windows environment
  8. 8. “Fields” of Exploitation ● Network ● System ○ Linux ○ Windows ○ Other ● Cryptography ● Web ● Binary
  9. 9. Network Attacking the network and network services, often to access machines on said network. Examples: ● Attacking Windows domains ● Attacking cloud infrastructure Tools: ● nmap Practice: ● HackTheBox ● CloudGoat
  10. 10. Linux Escalating privileges, exfiltrating data, establishing persistence, and more. Examples: ● Hacking Linux? Tools ● bash ● Metasploit ● Linux Knowledge Practice ● OverTheWire - Bandit ● HackTheBox ● Metasploitable 2
  11. 11. Windows Escalating privileges, exfiltrating data, establishing persistence, and more. Examples: ● Hacking Windows? Tools ● Powershell ● Metasploit ● Windows Knowledge Practice ● HackTheBox ● Metasploitable 3 ● Immersive Labs (Powershell)
  12. 12. Cryptography Breaking ciphers, forging signatures, doing magic(?) Examples ● Forging authentication tokens ● Breaking encryption Tools ● SAGE ● Python ● Patience Practice ● CryptoPals ● id0-rsa
  13. 13. Web Dumping databases, gaining code execution, breaking webscale, learning too many frameworks Examples ● SQL Injection ● Code Execution ● Local File Includes Tools ● Burp Suite ● Browser Developer Tools Practice ● HackTheBox ● OverTheWire - Natas ● WebGoat
  14. 14. Binary Exploiting flaws in a program to do “fun” things Example ● Bypassing authentication ● Gaining code execution Tools ● gdb (Debuggers) ● IDA Pro (Disassemblers) Practice ● pwnable.kr ● Protostar ● The Assembly Group
  15. 15. Overall Being well “read” can give you a significant edge in security YouTube - Tutorials ● LiveOverflow ● GynvaelEN YouTube - Talks ● DefCon ● BlackHat ● media.ccc.de (34C3) News/Blogs ● /r/NetSec ● HackerNews
  16. 16. Demo Physical access attacks with Tiny Core Linux ● Replacing Magnify.exe with cmd.exe

×