This talk by Chris Grayson contains lots of information about how to enter the so-called "hackerspace." From mental approaches to books, movies, and other media to online courses and knowledge repositories, this presentation is intended to be the one-stop-shop for anyone trying to become a penetration tester.
3. 3
The Talk’s Agenda
1. Introduction
2. The necessary
prerequisites
3. Immersing
yourself
4. Educating yourself
5. Places to practice
responsibly
6. Common tools
7. Making it count
THE ROAD TO BRIGHTER PASTURES?
4. 4
Who Am I?
DOWN IN FRONT
Christopher Grayson
• cgrayson@bishopfox.com
• @_lavalamp
Senior Security Analyst at
Bishop Fox (Pen-Testing
FTW)
MSCS, BSCM from GT
Former Research
Scientist from GT
Former president, GT
hacking club
5. 5
I currently have my
dream job
I’ve never had to choose
between education and
safety
I had the good fortune of
attending SkyDogCon in
2012
But the story
continues…
Why am I Here Today?
LITTLE BIT OF LUCK, LITTLE BIT OF SKILL
6. 6
Many Reasons
THE PLOT THICKENS…
3 teams at SkyDogCon Duplicity
CTF, got 2nd, 3rd and 4th place
• …out of 4 teams
Received tickets to Shmoocon
2013, Offensive Security
training
Competed in TOOOL Master
Keying competition
Received ticket to Shmoocon
2014
7. 7
We work in the coolest
industry. Period.
We need more talented
individuals.
We need safe places to
hone our skills.
Why are YOU Here?
HOPEFULLY NOT BY ACCIDENT
8. 8
The Term “Hacker”
NOT TO START A DEBATE…
Lots of debate around the term
Commonly used by the media to refer to
malicious people with technical skills
Used in the community to show reverence
towards another’s capabilities
9. 9
What a Hacker Certainly Isn’t
THREE CHEERS FOR THE MEDIA
11. 11
What Does it Take to Break?
KEEPING IT ZEN
Patience
Enthusiasm
Perseverance
Interest
12. 12
You will get frustrated.
You will not learn
everything overnight.
You will get ridiculed.
Be Wary…
NOTHING WORTH DOING WAS EVER EASY
13. 13
Takeaways
STILL INTERESTED?
Becoming a “hacker” is not so much a
profession as it is a way of life.
It requires mental fortitude and patience above
all else.
Expertise comes slowly.
It’s entirely worth the journey.
15. 15
The Word of the Day is Immersion
Expertise requires a
lot of technical
knowledge.
This can’t be gained
overnight.
The first step is to
listen to the lingo.
CARE TO GO FOR A SWIM?
16. 16
Reddit
EVER HEARD OF IT BEFORE?
Powerful message
board
Lots of infosec boards
• /r/hacking
• /r/netsec
• /r/howtohack
• /r/websec
• /r/sysadmin
• /r/blackhat
17. 17
Hang out on Freenode
to talk through
challenges and
difficulties you have
trouble with.
• #metasploit – Metasploit
developers
• #corelan – Folks from
Corelan team
• #vulnhub – Folks from
Vulnhub team
• #offsec – Folks from
Offensive Security
Freenode
NOT ALL THAT DISSIMILAR TO PIRATE SHIPS
18. 18
Mailing Lists
#SPAMSPAMSPAM
Good way to keep
track of the industry’s
pulse
Lots of mailing lists
for all skill levels and
areas of interest
http://seclists.org/
19. 19
Ghost in the Wires
The Art of Intrusion
The Art of Deception
Kingpin
The Cuckoo’s Egg
Code
Hacking – The Art of
Exploitation
Books
WHAT ARE THOSE AGAIN?
20. 20
Movies
THE GOOD, THE BAD, AND THE UGLY
Sneakers
• http://www.imdb.com/title/tt
0105435/
Hackers
• http://www.imdb.com/title/tt
0113243/
War Games
• http://www.imdb.com/title/tt
0086567/
21. 21
DEF CON
• https://www.defcon.org/
Black Hat
• https://www.blackhat.com/
Shmoocon
• http://www.shmoocon.org/
Conferences
MEET YOUR FELLOW NERDS
22. 22
Disclaimer
ARMOR OF THICK SKIN+3
Some of the venues listed previously are less
friendly towards new-comers than others.
General rule of thumb is to research any
questions that you have prior to asking them.
Showing that you’ve done your own work
before asking for the help of others goes a long
way in this community.
24. 24
So Now we Get Into the Difficult Stuff?
PERHAPS, PERHAPS, PERHAPS
The hardest part is
having the gumption to
stick with it.
Technical skills can be
learned (even if learned
slowly).
Technical skills are
required, and typically
the more the better.
25. 25
Harvard Introduction to CS
Incredibly-thorough
course on Computer
Science
https://www.edx.org/c
ourse/harvardx/harvar
dx-cs50x-introduction-computer-
1022
LEARN FROM THE BEST OF THEM
26. 26
Computer Networks on Coursera
ONE BYTES TWO BYTES THREE BYTES FOUR
Fundamental
understanding of
networking is
important
https://www.coursera.
org/course/comnetwor
ks
27. 27
Programming for Everybody on Coursera
The ability to write
code greatly helps in
this field.
https://www.coursera.
org/course/pythonlear
n
FROM SCRIPT KIDDIE TO SCRIPT MASTER
28. 28
OpenSecurityTraining.info
HARDLY KNOWN BUT HUGELY HELPFUL
OpenSecurityTraining can
be found online
• http://opensecuritytraining.info/
“Is dedicated to sharing
training material for
computer security classes,
on any topic, that are at
least one day long.”
Has free, professional
courses on all matters
hacking
Even has course outlines
and pre-requisites!
29. 29
SecurityTube can be
found online
• http://www.securitytube.net/
Large amounts of free
videos created by the
site’s founder
Aggregation of
conference videos and
lectures
Full primers on lots of
different hacking areas
SecurityTube.net
AGGREGATE THOSE VIDEOS!
30. 30
Corelan.be
WRITE YOURSELF SOME EXPLOITS
Corelan can be found
online
• https://www.corelan.be/
In-depth tutorials
detailing exploit-writing
and binary exploitation
Tons of other
educational resources,
primarily focused on
binary and RE topics
31. 31
Offensive Security can be
found online
• http://www.offensive-security.
com/
The group that created
Backtrack and Kali Linux
distributions
Training is not free, but the
training you get from their
courses is top-notch and
well-managed.
Has an IRC channel that
you can hang out in!
Offensive Security
THE AUTHORS OF KALI, BACKTRACK
32. 32
SANS Institute
GETTING CERTIFIED
Has a number of
certifications for
security training
Not free, must pay to
maintain certifications
http://www.sans.org/
33. 33
Cisco has a number of
certifications in the
security space.
Not free, must pay to
maintain certifications
https://learningnetwork.
cisco.com/community/c
ertifications/security
Cisco Certifications
MOAR CERTIFICATIONS?!
35. 35
VulnHub can be found
online:
• http://vulnhub.com/
A large repository of
software images that are
created solely to be
vulnerable
Great place to get
software packages to
hack on
Has an IRC channel you
can hang out in!
Vulnerable Images
STAND UP YOUR OWN LAB
36. 36
DVWA
EMPHASIS ON THE D
Web application that is
built specifically to have
lots of vulnerabilities
Great starting place for
beginning to hack Web
applications
http://www.dvwa.co.uk/
37. 37
Ongoing Competitions
CTF365 can be found
online:
• http://ctf365.com/
Touts a massive online,
persistent CTF
CTFTime can be found
online:
• https://ctftime.org/
Keeps track of CTF
competitions worldwide,
maintains scores for
teams across different
CTFs
BRUTAL TRAINING GROUNDS
38. 38
Stand-Alone Challenges
SHORT, SWEET, AND TO THE POINT
We Chall can be found
online:
• https://www.wechall.net/
Is an aggregation site
for individual
challenges
Advertises a total of
133 challenges
available
39. 39
Managed service
provider that
consolidates bug
bounty programs
Go and hack things in
real life and get $$$
https://bugcrowd.com/
Bugcrowd
INDUSTRY EXPERIENCE
40. TOOLS OF THE
TRADE
AN AWFULLY FULL BAG OF TRICKS
41. 41
Wireshark
NETWORKS ARE CHATTIER THAN YOU MAY THINK
Used for monitoring
local network traffic
Great way to learn
more about network
protocols
https://www.wireshark
.org/
42. 42
An HTTP proxy with lots
of hacky bells and
whistles
Used universally across
the professional
security industry
http://portswigger.net/bu
rp/
Burp Suite
WEB APP HACKER’S SWISS ARMY KNIFE
43. 43
Browser Developer Tools
REPURPOSING TOOLS FOR FUN AND PROFIT!
Packaged in with all
modern browsers
Used mostly by
developers for testing
functionality during
the development
process
44. 44
LavaPasswordFactory
Good tool for
generating password
lists
Made by yours truly
https://github.com/lav
alamp-
/LavaPasswordFactor
y
A GOOD PASSWORD LIST IS NICE TO HAVE
45. 45
John the Ripper
CRACK GOES THE PASSWORD
Where
LavaPasswordFactory
generates password
lists, John the Ripper
cracks them!
http://www.openwall.c
om/john/
46. 46
The de facto standard
penetration testing
Linux distribution
Comes with all of the
bells and whistles at
installation
http://www.kali.org/
Kali Linux
BELLS AND WHISTLES GALORE
47. 47
VMWare Fusion / Workstation
VIRTUALIZATION IS YOUR FRIEND
Great platform for
virtualization
If you don’t know what
virtualization, check it
out!
http://www.vmware.co
m/
49. 49
Penetration testing
Security analyst
Security engineer
All the technical
things!
Positions in the Field
HACKING FOR GOOD
50. 50
Don’t Let it go to Waste
WE’VE ALREADY GOT ENOUGH BAD GUYS
Doing this stuff
maliciously is a bad
idea
Far too many
opportunities to help
others and the
community
Don’t let it go to waste
52. 52
References
TAKE ONE
The Electronic Frontier Foundation on the Computer
Fraud and Abuse Act
• https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_(CFAA)
Wikipedia on Aaron Swartz
• http://en.wikipedia.org/wiki/Aaron_Swartz
H3 at Georgia Tech Research Institute
• http://h3.gatech.edu/
The UCSB iCTF
• http://ictf.cs.ucsb.edu/
SECCDC
• http://www.seccdc.org/
53. 53
References
TAKE TWO
VulnHub – Vulnerable by Design
• http://vulnhub.com/
CTF365
• http://ctf365.com/
CTF Time!
• https://ctftime.org/
WeChall – A Challenge Aggregation Site
• http://www.wechall.net/
54. 54
References
TAKE THREE
Atlanta OWASP
• https://www.owasp.org/index.php/Atlanta_Georgia
Security Mailing Lists
• http://seclists.org/
Sneakers movie on IMDB
• http://www.imdb.com/title/tt0105435/
Hackers movie on IMDB
• http://www.imdb.com/title/tt0113243/
55. 55
References
TAKE FOUR
War Games movie on IMDB
• http://www.imdb.com/title/tt0086567/
Hacking movies list on IMDB
• http://www.imdb.com/list/ls055167700/
DEF CON
• https://www.defcon.org/
Black Hat
• https://www.blackhat.com/
56. 56
References
TAKE FIVE
Shmoocon
• http://www.shmoocon.org/
Harvard Introduction to Computer Science
• https://www.edx.org/course/harvardx/harvardx-cs50x-introduction-
computer-1022
Computer Networks on Coursera
• https://www.coursera.org/course/comnetworks
Programming for Everybody on Coursera
• https://www.coursera.org/course/pythonlearn
57. 57
References
TAKE SIX
OpenSecurityTraining
• http://opensecuritytraining.info/
Security Tube
• http://www.securitytube.net/
Corelan.be
• http://corelan.be/
Offensive Security
• http://www.offensive-security.com/
58. 58
References
TAKE SEVEN
SANS Security Training
• http://www.sans.org/
Cisco Security Training
• https://learningnetwork.cisco.com/community/certifications/
security
DVWA
• http://www.dvwa.co.uk/
BugCrowd
• https://bugcrowd.com/
59. 59
References
TAKE EIGHT
Wireshark
• https://www.wireshark.org/
Burp Suite
• http://portswigger.net/burp/
Reddit
• http://www.reddit.com/
Freenode IRC
• http://freenode.net/
TODO: We may need to look into how to get a version of the logo that not only looks good but also prints to PDF cleanly.
This is an example of what a lead slide could look like.
Design Guide
Font throughout: Proximo NovaMain Body Text: 24 ptBullet Point Text: 20 pt
Sub bullet Point Text: 16 pt
Make sure you turn on gridlines, so you can see how everything is lining up.