Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Introduction to Exploitation

102 visualizaciones

Publicado el

How to get started in learning offensive security. An opinionated selection of self learning tools.

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Introduction to Exploitation

  1. 1. Intro to Exploitation September 12th, 2018
  2. 2. Get Involved ● Discord - discord.gg/kuejt8p ● Fire Talks - October 24th, 2018 ● Live Stream - Whenever you want* ● CSG CTF - ctf.utdcsg.club
  3. 3. Events ● Hardware Hacking Hangout - Friday @ 7 pm in ECSS 4.619 ● CSAW CTF - Saturday @ 1 pm to 5 pm in ECSS 4.619 ● Elastic - Next Wednesday @ 7 pm in MC 2.410
  4. 4. Goal for tonight: Answer the question “How do I get started?”
  5. 5. Getting started in Computer Security ● Plenty of resources exist to get started with different areas of security ● You get out what you put into it
  6. 6. Intro to Exploitation ● General Goals: ○ Lateral Movement ○ Command and Control ○ Data Exfiltration
  7. 7. General Tools ● Kali Linux - contains many exploitation tools pre-installed ● FLARE VM - contains many security tools for use in a Windows environment
  8. 8. “Fields” of Exploitation ● Network ● System ○ Linux ○ Windows ○ Other ● Cryptography ● Web ● Binary
  9. 9. Network Attacking the network and network services, often to access machines on said network. Examples: ● Attacking Windows domains ● Attacking cloud infrastructure Tools: ● nmap Practice: ● HackTheBox ● CloudGoat
  10. 10. Linux Escalating privileges, exfiltrating data, establishing persistence, and more. Examples: ● Hacking Linux? Tools ● bash ● Metasploit ● Linux Knowledge Practice ● OverTheWire - Bandit ● HackTheBox ● Metasploitable 2
  11. 11. Windows Escalating privileges, exfiltrating data, establishing persistence, and more. Examples: ● Hacking Windows? Tools ● Powershell ● Metasploit ● Windows Knowledge Practice ● HackTheBox ● Metasploitable 3 ● Immersive Labs (Powershell)
  12. 12. Cryptography Breaking ciphers, forging signatures, doing magic(?) Examples ● Forging authentication tokens ● Breaking encryption Tools ● SAGE ● Python ● Patience Practice ● CryptoPals ● id0-rsa
  13. 13. Web Dumping databases, gaining code execution, breaking webscale, learning too many frameworks Examples ● SQL Injection ● Code Execution ● Local File Includes Tools ● Burp Suite ● Browser Developer Tools Practice ● HackTheBox ● OverTheWire - Natas ● WebGoat
  14. 14. Binary Exploiting flaws in a program to do “fun” things Example ● Bypassing authentication ● Gaining code execution Tools ● gdb (Debuggers) ● IDA Pro (Disassemblers) Practice ● pwnable.kr ● Protostar ● The Assembly Group
  15. 15. Overall Being well “read” can give you a significant edge in security YouTube - Tutorials ● LiveOverflow ● GynvaelEN YouTube - Talks ● DefCon ● BlackHat ● media.ccc.de (34C3) News/Blogs ● /r/NetSec ● HackerNews
  16. 16. Demo Physical access attacks with Tiny Core Linux ● Replacing Magnify.exe with cmd.exe

×