Hacking - Breaking Into It
- 2. What’s this talk about? ● Who I am ● How I got started in the industry ● What is “red teaming” and/or “pen testing” ● What’s a pen test look like? ○ Demos, lots of them ● How can you start learning this? ● Questions
- 3. uid=0(@ChrisTruncer) ● Christopher Truncer (@ChrisTruncer) ○ Hacker ○ Open Source Software Developer ■ Veil Framework Developer ○ Florida State Seminole ○ Random certs… blah ● Red Teamer and Pen Tester for Mandiant
- 4. How I Started ● College ○ College computer security class ○ Hack my roommate ■ “Wow, hacking is real” ○ Took a security class ○ Decided this is what I wanted to do ■ …. is this even a job?
- 5. How I Started ● Start off in a technical role ○ Wanted to get a technical foundation before moving into security ● First job, not what I wanted ● Became a Sys Admin at Northrop Grumman ○ Stayed for about 2 years ● Began my plunge into security, and haven’t looked back
- 6. What is Penetration Testing or Red Teaming?
- 9. Different Job Descriptions ● Vulnerability Assessment/Assessor ○ Scan a network for vulnerabilities with a tool ● Penetration Tester ○ Take that output, exploit findings, hack into systems ● Red Team ○ Adversary emulation, objective oriented, don’t get caught
- 11. But that’s it… Kind of boring right?
- 14. Red Teaming is a little different, but similar
- 17. Phishing Our Way In ● Lots of different ways to get in, but phishing is easiest ○ IT Department rolling out iPad’s for use ○ User selected for development environment ○ Meeting minutes from managers discussing layoffs… ■ … then telling everyone not to read it ● We can forge it to come from anyone
- 18. Don’t Get Caught
- 20. What is a vulnerability?
- 21. What is an exploit?
- 22. What’s really used? ● We do use exploits, but less and less each year ○ What happens if the exploit doesn’t work? ○ What happens if it does? ● Misconfigurations are the way to go ○ Why hack something when we can just log in? ○ Path of least resistance
- 23. What’s the goal? ● Well, let’s first own the domain ○ Get the domain administrator account ● Demonstrate business impact ○ IT Admins understand domain admin, but does a manager, or a CEO? ○ Target something the business cares about ■ The Coke recipe, database with SSNs? ● Report/Outbrief with fixes
- 24. What’s the goal (Red Team)? ● All of the above ● Add to value by working with their blue team ○ Teach them what you did ○ Help them try to detect it ○ Make them up your game ● Soft skills really help here ○ Be able to talk to people and explain you work to tech and non-tech (muggles) audience
- 25. On to the fun stuff
- 26. How’s a test work? ● First we get our “get out of jail free” card signed ○ Only thing that keeps it legal, and us not in jail ● We’ll likely get some sort of a scope ○ IP address range ○ Domain Names ● On our marks, get set, go!
- 27. Finding Live Systems ● So, we may have thousands of IP addresses… ○ Let’s find the real computers ● Once we have a list of live computers what’s running on them? ○ Web server? ○ E-mail? ○ Database server? ● NMap to the rescue
- 28. Port Scanning with NMap ● NMap finds open ports with services running on it ● It will scan for the top 1000, or whatever you specify ● It can guess: ○ Service running ○ Operating System ● It can run scripts too!
- 31. Sweet, what’s next? ● Now we know open ports and the services running ○ Research vulnerabilities for those versions ○ Or run a vulnerability scanner ● MS08-067 ○ Basically everyone’s first exploit ○ Get Windows XP stock, and test against it ● We have an exploit for the system, use it!
- 35. What about Websites? ● We test these too! ● Probably at least half of what we’re testing ○ Everyone has a website ○ Internal to a network, can be hundreds, or thousands ● Let’s get breaking into them!
- 38. What I wish I knew ● Programming ○ Use it all the time for scripts, tools, Veil, etc. ● Mentor ○ You’re always one step in front and one step behind someone ● Build a lab and play with it ○ You can’t break anything that costs money!
- 39. What I wish I knew ● Be prepared to be uncomfortable at times ○ Always in a new environment with new “stuff” and you’re expected to break it ○ Perk of the job too :) ● Build your process ○ Learn how you best approach networks, web apps, etc. ○ Use this to face what you don’t know
- 40. How to Learn ● Go to security conferences! ○ Might be anywhere from $10 - $300 ○ BSides Conferences are local and almost always free, or super cheap ● Build your own lab ○ VMWare is your best friend ○ VulnHub ● Try free CTFs ● Twitter!
- 41. ? Chris Truncer ○ @ChrisTruncer ○ CTruncer@christophertruncer.com ○ https://www.christophertruncer.com ○ https://github.com/ChrisTruncer
Editor's Notes
- #8: http://geeknewscentral.com/wp-content/uploads/2013/05/bigstock-Computer-Hacker-in-suit-and-ti-31750772.jpg
- #9: http://static2.techinsider.io/image/55ad5e1add0895810d8b45b5-2048-1365/6870002408_fb3bb8a069_k.jpg
- #11: https://dilanwarnakulasooriya.files.wordpress.com/2012/07/52.png
- #13: https://dilanwarnakulasooriya.files.wordpress.com/2012/07/52.png
- #14: https://dilanwarnakulasooriya.files.wordpress.com/2012/07/52.png
- #16: http://www.gannett-cdn.com/-mm-/0dafc0732cc7dc230df8135e882290d7c4c04efb/c=0-15-1325-1013&r=x404&c=534x401/local/-/media/USATODAY/GenericImages/2013/08/20/1377029409000-AP-Earns-UPS.jpg
- #17: https://dilanwarnakulasooriya.files.wordpress.com/2012/07/52.png
- #25: Muggles stolen from @Viss, stolen from Harry Potter :)
- #27: Muggles stolen from @Viss, stolen from Harry Potter :)
- #28: Muggles stolen from @Viss, stolen from Harry Potter :)
- #29: Muggles stolen from @Viss, stolen from Harry Potter :)
- #32: Muggles stolen from @Viss, stolen from Harry Potter :)