Introduction to Ethical Hacking

Summer University 2017 Seoul, Republic of Korea

Alexandre Karlov

#whoami• Cursus

• MSc in Telecommunication sciences (Swiss Federal Institute of Technology’06)

• PhD in Cryptology (Swiss Federal Institute of Technology ’11)

• Cryptography expert at Kudelski group

• Program Manager (Cybersecurity projects) at Kudelski group

• Currently professor at University of Applied Science Western Switzerland (HEIG-VD) and independent security consultant

• Interests and Research

• Practical systems (in)security

• Pentests

• Vulnerabilities of industrial control systems (SCADA)

• Vulnerabilities research and exploitation

• CTFs (more on that later)

#man class

• Provide you a taste of (ethical) hacking

• Understand how an attacker thinks and try to develop a similar mindset

• you have to go deeper…

• Get familiar with security tools via challenges

• Best way to learn

• Have Fun!

#head class• Today (14/08):

• Quick intro

• Rules of the game (RoE)

• Kali and pwntools

• Warmup lab to get credentials/access for the labs

• Next days:

• Some theory at the beginning of the class

• Web attacks, binary exploitation, web attacks, crypto

• will be adapted as needed

• Then challenges/labs until …?

0x01 Intro

Original Hackers• The history of hacking dates back to the infancy of computers

• 1950

• Idea of solving problems well and in an elegant way

• Technical problems can have artistic solutions

• Engineering = form of art

• Programming - form of artistic expression

• Hacking subculture

• Focused on learning and mastering this art

• Information should be free

• Everything that stands on the way of freedom should be circumvented

• Hacker Ethic: the appreciation of logic as an art form and the promotion of the free flow of information, surmounting conventional boundaries and restrictions for the simple goal of better understanding the world

Good vs Evil• Traditionally in media:

• Evil hacker (= cracker) the one who breaks to law and is driven by financial gain

• But it may be more complex than it appears, e.g

• Edward Snowden saga

• United States v. ElcomSoft and Dmitry Sklyarov

• Security researcher was arrested after he gave a talk at DEF CON on circumvention of security protections in Adobe eBook

• Other DRM cases: FairPlay, DeCSS

• Chris Roberts - «…caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights»

• Got several interviews with FBI and his laptops confiscated

• Simplest answer: Hacker is anyone who has a hacker spirit despite any laws he may break

• There’s nothing good or bad about knowledge itself; morality lies in the application of knowledge

Ethics

• Ethic:

• a set of moral principles : a theory or system of moral values

• the principles of conduct governing an individual or a group

Ethical Hacking• Ethical Hacking - circumventing security mechanisms in infrastructure, systems and applications while abiding by generally accepted ethics for improvement of knowledge.

• Trying to find vulnerabilities in systems in order to improve the security of said systems

• Constant learning and sharing of information

• Staying within generally accepted boundaries without breaking the law

• Comprises various activities:

• Vulnerability research

• Security assessments

• Reverse engineering

Why Ethical Hacking

Why Ethical Hacking

Why Ethical Hacking

Why Ethical Hacking?

Why Ethical Hacking

Why Ethical Hacking

Why Ethical Hacking

Why Ethical Hacking

Source: Presentation of Urs P. Küderli, Chief Security Advisor @ Microsoft «Security Development Lifecycle - a process to develop more secure software»

Why Ethical Hacking

Why Ethical Hacking

• In order to develop and architect information systems in a secure way, you must be aware of vulnerabilities

• Before protecting you should know ways how the system can be exploited

• Hacker mindset

• Finding vulnerabilities in systems and applications

• Do it in a legal way

Why Ethical Hacking

How?•So how do you learn the skills and train your mindset ?

•Continuous learning

•Principle valid outside information security field as well

•New exploits, tools and frameworks are appearing almost every day

•Technical skills are best built through hands-on experience

•Vulnerable VMs

•Online challenges

•CTFs

•…more CTFs

•Reading and practicing - tons of information available on the web

•Twitter, blogs, (CTF) write-ups, vulnerabilities disclosures and PoCs

•Books

•Technical security trainings

CTF?• Capture The Flag

• Computer Security Competition between teams

• Jeopardy: tasks/challenges in several categories - Web, Crypto, Forensics, CrackMe/Binary, Programming….

• Attack-defense: Every team is provided with some environment with vulnerable services. Patch yours and grab flags from others.

• Flag is hidden somewhere

• Online challenges are usually organized in the same manner - good start for training

• Great way to learn and have fun!

Famous CTFs

• DEFCON - Jeopardy + Attack-defense • CTF Olympics

• Hack.lu CTF

• Ghost in the Shellcode

• PlaidCTF

• Check out ctftime.org

0x02 RoE

Rules of Engagement• Work by groups of 2

• please ensure mix between SNU and HEIG-VD students

• no 2 students from same institution in the same team (1 exception)

• mix graduate/undergraduate students

• Start with the qualification (warmup) challenge to obtain credentials to access the challenge network

• Basically your goal for Monday 14/08

• Once succeeded:

• send your code (solution) and Flag (the FLAG{…} string) to alexandre.karlov@heig-vd.ch to obtain the access credentials for your group

• do not forget to explicitly specify your both team members names

Rules of Engagement• Once you have the credentials and still with the same team of 2 students

• You have to solve at least 3 challenges and provide reports (writeups) for every challenge (except qualification challenge)

• You will have to hand-in reports one after another, deadlines (Seoul time GMT+9h):

• Wednesday 16/08 at 11:59pm - 1st writeup

• Friday 18/08 at 11:59pm - 2nd writeup

• Sunday 20/08 at 11:59pm - 3rd writeup

• Submit by email to alexandre.karlov@heig-vd.ch

• Additionally, try to solve more challenges (no writeup required) to get a good place in the team rating

• First 3 teams to get prizes

• First 5 teams to get bonuses for the grading

What’s a writeup?• Description/walkthrough of the solution

• View it as a story of how you solved the challenge

• Describe unsuccessful tentatives and wrong directions

• An example will be provided

• http://lmgtfy.com/?q=ctf+writeup

Communication

• Please do not hesitate to ask questions

• Everyone is here to learn

• To help you and answer your questions a telegram channel has been set up

• https://t.me/joinchat/AAAAAEOq95vifi2lJTKnwQ