So You Want to be a Hacker?

61
So You Want to be a Hacker? THEN LET’S GET STARTED October 16, 2014

description

This talk by Chris Grayson contains lots of information about how to enter the so-called "hackerspace." From mental approaches to books, movies, and other media to online courses and knowledge repositories, this presentation is intended to be the one-stop-shop for anyone trying to become a penetration tester.

Transcript of So You Want to be a Hacker?

  • 1. So You Want to be a Hacker? THEN LETS GET STARTED October 16, 2014
  • 2. A BRIEF INTRODUCTION GOTTA START SOMEWHERE
  • 3. 3 The Talks Agenda 1. Introduction 2. The necessary prerequisites 3. Immersing yourself 4. Educating yourself 5. Places to practice responsibly 6. Common tools 7. Making it count THE ROAD TO BRIGHTER PASTURES?
  • 4. 4 Who Am I? DOWN IN FRONT Christopher Grayson [email protected] @_lavalamp Senior Security Analyst at Bishop Fox (Pen-Testing FTW) MSCS, BSCM from GT Former Research Scientist from GT Former president, GT hacking club
  • 5. 5 I currently have my dream job Ive never had to choose between education and safety I had the good fortune of attending SkyDogCon in 2012 But the story continues Why am I Here Today? LITTLE BIT OF LUCK, LITTLE BIT OF SKILL
  • 6. 6 Many Reasons THE PLOT THICKENS 3 teams at SkyDogCon Duplicity CTF, got 2nd, 3rd and 4th place out of 4 teams Received tickets to Shmoocon 2013, Offensive Security training Competed in TOOOL Master Keying competition Received ticket to Shmoocon 2014
  • 7. 7 We work in the coolest industry. Period. We need more talented individuals. We need safe places to hone our skills. Why are YOU Here? HOPEFULLY NOT BY ACCIDENT
  • 8. 8 The Term Hacker NOT TO START A DEBATE Lots of debate around the term Commonly used by the media to refer to malicious people with technical skills Used in the community to show reverence towards anothers capabilities
  • 9. 9 What a Hacker Certainly Isnt THREE CHEERS FOR THE MEDIA
  • 10. THE APPROACH COMFORT ZONES TO THE WIND
  • 11. 11 What Does it Take to Break? KEEPING IT ZEN Patience Enthusiasm Perseverance Interest
  • 12. 12 You will get frustrated. You will not learn everything overnight. You will get ridiculed. Be Wary NOTHING WORTH DOING WAS EVER EASY
  • 13. 13 Takeaways STILL INTERESTED? Becoming a hacker is not so much a profession as it is a way of life. It requires mental fortitude and patience above all else. Expertise comes slowly. Its entirely worth the journey.
  • 14. THE ENVIRONMENT IN OVER Y(OUR) HEAD
  • 15. 15 The Word of the Day is Immersion Expertise requires a lot of technical knowledge. This cant be gained overnight. The first step is to listen to the lingo. CARE TO GO FOR A SWIM?
  • 16. 16 Reddit EVER HEARD OF IT BEFORE? Powerful message board Lots of infosec boards /r/hacking /r/netsec /r/howtohack /r/websec /r/sysadmin /r/blackhat
  • 17. 17 Hang out on Freenode to talk through challenges and difficulties you have trouble with. #metasploit Metasploit developers #corelan Folks from Corelan team #vulnhub Folks from Vulnhub team #offsec Folks from Offensive Security Freenode NOT ALL THAT DISSIMILAR TO PIRATE SHIPS
  • 18. 18 Mailing Lists #SPAMSPAMSPAM Good way to keep track of the industrys pulse Lots of mailing lists for all skill levels and areas of interest http://seclists.org/
  • 19. 19 Ghost in the Wires The Art of Intrusion The Art of Deception Kingpin The Cuckoos Egg Code Hacking The Art of Exploitation Books WHAT ARE THOSE AGAIN?
  • 20. 20 Movies THE GOOD, THE BAD, AND THE UGLY Sneakers http://www.imdb.com/title/tt 0105435/ Hackers http://www.imdb.com/title/tt 0113243/ War Games http://www.imdb.com/title/tt 0086567/
  • 21. 21 DEF CON https://www.defcon.org/ Black Hat https://www.blackhat.com/ Shmoocon http://www.shmoocon.org/ Conferences MEET YOUR FELLOW NERDS
  • 22. 22 Disclaimer ARMOR OF THICK SKIN+3 Some of the venues listed previously are less friendly towards new-comers than others. General rule of thumb is to research any questions that you have prior to asking them. Showing that youve done your own work before asking for the help of others goes a long way in this community.
  • 23. LESSONS TO BE LEARNED STRAIGHT EDUMACATED
  • 24. 24 So Now we Get Into the Difficult Stuff? PERHAPS, PERHAPS, PERHAPS The hardest part is having the gumption to stick with it. Technical skills can be learned (even if learned slowly). Technical skills are required, and typically the more the better.
  • 25. 25 Harvard Introduction to CS Incredibly-thorough course on Computer Science https://www.edx.org/c ourse/harvardx/harvar dx-cs50x-introduction-computer- 1022 LEARN FROM THE BEST OF THEM
  • 26. 26 Computer Networks on Coursera ONE BYTES TWO BYTES THREE BYTES FOUR Fundamental understanding of networking is important https://www.coursera. org/course/comnetwor ks
  • 27. 27 Programming for Everybody on Coursera The ability to write code greatly helps in this field. https://www.coursera. org/course/pythonlear n FROM SCRIPT KIDDIE TO SCRIPT MASTER
  • 28. 28 OpenSecurityTraining.info HARDLY KNOWN BUT HUGELY HELPFUL OpenSecurityTraining can be found online http://opensecuritytraining.info/ Is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long. Has free, professional courses on all matters hacking Even has course outlines and pre-requisites!
  • 29. 29 SecurityTube can be found online http://www.securitytube.net/ Large amounts of free videos created by the sites founder Aggregation of conference videos and lectures Full primers on lots of different hacking areas SecurityTube.net AGGREGATE THOSE VIDEOS!
  • 30. 30 Corelan.be WRITE YOURSELF SOME EXPLOITS Corelan can be found online https://www.corelan.be/ In-depth tutorials detailing exploit-writing and binary exploitation Tons of other educational resources, primarily focused on binary and RE topics
  • 31. 31 Offensive Security can be found online http://www.offensive-security. com/ The group that created Backtrack and Kali Linux distributions Training is not free, but the training you get from their courses is top-notch and well-managed. Has an IRC channel that you can hang out in! Offensive Security THE AUTHORS OF KALI, BACKTRACK
  • 32. 32 SANS Institute GETTING CERTIFIED Has a number of certifications for security training Not free, must pay to maintain certifications http://www.sans.org/
  • 33. 33 Cisco has a number of certifications in the security space. Not free, must pay to maintain certifications https://learningnetwork. cisco.com/community/c ertifications/security Cisco Certifications MOAR CERTIFICATIONS?!
  • 34. GO TO WORK GETTING YOUR HANDS NOT-SO-DIRTY
  • 35. 35 VulnHub can be found online: http://vulnhub.com/ A large repository of software images that are created solely to be vulnerable Great place to get software packages to hack on Has an IRC channel you can hang out in! Vulnerable Images STAND UP YOUR OWN LAB
  • 36. 36 DVWA EMPHASIS ON THE D Web application that is built specifically to have lots of vulnerabilities Great starting place for beginning to hack Web applications http://www.dvwa.co.uk/
  • 37. 37 Ongoing Competitions CTF365 can be found online: http://ctf365.com/ Touts a massive online, persistent CTF CTFTime can be found online: https://ctftime.org/ Keeps track of CTF competitions worldwide, maintains scores for teams across different CTFs BRUTAL TRAINING GROUNDS
  • 38. 38 Stand-Alone Challenges SHORT, SWEET, AND TO THE POINT We Chall can be found online: https://www.wechall.net/ Is an aggregation site for individual challenges Advertises a total of 133 challenges available
  • 39. 39 Managed service provider that consolidates bug bounty programs Go and hack things in real life and get $$$ https://bugcrowd.com/ Bugcrowd INDUSTRY EXPERIENCE
  • 40. TOOLS OF THE TRADE AN AWFULLY FULL BAG OF TRICKS
  • 41. 41 Wireshark NETWORKS ARE CHATTIER THAN YOU MAY THINK Used for monitoring local network traffic Great way to learn more about network protocols https://www.wireshark .org/
  • 42. 42 An HTTP proxy with lots of hacky bells and whistles Used universally across the professional security industry http://portswigger.net/bu rp/ Burp Suite WEB APP HACKERS SWISS ARMY KNIFE
  • 43. 43 Browser Developer Tools REPURPOSING TOOLS FOR FUN AND PROFIT! Packaged in with all modern browsers Used mostly by developers for testing functionality during the development process
  • 44. 44 LavaPasswordFactory Good tool for generating password lists Made by yours truly https://github.com/lav alamp- /LavaPasswordFactor y A GOOD PASSWORD LIST IS NICE TO HAVE
  • 45. 45 John the Ripper CRACK GOES THE PASSWORD Where LavaPasswordFactory generates password lists, John the Ripper cracks them! http://www.openwall.c om/john/
  • 46. 46 The de facto standard penetration testing Linux distribution Comes with all of the bells and whistles at installation http://www.kali.org/ Kali Linux BELLS AND WHISTLES GALORE
  • 47. 47 VMWare Fusion / Workstation VIRTUALIZATION IS YOUR FRIEND Great platform for virtualization If you dont know what virtualization, check it out! http://www.vmware.co m/
  • 48. MAKING IT COUNT WHAT NEXT?
  • 49. 49 Penetration testing Security analyst Security engineer All the technical things! Positions in the Field HACKING FOR GOOD
  • 50. 50 Dont Let it go to Waste WEVE ALREADY GOT ENOUGH BAD GUYS Doing this stuff maliciously is a bad idea Far too many opportunities to help others and the community Dont let it go to waste
  • 51. REFERENCES A CENTRALIZED STORY
  • 52. 52 References TAKE ONE The Electronic Frontier Foundation on the Computer Fraud and Abuse Act https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_(CFAA) Wikipedia on Aaron Swartz http://en.wikipedia.org/wiki/Aaron_Swartz H3 at Georgia Tech Research Institute http://h3.gatech.edu/ The UCSB iCTF http://ictf.cs.ucsb.edu/ SECCDC http://www.seccdc.org/
  • 53. 53 References TAKE TWO VulnHub Vulnerable by Design http://vulnhub.com/ CTF365 http://ctf365.com/ CTF Time! https://ctftime.org/ WeChall A Challenge Aggregation Site http://www.wechall.net/
  • 54. 54 References TAKE THREE Atlanta OWASP https://www.owasp.org/index.php/Atlanta_Georgia Security Mailing Lists http://seclists.org/ Sneakers movie on IMDB http://www.imdb.com/title/tt0105435/ Hackers movie on IMDB http://www.imdb.com/title/tt0113243/
  • 55. 55 References TAKE FOUR War Games movie on IMDB http://www.imdb.com/title/tt0086567/ Hacking movies list on IMDB http://www.imdb.com/list/ls055167700/ DEF CON https://www.defcon.org/ Black Hat https://www.blackhat.com/
  • 56. 56 References TAKE FIVE Shmoocon http://www.shmoocon.org/ Harvard Introduction to Computer Science https://www.edx.org/course/harvardx/harvardx-cs50x-introduction- computer-1022 Computer Networks on Coursera https://www.coursera.org/course/comnetworks Programming for Everybody on Coursera https://www.coursera.org/course/pythonlearn
  • 57. 57 References TAKE SIX OpenSecurityTraining http://opensecuritytraining.info/ Security Tube http://www.securitytube.net/ Corelan.be http://corelan.be/ Offensive Security http://www.offensive-security.com/
  • 58. 58 References TAKE SEVEN SANS Security Training http://www.sans.org/ Cisco Security Training https://learningnetwork.cisco.com/community/certifications/ security DVWA http://www.dvwa.co.uk/ BugCrowd https://bugcrowd.com/
  • 59. 59 References TAKE EIGHT Wireshark https://www.wireshark.org/ Burp Suite http://portswigger.net/burp/ Reddit http://www.reddit.com/ Freenode IRC http://freenode.net/
  • 60. QUESTIONS? HOPEFULLY YOUVE GOT A FEW
  • 61. THANK YOU @_LAVALAMP