BREAKING INTO SECURITY
1
2
JOHNNY LONG
3
JOE MCCRAY
4
BRIAN DOMSCHKE
WHO ARE WE?
5
JUSTIN “SPRIDEL”
BROWNOSINT Ninja
Web App Ninja in TrainingHFC Booth Guy
Newest Co-Host of ISDPodcastBaylor Grad
6
FRANK J. HACKETT
7
Senior Systems EngineerNetwork Guru
Sys Admin From HellSecurity guy in training
WVU Dropout
8
‣Why do you want to listen to us?
‣What’s worked for us and what hasn’t
‣What we’ve done to get involved
‣Tips for Mentors!!
WHAT ARE WE TALKING ABOUT?
LEARN TO COMMUNICATE
9
‣IRC‣irc.freenode.net - use SSL!‣Tools that you use (#snort, #nmap, #ettercap-project, etc)‣OS’s (#backtrack-linux, #pentoo, #ubuntu, etc)‣Ask questions‣Don’t ask if you may ask‣CHECK GOOGLE, FAQ, FORUMS BEFORE!!!
TWEETER!!
10
‣Get an account!‣Get over it and stop shunning all social media
‣Tweet and make friends‣See new ideas‣Links!‣Open and free knowledge
TWEETER CONT’D!!
11
@DerbyCon@Dave_Rel1k@Irongeek_ADC@fjhackett@spridel11@oncee@Hack3rcon@j0emccray@JaysonStreet@nullthreat
@iampr1me@mubix@hdmoore@c0ncealed@gl11tch@hacktalkblog@carnal0wnage@n00bznet@ihackstuff@ISDpodcast
MEETUPS
12
‣Local Spots (AustinHA, NoVAH, PhoenixSSH, OSOC, RVAsec, etc‣Professional Spots (ISSA, ISACA, Infraguard, etc‣Cons! (AIDE, DerbyCon, Shmoocon, Hack3rcon, BSides)‣Make friends! Talk to people. They won’t bite.‣Hangout have a beer‣Listen to the talks don’t just hangout in the CTF all day
ONLINE
13
‣IRC‣Skype‣Google Hangouts‣Twitter‣Failbook‣LinkedIn‣Your Trusted Mentors/Friends/Random Hackers
LEARN TO LISTEN
14
‣Podcasts‣ISDPodcast‣Pauldotcom‣Securabit‣Risky Business
LEARN TO STOP BEING LAZY
15
‣Get involved with those friends you made at the con‣Hackers for Charity - Go sign up!!! (NOW!)‣Random Hacks of Kindness‣Security R00kies‣Make your own group!
BUDGET LABS
16
‣VirtualBox‣VMware Player‣VMware Workstation ($$)‣VMware Fusion ($$)‣Parallels ($$)‣Think small - one victim vs entire network‣Start Vulnerable ‣MS08_067‣Metasploitable(s)‣Webgoat‣Mutillidae
LEARN TO READ
17
‣Books! zOMG‣Professional Penetration Testing - Thomas Wilhelm‣Grey Hat Hacking - Harris, Harper, Eagle, & Ness‣Metasploit: The Penetration Tester’s Guide - O’Gorman, Kearns, Kennedy, Aharoni
‣./command -h‣nano/vi/vim - look at the code!‣Forums‣Googlefu
LEARN WHAT DOESN’T WORK
18
‣Don’t troll‣Take a joke... seriously just take it and laugh‣Be respectful‣Don’t spam‣Be open to new ideas - different approaches‣Don’t expect step by step instructions
LEARN WHAT DOESN’T WORK
18
‣Don’t troll‣Take a joke... seriously just take it and laugh‣Be respectful‣Don’t spam‣Be open to new ideas - different approaches‣Don’t expect step by step instructions
KNOW WHO YOU’RE TALKING TO
19
‣Distinct difference between Anonymous and a security professional‣People lie on the internet‣Not everyone wants to help you‣Protect yourself
KNOW WHO YOU’RE TALKING TO
19
‣Distinct difference between Anonymous and a security professional‣People lie on the internet‣Not everyone wants to help you‣Protect yourself
SUGGESTIONS THAT HELPED US
20
‣Scripting! The power of the “for loop”‣Get comfortable in CLI‣Be an aggressive learner‣Help out where you can‣Give back - don’t only take‣Finding your niche
QUESTIONS AND COMMENTS
21
@spridel11@fjhackett
Top Related