Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacking - Breaking Into It


Published on

This is the slide deck I gave when presenting at FSU's AITP Meeting. The goal was to give a high level description of what Pen Testing/Red Teaming is and what the job entails.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Hacking - Breaking Into It

  1. 1. Hacking, Breaking In @ChrisTruncer
  2. 2. What’s this talk about? ● Who I am ● How I got started in the industry ● What is “red teaming” and/or “pen testing” ● What’s a pen test look like? ○ Demos, lots of them ● How can you start learning this? ● Questions
  3. 3. uid=0(@ChrisTruncer) ● Christopher Truncer (@ChrisTruncer) ○ Hacker ○ Open Source Software Developer ■ Veil Framework Developer ○ Florida State Seminole ○ Random certs… blah ● Red Teamer and Pen Tester for Mandiant
  4. 4. How I Started ● College ○ College computer security class ○ Hack my roommate ■ “Wow, hacking is real” ○ Took a security class ○ Decided this is what I wanted to do ■ …. is this even a job?
  5. 5. How I Started ● Start off in a technical role ○ Wanted to get a technical foundation before moving into security ● First job, not what I wanted ● Became a Sys Admin at Northrop Grumman ○ Stayed for about 2 years ● Began my plunge into security, and haven’t looked back
  6. 6. What is Penetration Testing or Red Teaming?
  7. 7. Different Job Descriptions ● Vulnerability Assessment/Assessor ○ Scan a network for vulnerabilities with a tool ● Penetration Tester ○ Take that output, exploit findings, hack into systems ● Red Team ○ Adversary emulation, objective oriented, don’t get caught
  8. 8. But that’s it… Kind of boring right?
  9. 9. Red Teaming is a little different, but similar
  10. 10. Phishing Our Way In ● Lots of different ways to get in, but phishing is easiest ○ IT Department rolling out iPad’s for use ○ User selected for development environment ○ Meeting minutes from managers discussing layoffs… ■ … then telling everyone not to read it ● We can forge it to come from anyone
  11. 11. Don’t Get Caught
  12. 12. Minor Background Slides
  13. 13. What is a vulnerability?
  14. 14. What is an exploit?
  15. 15. What’s really used? ● We do use exploits, but less and less each year ○ What happens if the exploit doesn’t work? ○ What happens if it does? ● Misconfigurations are the way to go ○ Why hack something when we can just log in? ○ Path of least resistance
  16. 16. What’s the goal? ● Well, let’s first own the domain ○ Get the domain administrator account ● Demonstrate business impact ○ IT Admins understand domain admin, but does a manager, or a CEO? ○ Target something the business cares about ■ The Coke recipe, database with SSNs? ● Report/Outbrief with fixes
  17. 17. What’s the goal (Red Team)? ● All of the above ● Add to value by working with their blue team ○ Teach them what you did ○ Help them try to detect it ○ Make them up your game ● Soft skills really help here ○ Be able to talk to people and explain you work to tech and non-tech (muggles) audience
  18. 18. On to the fun stuff
  19. 19. How’s a test work? ● First we get our “get out of jail free” card signed ○ Only thing that keeps it legal, and us not in jail ● We’ll likely get some sort of a scope ○ IP address range ○ Domain Names ● On our marks, get set, go!
  20. 20. Finding Live Systems ● So, we may have thousands of IP addresses… ○ Let’s find the real computers ● Once we have a list of live computers what’s running on them? ○ Web server? ○ E-mail? ○ Database server? ● NMap to the rescue
  21. 21. Port Scanning with NMap ● NMap finds open ports with services running on it ● It will scan for the top 1000, or whatever you specify ● It can guess: ○ Service running ○ Operating System ● It can run scripts too!
  22. 22. Sweet, what’s next? ● Now we know open ports and the services running ○ Research vulnerabilities for those versions ○ Or run a vulnerability scanner ● MS08-067 ○ Basically everyone’s first exploit ○ Get Windows XP stock, and test against it ● We have an exploit for the system, use it!
  23. 23. What about Websites? ● We test these too! ● Probably at least half of what we’re testing ○ Everyone has a website ○ Internal to a network, can be hundreds, or thousands ● Let’s get breaking into them!
  24. 24. What I wish I knew ● Programming ○ Use it all the time for scripts, tools, Veil, etc. ● Mentor ○ You’re always one step in front and one step behind someone ● Build a lab and play with it ○ You can’t break anything that costs money!
  25. 25. What I wish I knew ● Be prepared to be uncomfortable at times ○ Always in a new environment with new “stuff” and you’re expected to break it ○ Perk of the job too :) ● Build your process ○ Learn how you best approach networks, web apps, etc. ○ Use this to face what you don’t know
  26. 26. How to Learn ● Go to security conferences! ○ Might be anywhere from $10 - $300 ○ BSides Conferences are local and almost always free, or super cheap ● Build your own lab ○ VMWare is your best friend ○ VulnHub ● Try free CTFs ● Twitter!
  27. 27. ? Chris Truncer ○ @ChrisTruncer ○ ○ ○