Download as PDF, PPTX
Uploaded byUTD Computer Security Group
Introduction to Exploitation
The document provides an introduction to exploitation and offers various resources and tools for getting started in computer security, focusing on different areas such as network, system, web, cryptography, and binary exploitation. It outlines specific tools like Kali Linux, Metasploit, and Burp Suite along with practice platforms like HackTheBox and OverTheWire. The document also lists events, meetings, and online resources for further learning and community engagement.
In this document
Powered by AI
An introduction to the topic of exploitation, indicating the date and context of the presentation.
Information on community involvement through Discord, upcoming events like Fire Talks, and hands-on activities such as CTF.
Focus on guiding newcomers with resources in computer security, emphasizing personal investment for learning.
Outline of the main goals in exploitation: lateral movement, command and control, and data exfiltration.
Introduction to essential tools for security professionals like Kali Linux and FLARE VM for different environments.
Identification of various fields within exploitation including network, system, cryptography, web, and binary.
Details on network exploitation strategies and tools such as nmap, with practice suggestions like HackTheBox.
Approaches to exploit Linux systems, tools mentioned include bash and Metasploit, with practice resources listed.
Exploration of exploiting Windows systems, including tools like Powershell and practice environments.
Insight into cryptography-related exploitation, with examples and tools like SAGE and Python mentioned.
Discusses web exploitation methods such as SQL Injection, with tools like Burp Suite provided for practice.
Exploration of binary exploitation, with examples of tools like gdb and recommended practice platforms.
Emphasizes the importance of continual learning through YouTube tutorials and security news platforms.
Demonstration of physical access attacks using Tiny Core Linux, showcasing a specific exploit.
More Related Content
![Overview of the Cyber Kill Chain [TM]](https://cdn.slidesharecdn.com/ss_thumbnails/cybersecuritykillchain8-161209191549-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Introduction to Exploitation
More from UTD Computer Security Group
![[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...](https://cdn.slidesharecdn.com/ss_thumbnails/ai-aifortheunderdogsinnovationforsmallbusinesses-251124030839-72a599a4-thumbnail.jpg?width=640&height=640&fit=bounds)
![Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]](https://cdn.slidesharecdn.com/ss_thumbnails/agenticcommunityseries-day3-cfd-251120170304-ddef8112-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels](https://cdn.slidesharecdn.com/ss_thumbnails/md-exploringappleson-devicefoundationmodels-251124030840-d690542c-thumbnail.jpg?width=640&height=640&fit=bounds)
![[DevFest Strasbourg 2025] - NodeJs Can do that !!](https://cdn.slidesharecdn.com/ss_thumbnails/devfeststrasbourg2025-nodejscandothat-251127142731-da65b6fd-thumbnail.jpg?width=640&height=640&fit=bounds)
Introduction to Exploitation
- 1.
- 2. Get Involved ● Discord- discord.gg/kuejt8p ● Fire Talks - October 24th, 2018 ● Live Stream - Whenever you want* ● CSG CTF - ctf.utdcsg.club
- 3. Events ● Hardware HackingHangout - Friday @ 7 pm in ECSS 4.619 ● CSAW CTF - Saturday @ 1 pm to 5 pm in ECSS 4.619 ● Elastic - Next Wednesday @ 7 pm in MC 2.410
- 4. Goal for tonight: Answerthe question “How do I get started?”
- 5. Getting started inComputer Security ● Plenty of resources exist to get started with different areas of security ● You get out what you put into it
- 6. Intro to Exploitation ●General Goals: ○ Lateral Movement ○ Command and Control ○ Data Exfiltration
- 7. General Tools ● KaliLinux - contains many exploitation tools pre-installed ● FLARE VM - contains many security tools for use in a Windows environment
- 8. “Fields” of Exploitation ●Network ● System ○ Linux ○ Windows ○ Other ● Cryptography ● Web ● Binary
- 9. Network Attacking the networkand network services, often to access machines on said network. Examples: ● Attacking Windows domains ● Attacking cloud infrastructure Tools: ● nmap Practice: ● HackTheBox ● CloudGoat
- 10. Linux Escalating privileges, exfiltratingdata, establishing persistence, and more. Examples: ● Hacking Linux? Tools ● bash ● Metasploit ● Linux Knowledge Practice ● OverTheWire - Bandit ● HackTheBox ● Metasploitable 2
- 11. Windows Escalating privileges, exfiltratingdata, establishing persistence, and more. Examples: ● Hacking Windows? Tools ● Powershell ● Metasploit ● Windows Knowledge Practice ● HackTheBox ● Metasploitable 3 ● Immersive Labs (Powershell)
- 12. Cryptography Breaking ciphers, forgingsignatures, doing magic(?) Examples ● Forging authentication tokens ● Breaking encryption Tools ● SAGE ● Python ● Patience Practice ● CryptoPals ● id0-rsa
- 13. Web Dumping databases, gainingcode execution, breaking webscale, learning too many frameworks Examples ● SQL Injection ● Code Execution ● Local File Includes Tools ● Burp Suite ● Browser Developer Tools Practice ● HackTheBox ● OverTheWire - Natas ● WebGoat
- 14. Binary Exploiting flaws ina program to do “fun” things Example ● Bypassing authentication ● Gaining code execution Tools ● gdb (Debuggers) ● IDA Pro (Disassemblers) Practice ● pwnable.kr ● Protostar ● The Assembly Group
- 15. Overall Being well “read”can give you a significant edge in security YouTube - Tutorials ● LiveOverflow ● GynvaelEN YouTube - Talks ● DefCon ● BlackHat ● media.ccc.de (34C3) News/Blogs ● /r/NetSec ● HackerNews
- 16. Demo Physical access attackswith Tiny Core Linux ● Replacing Magnify.exe with cmd.exe