Introduction to Exploitation
•
2 likes•1,037 views
How to get started in learning offensive security. An opinionated selection of self learning tools.
Report
Share
Report
Share
Download to read offline
Recommended
Social Engineering
Social Engineering - Human aspects of grey and black competitive intelligence. What is social engineering? How it is used in the context of competitive intelligence and industrial espionage? How to recognize HUMINT / social engineering attacks? Which governments are known to use it?
Social Engineering | #ARMSec2015
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
Footprinting and reconnaissance
These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look
Introduction to penetration testing
Introduction to penetration testing
Summary
What’s Pen-testing ?
Why Perform Pen-testing ?
Pen-testing Methodology.
Real world to Pen-testing
Introduction to cyber security
The document provides an overview of cyber security and vulnerability scanning. It discusses the history of cyber security including early computer worms like Creeper and Reaper. The CIA triad of confidentiality, integrity and availability is introduced as a model for security policies. Types of attacks and how cyber security is implemented are covered. Vulnerability scanners are defined as tools that assess vulnerabilities across systems and networks. Their benefits, limitations, architecture and types including network-based and host-based are outlined.
Ethical Hacking
This document provides an introduction to ethical hacking. It defines information security and the CIA triad of confidentiality, integrity and availability. It discusses the difference between ethics and hacking, and defines ethical hacking as locating vulnerabilities with permission to prevent attacks. The document outlines the types of attackers and the typical steps attackers take including reconnaissance, scanning, gaining access, maintaining access, and covering tracks. It discusses the benefits of ethical hacking for organizations and some disadvantages. Finally, it provides examples of using Google to find security issues on websites.
Hacking
This document discusses hacking (cybercrime) and defines it as illegally accessing computer systems or networks without authorization. It outlines the history of hacking from the early positive use of the term to refer to clever programming to the modern negative connotation involving illegal activity. It describes different types of hackers (black hat, white hat, grey hat) and types of cybercrimes like hacking, denial of service attacks, and software piracy. Laws around catching and punishing hackers are also summarized.
CrowdCasts Monthly: You Have an Adversary Problem
You Have an Adversary Problem. Who's Targeting You and Why?
Nation-States, Hacktivists, Industrial Spies, and Organized Criminal Groups are attacking your enterprise on a daily basis. Their goals range from espionage for technology advancement and disruption of critical infrastructure to for-profit theft of trade secrets and supporting a political agenda. You no longer have a malware problem, you have an adversary problem, and you must incorporate an intelligence-driven approach to your security strategy.
During this CrowdCast, you will learn how to:
Incorporate Actionable Intelligence into your existing enterprise security infrastructure
Quickly understand the capabilities and artifacts of targeted attacked tradecraft
Gain insight into the motivations and intentions of targeted attackers
Make informed decisions based off of specific threat intelligence
Recommended
Social Engineering
Social Engineering - Human aspects of grey and black competitive intelligence. What is social engineering? How it is used in the context of competitive intelligence and industrial espionage? How to recognize HUMINT / social engineering attacks? Which governments are known to use it?
Social Engineering | #ARMSec2015
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
Footprinting and reconnaissance
These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look
Introduction to penetration testing
Introduction to penetration testing
Summary
What’s Pen-testing ?
Why Perform Pen-testing ?
Pen-testing Methodology.
Real world to Pen-testing
Introduction to cyber security
The document provides an overview of cyber security and vulnerability scanning. It discusses the history of cyber security including early computer worms like Creeper and Reaper. The CIA triad of confidentiality, integrity and availability is introduced as a model for security policies. Types of attacks and how cyber security is implemented are covered. Vulnerability scanners are defined as tools that assess vulnerabilities across systems and networks. Their benefits, limitations, architecture and types including network-based and host-based are outlined.
Ethical Hacking
This document provides an introduction to ethical hacking. It defines information security and the CIA triad of confidentiality, integrity and availability. It discusses the difference between ethics and hacking, and defines ethical hacking as locating vulnerabilities with permission to prevent attacks. The document outlines the types of attackers and the typical steps attackers take including reconnaissance, scanning, gaining access, maintaining access, and covering tracks. It discusses the benefits of ethical hacking for organizations and some disadvantages. Finally, it provides examples of using Google to find security issues on websites.
Hacking
This document discusses hacking (cybercrime) and defines it as illegally accessing computer systems or networks without authorization. It outlines the history of hacking from the early positive use of the term to refer to clever programming to the modern negative connotation involving illegal activity. It describes different types of hackers (black hat, white hat, grey hat) and types of cybercrimes like hacking, denial of service attacks, and software piracy. Laws around catching and punishing hackers are also summarized.
CrowdCasts Monthly: You Have an Adversary Problem
You Have an Adversary Problem. Who's Targeting You and Why?
Nation-States, Hacktivists, Industrial Spies, and Organized Criminal Groups are attacking your enterprise on a daily basis. Their goals range from espionage for technology advancement and disruption of critical infrastructure to for-profit theft of trade secrets and supporting a political agenda. You no longer have a malware problem, you have an adversary problem, and you must incorporate an intelligence-driven approach to your security strategy.
During this CrowdCast, you will learn how to:
Incorporate Actionable Intelligence into your existing enterprise security infrastructure
Quickly understand the capabilities and artifacts of targeted attacked tradecraft
Gain insight into the motivations and intentions of targeted attackers
Make informed decisions based off of specific threat intelligence
Reconnaissance
This document discusses reconnaissance techniques for penetration testing and bug bounty hunting. It defines reconnaissance as gathering information without actively engaging networks to identify assets like IP addresses, open ports, operating systems and vulnerable components. Both active reconnaissance, which involves direct interaction, and passive reconnaissance, which does not, are covered. Specific techniques include using tools like Whois and IP mapping to find subdomains and server information. The document also discusses using GitHub to find sensitive information accidentally exposed, as well as tools like Wayback Machine, ParamSpider and Arjun for automated reconnaissance.
Threat hunting - Every day is hunting season
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
DDOS ATTACK - MIRAI BOTNET
This document discusses DNS flood DDoS attacks and the Mirai botnet. It provides details on how Mirai infects devices, launches attacks, and then conceals its presence. It also outlines five stages of defense against Mirai: awareness, blocking access, finding adversaries, protecting target access, and mitigation plans like vulnerability scanning and traffic monitoring.
Ethical hacking
This document discusses ethical hacking and provides an overview of key concepts. It defines ethical hacking as legally breaking into computer systems to test defenses without damaging systems or stealing information. It describes different types of hackers including black hat, white hat, and grey hat hackers. The document outlines the hacking process and required skills of an ethical hacker such as knowledge of operating systems, firewalls, and networking protocols. It discusses why ethical hacking is important to protect against external attacks and close security vulnerabilities.
Malware analysis
- Malware analysis involves both static and dynamic analysis techniques to understand malware behavior and assess potential damage. Static analysis involves disassembling and reviewing malware code and structure without executing it. Dynamic analysis observes malware behavior when executed in an isolated virtual environment.
- Tools for static analysis include file hashing, string extraction, and PE header examination. Dynamic analysis tools monitor the registry, file system, processes, and network traffic created by malware runtime behavior. These include Process Monitor, Wireshark, Process Explorer, and network sniffers.
- To safely conduct malware analysis, one should create an isolated virtual lab separated from production networks, and install behavioral monitoring and code analysis tools like OllyDbg, Process Monitor, and Wiresh
Osint
This document discusses open source intelligence (OSINT) and how it can be used to gather information from publicly available sources to produce actionable intelligence. It provides examples of how OSINT can be used for corporate security purposes like finding breaches, leaked credentials, or rogue employees. It also lists several tools that can be used for OSINT like Robtex, PassiveRecon, Maltego, GeoStalker, and FBStalker. It notes that while OSINT is not always actively used by penetration testers, it can provide valuable information when applied to a real pentest. The document emphasizes that OSINT is more than just manual data gathering and that understanding what attackers know about an organization is important.
Advanced persistent threat (apt)
This document discusses advanced persistent threats (APTs). It defines APTs, describes their stages including reconnaissance, delivery, exploitation, operation, data collection, and exfiltration. It then presents an APT detection framework called the Attack Pyramid that models APT attacks across physical, user access, network, and application planes and detects relevant events using algorithms and rules. Research papers are cited that further define APTs and propose the Attack Pyramid model for detecting such threats.
Web application vulnerabilities
Web Application Vulnerabilities - Security Risk, Top 10 (2008), How to minimize risk, Application Security Testing.
Social engineering
Social engineering is manipulating people into revealing sensitive information or performing actions, rather than using technical hacking methods. It involves gaining people's trust and obtaining information that seems harmless but can be combined to compromise security. Famous social engineer Kevin Mitnick used only social engineering to access private networks. Common social engineering attacks include phishing scams, impersonating help desk staff, stealing documents, and installing malware under false pretenses. The weakest link is often human rather than technical, as people are more vulnerable to manipulation. Training employees, testing defenses with ethical hackers, and verifying unsolicited contacts can help prevent social engineering attacks.
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engineering techniques,social engineering protection techniques,stages of social engineering ,effect on organizations
How MITRE ATT&CK helps security operations
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
Ceh v5 module 05 system hacking
This module discusses password cracking techniques such as brute force password guessing, dictionary attacks, and using password cracking tools. It covers different types of password attacks like passive online attacks, active online attacks, offline attacks, and non-electronic attacks. The document also explains password hashing methods like LM hashes and NTLM hashes that are commonly targeted by attackers. Various password cracking tools are introduced, along with mitigation techniques organizations can implement like using longer and more complex passwords.
Malicious software
This document summarizes various types of malicious software including viruses, worms, trojan horses, logic bombs, and backdoors. It describes how viruses and worms operate by having dormant, propagation, and triggering phases. Viruses can attach to files or reside in memory. Worms replicate over networks to infect other systems. The document also discusses countermeasures like antivirus software, digital immune systems, and efforts to prevent, detect, and trace distributed denial of service attacks.
Basics of Cyber Security
This document provides an overview of cyber security and discusses recent issues in India. It begins with definitions of cyberspace and discusses the rapid growth of internet connectivity globally and in India. It then covers cyber security challenges, the evolution of threats, and recent cyber attacks impacting India. The document concludes with 10 steps for organizations to improve cyber security, such as network security, malware protection, user education, and information risk management.
Ethical hacking
This document discusses ethical hacking and provides an overview of its key aspects in 6 paragraphs. It begins by distinguishing between hacking and ethical hacking, noting that ethical hacking involves evaluating a system's security with the owner's permission. It then describes different types of hackers and various types of attacks, such as worms, denial of service attacks, and viruses. The document outlines the methodology of hacking through stages like reconnaissance and scanning. It discusses advantages like providing security for organizations, and disadvantages such as costs and trust issues. It concludes by emphasizing the importance of security in software and businesses.
zero day exploits
A zero day vulnerability is an unknown hole in software that is exploited by hackers before the vendor becomes aware of it. These exploits can go undetected for months, allowing malicious activities like monitoring or theft. There is high demand for zero day exploits due to their ability to go undetected for long periods, with the average exploit remaining undetected for over 300 days. Once a vulnerability is publicly known, patches can be released and it is no longer considered a zero day exploit.
Penetration testing reporting and methodology
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
OWASP Top 10 2021 Presentation (Jul 2022)
The document provides information about the OWASP Top 10 2021 list of web application security risks. It describes the top risk, A01: Broken Access Control, giving its definition, examples of vulnerabilities it can enable, prevention methods, and examples. It also summarizes the second and third top risks, A02: Cryptographic Failures and A03: Injection, in a similar manner.
Module 2 Foot Printing
The document provides an overview of footprinting, which is the first stage of reconnaissance during a cyber attack. It involves gathering open-source information about a target organization to understand its security profile and map its network. Some of the tools mentioned for footprinting include Whois, Nslookup, traceroute, Google Earth and various online databases to find domain information, network details, employee names and more. The goal is to learn as much as possible about the target before launching an actual attack.
Pen Testing Development
This presentation was given to a group of SFS students at GW. It's designed to be semi-case study driven on the problems I've encountered on assessments and how programming can help solve them.
Hack Attack! An Introduction to Penetration Testing
This document provides an introduction to penetration testing and ethical hacking. It discusses how hacking can be done ethically through penetration testing with permission. It outlines the stages of a hacker's skills from script kiddie to uberhacker. Popular programming languages for creating hacking tools like C, Python, and Ruby are also mentioned. The document demonstrates some hacking tools in BackTrack Linux like sniffing passwords with Ettercap and bruteforcing FTP passwords with Hydra. It emphasizes how virtualization allows one to practice hacking legally and provides further learning resources.
More Related Content
What's hot
Reconnaissance
This document discusses reconnaissance techniques for penetration testing and bug bounty hunting. It defines reconnaissance as gathering information without actively engaging networks to identify assets like IP addresses, open ports, operating systems and vulnerable components. Both active reconnaissance, which involves direct interaction, and passive reconnaissance, which does not, are covered. Specific techniques include using tools like Whois and IP mapping to find subdomains and server information. The document also discusses using GitHub to find sensitive information accidentally exposed, as well as tools like Wayback Machine, ParamSpider and Arjun for automated reconnaissance.
Threat hunting - Every day is hunting season
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
DDOS ATTACK - MIRAI BOTNET
This document discusses DNS flood DDoS attacks and the Mirai botnet. It provides details on how Mirai infects devices, launches attacks, and then conceals its presence. It also outlines five stages of defense against Mirai: awareness, blocking access, finding adversaries, protecting target access, and mitigation plans like vulnerability scanning and traffic monitoring.
Ethical hacking
This document discusses ethical hacking and provides an overview of key concepts. It defines ethical hacking as legally breaking into computer systems to test defenses without damaging systems or stealing information. It describes different types of hackers including black hat, white hat, and grey hat hackers. The document outlines the hacking process and required skills of an ethical hacker such as knowledge of operating systems, firewalls, and networking protocols. It discusses why ethical hacking is important to protect against external attacks and close security vulnerabilities.
Malware analysis
- Malware analysis involves both static and dynamic analysis techniques to understand malware behavior and assess potential damage. Static analysis involves disassembling and reviewing malware code and structure without executing it. Dynamic analysis observes malware behavior when executed in an isolated virtual environment.
- Tools for static analysis include file hashing, string extraction, and PE header examination. Dynamic analysis tools monitor the registry, file system, processes, and network traffic created by malware runtime behavior. These include Process Monitor, Wireshark, Process Explorer, and network sniffers.
- To safely conduct malware analysis, one should create an isolated virtual lab separated from production networks, and install behavioral monitoring and code analysis tools like OllyDbg, Process Monitor, and Wiresh
Osint
This document discusses open source intelligence (OSINT) and how it can be used to gather information from publicly available sources to produce actionable intelligence. It provides examples of how OSINT can be used for corporate security purposes like finding breaches, leaked credentials, or rogue employees. It also lists several tools that can be used for OSINT like Robtex, PassiveRecon, Maltego, GeoStalker, and FBStalker. It notes that while OSINT is not always actively used by penetration testers, it can provide valuable information when applied to a real pentest. The document emphasizes that OSINT is more than just manual data gathering and that understanding what attackers know about an organization is important.
Advanced persistent threat (apt)
This document discusses advanced persistent threats (APTs). It defines APTs, describes their stages including reconnaissance, delivery, exploitation, operation, data collection, and exfiltration. It then presents an APT detection framework called the Attack Pyramid that models APT attacks across physical, user access, network, and application planes and detects relevant events using algorithms and rules. Research papers are cited that further define APTs and propose the Attack Pyramid model for detecting such threats.
Web application vulnerabilities
Web Application Vulnerabilities - Security Risk, Top 10 (2008), How to minimize risk, Application Security Testing.
Social engineering
Social engineering is manipulating people into revealing sensitive information or performing actions, rather than using technical hacking methods. It involves gaining people's trust and obtaining information that seems harmless but can be combined to compromise security. Famous social engineer Kevin Mitnick used only social engineering to access private networks. Common social engineering attacks include phishing scams, impersonating help desk staff, stealing documents, and installing malware under false pretenses. The weakest link is often human rather than technical, as people are more vulnerable to manipulation. Training employees, testing defenses with ethical hackers, and verifying unsolicited contacts can help prevent social engineering attacks.
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engineering techniques,social engineering protection techniques,stages of social engineering ,effect on organizations
How MITRE ATT&CK helps security operations
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
Ceh v5 module 05 system hacking
This module discusses password cracking techniques such as brute force password guessing, dictionary attacks, and using password cracking tools. It covers different types of password attacks like passive online attacks, active online attacks, offline attacks, and non-electronic attacks. The document also explains password hashing methods like LM hashes and NTLM hashes that are commonly targeted by attackers. Various password cracking tools are introduced, along with mitigation techniques organizations can implement like using longer and more complex passwords.
Malicious software
This document summarizes various types of malicious software including viruses, worms, trojan horses, logic bombs, and backdoors. It describes how viruses and worms operate by having dormant, propagation, and triggering phases. Viruses can attach to files or reside in memory. Worms replicate over networks to infect other systems. The document also discusses countermeasures like antivirus software, digital immune systems, and efforts to prevent, detect, and trace distributed denial of service attacks.
Basics of Cyber Security
This document provides an overview of cyber security and discusses recent issues in India. It begins with definitions of cyberspace and discusses the rapid growth of internet connectivity globally and in India. It then covers cyber security challenges, the evolution of threats, and recent cyber attacks impacting India. The document concludes with 10 steps for organizations to improve cyber security, such as network security, malware protection, user education, and information risk management.
Ethical hacking
This document discusses ethical hacking and provides an overview of its key aspects in 6 paragraphs. It begins by distinguishing between hacking and ethical hacking, noting that ethical hacking involves evaluating a system's security with the owner's permission. It then describes different types of hackers and various types of attacks, such as worms, denial of service attacks, and viruses. The document outlines the methodology of hacking through stages like reconnaissance and scanning. It discusses advantages like providing security for organizations, and disadvantages such as costs and trust issues. It concludes by emphasizing the importance of security in software and businesses.
zero day exploits
A zero day vulnerability is an unknown hole in software that is exploited by hackers before the vendor becomes aware of it. These exploits can go undetected for months, allowing malicious activities like monitoring or theft. There is high demand for zero day exploits due to their ability to go undetected for long periods, with the average exploit remaining undetected for over 300 days. Once a vulnerability is publicly known, patches can be released and it is no longer considered a zero day exploit.
Penetration testing reporting and methodology
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
OWASP Top 10 2021 Presentation (Jul 2022)
The document provides information about the OWASP Top 10 2021 list of web application security risks. It describes the top risk, A01: Broken Access Control, giving its definition, examples of vulnerabilities it can enable, prevention methods, and examples. It also summarizes the second and third top risks, A02: Cryptographic Failures and A03: Injection, in a similar manner.
Module 2 Foot Printing
The document provides an overview of footprinting, which is the first stage of reconnaissance during a cyber attack. It involves gathering open-source information about a target organization to understand its security profile and map its network. Some of the tools mentioned for footprinting include Whois, Nslookup, traceroute, Google Earth and various online databases to find domain information, network details, employee names and more. The goal is to learn as much as possible about the target before launching an actual attack.
What's hot (20)
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
Similar to Introduction to Exploitation
Pen Testing Development
This presentation was given to a group of SFS students at GW. It's designed to be semi-case study driven on the problems I've encountered on assessments and how programming can help solve them.
Hack Attack! An Introduction to Penetration Testing
This document provides an introduction to penetration testing and ethical hacking. It discusses how hacking can be done ethically through penetration testing with permission. It outlines the stages of a hacker's skills from script kiddie to uberhacker. Popular programming languages for creating hacking tools like C, Python, and Ruby are also mentioned. The document demonstrates some hacking tools in BackTrack Linux like sniffing passwords with Ettercap and bruteforcing FTP passwords with Hydra. It emphasizes how virtualization allows one to practice hacking legally and provides further learning resources.
Course_Presentation cyber --------------.pptx
This document provides an agenda for a web application penetration testing course. The course aims to share cybersecurity knowledge in Arabic and focus on practical application. It will cover Linux basics, Burp Suite, common web vulnerabilities at easy and medium levels, and advanced topics like XSS and CSRF. Students will learn how to find data leaks, analyze protocols and network traffic, exploit vulnerabilities, and earn money through bug bounty programs.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
Slides from workshop delivered at Brucon 2017 Conference in Gent, Belgium.
Data exfiltration is the process of transmitting data from pwned or infected networks back to the attacker while trying to minimize detection.
During this workshop (2 hours) we will go through different network exfiltration methods and techniques (DNS, ICMP, TCP, UDP, HTTP, RDP, Cloud-app based and others). I will explain how they work, how to run them and what differences between are. It is a highly interactive workshop (I have dozen short labs already prepared) where you will be guided through the use of a set of open source tools powered by a short-fast theory.
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
This presentation documents how Egress-Assess can be used on assessments to simulate exfiltrating data over a variety of protocols.
Additionally, this presentation documents the addition of malware modules into Egress-Assess. The new malware modules allow users to emulate different pieces of malware families by using documented malware indicators.
Machine learning in cybersecutiry
This document provides an overview of machine learning in cyber security. It discusses definitions of machine learning, cyber security, and how machine learning can be used for cyber security tasks like malware detection. It also covers theoretical concepts, hands-on materials like necessary software and lab setup, and guidance for projects. Specific machine learning and security tools are mentioned, like Docker for containerization. The document aims to explain the importance and applications of machine learning in cyber security.
Understanding and implementing website security
Knowing security best practices only gets a team so far. They have to implement them too. This session will cover the security risks that a web development team faces and the underlying reasons why risks can go unaddressed. Ultimately, there are no excuses for leaving your web projects exposed to known vulnerabilities. This session will cover common security concerns for Drupal and the root problems a team needs to solve in order to mitigate these risks.
We will cover:
Three layers of web security, from the perspective of Drupal: Platform-level (e.g. Linux), Application-level (e.g. Drupal), and Organizational-level (e.g. procedures)
Familiarity with your hosting platform’s security-related practices.
Overview of common vulnerabilities in web applications (XSS, CSRF, HTTP vs HTTPS, etc.)
Understanding how security concerns are handled for core and contrib.
Clarifying support responsibilities and procedures so that security fixes are applied quickly.
Attendees who build and/or manage Drupal sites will gain the most from the session. Attendees will leave with a complete picture of website security and concrete recommendations for how to improve the security of the sites they manage. It will cover recommendations for Drupal 7 and Drupal 8.
Many of the topics that will be covered are in my Understanding and Implementing Website Security blog post series at https://pantheon.io/blog/understanding-and-implementing-website-security-part-1-you-are-target
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix has been using and contributing to open source for several years. Over the years, Netflix has released over one hundred Netflix Open Source (aka NetflixOSS) libraries, servers, and technologies. Netflix engineers benefit by accepting contributions and gathering feedback with key collaborators around the world. Users of NetflixOSS from many industries benefit from our solutions including Big Data, Build and Delivery Tools, Runtime Services and Libraries, Data Persistence, Insight, Reliability and Performance, Security and User Interface. With such a large and mature open source program, Netflix has worked on approaches and tools that help manage and improve the NetflixOSS source offerings and communities. Netflix has taken a different approach to building support for open source as compared to other Internet scale companies. Come to this session to learn about the unique approaches Netflix has taken to both distribute and automate the responsibilities of building a world-class open source program.
Building a Distributed & Automated Open Source Program at Netflix
Andrew Spyker
Senior Software Engineer for Netflix
Find more by Andrew Spyker: http://www.slideshare.net/aspyker
All Things Open
October 26-27, 2016
Raleigh, North Carolina
Egress-Assess and Owning Data Exfiltration
This talk discusses how Egress-Assess can be used to help attackers and defenders learn how to exfiltrate data outside of their network over a variety of protocols, describes how data is exfiltrated over different supported protocols, and demonstrates the weaponization of the tool!
Offensive Python for Pentesting
Talk Venue: BSides Tampa 2020
Speakers: Mike Felch & Joff Thyer
This talk will focus on the many different ways that a penetration tester, or Red Teamer can leverage the Python programming language during offensive operations. Python is a rich and powerful programming language which above all else allows a competent developer to very quickly write new tools that might start as a Proof of Concept, but soon become an invaluable addition to the Red Teamer's tool-belt. Having the skills to both generate new tools, and modify existing tools on the fly is critically important to agility during testing engagement. Everything from utility processing of data, network protocol, API interaction, and exploit development can be rapidly developed due to the high functionality level and intuitive nature of Python.
Pentester++
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.
The Supporting Role of Antivirus Evasion while Persisting
This talk goes over different techniques to evade detection by antivirus programs, talks about how Veil-Evasion evades the programs, and shows an AV signature bypass. It also then documents a large number of techniques on how actors can persist in networks.
Nomura UCCSC 2009
The document provides an overview of free and open source network security tools including Kismet for wireless monitoring, OpenVAS for vulnerability scanning, Metasploit for exploitation, and Nmap for port scanning and service detection. It discusses how these tools can be used both offensively to detect issues and defensively to harden networks, and highlights advantages like cost but also challenges like potential instability. The presentation focuses on demonstrating these tools and educating administrators about network security risks and defenses.
Pyongyang Fortress
The document summarizes research into the Red Star OS operating system used in North Korea. Key findings include:
1) Red Star OS is based on Linux and resembles Windows XP or Mac OS X. It includes custom firewall software called Pyongyang Fortress which is derived from the open-source Snort network intrusion detection system.
2) Analysis of Pyongyang Fortress found it to be security theater with binaries that were much smaller than their open source counterparts and lacked full functionality.
3) Tests of censorship detection found that internet requests were not modified or blocked from within Red Star OS, suggesting censorship occurs at the intranet level before internet access.
Beyond Cryptojacking: studying contemporary malware in the cloud
The document discusses emerging malware targeting cloud environments and Linux systems. It analyzes two malware families: Legion, which automates SMTP abuse by targeting credentials stored in cloud services; and P2Pinfect, a Rust botnet that spreads via Redis and SSH exploits and conducts internet-wide scanning. The document concludes attackers are increasingly targeting web services and Linux through exploits and that botnets and ransomware on Linux will continue to be issues requiring monitoring.
Splunk, SIEMs, and Big Data - The Undercroft - November 2019
Guild members join us on Thursday November 14th at 6pm for our class on Splunk. Our Analyze Guild Master Jonathan Singer will be hitting on Centralized Logging, SEIM, Big Data, and much more.
STIX Patterning: Viva la revolución!
FIRST Technical Symposium and OASIS Borderless Cyber Conference, 08 December 2017, Prague, Czech Republic
Fantastic Red Team Attacks and How to Find Them
Presented at Black Hat 2019
https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540
Casey Smith (Red Canary)
Ross Wolf (Endgame)
bit.ly/fantastic19
Abstract:
Red team testing in organizations over the last year has shown a dramatic increase in detections mapped to MITRE ATT&CK™ across Windows, Linux and macOS. However, many organizations continue to miss several key techniques that, unsurprisingly, often blend in with day-to-day user operations. One example includes Trusted Developer Utilities which can be readily available on standard user endpoints, not just developer workstations, and such applications allow for code execution. Also, XSL Script processing can be used as an attack vector as there are a number of trusted utilities that can consume and execute scripts via XSL. And finally, in addition to these techniques, trusted .NET default binaries are known to allow unauthorized execution as well, these include tools like InstallUtil, Regsvcs and AddInProcess. Specific techniques, coupled with procedural difficulties within a team, such as alert fatigue and lack of understanding with environmental norms, make reliable detection of these events near impossible.
This talk summarizes prevalent and ongoing gaps across organizations uncovered by testing their defenses against a broad spectrum of attacks via Atomic Red Team. Many of these adversary behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by nuisance events.
Additionally, we introduce and demonstrate the open-sourced Event Query Language for creating high signal-to-noise analytics that close these prevalent behavioral gaps. EQL is event agnostic and can be used to craft analytics that readily link evidence across long sequences of log data. In a live demonstration, we showcase powerful but easy to craft analytics that catch adversarial behavior most commonly missed in organizations today.
An EyeWitness View into your Network
This document summarizes the EyeWitness tool for automated network discovery and host identification. It discusses the typical assessment lifecycle, initial discovery and recon steps using Nmap and Nessus, and the need to automate analysis of large lists of web servers. The development of EyeWitness is described, from an initial proof of concept to version 2.0, which improved modularity, added protocol support, signature-based categorization and the ability to resume incomplete scans. Future work may include additional modules, protocols, and optical character recognition.
Similar to Introduction to Exploitation (20)
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration Testing
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at Netflix
The Supporting Role of Antivirus Evasion while Persisting
The Supporting Role of Antivirus Evasion while Persisting
Beyond Cryptojacking: studying contemporary malware in the cloud
Beyond Cryptojacking: studying contemporary malware in the cloud
Splunk, SIEMs, and Big Data - The Undercroft - November 2019
Splunk, SIEMs, and Big Data - The Undercroft - November 2019
More from UTD Computer Security Group
Py jail talk
The document discusses Python jails (PyJails), which are CTF problems that provide a limited Python interpreter. The goal is typically to call restricted functions like os.system() or open() to access files. Common solutions leverage attributes of Python objects like __class__, __globals__, and __builtins__ to access the open() function despite restrictions. The document then provides an in-depth explanation of these Python object attributes and how they allow constructing a solution to bypass the restrictions in a PyJail.
22S kickoff 2.0 (kickoff + anonymity talk)
This document provides information about the Computer Security Group (CSG) Spring 2022 kickoff event. It introduces CSG as a weekly security-focused student group. It also describes the Scholarship for Service program, lists the CSG leadership team, and advertises upcoming technical talks on topics like embedded systems, Python, anonymity, and fuzzing. Members are encouraged to attend weekly meetings, join the Discord server, and suggest additional talk topics.
Cloud talk
This document provides an introduction to cloud computing, including what cloud is, its benefits and drawbacks, common cloud service models (SaaS, PaaS, IaaS), major cloud providers, and common cloud computing services. Key cloud computing services discussed include compute services (like AWS EC2 and Google Compute Engine), databases, storage, and additional AI/ML and serverless services. The document also highlights some free cloud credits and resources available for students.
UTD Computer Security Group - Cracking the domain
1. The document discusses various methods for gaining domain administrator privileges on a Windows domain, including exploiting the domain's architecture, abusing Active Directory services like Kerberos, and cracking Kerberos tickets.
2. It provides three attack scenarios: leveraging internal access and the BloodHound tool, performing an NTLM relay attack against WebDAV to setup delegation, and directly cracking Kerberos tickets by requesting tickets for service principal names.
3. The document recommends demonstrating these attacks against a test environment to gain hands-on experience compromising a Windows domain from different starting points.
Forensics audio and video
CSG Meeting 09-11-2019
First dive of the semester into the realm of forensics with image and video forensics.
Computer networks and network security
CSG Meeting 02/27
Understanding how computers communicate data over the wire and what is done to secure that data from malicious actors.
Intro to python
Python is an interpreted programming language that can be used for many purposes including security related tasks. It was created in the late 1980s by Guido van Rossum and named after the Monty Python comedy group. There are differences between Python versions 2.7 and 3.0, such as print becoming a function in 3.0. Python has an interactive shell environment that allows users to run commands and an extensive standard library including data types like lists, tuples, sets and dictionaries. Libraries like pwntools and PyCryptodome provide functionality for tasks like exploit development and cryptography.
Powershell crash course
CSG Meeting
02/13/2019
Introduction to the windows command language of Powershell and how to leverage its capabilities.
Intro to cybersecurity
This document provides an introduction and overview of various topics related to cybersecurity including programming languages, operating systems, networks, penetration testing tools, defensive tools, and security certifications. It also lists upcoming cybersecurity events at the school including an intern fair, career fair, engineering week, capture the flag competition, and security operations center competition. Students are invited to sign in using a QR code or URL to participate in resume critiques and learn more.
Intro to Bash
Bash is a command line shell that allows users to interact with and manage a Linux operating system. It can be used to edit files and system configurations, monitor and manage processes, run scripts, and more. Common bash commands include ls to list directories, cd to change directories, cat to output file contents, and man to view command manuals. The demo section provides a hands-on experience using bash commands.
Web Exploitation
1. The document discusses web exploitation and provides tips for assessing what functionality a server may have and how to test for vulnerabilities.
2. It lists common server-side technologies like PHP, Python, NodeJS that have been exploited in past events, and encourages researching assumed functionality and how others may have previously exploited similar systems.
3. The document emphasizes that web exploitation involves searching and researching to understand what a server can do in response to inputs, as its functionality may not always be obvious, in order to discover ways to read files or execute code remotely.
Network Exploitation
This document provides an overview of network exploitation, including types of networks, network environments, internal vs external networks, network enumeration tools, and attack routing. It announces upcoming events and provides details about local area networks (LANs), wide area networks (WANs), metropolitan area networks (MANs), corporate and personal network environments, using Nmap and Nessus for scanning, and pivoting through internal networks from external points.
Penetration Testing: Celestial
1. The document discusses the steps of a penetration test against a target machine called Celestial on the Hack the Box platform.
2. It outlines reconnaissance, enumeration through Nmap scanning, exploitation to gain initial access, escalation of privileges from user to root, establishing persistence, and clean-up to remove traces of access.
3. The target is an Linux machine at IP 10.10.10.85, and the session will walk through each step of the penetration test process.
Cryptography Crash Course
This presentation gives an overview of many different encryption and encoding schemes. The content ranges from simple encodings, such as ASCII text represented as decimals to classical ciphers, such as Caesar and Vigenere ciphers to modern encryption standards, such as the Data Encryption Standard (DES) and Advanced Encryption Standard (AES). For modern encryption, there are many different implementation flaws that are discussed in the presentation as well as a few ideas for how to correct those flaws. At the end of the presentation, some thought questions are provided.
Fuzzing - Part 2
We continue where we left off from Part 1. This section covers 2 main topics, debugging libraries and fuzzer design. For debugging libraries we go over PyDBG and WinAppDbg, discussing basic to intermediate examples, and when you might want to use one instead of the other. After that, fuzzer design is discussed, including goals, design choices, architecture, etc. Some code samples are shown from my fuzzer, along with a github link for those who are interested.
Exploitation Crash Course
This document provides an introduction to software exploitation on Linux 32-bit systems. It covers common exploitation techniques like buffer overflows, format strings, and ret2libc attacks. It discusses the Linux memory layout and stack structure. It explains buffer overflows on the stack and heap, and how to leverage them to alter control flow and execute arbitrary code. It also covers the format string vulnerability and how to leak information or write to arbitrary memory locations. Tools mentioned include GDB, exploit-exercises, and Python. Overall it serves as a crash course on the basic techniques and concepts for Linux exploitation.
Fuzzing - Part 1
This is part 1 of fuzzing, an introduction to the subject. This presentation covers some of theory and thought process behind the subject, as well as an introduction to environment variable fuzzing and file format fuzzing.
Protostar VM - Heap3
The document summarizes how to exploit a heap-based buffer overflow vulnerability in the Protostar Heap 3 challenge. It describes using the Doug Lea malloc implementation, modifying chunk size metadata to change program execution, overwriting pointers to hijack control flow, and crafting 12-byte shellcode to jump to a "winner()" function and complete the exploit.
Heap Base Exploitation
We introduce the fundamentals of dynamic memory allocation and highlight several exploitable properties. These ideas are put into practice in a set of heap overflow challenges from exploit-exercise.com's Protostar VM. We walk through the first three. Other uses of heap space such as heap spraying are mentioned.
Return Oriented Programming
Introduction to return oriented programming. Explanation of how to use instruction sequences already existing in an executable's memory space to manipulate control flow without injecting external payload.
More from UTD Computer Security Group (20)
Recently uploaded
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
Northern Engraving | Nameplate Manufacturing Process - 2024
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
A Deep Dive into ScyllaDB's Architecture
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Dandelion Hashtable: beyond billion requests per second on a commodity server
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Astute Business Solutions | Oracle Cloud Partner |
Your goto partner for Oracle Cloud, PeopleSoft, E-Business Suite, and Ellucian Banner. We are a firm specialized in managed services and consulting.
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Recently uploaded (20)
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
Introduction to Exploitation
- 2. Get Involved ● Discord - discord.gg/kuejt8p ● Fire Talks - October 24th, 2018 ● Live Stream - Whenever you want* ● CSG CTF - ctf.utdcsg.club
- 3. Events ● Hardware Hacking Hangout - Friday @ 7 pm in ECSS 4.619 ● CSAW CTF - Saturday @ 1 pm to 5 pm in ECSS 4.619 ● Elastic - Next Wednesday @ 7 pm in MC 2.410
- 4. Goal for tonight: Answer the question “How do I get started?”
- 5. Getting started in Computer Security ● Plenty of resources exist to get started with different areas of security ● You get out what you put into it
- 6. Intro to Exploitation ● General Goals: ○ Lateral Movement ○ Command and Control ○ Data Exfiltration
- 7. General Tools ● Kali Linux - contains many exploitation tools pre-installed ● FLARE VM - contains many security tools for use in a Windows environment
- 8. “Fields” of Exploitation ● Network ● System ○ Linux ○ Windows ○ Other ● Cryptography ● Web ● Binary
- 9. Network Attacking the network and network services, often to access machines on said network. Examples: ● Attacking Windows domains ● Attacking cloud infrastructure Tools: ● nmap Practice: ● HackTheBox ● CloudGoat
- 10. Linux Escalating privileges, exfiltrating data, establishing persistence, and more. Examples: ● Hacking Linux? Tools ● bash ● Metasploit ● Linux Knowledge Practice ● OverTheWire - Bandit ● HackTheBox ● Metasploitable 2
- 11. Windows Escalating privileges, exfiltrating data, establishing persistence, and more. Examples: ● Hacking Windows? Tools ● Powershell ● Metasploit ● Windows Knowledge Practice ● HackTheBox ● Metasploitable 3 ● Immersive Labs (Powershell)
- 12. Cryptography Breaking ciphers, forging signatures, doing magic(?) Examples ● Forging authentication tokens ● Breaking encryption Tools ● SAGE ● Python ● Patience Practice ● CryptoPals ● id0-rsa
- 13. Web Dumping databases, gaining code execution, breaking webscale, learning too many frameworks Examples ● SQL Injection ● Code Execution ● Local File Includes Tools ● Burp Suite ● Browser Developer Tools Practice ● HackTheBox ● OverTheWire - Natas ● WebGoat
- 14. Binary Exploiting flaws in a program to do “fun” things Example ● Bypassing authentication ● Gaining code execution Tools ● gdb (Debuggers) ● IDA Pro (Disassemblers) Practice ● pwnable.kr ● Protostar ● The Assembly Group
- 15. Overall Being well “read” can give you a significant edge in security YouTube - Tutorials ● LiveOverflow ● GynvaelEN YouTube - Talks ● DefCon ● BlackHat ● media.ccc.de (34C3) News/Blogs ● /r/NetSec ● HackerNews
- 16. Demo Physical access attacks with Tiny Core Linux ● Replacing Magnify.exe with cmd.exe