Uploaded byIT-oLogy
201 views

Live Exploit - Chad Cravens

The document discusses a live exploit demonstration using open source tools. It introduces the speaker and their background and company. It then outlines the basic steps of an attack including network reconnaissance using Nmap to map IPs and services, targeting vulnerable services, using Metasploit to find and run exploits to gain privileges and install backdoors, and using additional tools like Shodan and Google searches to find more information. It concludes by providing additional training resources.

Technology
Related topics:
Cyber-Security

Embed presentation

Download to read offline
Live Exploit Live Exploit Using Open Source Tools Chad Cravens Open Source Systems www.ossys.com
About The Speaker 1Open Source Systems – www.ossys.com 2007 - Graduate of New Mexico Institute of Mining and Technology (Scholarship for Service Recipient) 2007 – 2011 Federal Employee at SPAWAR (Space and Naval Warfare Systems Center) 2012 – Software Engineer at Small Wall St Firm 2014 – Founded Open Source Systems Chad Cravens Charleston, SC Software Fanatic Stickler for Software Quality and Security!
Open Source Tools 2Open Source Systems – www.ossys.com
Steps of an Attack 3Open Source Systems – www.ossys.com 1. Network Reconnaissance (Nmap) a) Understand the Network b) Map IP Addresses and Operating Systems / Services c) Search for Potentially Vulnerable Services 2. Service Reconnaissance (Nmap) a) Target a single machine and discovery potential vulnerabilities b) When a vulnerable service is discovered, find relevant CVE 3. Run the Exploit (Metasploit) a) Find the exploit in the metasploit database b) Use exploit c) Set exploit options d) Run exploit 4. Privilege Escalation and Install Backdoor (Metasploit) 5. Run VNC for full UI control (Metasploit) 6. Clean Up Activities (Metasploit)
Google Hacking 4Open Source Systems – www.ossys.com Google Caches a LOT of Information! You just need to know how to search for it…. Let’s search for database username / passwords "DriverManager.getConnection" filetype:bak “mysqli_connect” filetype:bak
Shodan HQ 5Open Source Systems – www.ossys.com Searches for non-standard web servers Usually IoT Devices Most are not secure… Let’s see this!
Additional Training 6Open Source Systems – www.ossys.com Hack This Site! https://www.hackthissite.org/ OWASP WebGoat https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project HoneyNet Challenges https://www.honeynet.org/challenges
Questions? Open Source Systems – www.ossys.com Thank you! chad.cravens@ossys.com 7

More Related Content

PPTX
Elasticsearch python
byvaliantval2
 
PDF
Automatiza las detecciones de amenazas y evita falsos positivos
byImma Valls Bernaus
 
PPS
Entenda a ave maria
byDébora Menezes Salles
 
PDF
Resume Clayton Paino New 2015
byClayton Paino
 
DOC
งานโครงงานจัดฟัน
byOporfunJubJub
 
PPT
Семінар вчені біологи
byNila Luchkova
 
PPT
Урок 8
byNila Luchkova
 
DOC
งานโครงงานจัดฟัน
byOporfunJubJub
 
Elasticsearch python
byvaliantval2
 
Automatiza las detecciones de amenazas y evita falsos positivos
byImma Valls Bernaus
 
Entenda a ave maria
byDébora Menezes Salles
 
Resume Clayton Paino New 2015
byClayton Paino
 
งานโครงงานจัดฟัน
byOporfunJubJub
 
Семінар вчені біологи
byNila Luchkova
 
Урок 8
byNila Luchkova
 
งานโครงงานจัดฟัน
byOporfunJubJub
 

Viewers also liked

PDF
Politique pénitentiaire: réconcilier éthique de conviction et éthique de resp...
byInstitut pour la Justice
 
DOCX
Математичний час. Гра. 10 клас
by270479
 
PDF
ขั้นตอนการทำโครงงานคอมพิวเตอร์
byPuniga Chansara
 
DOCX
Kims Resume To Go
byKimberly Martone
 
DOCX
Resume H White
byBill White
 
DOC
CV_Shabeer
bySHABEER A.P
 
DOCX
Participatory rural a ppraisal...asignment.
byJuman Tong
 
PDF
สถานที่ท่องเที่ยว10ประเทศอาเซียน
byrawinchu
 
PDF
Programme LPRO
byGhislain YGER
 
PPT
досвід роботи Ткаченко О.А.
byschool-2
 
PPTX
Досвід роботи вчителя української мови та літератури Жилякової Т.В.
byschool-2
 
PPTX
Оберіг для воїна АТО
byСветлана Луценко
 
PPTX
Avaliação fisioterapêutica i 2012
byKarina Santaella
 
PPTX
зона психологічного розвантаження в спеціальній групі днз
byЕлена Кен
 
Politique pénitentiaire: réconcilier éthique de conviction et éthique de resp...
byInstitut pour la Justice
 
Математичний час. Гра. 10 клас
by270479
 
ขั้นตอนการทำโครงงานคอมพิวเตอร์
byPuniga Chansara
 
Kims Resume To Go
byKimberly Martone
 
Resume H White
byBill White
 
CV_Shabeer
bySHABEER A.P
 
Participatory rural a ppraisal...asignment.
byJuman Tong
 
สถานที่ท่องเที่ยว10ประเทศอาเซียน
byrawinchu
 
Programme LPRO
byGhislain YGER
 
досвід роботи Ткаченко О.А.
byschool-2
 
Досвід роботи вчителя української мови та літератури Жилякової Т.В.
byschool-2
 
Оберіг для воїна АТО
byСветлана Луценко
 
Avaliação fisioterapêutica i 2012
byKarina Santaella
 
зона психологічного розвантаження в спеціальній групі днз
byЕлена Кен
 

Similar to Live Exploit - Chad Cravens

PPTX
Open Security - Chad Cravens
byIT-oLogy
 
PPTX
OSINT
byAvradeep Bhattacharya
 
PPTX
Finalppt metasploit
bydevilback
 
PPTX
Cyber Security and Open Source
byPOSSCON
 
PDF
SOHOpelessly Broken
byThe Security of Things Forum
 
PDF
Hacking school computers for fun profit and better grades short
byVincent Ohprecio
 
PDF
Hack Attack! An Introduction to Penetration Testing
bySteve Phillips
 
PDF
Penetrationtestinglovesfreesoftware libreplaner2017-christianfernandez-hispag...
byChris Fernandez CEHv7, eCPPT, Linux Engineer
 
PPTX
Open Source Security
bySander Temme
 
PPT
Security & ethical hacking p2
byratnalajaggu
 
PPT
Security & ethical hacking
byAmanpreet Singh
 
PDF
Ethical hacking for fun and profit
byFlorent Batard
 
PDF
Intro to Exploitation
byUTD Computer Security Group
 
PDF
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
byChris Gates
 
PDF
Metasploit Computer security testing tool
bymedoelkang600
 
PDF
OSINT for Attack and Defense
byAndrew McNicol
 
PPTX
Hacktoberfest'24 _ GDG on Campus BU.pptx
bynilaygupta3003
 
PPTX
Introduction to Exploitation
byprimeteacher32
 
PPTX
Metasploit
byLalith Sai
 
PDF
CSEC 610 Individual Assignment Essay
byRochelle Schear
 
Open Security - Chad Cravens
byIT-oLogy
 
OSINT
byAvradeep Bhattacharya
 
Finalppt metasploit
bydevilback
 
Cyber Security and Open Source
byPOSSCON
 
SOHOpelessly Broken
byThe Security of Things Forum
 
Hacking school computers for fun profit and better grades short
byVincent Ohprecio
 
Hack Attack! An Introduction to Penetration Testing
bySteve Phillips
 
Penetrationtestinglovesfreesoftware libreplaner2017-christianfernandez-hispag...
byChris Fernandez CEHv7, eCPPT, Linux Engineer
 
Open Source Security
bySander Temme
 
Security & ethical hacking p2
byratnalajaggu
 
Security & ethical hacking
byAmanpreet Singh
 
Ethical hacking for fun and profit
byFlorent Batard
 
Intro to Exploitation
byUTD Computer Security Group
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
byChris Gates
 
Metasploit Computer security testing tool
bymedoelkang600
 
OSINT for Attack and Defense
byAndrew McNicol
 
Hacktoberfest'24 _ GDG on Campus BU.pptx
bynilaygupta3003
 
Introduction to Exploitation
byprimeteacher32
 
Metasploit
byLalith Sai
 
CSEC 610 Individual Assignment Essay
byRochelle Schear
 

More from IT-oLogy

PPTX
Low Cost Tools for Security Challenges - Timothy De Block
byIT-oLogy
 
PDF
How Smart Leaders Anticipate Breach to Protect Their Companies - Michael Sant...
byIT-oLogy
 
PPTX
National Cyber Security Awareness Month - Michael Kaiser
byIT-oLogy
 
PPTX
Keep Your Family Safe Online - Michael Kaiser
byIT-oLogy
 
PDF
ID Theft: What You Need to Know - Juliana Harris
byIT-oLogy
 
PDF
Cyber Breach: A Legal Perspective - Jarrett Coco
byIT-oLogy
 
PDF
Cybersecurity in South Carolina - Major General Les Eisner
byIT-oLogy
 
PDF
Software Security Assurance - Bruce Jenkins
byIT-oLogy
 
PDF
In the Wake of Ashley Madison - Jim Salter
byIT-oLogy
 
PDF
Passwords in the Internet Age - Jim Salter
byIT-oLogy
 
PDF
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
byIT-oLogy
 
PDF
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
byIT-oLogy
 
PDF
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
byIT-oLogy
 
PDF
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
byIT-oLogy
 
PDF
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
byIT-oLogy
 
PDF
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
byIT-oLogy
 
PDF
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC M...
byIT-oLogy
 
PPTX
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
byIT-oLogy
 
PPTX
IT-oLogy Summit on Information Technology: KEYNOTE: Matt Gardner
byIT-oLogy
 
Low Cost Tools for Security Challenges - Timothy De Block
byIT-oLogy
 
How Smart Leaders Anticipate Breach to Protect Their Companies - Michael Sant...
byIT-oLogy
 
National Cyber Security Awareness Month - Michael Kaiser
byIT-oLogy
 
Keep Your Family Safe Online - Michael Kaiser
byIT-oLogy
 
ID Theft: What You Need to Know - Juliana Harris
byIT-oLogy
 
Cyber Breach: A Legal Perspective - Jarrett Coco
byIT-oLogy
 
Cybersecurity in South Carolina - Major General Les Eisner
byIT-oLogy
 
Software Security Assurance - Bruce Jenkins
byIT-oLogy
 
In the Wake of Ashley Madison - Jim Salter
byIT-oLogy
 
Passwords in the Internet Age - Jim Salter
byIT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
byIT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
byIT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
byIT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
byIT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
byIT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
byIT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC M...
byIT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
byIT-oLogy
 
IT-oLogy Summit on Information Technology: KEYNOTE: Matt Gardner
byIT-oLogy
 

Recently uploaded

PPTX
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PDF
Router-DHCP-Printer-SharingRouter-DHCP-Printer-Sharing
byarbendi2160
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
DOCX
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 
PPTX
AI and Digital Transformation Solutions.
byBuildingblocks
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PPTX
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PPTX
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
PPTX
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PDF
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
Router-DHCP-Printer-SharingRouter-DHCP-Printer-Sharing
byarbendi2160
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 
AI and Digital Transformation Solutions.
byBuildingblocks
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 

Live Exploit - Chad Cravens

  • 1.
    Live Exploit Live ExploitUsing Open Source Tools Chad Cravens Open Source Systems www.ossys.com
  • 2.
    About The Speaker 1OpenSource Systems – www.ossys.com 2007 - Graduate of New Mexico Institute of Mining and Technology (Scholarship for Service Recipient) 2007 – 2011 Federal Employee at SPAWAR (Space and Naval Warfare Systems Center) 2012 – Software Engineer at Small Wall St Firm 2014 – Founded Open Source Systems Chad Cravens Charleston, SC Software Fanatic Stickler for Software Quality and Security!
  • 3.
    Open Source Tools 2OpenSource Systems – www.ossys.com
  • 4.
    Steps of anAttack 3Open Source Systems – www.ossys.com 1. Network Reconnaissance (Nmap) a) Understand the Network b) Map IP Addresses and Operating Systems / Services c) Search for Potentially Vulnerable Services 2. Service Reconnaissance (Nmap) a) Target a single machine and discovery potential vulnerabilities b) When a vulnerable service is discovered, find relevant CVE 3. Run the Exploit (Metasploit) a) Find the exploit in the metasploit database b) Use exploit c) Set exploit options d) Run exploit 4. Privilege Escalation and Install Backdoor (Metasploit) 5. Run VNC for full UI control (Metasploit) 6. Clean Up Activities (Metasploit)
  • 5.
    Google Hacking 4Open SourceSystems – www.ossys.com Google Caches a LOT of Information! You just need to know how to search for it…. Let’s search for database username / passwords "DriverManager.getConnection" filetype:bak “mysqli_connect” filetype:bak
  • 6.
    Shodan HQ 5Open SourceSystems – www.ossys.com Searches for non-standard web servers Usually IoT Devices Most are not secure… Let’s see this!
  • 7.
    Additional Training 6Open SourceSystems – www.ossys.com Hack This Site! https://www.hackthissite.org/ OWASP WebGoat https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project HoneyNet Challenges https://www.honeynet.org/challenges
  • 8.
    Questions? Open Source Systems– www.ossys.com Thank you! chad.cravens@ossys.com 7