Introduction to Ethical Hacking

Summer University 2015 SJSU, San Jose

Alexandre Karlov

#whoami• Cursus

• MSc in Telecommunication sciences (EPFL’06)

• PhD in Cryptology (EPFL’11)

• Cryptography expert at Kudelski group

• Manager of cybersecurity projets at Kudelski group

• Currently professor at University of Applied Science Western Switzerland (HEIG-VD) and independent security consultant

• Interests and Research

• Practical systems (in)security

• Pentests

• Vulnerabilities of industrial control systems (SCADA)

• CTFs (more on that later)

#man course

• Provide you a taste of hacking

• Understand how an attacker thinks and try to develop a similar mindset

• Get familiar with security challenges

• Best way to learn

• Have Fun!

#head course

• Quick intro

• Some tools

• Bonus

• Up to you to play

0x01 Intro

Why Ethical Hacking

Why Ethical Hacking

Why Ethical Hacking

Why Ethical Hacking

Source: Presentation of Urs P. Küderli, Chief Security Advisor @ Microsoft «Security Development Lifecycle - a process to develop more secure software»

Why Ethical Hacking

Why Ethical Hacking

• In order to develop and architect information systems in a secure way, you must be aware of vulnerabilities

• Before protecting you should know ways how the system can be exploited

• Hacker mindset

• Finding vulnerabilities on the systems

• Do it in a legal way

Why Ethical Hacking

How?•So how do you learn the skills and train your mindset ?

•Continuous learning

•Principle valid outside information security field as well

•New exploits, tools and frameworks are appearing almost every day

•Technical skills are best built through hands-on experience

•Vulnerable VMs

•Online challenges

•CTFs

•…more CTFs

•Reading and practicing - tons of information available on the web

•Twitter, blogs, (CTF) write-ups, vulnerabilities disclosures and PoCs

•Books

•Technical security trainings

Rules of Engagement• Work by groups of 2

• Register at www.root-me.org

• Start by doing some (very) easy challenges in order to understand the principle

• Read (a lot of) related docs

• Try to do challenges from categories in which you are less experienced

• For the final grading submit your write-ups (along with your scripts and other relevant files) for 5 challenges

• Still by group of 2

• Of at least intermediate difficulty

• From at least 3 different categories

• Submit by email to alexandre.Karlov@heig-vd.ch

0x02 Tools

Tools

• So what are the best tools to be an ultimate hacker ?

• Which OS to use ? Windows, Linux or OSX ?

Recommendations• Have all three of them, or at least Windows and Linux • Don’t think of them as different operating systems

• Thinks of them as set of tools

• Setup a virtualized environment on you machine (VMWare) • Deploy images of Windows and Linux boxes so that you can easily switch between

• Today’s average Portable PC (quad-core) • Can easily run several OS in parallel • Images allow easily to backup, roll-back and deploy a fresh/clean version of the OS

Kali• The Kali linux distribution which superseded historical BackTrack (BT) linux is seen as a de-facto standard platform to help you with your pentest tasks • Debian-based distribution • More than 300 tools for pentest and data forensics • Active online support community

!!!!

If you are an Arch Linux fan, you might want to give BlackArch a try

Kali

• Download from www.kali.org • Either an ISO from http://www.kali.org/downloads/ • VMWare image from http://www.offensive-security.com/kali-linux-vmware-arm-image-download/

• Download, unzip (7z x kali-linux-1.0.9-vm-amd64.7z) and open the image in VMPlayer

• default username and password: root/toor

• remember to change the root password

• apt-get update && apt-get upgrade • If running a WMPlayer, ensure that you are using NAT network option for your virtual network adapter on SJSU campus

Kali - non root user

• When installed, Kali linux uses root user for all tasks

• It is a good security practice to add an additional user with non-root privileges •useradd -m noroot passwd noroot usermod -a -G sudo noroot chsh -s /bin/bash noroot

• Replace the noroot by whatever you prefer

Kali - Install Multiarch support

• By default Kali comes with 64 bit architecture •sudo dpkg -–add-architecture i386 sudo apt-get update sudo apt-get upgrade

• Enables 32-bit support • Useful for applications supporting only 32-bit

Kali - default repositories

• The default package repositories that should be present in /etc/apt/sources.list are listed as follows; if not present, edit the sources.list file to include them

## Kali deb http://http.kali.org/kali kali main contrib non-free## Kali-dev deb http://http.kali.org/kali kali-dev main contrib non-free## Kali Security updates deb http://security.kali.org/kali-security kali/updates main contrib non-free

0x03 Bonus

CTF? WTF?• Capture The Flag

• Computer Security Competition between teams

• Jeopardy: tasks/challenges in several categories - Web, Crypto, Forensics, CrackMe/Binary, Programming….

• Attack-defense: Every team is provided with some environment with vulnerable services. Patch yours and grab flags from others.

• Flag is hidden somewhere

• Online challenges are usually organized in the same manner - good start for training

• Great way to learn and have fun!

Famous CTFs

• DEFCON - Jeopardy + Attack-defense • Best way to get to Vegas • CTF Olympics

• Hack.lu CTF

• Ghost in the Shellcode

• PlaidCTF

!

• Check out ctftime.org

Bonus: PoliCTF• You are lucky - the coming weekend there is an online CTF competition.

• URL: polictf.it

• Starts at 2:00 AM Friday PDT (local time) and lasts for 48 hours (Sunday 2:00 AM PDT).

• If you get bored here and think you are really smart, register and try some challenges there

• Submit your write-up of one challenge you solve before Sunday 3:00 AM PDT local time sharp to alexandre.karlov@heig-vd.ch

• 3 groups for the same challenge max! (6 people)

• First come - first serve basis

• You will have the honour to present your solution before the class on Monday or Wednesday

• Replaces 3 challenges of your assignment.

0x03 Your turn!