Hacking - Breaking Into It
Transcript of Hacking - Breaking Into It
Hacking, Breaking In
@ChrisTruncer
What’s this talk about?● Who I am
● How I got started in the industry● What is “red teaming” and/or “pen
testing”● What’s a pen test look like?
○ Demos, lots of them● How can you start learning this?● Questions
uid=0(@ChrisTruncer)●Christopher Truncer (@ChrisTruncer)
○Hacker○Open Source Software Developer
■Veil Framework Developer○Florida State Seminole○Random certs… blah
●Red Teamer and Pen Tester for Mandiant
How I Started● College
○ College computer security class○ Hack my roommate
■ “Wow, hacking is real”○ Took a security class○ Decided this is what I wanted to do
■ …. is this even a job?
How I Started● Start off in a technical role
○ Wanted to get a technical foundation before moving into security
● First job, not what I wanted● Became a Sys Admin at Northrop
Grumman○ Stayed for about 2 years
● Began my plunge into security, and haven’t looked back
What is Penetration Testing or Red
Teaming?
Different Job Descriptions● Vulnerability Assessment/Assessor
○ Scan a network for vulnerabilities with a tool
● Penetration Tester○ Take that output, exploit findings, hack
into systems● Red Team
○ Adversary emulation, objective oriented, don’t get caught
But that’s it…Kind of boring right?
Red Teaming is a little different, but similar
Phishing Our Way In● Lots of different ways to get in, but
phishing is easiest○ IT Department rolling out iPad’s for use○ User selected for development
environment○ Meeting minutes from managers
discussing layoffs…■ … then telling everyone not to read it
● We can forge it to come from anyone
Don’t Get Caught
Minor Background Slides
What is a vulnerability?
What is an exploit?
What’s really used?● We do use exploits, but less and less each
year○ What happens if the exploit doesn’t work?○ What happens if it does?
● Misconfigurations are the way to go○ Why hack something when we can just log
in?○ Path of least resistance
What’s the goal?● Well, let’s first own the domain
○ Get the domain administrator account● Demonstrate business impact
○ IT Admins understand domain admin, but does a manager, or a CEO?
○ Target something the business cares about■ The Coke recipe, database with SSNs?
● Report/Outbrief with fixes
What’s the goal (Red Team)?● All of the above
● Add to value by working with their blue team○ Teach them what you did○ Help them try to detect it○ Make them up your game
● Soft skills really help here○ Be able to talk to people and explain you
work to tech and non-tech (muggles) audience
On to the fun stuff
How’s a test work?● First we get our “get out of jail free” card
signed○ Only thing that keeps it legal, and us not
in jail● We’ll likely get some sort of a scope
○ IP address range○ Domain Names
● On our marks, get set, go!
Finding Live Systems● So, we may have thousands of IP
addresses…○ Let’s find the real computers
● Once we have a list of live computers what’s running on them?○ Web server?○ E-mail?○ Database server?
● NMap to the rescue
Port Scanning with NMap● NMap finds open ports with services running
on it● It will scan for the top 1000, or whatever you
specify● It can guess:
○ Service running○ Operating System
● It can run scripts too!
Sweet, what’s next?● Now we know open ports and the services
running○ Research vulnerabilities for those versions○ Or run a vulnerability scanner
● MS08-067○ Basically everyone’s first exploit○ Get Windows XP stock, and test against it
● We have an exploit for the system, use it!
What about Websites?● We test these too!
● Probably at least half of what we’re testing○ Everyone has a website○ Internal to a network, can be hundreds, or
thousands● Let’s get breaking into them!
What I wish I knew● Programming
○ Use it all the time for scripts, tools, Veil, etc.
● Mentor○ You’re always one step in front and one
step behind someone● Build a lab and play with it
○ You can’t break anything that costs money!
What I wish I knew● Be prepared to be uncomfortable at times
○ Always in a new environment with new “stuff” and you’re expected to break it
○ Perk of the job too :)
● Build your process○ Learn how you best approach networks,
web apps, etc.○ Use this to face what you don’t know
How to Learn● Go to security conferences!
○ Might be anywhere from $10 - $300○ BSides Conferences are local and almost
always free, or super cheap● Build your own lab
○ VMWare is your best friend○ VulnHub
● Try free CTFs● Twitter!
?Chris Truncer
○ @ChrisTruncer○ [email protected]○ https://www.christophertruncer.com○ https://github.com/ChrisTruncer