ethical hacking series: 0x02 – building your own hacking...
TRANSCRIPT
![Page 1: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/1.jpg)
Ethical Hacking Series: 0x02 – Building Your Own Hacking
Lab
JaxHax MakerspaceTravis Phillips
![Page 2: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/2.jpg)
About Me● Member of Jax Hax since it opened.● Specializes in Ethical Hacking, IT Security,
and penetration testing.● Formerly a programmer.● Enjoys electronics, Linux, embedded
systems, anything hackery-ish, small physical projects from time to time to keep hands-on skills honed, puzzles, Open Source everything, and lock picking.
● Easy to find. Big dude dressed in black or grey. Seek me out anytime you are here.
![Page 3: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/3.jpg)
Intended Audience● This is intended as an intro class as part
of a series of classes. ● This is a class that is for people who are
interested in security and require proof it's working!
● This class covers the basics of building a lab so that you will have a safe environment to play in.
– DON'T BE AFRAID TO STOP ME TO ASK QUESTIONS!
– The only stupid question is the question never asked.
![Page 4: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/4.jpg)
So Why Do I Need a Hacking Lab?
● Keeps vulnerable software off your real machine.
● A lab provides you a controlled environment for your testing.
● You'll have physical access to the machines for troubleshooting.
![Page 5: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/5.jpg)
So Why Do I Need a Hacking Lab?● I'm teaching you things
that if conducted on machines you don't own, it's illegal! Hacking machines you do own however is legal!
● Not providing a lab setup is like giving a kid a BB gun without targets and cutting him loose in the outside; It can only end badly!
![Page 6: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/6.jpg)
Things to Consider When Building A Hacking Lab
● Web Attacks
● Mobile Devices
● Malware Research
● Reverse Engineering
● Wireless
● Crypto
● Network Exploits– DoS
– MitM
● Software Exploits– Linux
– Windows
– Mac
● What sort of hacking research are you looking to do?
![Page 7: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/7.jpg)
What Resources Do You Have On Hand?
● Any old bare metal boxes laying around?● Is your rig beefy?
– Plenty of memory and CPU for VMs?
● Any networking equipment laying around?– Old ISP modems are usually great!
● Wifi and a 4 port switch are usually built-in● Usually provide DHCP, Firewall, and DNS.
● Dumb network hubs are AWESOME!!!● A USB drive you can dedicate to the Lab
![Page 8: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/8.jpg)
What to consider when buying equipment?
● Networking equipment can usually be mid tier SOHO gear.
– Although port mirroring/spanning can help when it comes to sniffing.
● Machines can usually be home use grade.– Keep architecture in mind!
● x64 can run x86 and x64 OSs but not the other way around!
● If you want to test against ARM architectures I would suggest an ODROID or Raspberry Pi
![Page 9: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/9.jpg)
Raspberry Pi & ODROID
● $35● 700 Mhz CPU● 512 MB RAM● HDMI+RCA● GPIO Pins
● $65● 1.7 Ghz quad
core CPU● 2 GB RAM● HDMI
![Page 10: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/10.jpg)
What to consider when buying equipment?
● Get a beefy rig if you are planning on doing crypto or password cracking heavily.
● Beefy rigs also make running VMs easier.● Hard drives are cheap so if you're planning
on VMs, get large drives!● Beefy rigs do also permit themselves to act
as servers as well.● Make your lab easy to reconfigure for
various test.
![Page 11: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/11.jpg)
Network Considerations● Is internet required? More importantly,
should it be present?– Depends on what your researching!
Can be present for:● Local machine exploits
● Remote machine exploits on LAN
● Crypto
● MITM Attacks
● Mobile Devices
Probably don't want it around when:
● Web Attacks
● Malware Research
● Reverse Engineering
● DoS Attacks
● Testing "In the wild" Hacking Tools
![Page 12: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/12.jpg)
Network Considerations
● Build your lab so that internet can be connected and disconnected easily on an as needed basis.
● Keep your home LAN and Hacking Lab isolated from each other if possible.
● VMware and VirtualBox both have network settings that also contain Host Only communications.
![Page 13: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/13.jpg)
Virtual Machines● VMs are great for
hacking labs!● Tons of vulnerable
hacking VMs already pre-built and ready to download.
● Easy to manage● Portable - Take your lab
with you on your laptop if it has the horse power!
![Page 14: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/14.jpg)
VM vs Bare Metal
● VMs are great but bare metal has its perks too!
– DoS attacks against VMs come full circle. You're attacking yourself basically and this affects the results.
– Network isn't bridged through drivers on your box. This bridging sometimes affects MITM and network based attacks.
– Dedicated hardware relieves your machine of heavy lifting such as crypto analysis
![Page 15: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/15.jpg)
VM vs Bare Metal● Another bare metal machine is not your box
like a VM.– Keep this in mind with Malware research
– Some malware has been seen to use exploits to escape VMs and infect the host OS.
– Some malware (a lot of malware actually) won't run if it detects the OS is in a VM.
● Anti-virus researchers used to use VMs for reverse engineering malware.
● Security researchers used VMs as honeypots.
![Page 16: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/16.jpg)
VM vs Bare Metal
● If special hardware is needed for the attack then bare metal generally will give you less issues.
– E.g. Wifi packet injection, software defined radio, video cards.
● Remember the network traffic has to pass through the host OS network stack.
● Windows network stack can break things from time to time since it doesn't allow raw sockets.
![Page 17: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/17.jpg)
OS For Attacker Machine(s)● Kali is a great choice if your new to hacking
or just don't have time to roll your own attack machine.
– Kali is a Linux (Debian) based distro gear towards pentesting.
– Loaded with tons of tools already to go!
● Use Linux and roll your own toolkits on to it.– Takes more time but you get exactly what
you want.
– Configured to your specs with nothing extra
![Page 18: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/18.jpg)
OS For Attacker Machine(s)
● One Windows machine for hacking● Windows isn't ideal for hacking but not a
bad idea to practice with.● Also requires expensive licenses.● Pivoting will sometimes require you to
launch your attacks off of a windows box.● Personally, I just use one of the windows
victim boxes in my lab for this purpose.
![Page 19: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/19.jpg)
OS For Victim Machines
● Older versions of either Linux or Windows work great.
– Turn off automatic updates to keep them vulnerable.
– Many of these are missing modern exploit prevention methods which makes learning easier at the start.
● Can be disabled on a lot of Linux systems.
● A few more modern OS to provide real world challenges and compare changes against exploits
![Page 20: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/20.jpg)
Victim VMs for example● Metasploitable2
– Old Ubuntu Server loaded with vulnerable software and mis-configurations.
● Web security dojo– Loaded with a few vulnerable web hacking
labs and the tools needed to exploit them.
● De-Ice Vms– Hacking cases setup as part of a wargame
● Check out vulnhub.com & pentesterlab.com for tons more!
![Page 21: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/21.jpg)
Finding Vulnerable Software and Services for Victims
● Vulnerable learning VMs can come with vulnerabilities in the OS and software wise.
● Linux developers like to use SVN or GIT which keeps all changes to software, you can pull any revision from it.
● Some vendors leave old vulnerable version of software for download
– example: windows tftpd32 from tftpd32.jounin.net
● Older version contain known buffer overflows.
![Page 22: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/22.jpg)
Finding Vulnerable Software and Services for Victims
● A lot of vendors don't do this though...● So for them you can check out oldversion.com● Lots of old vulnerable software available here:
– Browsers
– Flash
– Java
– Media Players
![Page 23: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/23.jpg)
Configuration of the Victim Machines
● Try to make it either a learning lab or a real world case study lab.
● make them have different levels of security● weak to strong passwords● some user follow bad practices (storing
passwords in text files) to paranoid encrypted files.
![Page 24: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/24.jpg)
Configuration of the Victim Machines
● Should be configured so some machines are just defaults.
– No anti-virus.
– Host Firewall on by default.
– Think like an end user, do as little as possible to make changes.
![Page 25: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/25.jpg)
Configuration of the Victim Machines
● Others should have relax "Corporate LAN settings"
– Host based firewalls off
– remote admin (RDP, SMB/NETBIOS, VNC, SSH) might be enabled.
– Anti-virus solution likely present on workstations, possibly on servers.
![Page 26: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/26.jpg)
Configuration of the Victim Machines
● Others might be servers with any of the following:
– Paranoid admins (lock it down with defense in depth)
– Lazy admins or devs (open up things for debugging purposes)
– New admins (take all the defaults.)
![Page 27: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/27.jpg)
Managing Machines in the Lab
● Once configured the way you want, You will want to make a backup for reference and restore if needed
● For VMs you can use snapshots– Also not a bad idea to just keep a copy of
the image files backed up so you can just restore it.
● For bare metal you can use disk cloning– Clonezilla can make a backup image of
the drive.
![Page 28: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/28.jpg)
Managing Machines in the Lab
● For Raspberry Pi and ODROID:– Uses SD cards
– You can use the linux tool 'dd' to make a raw dump of the SD card to an image file.
– You can also just restore it using 'dd' as well.
![Page 29: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/29.jpg)
Example Labs (Memory Corruption Bug Lab)
![Page 30: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/30.jpg)
Example Labs (Malware Lab)
![Page 31: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/31.jpg)
Example Labs (Reversing Lab VM)
![Page 32: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/32.jpg)
Example Labs (Reversing Lab)
![Page 33: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/33.jpg)
Example Labs (Mobile Lab)
![Page 34: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/34.jpg)
Example Labs (Mobile Physical Lab)
![Page 35: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/35.jpg)
Example Labs (Web Hacking Lab)
![Page 36: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/36.jpg)
Example Labs (Pivoting Lab)
![Page 37: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/37.jpg)
Example Labs (Wifi Labs)
![Page 38: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/38.jpg)
Notice Anything With Those Examples?
● Two common themes we saw were: – A standalone machine running VMs
– An air gap network.
● These two are very well rounded lab configurations.
● I'd recommend a VM lab first and then the air gap second unless you are doing malware research.
![Page 39: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/39.jpg)
Hacking Outside the Lab Legally
● There are hacking sites and challenges that you can play on legally outside your lab.
● The two major ones you will see are wargame sites and CTFs
![Page 40: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/40.jpg)
Wargames
● Wargames are sites hackers setup to allow hackers to hone their skills. Here are a few:
– https://www.hackthissite.org/
– http://www.bright-shadows.net/
– http://www.wechall.net/
– http://www.thisislegal.com/
– http://overthewire.org/
– http://www.net-force.nl/
![Page 41: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/41.jpg)
CTFs (Capture The Flag)
● Capture The Flag games are contest where hackers work alone or in teams. The goal is to capture flags in the challenges and gain the most points
● There are usually 3 types of CTFs– Jeopardy
– Network Based
– Red vs Blue Team
![Page 42: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/42.jpg)
CTFs (Capture The Flag)● A board of challenges, usually file based
hacking (Forensics, Memory Corruption, Reverse Engineering). Beating these challenges will give you a flag to redeem for points.
● Network based – These give the players a network and try to hack boxes on the network that will give them a flag to redeem; or they will have a control file you put your name in on the server and a scorebot will credit points to that team every 10 minutes or so. You have to fight to protect it.
![Page 43: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/43.jpg)
CTFs (Capture The Flag)
● Red vs Blue Team – This is a game where players are broken up into two teams. The blue team is required to defend the network while providing services that are required. The blue team gets a head start before the red team is allow to attack the network.
![Page 44: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/44.jpg)
CTFs
● Events that come– Most security conferences will host one.
– CSAW
– Raytheon SI host the “Ghost in the Shellcode” CTF.
● Can't Wait to Start?– http://repo.shell-storm.org/CTF/
● This guy has a major archive of the challenges from several CTFs
![Page 45: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/45.jpg)
Recap
● A hacking lab makes life easier and is simple to setup. No excuse for failure to set one up.
● Safe place to conduct your experiments.● If your in IT, you probably have most of this
equipment.● Make your lab flexible!
![Page 46: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/46.jpg)
Questions?
![Page 47: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/47.jpg)
Next Month – FREE IT Sec Conference!
● November 15th is the 1st ever B-Sides Jax Information Security Conference!
● Free and open to public, but please RSVP!
● http://bsidesjax.org/
![Page 48: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/48.jpg)
Next Presentations
● Introduction to Base Numbering Systems and ASCII.
● Common Networking Protocols, Sniffing, and The Joys of RFCs
● Using OSINT (Open Source Intelligence) For Footprinting and Passive Recon
● Scanning For Host and Services
![Page 49: Ethical Hacking Series: 0x02 – Building Your Own Hacking Labwiki.jaxhax.org/images/b/bb/0x02-Ethical-Hacking-Series-Building-Your-Own-Hacking-Lab.pdfIntended Audience This is intended](https://reader033.vdocuments.net/reader033/viewer/2022041920/5e6bb986e8a8646a480ffdc7/html5/thumbnails/49.jpg)
Thanks For
Coming Out!