OpenWest 2014/Hacking

"Beginners Introduction to Hacking and Information Security Using Open Source Tools."
 * by Lance Buttars

Surface Areas of Attack:
 * Network
 * Operating system
 * Software
 * Users
 * Hardware

Penetration test (aka. pen test)

Do you really trust your own computer? Have you read ever line of source code? Traced every circuit?

CVE - database of vulnerabilities
 * http://wiki.alpinelinux.org/wiki/Cvechecker

Exploit Development Resources:
 * http://exploit-exercises.com/

Tools:
 * Kali Linux OS - http://www.kali.org/

Metasploit:
 * http://www.offensive-security.com/metasploit-unleashed/

Privilege Escalation - process of acquiring system rights of another target user

Passive Attacking - ease dropping packet sniffing
 * Man in the middle
 * SSL strip
 * Wireshark
 * dsniff

Denial of Service (DoS)

Social Engineering Tool Kit
 * https://www.trustedsec.com/downloads/social-engineer-toolkit/
 * installed on Kali
 * ?? Capture Facebook credentials and other stuff ??

OWASP

Web Attacks
 * The Open Web Application Security Project (OWASP) Top 10
 * https://www.owasp.org/index.php/Top10

SQL Injection attacks

Broken Authentications and Session Management

Cross-Site Request Forgery (CSRF)
 * easily to fight against - just include a random number for each request that the user has to respond with