Discourse/Classes and Events/2020-09-30 Network Hacking security 101 October 3920
|
📜 Discourse Archive |
Network Hacking (security) 101 [October '20
[edit | edit source]nategraf — 2020-09-30
I’m very excited to adapt to the new state of the world a host a long overdue edition of Network Hacking 101, online this time, on Thursday October 22nd at 6:00pm PT
2020-10-23T01:00:00Z → 2020-10-23T03:00:00Z
I’m excited to explore moving this class online, and since everything is designed to be done over the Internet, it will be a great time from wherever you are!
What this?
[edit | edit source]If you want to secure your home network, the best place to start is to learn how to attack it! Let’s do just that! By the end of this workshop, everyone can walk away having intercepted some packets and popped some reverse shells, and you’ll be able to use these skills on your own home network!
The content we will use is available online, and you can check it out now at naumachiactf.com. I encourage you to try the challenges ahead of time, and feel free to ask me any questions on Discord at chat.naumachiactf.com.
Topics we’ll cover:
[edit | edit source]- Network crash course in peeling back the layers
- Network sniffing and the world of broadcast traffic
- Man-in-the-middle attacks through ARP poisoning
- Network scanning and finding your next target
- DNS poisoning so that your too can be facebook.com
What do I need to hack?
[edit | edit source]You’ll need a laptop and the following tools:
- OpenVPN
Connect to the challenges you will be hacking
- Wireshark (tcpdump also works)
Capture and dissect network traffic
- nmap
Scan and search for vulnerable targets
- ettercap
Intercept and manipulate traffic
- arpspoof
Another good way to intercept traffic
- bettercap (optional)
Next-generation replacement for ettercap (but a bit unreliable)
- python3
Build new attack tools
- netcat (nc)
Swiss-army-knife of networking
It’s highly recommended that you use Linux or MacOS, but these tools are availible for Windows as well. If you have a Windows laptop, I recommend you install Linux in a VM*. Kali is the canonical offensive security distribution if you need to pick one. (https://youtu.be/FVmWMogGX4Q )
- Windows Subsystem for Linux (WSL) is great, but doesn’t work with packet capturing, so you won’t be able to use it here
Speaking of network hacking, just plugged this in to teh internet https://fccid.io/2AC8OFLIIKE/Internal-Photos/Internal-Photos-2545489
Currently found at !Pv4 199.188.195.60
happy port scanning
> ### escalation vector… > > ping jitsi.noisebridge.io > nmap -v -sn 199.188.195.0/24 > nmap -v -sT -p http* 199.188.195.0/24
the — 2020-10-02
would you be interested in remotely presenting for 5MoF.net could solicit some more interest in your event as well.
nategraf — 2020-10-21
Details
[edit | edit source]Alright, I’ve been hard at work making this workshop global-pandemic friendly and here are the deets!
I’ve put together a notebook with a written-up version of all the content. You’ll have an easier time if you check it out and install the dependencies before the workshop starts
bit.ly/network-hacking-101
[edit | edit source]Notion
Notion – The all-in-one workspace for your notes, tasks, wikis, and databases.
[edit | edit source]A new tool that blends your everyday work apps into one. It's the all-in-one workspace for you and your team
As for for chatting during the event, I’ve set up a space on a cool app called Gather. Basically it’s a mashup of Pokemon and video chat.
bit.ly/network-hacking-gather
[edit | edit source]https://gather.town/app/3nGSCSr4JmOE3mKF/hacking
Additionally, for any other time, and in case the Gather fails, I have a Discord server
bit.ly/network-hacking-chat
[edit | edit source]Discord
Join the naumachia Discord Server!
[edit | edit source]Check out the naumachia community on Discord - hang out with 53 other members and enjoy free voice and text chat.
If you have any issues, let me know here or on the Discord server
See y’all on Thursday
[edit | edit source]
the — 2020-10-22
Working thru the dependencies, note on ettercap, for ubuntu it wants ettercap-text-only or ettercap-graphical do you recommend one or the other or both, and any particular reasons to go this route over arpspoof (which doesn’t seem to be in the standard repo)?
nategraf — 2020-10-23
If you want to use the GUI, the `ettercap-graphical` is good. It also includes the text CLI I believe. I reference the CLI in the notebook. `arpsoof` is also nice because it allows spoofing without forwarding, which I utilize in the example of how to solve the DNS poisoning challenge. It’s also the case that `ettercap` won’t work for some people, but `arpspoof` will and vice versa
Ya, I definitely would like to present something! This would be a good topic.
···
On Fri, Oct 2, 2020, 11:45 the via Noisebridge <noreply@discuss.noisebridge.info> wrote:
> the Ⅹ, MoverOctober 2
would you be interested in remotely presenting for 5MoF.net could solicit some more interest in your event as well.
Visit Topic or reply to this email to respond.
To unsubscribe from these emails, click here.