July 31, 2009 at 3:44 pm #4081Data_RaidParticipant
I’ve been asked to do a one hour presentation on Security threats and tools. I know, one hour isn’t much but I was thinking along the lines of presenting on the most common tools used in Hacking/Cracking. I think NMAP is an awesome tool, I was thinking about spending a few mins talking about how it’s used and how the TCP flags are manipulated – show some real packet captures in Wireshark to display the flags. Another tool that I like and think is worth mentioning is Ophcrack, I’m planning to have a live demo on Vmware and crack a few basic passwords. Cain and Abel is also another tool I’d like to have a live demo on, show some ARP poisoning and live HTTP credential gathering, maybe some Windows passwords as well. Lastly, Backtrack, have a live demo and show a few exploits on vulnerable machines. Plenty to fit in an hour!
I’d appreciate any input and suggestions from fellow EHN members, especially if you have done something similar. Is there any other tools that have a “wow” factor that I should include over any of the tool mentioned above?
July 31, 2009 at 5:05 pm #25945UNIXParticipant
I would say when you demonstrate the mentioned tools with demos one hour would not be enough. 😉
Maybe you can setup (or use an existing vm) and attack it with another vm or with the host system. You could demonstrate with this a simplified real-world scenario and demonstrate those tools one after another, without the need to going too much into detail. While exlpaining the whole process it would fit good to explain the tools which you use and why and what the commands you are entering will do.
In terms of the wow-factor.. I think WoW would come when you demonstrate the whole process from an attackers view from nothing to root.
July 31, 2009 at 10:24 pm #25946rattisParticipant
I’ve been asked to do a one hour presentation on Security threats and tools. I know, one hour isn’t much but I was thinking along the lines of presenting on the most common tools used in Hacking/Cracking.
I think you need to ask and think about a few questions first.
Get with the organizers, and find out how much time you have to do the presentation. Are you one of multiple people doing presentations that day? Does your one hour include the time you have to set up your equipment and break it down, or will you have extra time.
Find out what the organizers’ expectations for your presentation. You might be thinking of showing them lots of cool things, while they’re thinking how to help users defend themselves.
Next, think about your audience. Who are they, and why are you there? Then think about what you’d like to see if you were in their place.
Based on what you think they’d like to see, and what the people who contacted you want, build your plan off of that.
Also remember, there will always be questions, give time for them to ask, and be able to expand from that point.
Don’t know if you’ve already done that part, you didn’t say from the original post.
Look forward to hearing more about your Presentation.
July 31, 2009 at 11:04 pm #25947KrisTeasonParticipant
My senior year of highschool for my networking class I put together a quick demonstration of a client-side attack in action. I demonstrated the :
Which was : exploit/windows/browser/ani_loadimage_chunksize (within msf)
in action. I didn’t exactly walk over the whole PoC, but I showed it in action and put together a video with a scenario (which I had filmed previously from walking into class) & just showed it off. The class had that wow look on their face.
I’m not saying go over a whole session of Metasploit just show how powerful it could be & tell people to look into it themselves. While introducing this into your video it may help your other tools your mentioning flow well.
August 6, 2009 at 10:45 am #25948Data_RaidParticipant
Thanks for your input everyone, much appreciated.
I’ll create a rough draft soon and see how I do with content and time. Definitely want to have a live demo of Backtrack/Metasploit.
- You must be logged in to reply to this topic.