.

Security Presentation

<<

Data_Raid

User avatar

Full Member
Full Member

Posts: 165

Joined: Fri Nov 09, 2007 5:55 am

Post Fri Jul 31, 2009 10:44 am

Security Presentation

I've been asked to do a one hour presentation on Security threats and tools. I know, one hour isn't much but I was thinking along the lines of presenting on the most common tools used in Hacking/Cracking. I think NMAP is an awesome tool, I was thinking about spending a few mins talking about how it's used and how the TCP flags are manipulated - show some real packet captures in Wireshark to display the flags. Another tool that I like and think is worth mentioning is Ophcrack, I'm planning to have a live demo on Vmware and crack a few basic passwords. Cain and Abel is also another tool I'd like to have a live demo on, show some ARP poisoning and live HTTP credential gathering, maybe some Windows passwords as well. Lastly, Backtrack, have a live demo and show a few exploits on vulnerable machines. Plenty to fit in an hour!

I'd appreciate any input and suggestions from fellow EHN members, especially if you have done something similar. Is there any other tools that have a "wow" factor that I should include over any of the tool mentioned above?

TIA
All men by nature desire knowledge.

Aristotle
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Jul 31, 2009 12:05 pm

Re: Security Presentation

I would say when you demonstrate the mentioned tools with demos one hour would not be enough. ;)

Maybe you can setup (or use an existing vm) and attack it with another vm or with the host system. You could demonstrate with this a simplified real-world scenario and demonstrate those tools one after another, without the need to going too much into detail. While exlpaining the whole process it would fit good to explain the tools which you use and why and what the commands you are entering will do.

In terms of the wow-factor.. I think WoW would come when you demonstrate the whole process from an attackers view from nothing to root.
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri Jul 31, 2009 5:24 pm

Re: Security Presentation

Data_Raid wrote:I've been asked to do a one hour presentation on Security threats and tools. I know, one hour isn't much but I was thinking along the lines of presenting on the most common tools used in Hacking/Cracking.


I think you need to ask and think about a few questions first.

Get with the organizers, and find out how much time you have to do the presentation. Are you one of multiple people doing presentations that day? Does your one hour include the time you have to set up your equipment and break it down, or will you have extra time.

Find out what the organizers' expectations for your presentation. You might be thinking of showing them lots of cool things, while they're thinking how to help users defend themselves.

Next, think about your audience. Who are they, and why are you there? Then think about what you'd like to see if you were in their place.

Based on what you think they'd like to see, and what the people who contacted you want, build your plan off of that.

Also remember, there will always be questions, give time for them to ask, and be able to expand from that point.

Don't know if you've already done that part, you didn't say from the original post.

Look forward to hearing more about your Presentation.
OSWP, Sec+
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Jul 31, 2009 6:04 pm

Re: Security Presentation

My senior year of highschool for my networking class I put together a quick demonstration of a client-side attack in action. I demonstrated the :

http://www.microsoft.com/technet/securi ... 35423.mspx

Which was : exploit/windows/browser/ani_loadimage_chunksize (within msf)
in action. I didn't exactly walk over the whole PoC, but I showed it in action and put together a video with a scenario (which I had filmed previously from walking into class) & just showed it off. The class had that wow look on their face.

I'm not saying go over a whole session of Metasploit just show how powerful it could be & tell people to look into it themselves. While introducing this into your video it may help your other tools your mentioning flow well.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

Data_Raid

User avatar

Full Member
Full Member

Posts: 165

Joined: Fri Nov 09, 2007 5:55 am

Post Thu Aug 06, 2009 5:45 am

Re: Security Presentation

Thanks for your input everyone, much appreciated.

I'll create a rough draft soon and see how I do with content and time. Definitely want to have a live demo of Backtrack/Metasploit.
All men by nature desire knowledge.

Aristotle

Return to Opinions

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software