Social Engineering Presentation - ISC 3/21/13
The presentation from UAH’s Information Security Club meeting of March 21, 2013. This talk dealt with Social Engineering, the art of manipulating and reading people put into a penetration testing context, and was given by Nathan O’Neal. Slides (PDF) Audio (MP3) Video (MP4) Youtube </source>
Eugene's Law of Security
Eugene’s Law of Security: There’s always someone smarter. Corollary: Beware of stupid, malicious people in groups. Eugene’s Law of Security is my way of describing what the designer or implementer of a system claiming to be secure needs to be aware of. Specifically, no matter how smart you are, just because you can’t break into something you designed, doesn’t mean there isn’t someone a little bit smarter who will tear it to shreds. Of course, you might still have questions about the corollary, like “I get that there is someone smarter than me, but why should I care about the...
ARP Poisoning with Ettercap Demonstration
This demo is a follow-on to the ARP Poisoning Presentation. It uses the program ettercap to acheive an ARP poisoning attack. To start with, here’s a written description of the process. Start Wireshark on the attacker. Open the telnet session on one of the victims. Nothing of that telnet session should be visible. In order to do a Man in the Middle (MitM) attack, first set up IP forwarding with sysctl -w net.ipv4.ip_forward=1 Edit /etc/etter.conf to uncomment the lines allowing iptables to forward. Start up ettercap: ettercap -G (the -G gives a GUI) Start sniffing (unified) Scan for hosts Add...
ARP Poisoning Presentation - ISC 3/7/13
The presentation from UAH’s Information Security Club meeting of March 7, 2013. This talk dealt with ARP Poisoning, which allows an attacker to redirect IP addresses to their MAC address over a LAN, and was given by Eugene Davis. Also, there is a Demonstration of ARP Poisoning separately recorded. Slides (PDF) Audio (MP3) Video (MP4) Youtube </source>
Penetration Testing Part Two - ISC 2/28/13
The presentation from UAH’s Information Security Club meeting of February 28, 2013. This presentation was the second of two introducing the subject of penetration testing a.k.a “ethical hacking”. Its aim is not to teach the software used in penetration testing, but rather to provide the basis to understand the techniques used both in attacking and defending systems. Part One. It was given by Eugene Davis. Slide creation was by Eugene Davis, Nathan O’Neal, Luke Burgess, and John McCann. Slides (PDF) Audio (MP3) Video (MP4) Youtube </source>