Network Hacking (security) 101 [October]

I’ll be hosting another round of the Network Hacking 101! I always have a blast hosting, so as long as y’all are still interested I’ll host these periodically (then I’ll have to actually create some new content :P)

The date is set for October 24th , and we’ll start at 7:00pm ! Feel free to RSVP here or in the Meetup

What this?

We all know to be careful on coffee shop (and Noisebridge) WiFi, but maybe you don’t know what an attack actually looks like. Let’s fix that!

This workshop is hands-on, with the goal of having every person walk away having intercepted some packets and popped some reverse shells! It’s facilitated online using a piece of infrastructure I hacked together dubbed Naumachia (I’m an engineer, not a marketer). You can check it out now at naumachiactf.com

Topics we’ll cover:

  • Network crash course in peeling back the layers
  • Network sniffing and the world of broadcast traffic
  • Man-in-the-middle attacks through ARP poisoning
  • Network scanning and finding your next target
  • DNS poisoning so that your too can be facebook.com

What do I need to hack?

You’ll need a laptop and the following tools:

  • OpenVPN
  • Connect to the challenges you will be hacking
  • Wireshark (tcpdump also works)
  • Capture and dissect network traffic
  • nmap
  • Scan and search for vulnerable targets
  • ettercap
  • Intercept and manipulate traffic
  • arpspoof
  • Another good way to intercept traffic
  • bettercap (optional)
  • Next-generation replacement for ettercap (but a bit unreliable)
  • python3
  • Build new attack tools
  • netcat (nc)
  • Swiss-army-knife of networking

It’s highly recommended that you use Linux or MacOS, but these tools are availible for Windows as well. If you have a Windows laptop, I recommend you install Linux in a VM*. Kali is the canonical offensive security distribution if you need to pick one. (https://youtu.be/FVmWMogGX4Q )

*Windows Subsystem for Linux (WSL) is great, but doesn’t work with packet capturing, so you won’t be able to use it here

Disclaimer: I am by no means an expert in this topic; part of the reason it’s a 101 :stuck_out_tongue:

2 Likes