Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mano ‘dash4rk’ Paul r3c0n to r00t - Security and Soul

Similar presentations

Presentation on theme: "Mano ‘dash4rk’ Paul r3c0n to r00t - Security and Soul"— Presentation transcript:

1 Mano ‘dash4rk’ Paul r3c0n to r00t - Security h@Xs and Soul h@Xs

2 whois [Querying] Name: manoranjan paul > mano paul > @manopaul [IDENTITY] Primary: Follower of Jesus Christ (Christian) DOB: 09/30-1990 [TECHNICAL] Advisor: (ISC) 2, Software Assurance Books: The 7 Qualities of Highly Secure Software; Official (ISC) 2 Guide to CSSLP CEO: SecuRisk Solutions [OTHER] Researcher: Shark Biology (dash4rk) Creds: CSSLP, CISSP, MCSD, MCAD, CompTIA Network+, ECSA Record created on 03-03-19.. Record expires on tbd Database last updated on 07-12-2013 2 wen u c me, tweet #/@HackFormers

3 What is the topic/series about? Security h@Xs – Pentesting processes from r3c0n to r00t – Intro to security tools in the Kali Linux OS Soul h@Xs – Exploits that impact the soul – Intro to tools in the Bible and the protection in Jesus Christ 3 It is one thing to get r00ted in security; It is far worse to get r00ted in life

4 Agenda Teach Security Teach Christ Teach Security In Christ 4

5 Security h@xs -- getting r00ted in security -- Teach Security

6 Pentesting? Answers the question: – Can some entity penetrate your security defenses? Attestation of your overall security posture Before ogres h@x0rs do Attest Security Controls (safeguards, countermeasures) 6

7 Pentesting? (contd.) Rules of engagement – Scope defined – Get out of Jail card Structured process – Discovery to Exploit to Post-exploitation Internal/External scenarios 7

8 Pentesting – what it is NOT? 8

9 In the “r3c0n to r00t” series I will cover the various tools in the Kali Linux pentest distro/OS to perform the 3 steps pentest process – Step 1: r3c0n – Step 2: r3sili3ncy attestation – Step 3: r00t 9

10 What is Kali Linux? Debian based OS distro – dpkg –i file.deb Favorite OS for h@X0rs, pentesters and forensics Trivia – Other Names – Kali – Backtrack – Whax – Whoppix – Knoppix 300+ security tools 10

11 Tools, Tools, and more Tools 11

12 Step 1: r3c0n Identify live hosts Enumerate Discover Gather Info/Intelligence 12

13 r3c0n - Quotes Know your enemy – The Art of War; Sun Tzu Know your victim – Mano ‘dash4rk’ Paul 13

14 r3c0n Tool Categories Identification – Live host – IDS/IPS Scanning – Network Fingerprinting – OS – Services Analysis – DNS – OSINT – Route – SMB – SMTP – SNMP – SSL – Telephony – Traffic – VoIP – VPN 14

15 Step 2: r3sili3ncy attestation Evaluate attack surface Analyze vulnerability Check exploit 15

16 r3sili3ncy attestation - Quotes The art of being wise is the art of knowing what to overlook. – American Philosopher and Psychologist, William James (1842-1910) The art of being wise is the art of knowing what to look over. – Mano ‘dash4rk’ Paul (19.. – Forever) 16

17 Step 3: r00t Run exploit Getting pwn3d 17

18 Tell me, and I’ll forget Show me, and I may remember Involve me, and I’ll understand 18

19 Demo Step 1: r3c0n – 1.a. Who is out there alive? Live host identification – netdiscover – 1.b. What can we find out about the living? 1.b.1. Scanning (enumeration, discovery) – dmitry – nmap – zenmap – dnmap_server – dnmap_client 1.b.2. Fingerprinting – miranda 19

20 Demo (contd.) Step 2: r3sili3ncy attestation – Is the system vulnerable to exploitation? metasploit framework (check) Step 3: r00t – Getting pwn3d? metasploit framework (run exploit) 20

21 Soul h@xs -- getting r00ted in life -- Teach Christ

22 r3c0n of the living Who is out there alive? – Identification of the living (live hosts) Jesus said, “I am the resurrection and the life; Anyone who believes in me will live, even after dying.” (John 11:25; NLT) Those who believe in Jesus shall live (now) and eternally; they are the ones who are spiritually alive. (John 3:16) The devil is not interested in those who are spiritually dead 22

23 Scan What can we find out about the living? – The bad: Your adversary (h@X0r), the devil is like a roaring lion (in r3c0n), seeking whom he may devour (exploit) (1 Peter 5:8) – The good: The eyes of the Lord search the whole earth (in r3c0n) to strengthen those whose hearts are fully committed to him (2 Chronicles 16:9a ; NLT) 23

24 Fingerprint Whose fingerprint is on you? – The d3v1l’s For you are the children of your father the devil, and you love to do the evil things he does. He was a murderer from the beginning. He has always hated the truth, because there is no truth in him. When he lies, it is consistent with his character; for he is a liar and the father of lies. (John 8:44; NLT) – God’s For I hold you by your right hand — I, the Lord your God. And I say to you, ‘Don’t be afraid. I am here to help you. … I am the Lord, your Redeemer. I am the Holy One of Israel.’ (Isaiah 41:13,14b; NLT) 24

25 r3sili3ncy attestation Is our life vulnerable to exploitation? – No one is righteous; no not one (Romans 3:10) – All are vulnerable. All have sinned and have fallen short of the glory of God (i.e., vulnerable and exploitable) - Romans 3:23 The wages of sin is death (getting r00ted/pwn3d) - Romans 6:23 25

26 r00t – getting pwn3d Who 0wns you? – Are you r00ted by the devil? a slave to sin – Sin is crouching at the door, eager to control you. But you must subdue it and be its master.” (Genesis 4:7; NLT) – Are you r00ted in Christ Jesus? a servant of the Savior and Lord – And now, just as you accepted Christ Jesus as your Lord, you must continue to follow him. Let your roots grow down into him, and let your lives be built on him. Then your faith will grow strong in the truth you were taught, and you will overflow with thankfulness. (Colossians 2:6-7; NLT) 26

27 The conclusion of the matter No own wants to be pwn3d! To avoid security h@xs – one must implement security controls To avoid your soul from getting pwn3d (soul h@x), one MUST be r00ted in the one life control – Jesus Christ! 27

28 Points to Ponder Teach Security In Christ

29 Discussion Points Would you consider yourself alive or dead (spiritually)? – Born once, die twice – Born twice, die once If you are alive, you are the target! Are you r00ted by the devil (slave to sin) or are you r00ted in Christ Jesus? All who call on the name of the Lord Jesus Christ shall be saved [i.e., not have their soul h@x3d] (Joel 2:32) 29

30 Closing Thoughts 30 try { if (uLikedThisPresentationAndMtg) { subscribeViaEmail(); followAndTweet(); // @hackformers getLinkedIn(); emailUs(); // } else { giveFeedback(); // } catch(Temptations t) { r00tedIn(God JesusChrist); } finally { ThankUandGodBless(); }

31 Standards Pre-engagement activities Intelligence Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Reporting 31

32 Process Anatomy of an Attack - The 5Ps Probe Penetrate Persist Propagate Paralyze Official (ISC) 2 Guide to CSSLP - The 4Rs Reconnaissance – Enumeration & Discovery Resiliency Attestation – Attack & Exploitation Removal of Evidence (Cleanup) & Restoration Reporting & Recommendations 32 h@X0r’S perspective defender’s perspective

Download ppt "Mano ‘dash4rk’ Paul r3c0n to r00t - Security and Soul"

Similar presentations

Ads by Google