bush1d0
TRANSCRIPT
![Page 1: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/1.jpg)
Jayson E. Street, CISSP, GSEC, GCIH, GCFA,
IEM, IAM, ETC…
BUSH1D0
The Art of (CYBER) WAR
![Page 3: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/3.jpg)
Know yourself know your enemy
• Sun Wu (Tzu) “Ping-fa”(The Art of War)• “Thus it is said that one who knows the enemy and
knows himself will not be endangered in a hundred engagements. One who does not know the enemy but knows himself will sometimes be victorious, sometimes meet with defeat. One who knows neither the enemy nor himself will invariably be defeated in every engagement!”
![Page 4: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/4.jpg)
Contents
• INTRO
• What we are doing here
• Stratagem Solutions• 5 Point methodology
• The games begin
![Page 5: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/5.jpg)
Training VS. Teaching
Tools have a shelf life a methodology doesn’t
I don’t plan on teaching you how to fish. I want to teach you how to figure out where the fish are.
3,000 year old military strategy successfully applied to modern day pen-testing.
Hackers don’t audit a network why are you?
![Page 6: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/6.jpg)
Stratagems we will cover
1.Cross the sea by fooling the sky
3. Kill with a borrowed knife
5. Loot a burning house
8. Pretend to take one path while sneaking down another
12. Take the opportunity to pilfer a goat
18. Defeat the enemy by capturing their chief
21. Slough off the cicada's golden shell
29. Deck the tree with false blossoms
30. Make the host and the guest exchange roles 36. If everything else fails, retreat
![Page 7: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/7.jpg)
5 Point Bush1d0 Methodology
1. Recon2. Scanning3. Explore4. Exploit5. Expunge
![Page 8: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/8.jpg)
Point #1 Recon
Tools we will go over
3.Sam Spade4.dnsenum5.metagoofil6.Maltego7.Google8.FEC9.News Sites
![Page 9: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/9.jpg)
Point #2 Scanning
1. Nmap2. Autoscan3. unicornscan
![Page 10: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/10.jpg)
Point #3 Explore
1. Nikto2. Httprint3. Grendel-scan
![Page 11: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/11.jpg)
Point #4 Exploit
1. Metasploit2. Milw0rm3. OSVDB
![Page 12: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/12.jpg)
Point #5 Expunge
1. Regedit2. Back Door3. Delete Button
![Page 13: Bush1D0](https://reader038.vdocument.in/reader038/viewer/2022100606/55a0f78b1a28ab972a8b458c/html5/thumbnails/13.jpg)
Time to teach
No more reading power points the rest of this
class depends on how much you put into it.