bush1d0
TRANSCRIPT
Jayson E. Street, CISSP, GSEC, GCIH, GCFA,
IEM, IAM, ETC…
BUSH1D0
The Art of (CYBER) WAR
Know yourself know your enemy
• Sun Wu (Tzu) “Ping-fa”(The Art of War)• “Thus it is said that one who knows the enemy and
knows himself will not be endangered in a hundred engagements. One who does not know the enemy but knows himself will sometimes be victorious, sometimes meet with defeat. One who knows neither the enemy nor himself will invariably be defeated in every engagement!”
Contents
• INTRO
• What we are doing here
• Stratagem Solutions• 5 Point methodology
• The games begin
Training VS. Teaching
Tools have a shelf life a methodology doesn’t
I don’t plan on teaching you how to fish. I want to teach you how to figure out where the fish are.
3,000 year old military strategy successfully applied to modern day pen-testing.
Hackers don’t audit a network why are you?
Stratagems we will cover
1.Cross the sea by fooling the sky
3. Kill with a borrowed knife
5. Loot a burning house
8. Pretend to take one path while sneaking down another
12. Take the opportunity to pilfer a goat
18. Defeat the enemy by capturing their chief
21. Slough off the cicada's golden shell
29. Deck the tree with false blossoms
30. Make the host and the guest exchange roles 36. If everything else fails, retreat
5 Point Bush1d0 Methodology
1. Recon2. Scanning3. Explore4. Exploit5. Expunge
Point #1 Recon
Tools we will go over
3.Sam Spade4.dnsenum5.metagoofil6.Maltego7.Google8.FEC9.News Sites
Point #2 Scanning
1. Nmap2. Autoscan3. unicornscan
Point #3 Explore
1. Nikto2. Httprint3. Grendel-scan
Point #4 Exploit
1. Metasploit2. Milw0rm3. OSVDB
Point #5 Expunge
1. Regedit2. Back Door3. Delete Button
Time to teach
No more reading power points the rest of this
class depends on how much you put into it.