Digicomp Hacking Day 2012 - 14.6.2012

Real knowledge derives from practical exercises !

© Hacking-Lab Slide 2www.hacking-lab.com

� Security Conferences

� Universities

© Hacking-Lab Slide 3www.hacking-lab.com

� Universities

� Security Trainings

Austria is seeking cyber talents in 2012. Hacking-Lab is performing the qualifying challenges (July-Sept 2012) followed by a final run in November 2012.

© Hacking-Lab Slide 4www.hacking-lab.com

© Hacking-Lab Slide 5www.hacking-lab.com

ResearchProjects Platform

Talent Quest

OnlineTraining

VirtualPentestingTeam

CERT Support

CERT

© Hacking-Lab Slide 6www.hacking-lab.com

Free LiveCD

Web Security

Malware / Trojan / Bugs

Windows Security

Apple Security

VoiP / SS7 / GSM

Wireless Security

Unix / Linux Security

Crypto Challenges

© Hacking-Lab Slide 8www.hacking-lab.com

Apple Security

Penetration Testing

Networking

Forensics

Reverse Engineering

Crypto Challenges

Programming

Fun Challenge

Every challenge in Hacking-Lab is available as SBS or WG

SBSStep by Step

SBS challenges

are used in

commercial

WGWargame

WG challenges

are used in free

trainings, CTF

© Hacking-Lab Slide 9www.hacking-lab.com

commercial

trainings.

Trainees do not

have the time to

spend 1-2 hours

per challenge.

They will be

guided through

the challenge.

trainings, CTF

and talent quest.

Solving a WG

challenge is more

difficult and

needs more

knowledge.

© Hacking-Lab Slide 10www.hacking-lab.com

Compass covers ALL OWASP TOP 10 (2007 and 2010)

© Hacking-Lab Slide 11www.hacking-lab.com

� Student Choose lab case (theme, subject)Solve lab casesSubmit solution to teacherWait for the ranking

© Hacking-Lab Slide 13www.hacking-lab.com

� Teacher Compiles lab case list (event)Verifies solutions from studentManage scoring -> rankingExplain solution -> movie

� Organization Manager Add/Remove UsersAdd/Remove Classrooms and EventsAdd/Remove Privileges (e.g. Trainer)

© Hacking-Lab Slide 14www.hacking-lab.com

� Enterprise Admin Super Root AdminAdd/Remove OrganizationsAdd/Remove Challenges

© Hacking-Lab Slide 15www.hacking-lab.com

© Hacking-Lab Slide 16www.hacking-lab.com

© Hacking-Lab Slide 17www.hacking-lab.com

© Hacking-Lab Slide 18www.hacking-lab.com

© Hacking-Lab Slide 19www.hacking-lab.com

© Hacking-Lab Slide 20www.hacking-lab.com

© Hacking-Lab Slide 21www.hacking-lab.com

© Hacking-Lab Slide 22www.hacking-lab.com

Every user gets some points if he or she succeeds in tackling a security challenge

Improve your skill level and avatar

© Hacking-Lab Slide 23www.hacking-lab.com

VPN is required to access the lab!

https://www.hacking-lab.com/Remote_Sec_Lab/livecd.html

Download free LiveCD here: http://media.hacking-lab.com/largefiles/livecd/

© Hacking-Lab Slide 25www.hacking-lab.com

© Hacking-Lab Slide 26www.hacking-lab.com

© Hacking-Lab Slide 27www.hacking-lab.com

http://media.hacking-lab.com/largefiles/livecd/

© Hacking-Lab Slide 28www.hacking-lab.com

� How to use LiveCD using the VirtualBox Appliance

� How to install LiveCD in Vmware 8 workstation

© Hacking-Lab Slide 29www.hacking-lab.com

� How to use OpenVPN

� https://www.hacking-lab.com/FAQ/

Bitte registrieren Sie sich über folgenden Link

https://www.hacking-lab.com/sh/kpzhrhd

© Hacking-Lab Slide 31www.hacking-lab.com

Wie arbeitet man gleichzeitig als Angreifer und Opfer?� Starten von 2 Firefox Instanzen

� Firefox –P –no-remote &

� Video: http://media.hacking-lab.com/movies/multiple-firefox-browsers/

Wie untersucht man die HTTP Pakete zwischen Client und Server?� Starten von ZAP Proxy (ehemalig PAROS Proxy)

© Hacking-Lab Slide 32www.hacking-lab.com

� Konfiguration von Browser Proxy auf localhost:8080

� Video: http://media.hacking-lab.com/movies/zap/

Wie richtet man sich eine Landing Page auf der LiveCD ein?� Root Shell öffnen

� Stoppen Lokaler DokuWiki Web Server

� Starten Lokaler Apache Landing Page Server

� Video: http://media.hacking-lab.com/movies/landingpage/