hacking lab
TRANSCRIPT
Digicomp Hacking Day 2012 - 14.6.2012
Real knowledge derives from practical exercises !
© Hacking-Lab Slide 2www.hacking-lab.com
� Security Conferences
� Universities
© Hacking-Lab Slide 3www.hacking-lab.com
� Universities
� Security Trainings
Austria is seeking cyber talents in 2012. Hacking-Lab is performing the qualifying challenges (July-Sept 2012) followed by a final run in November 2012.
© Hacking-Lab Slide 4www.hacking-lab.com
© Hacking-Lab Slide 5www.hacking-lab.com
ResearchProjects Platform
Talent Quest
OnlineTraining
VirtualPentestingTeam
CERT Support
CERT
© Hacking-Lab Slide 6www.hacking-lab.com
Free LiveCD
Web Security
Malware / Trojan / Bugs
Windows Security
Apple Security
VoiP / SS7 / GSM
Wireless Security
Unix / Linux Security
Crypto Challenges
© Hacking-Lab Slide 8www.hacking-lab.com
Apple Security
Penetration Testing
Networking
Forensics
Reverse Engineering
Crypto Challenges
Programming
Fun Challenge
Every challenge in Hacking-Lab is available as SBS or WG
SBSStep by Step
SBS challenges
are used in
commercial
WGWargame
WG challenges
are used in free
trainings, CTF
© Hacking-Lab Slide 9www.hacking-lab.com
commercial
trainings.
Trainees do not
have the time to
spend 1-2 hours
per challenge.
They will be
guided through
the challenge.
trainings, CTF
and talent quest.
Solving a WG
challenge is more
difficult and
needs more
knowledge.
© Hacking-Lab Slide 10www.hacking-lab.com
Compass covers ALL OWASP TOP 10 (2007 and 2010)
© Hacking-Lab Slide 11www.hacking-lab.com
� Student Choose lab case (theme, subject)Solve lab casesSubmit solution to teacherWait for the ranking
© Hacking-Lab Slide 13www.hacking-lab.com
� Teacher Compiles lab case list (event)Verifies solutions from studentManage scoring -> rankingExplain solution -> movie
� Organization Manager Add/Remove UsersAdd/Remove Classrooms and EventsAdd/Remove Privileges (e.g. Trainer)
© Hacking-Lab Slide 14www.hacking-lab.com
� Enterprise Admin Super Root AdminAdd/Remove OrganizationsAdd/Remove Challenges
© Hacking-Lab Slide 15www.hacking-lab.com
© Hacking-Lab Slide 16www.hacking-lab.com
© Hacking-Lab Slide 17www.hacking-lab.com
© Hacking-Lab Slide 18www.hacking-lab.com
© Hacking-Lab Slide 19www.hacking-lab.com
© Hacking-Lab Slide 20www.hacking-lab.com
© Hacking-Lab Slide 21www.hacking-lab.com
© Hacking-Lab Slide 22www.hacking-lab.com
Every user gets some points if he or she succeeds in tackling a security challenge
Improve your skill level and avatar
© Hacking-Lab Slide 23www.hacking-lab.com
VPN is required to access the lab!
https://www.hacking-lab.com/Remote_Sec_Lab/livecd.html
Download free LiveCD here: http://media.hacking-lab.com/largefiles/livecd/
© Hacking-Lab Slide 25www.hacking-lab.com
© Hacking-Lab Slide 26www.hacking-lab.com
© Hacking-Lab Slide 27www.hacking-lab.com
http://media.hacking-lab.com/largefiles/livecd/
© Hacking-Lab Slide 28www.hacking-lab.com
� How to use LiveCD using the VirtualBox Appliance
� How to install LiveCD in Vmware 8 workstation
© Hacking-Lab Slide 29www.hacking-lab.com
� How to use OpenVPN
� https://www.hacking-lab.com/FAQ/
Bitte registrieren Sie sich über folgenden Link
https://www.hacking-lab.com/sh/kpzhrhd
© Hacking-Lab Slide 31www.hacking-lab.com
Wie arbeitet man gleichzeitig als Angreifer und Opfer?� Starten von 2 Firefox Instanzen
� Firefox –P –no-remote &
� Video: http://media.hacking-lab.com/movies/multiple-firefox-browsers/
Wie untersucht man die HTTP Pakete zwischen Client und Server?� Starten von ZAP Proxy (ehemalig PAROS Proxy)
© Hacking-Lab Slide 32www.hacking-lab.com
� Konfiguration von Browser Proxy auf localhost:8080
� Video: http://media.hacking-lab.com/movies/zap/
Wie richtet man sich eine Landing Page auf der LiveCD ein?� Root Shell öffnen
� Stoppen Lokaler DokuWiki Web Server
� Starten Lokaler Apache Landing Page Server
� Video: http://media.hacking-lab.com/movies/landingpage/