Milliways
Networking Hacking Workshop
August 15, 2023
2:30 PM – 4:30 PM Add to calendar
2:30 PM – 4:30 PM Add to calendar
Milliways Workshop Dome
Come learn how to hack networks without needing to piss off your housemates, local coffee shop, or the Feds! Bring your laptop and by the end of this workshop, everyone can walk away having intercepted some packets and popped some reverse shells.
In this workshop you’ll learn some of the fundamental techniques of network hacking and how you can use them to find computers and services running on a network, intercept local network communication, read and manipulate traffic, and break some of commonly deployed protocols at the network layer.
You’ll solve a series of challenges, each in a contained virtualized network where it’s just you and your targets. We’ll start with a networking crash course to introduce you to packets and their layers, as well as how to use Wireshark to dig in and explore further.
Topics we’ll cover:
* Network crash course in peeling back the layers
* Network sniffing and the world of broadcast traffic
* Network scanning and finding your next target
* Man-in-the-middle attacks through ARP poisoning
* DNS poisoning so that your too can be facebook.com
What you need to bring:
* A laptop with Linux or a Linux VM (MacOS also works, but have a VM installed as a backup).
* Some basic experience with command line tools.
* These software tools (detailed installation instructions at https://notebook.naumachiactf.com):
* OpenVPN: Connect to the challenges you will be hacking
* Wireshark (tcpdump also works): Capture and dissect network traffic
* netcat (nc): Swiss-army-knife of networking
* nmap: Scan and search for vulnerable targets
* ettercap: Man-in-the-middle attack tool and network attack platform
* python3 (optional): Build new attack tools
Additional information
| Type | Live Workshop |
|---|---|
| Language | English |
More sessions
| 8/15/23 |
In this 2h workshop, I will teach you to work with the tiny components that modern electronic devices are made of. We will assemble an electronic kitten, that purrs when touched correctly, and hisses when touched wrong. It will work, and is guaranteed to remove your fear of hand-assembling surface mount designs.
|
| 8/15/23 |
The session proposes a quick overview of Frida, a dynamic instrumentation framework, and how it can be used to enhance our work during the runtime analysis of a mobile application. It will be a walkthrough on how hooking and rewriting functions in runtime may be helpful against anti-reverse engineering measures and SSL pinning mechanisms.
|
| 8/15/23 |
Hardware FIDO U2F tokens are security devices which are meant to defend user second factor keys from physical and remote attacks. In this presentation different security features and implemented by FIDO U2F tokens and how they are meant to protect a user from various attack scenarios. We will focus on the open source implementation of FIDO U2F token developed and Common Criteria certified by Federal Office for Information Security (BSI). Having access not only to the source code of the token ...
|
| 8/15/23 |
MITRE ATT&CK (Attack Framework among friends) is intimidating sight at first, but is a great tool for risk identification, threat analysis, red teaming, DFIR and security management. Brief introduction to the topic with various examples.
|
| 8/15/23 |
Solder your own pathlighter badge to illuminate your surroundings at night.
|
| 8/15/23 |
This talk will show you how many interfaces have to communicate in order to fly experiments on a sounding rocket. We will give you insights into the procedures and the complexity of a research campaign and the actual flight of the rocket itself. In particular, we look at the hardware and software used in the Ground Support Equipment (GSE) and the Service Module (SM) within the rocket.
|
| 8/15/23 |
During the past few years, many people have started to use virtualized eSIMs instead of the classic physical chip card SIMs. Behind the scenes, a rather complex universe of protocols, interfaces, cryptographic operations, trust models and business processes are in operation to make this work. However, like many aspects of cellular technology, the knowledge of the technology behind it is not widely understood. - despite its ferquent use by a large user base. This talk aims to change that, as far ...
|
