This is the first installment of a series of ethical hacking courses for folks with non-technical backgrounds.
- The average daily user of the internet.
- Mac OSX and Linux users (for now)
A technical background and some coding experience is helpful but not necessary. That’s the idea at least.
- A first step towards an applied understanding of basic concepts of cyber security or cyber hygiene.
- A good starting point for those curious about how networks work.
- A fun way to explore real world attacks and how to defend against them.
- You want to learn a little about Linux and Unix systems.
By using ethical hacking principles to give us the attacker’s perspective we can better understand the reasons for and limitations of counter measures.
- No, this is not a blackhat hacking workshop.
- If you want to join Anonymous, look elsewhere.
- We're not going to learn how to build a botnet.
- This is not offensive cyber security certification class.
An artist and designer, toolmaker and engineer.
- Started in engineering physics
- BS Music from University of Colorado Denver
- MFA Music from Cal Arts
- 11 years hacking it as a "professional artist"
I wear many hats, sometimes all at once:
- Electronic music
- Circuit bender/hardware hacker
- Electronics designer and fabricator
- Video synthesis and 3D animation
- Glitch art
- Textile design
- Creative coding
My portfolio: phillipstearns.com
My Email:[email protected]
- My creative practice involves both making and breaking things.
- I enjoy understanding how things, systems, work and my approach has always been to take something apart, to reverse engineer a thing and look for other latent possibilities.
- In recent years, I’ve noticed something particularly dark happening on the internet and I’ve taken a keen interest in understanding the escalation of today’s cyber wars and the current cyber arms race.
- This workshop series distills my struggles with learning cyber security fundamentals into a user friendly guide to getting started and going deeper.
- Cyber Hygiene
- Hacking
- Terminals, Command Lines and Shells, namely Bash
- Writing and Executing Bash Scripts
- General understanding of Cyber Hygiene
- General understanding of Ethical Hacking
- Knowledge of basic bash commands
- Ability to write and execute your own bash scripts
- Thinking about security as a “public health” issue.
- If we improve out own security, we improve the security of those around us.
- A set of best practices.
- Maintain complex Passwords
- Ensure Your Operating System is Up-To-Date
- Ensure Remote Desktop Protocol is Disabled
- Install and Maintain Antivirus/Antispyware Software
- Secure Your Internet Browser and Browser Add-ons
- Consider Using a Firewall
- Carefully Scrutinize Email Attachments
- Password Protect Your WiFi
- Back-Up Your Important Data
There is no one size fits all approach to security, only a balance between security and convenience that must be assessed on an individual basis. Part of this assessment necessarily involves what's called threat modeling. By identifying the threats we want to protect ourselves, we can begin to consider what reasonable and effective measures we can take.
The list above provides a good starting point and a lot of those tips are pretty straight forward, but it doesn't do a good job of helping you identify what solutions are out there and how to assess which might best suit your needs.
Someone with sensitive information wishing to anonymously disclose it to the media would have to take a different security posture than an average user wanting to keep their internet browsing history safe from their Internet service provider or network administrator.
Threat modeling is a complicated process, one that unfortunately, we can't dive too deep into, but that said, here are some examples of what I use and why. By sharing my thinking, maybe this will give a sense of some of the threats and possible postures towards them.
If you keep up with the rest of these practices, then data breaches will impact you most in the form of convincing Phishing campaigns. Ever received a bogus email appearing to be from someone you know? When you check the email address and it's something random, it's a good bet that someone got your contact info from a breach along with your contacts.
I use an authenticator app by default and enable phone based 2FA where app based authentication isn't available. This adds another layer of protection in the event that your credentials are compromised in a breach and someone tries to access your account.
No, that plain text file you've been using is NOT a password manager. Neither is Keychain or the in-browser password saver. Differences between keychain and a password manager explained. I have a paid subscription to a password manager. It's a convenient way for me to securely store and access login credentials and encryption keys, or secret notes. It's secured with 2FA. If my laptop is compromised, it's not likely that someone will be able to access my online accounts as access to my password manager requires 2FA and the pass phrase.
Use a VPN when surfing on untrusted networks or when you want to cloak your browsing from your ISP. There are a lot of good resources on what to look for in a VPN. If you want to stay anonymous, pay with a privacy focused crypto currency, make sure that no-logging practices are verified.
When you connect to a VPN, an encrypted connection or tunnel is made. All traffic into and out of your connection is sent down this tunnel.
What your local network admin sees: encrypted traffic between you and the VPN server
What your internet service provider sees: encrypted traffic between you and the VPN server
What your VPN sees: traffic between you and the server you're visiting, if https then encrypted, if http, then unencrypted.
What the site you're visiting sees: your browser details depending on your counter measures, the IP address of your VPN, possible access to your real IP address is WebRTC is exploited.
I use Firefox by default. It's improved greatly in recent years. Part of my switch was prompted by the fact that the Tor browser is based off Firefox. I am increasingly uneasy about the ability of Apple and Google to have access to my browsing history.
My settings mimic the amnesiac behavior of incognito mode for normal browsing, in addition to blocking third party cookies and blocking trackers. I've disabled WebRTC, WebGL, Flash, Camera and Microphone Access by default, as well as notifications and automatic downloads.
For plugins, I use AdNauseam ad blocker, No Script javascript blocker, EFF's Privacy Badger, HTTPS everywhere, Facebook Container and WebRTC disable.
Using some of the techniques we'll explore in this class, I build a Bash script that allows me to quickly randomize my MAC address whenever I want. MAC addresses are typically unique and burned into hardware, making it possible to track a device across multiple networks. Networks use MAC addresses as part of the Address Resolution Protocol or ARP in order to assign and track IP addresses.
If you really want MAC Address spoofing to work, you'll have to set your computer's network name to something generic too. How about MacBook or iPhone.
This is an incomplete list of resources to maintaining privacy and staying anonymous online:
Legal Disclaimer: As this workshop series progresses, you will learn skills that, if misused, can land you in a whole world of trouble, from lawsuits and legal prosecution to jail time. You must take responsibility for your actions. If you don’t own it, don’t hack it. If you're not authorized, it's illegal.
As broadly as possible: The use of technical knowledge and skills to cause a system to behave in ways not originally intended.
A computer hacker is any skilled computer expert that uses their technical knowledge to overcome a problem.
hacker: n.
[originally, someone who makes furniture with an axe]
A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
A person capable of appreciating hack value.
A person who is good at programming quickly.
An expert at a particular program, or one who frequently does work using it or on it; as in ‘a Unix hacker’. (Definitions 1 through 5 are correlated, and people who fit them congregate.)
An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
[deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.
The term ‘hacker’ also tends to connote membership in the global community defined by the net (see the network. For discussion of some of the basics of this culture, see the How To Become A Hacker FAQ. It also implies that the person described is seen to subscribe to some version of the hacker ethic (see hacker ethic).
It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled bogus). See also geek, wannabee.
This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry's by teenage radio hams and electronics tinkerers in the mid-1950s.
--source: http://www.catb.org/~esr/jargon/html/H/hacker.html
A subculture of individuals who enjoy the intellectual challenge of creatively overcoming limitations of software systems to achieve novel and clever outcomes.[1] The act of engaging in activities (such as programming or other media[2]) in a spirit of playfulness and exploration is termed "hacking".
source: https://en.wikipedia.org/wiki/Hacker_culture
More broadly, hacking culture encourages the exploration of systems, tools, and technologies in the spirit of asking what these things can be made to do, rather than simply accepting what we've been told they can do.
A security hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network.
- Blackhat - overtly malicious, motivated by personal gain
- Greyhat - seek out vulnerabilities for broader disclosure
- Whitehat - authorized to test systems in order to improve security
Both Blackhat and Greyhat hacking is considered illegal.
A form of Whitehat hacking often based on a method of offensive security practice. Also called Red Teamers, Penetration Testers adopt the mindset of the attacker to help defend networks. By simulating attack and exposing weaknesses, pen testers help security teams improve defensive postures and defend against real-world attacks.
We're learning how to hack ourselves solely for the purpose of improving our own security.
Other philosophical discussions of what constitutes ethics and whether those ethics are aligned with particular morals or codes of social conduct are beyond the scope of this workshop.
Our mantra: "If you don't own it, don't hack it."
Not: "If you can't hack it, you don't own it."
The Hacker Crackdown
What is Hacking
Hacker Culture
Security Hacker
Terminal: text input and output environment or application.
Command Line: the interface where users enter (type) and execute (press enter) commands.
Shell: a user interface for access to an operating system’s services. can be graphical (GUI) or text based command line interface (CLI).
Though there are many different terminal applications and command-line interface shells, we’re going to focus on the basic “out of the box” tools provided by OSX.
Let’s open up the terminal.app in OSX, which logs us into a bash shell environment, presenting us with a command line interface.
Press command + spacebar to bring up the spotlight search prompt. Type terminal.app and press enter.
You can also access the terminal application from Finder by navigating to Applications > Utilities > Terminal.app
Bash is a Unix shell written by Brian Fox. It replaces the Bourne shell, developed by Stephen Bourne. Bash is a short for Bourne-again Shell, yes, I see what Brian did there very punny…
Bash is a command processor that runs in a text window. It can also read and execute commands from a file, a shell script.
Anyone remember Zork?
Imagine you woke up with amnesia, and have no idea who you are or where you are.
You might ask some obvious questions like...
whoami
This command displays the effective user ID. By default, OSX logs you into a bash session with the account you executed the application with. It's possible to change your user ID using the login command. From there you can enter the user and password.
There are a few different ways we can find out what a command does
commandSometimes a command will just tell you what kind of input it’s expectingman commandShort for MANual,mangives you the full story of a command.command -horcommand --help
Note: In these examples we're adding what are called arguments to our command. When the command is executed, these arguments are used as input which can either enable or disable certain options or provide data or parameters as arguments. More on this later.
pwd
This command returns the Pathname of the current Working Directory. When you execute commands, by default they act on the current working directory.
ls
LiSt lists the contents of a directory.
- Enter
lsto view the contents of your current working directory. - Enter
ls ~/Downloadsto view the contents of your downloads folder.
If you're like me, then the list doesn't fit on one screen.
The | or glyph character lets us "pipe" the output from one command to the input of another. Piping is a form of output redirection. More on this later...
Enter ls ~/Downloads | less to pipe the output to the less command input.
You can also pipe to commands like grep to filter results. If you wanted to return only results from ls that had the extension .sh, you could pipe the output of ls to grep like so: ls | grep .sh.
But then you could also use the wildcard symbol * with ls. ls *.sh is much simpler and does the same. grep comes in handy with commands that don't use the wildcard or when we're looking for more complex patterns.
less
displays a file or input stream in a way that allows for movement forwards and backwards interactively.
- Press
qto return to the command line.
Let's enter man ls and check out the synopsis or usage example:
ls [-ABCFGHLOPRSTUW@abcdefghiklmnopqrstuwx1] [file ...]
Here we see the command ls followed by a list of available [-options] followed by an additional arguments [file ...]
These are "switch" arguments passed to a command, enabling or disabling certain features and are specified by prefixing a - to some letter or number.
Some of these options require additional arguments. For example, a command may have an option to output to a file using the -o switch followed by the path to the file.
command -o /path/to/file/filename.ext
It’s typical to see a command usage indicate how a command is used, e.g.
Usage: command [-options] [args ...]
Things might get messy at this point. Need to clear your screen?
clear
cd
Changes the current working directory. Think of this as where you are.
cd directorychange to a directory in your current working directorycd ..change one directory "up"cd ../directorychange to directory one directory "up"cd /change to the root directorycd /directorychange to a directory in the root directorycd ../../../move three directories "up"cd ../../../directorychange to a directory three directories "up"cd ~change to the home directory
Caution! DO NOT run commands preceded by this sign: 🛑
It's possible to permanently and irreversibly overwrite or delete files with some of these commands. For safety sake, please make sure to run these from your home ~ directory.
Run cd ~ and pwd to make sure you're in /Users/YourUserName
mkdir
- Run
mkdir ~/playpento create a new directory (folder) for us to play in. - Then run
cd ~/playpento change to that folder.
You can create a directory in a location other than your present working directory by specifying the full path, e.g. mkdir /Users/YourUserName/Documents/MyNewDir
Tip: You can string commands together in a single command line entry using ;. For example, you can run mkdir ~/playpen; cd ~/playpen to create a directory and change to it.
rmdir
Removes an empty directory
- Make a directory to delete:
mkdir delete_me - View the fruits of your labor:
ls - Now clean up:
rmdir delete_me
You can remove an empty directory in a location other than your present working directory by specifying the full path, e.g.
rmdir /Users/YourUserName/Documents/AnEmptyDirectory
It's possible to create files from scratch. Here are a few different ways.
$ > /path/to/new/file/filename.ext
$ touch /path/to/new/file/filename.ext
$ echo > /path/to/new/file/filename.ext
$ cat < /path/to/new/file/filename.ext
Let's try them out!
- Run
cd ~/playpen - Run
> ~/playpen/new_files/made_from_scratch.txt - Run
touch ~/playpen/new_files/made_with_touch.txt - Run
echo 'Made with echo" > ~/playpen/new_files/made_with_echo.txt - Run
cat > ~/playpen/new_files/made_with_cat.txt
This last command doesn't return you to the prompt. Instead it allows you to write directly to the new file, line by line.
Type This file was made with cat. and press return.
Then press control + c to end the process.
echo
Can be used to write string and stored values to the standard output.
echo ‘hello world!’
echo $HOME
cat
Concatenate and print files. Usually used with the > to contents to standard out
cat file1.txt file2.txt file3.txt > file4.txt
| > >>
These symbols redirect the output of a command to different places.
|pipes the output of the preceding command to the input of the following>directs the output of the preceding command to a specified file, overwriting it if it exists.>>directs the output of the preceding command to a specified file, concatenating it to the existing file.
ls ~/Downloads > ~/Desktop/my_downloads.txtecho 'This is the first line.' >> newfile.txt; echo 'This is the second line.' >> newfile.txt
cp
Copies a file or directory from one location to another.
cp source_file.ext dest_file.ext
cp -r /source/directory/ /destination/directory/
rm
Deletes a file or directory. !!! There is no way of undeleting !!!
rm /path/to/file/filename_1.ext /path/to/file/filename_2.ext
rm /path/to/directory1 /path/to/directory2
WARNING!!!
🛑 rm -rf / will completely erase your file system, including any mounted drives/volumes
Miss your GUI yet?
open
Uses the OS to launch the default application for viewing a specified file. Can also be used to launch an application.
open /path/to/file/file.ext
open /Applications/Application.app
We can store and recall values in variables.
- Run
a=1 - Run
b=2 - Run
c=a+b - Run
d=$a+$b - Run
let e=$a+$b - What do we get when we run
echo $c - How about
echo $d - And
echo $e
We can store and recall values in variables.
- Run
var1=cat - Run
var2=dog - Run
var3=var1+var2 - Run
var4=$var1$var2 - What do we get if we run
echo $var3? - How about
echo $var4?
It all starts with a #! (shebang)
There are times where you might find yourself entering the same sequences of commands to perform routine tasks. Scripting allows you to create a file that can execute those commands with a single command. Scripts can be simple, involving a fixed, or “hard coded”, list of commands to be executed in order, or can be more complex, utilizing variables, conditionals, loops, and other features you might find in a proper programming language.
Noe we're going to write a super simple script, change it's permissions to make it executable, and then create a symbolic link to it so that we can execute it just like any of our other commands.
mkdir ~/Documents/Scripts/cd ~/Documents/Scripts/> helloworld.shnano helloworld.sh
nano is a basic text editor.
control + g gives us the help menu
control + x exits
In nano type:
#!/bin/bash
clear
echo 'Hello World!'
Then press control + x
Followed by y for yes
And finally, enter to exit and save.
You can run our script with bash helloworld.sh
chmod
Changes file modes or Access Control Lists. We can use this command to make our script executable.
chmod +x helloworld.sh
Now we can execute it by typing ./helloworld.sh
ln
Creates a link from one file to an alias in another location.
ln -s /path/to/our/helloworld.sh /usr/local/bin/helloworld
Running this command will create a symbolic link to our helloworld.sh script in our /usr/local/bin folder. If we run echo $PATH, we can confirm that /usr/local/bin is in the PATH bash uses to locate commands.
Another way to ensure that our executable scripts can be found by our shell is by changing the $PATH variable by adding lines to the ~/.bash_profile file.
If you make a scripts directory in your home directory, by executing echo "export PATH=\"/Your/HomeDirectory/scripts:\$PATH\"" >> ~/.bash_profile will be able to execute any scripts, like myscript.sh there in simply by typing ./myscript.sh anywhere.
Thanks for taking this workshop. It's still a work in progress and I'd appreciate any feedback you have. If you want to go deeper, the following slides have basic commands for viewing and changing network settings.
This module is dedicated to getting students setup with a live bootable Kali linux system. USB drive and USB WiFi dongle are included!
ping
traceroute
arp
ifconfig
ipconfig
ping
Sends ICMP ECHO_REQUEST packets to network hosts. When we send a ping to a device, we expect a response. ping sends the request and listens for the response and gives us some statistics about the response time.
ping 1.1.1.1
ping google.com
traceroute
Shows the route packets take to a network host.
traceroute 1.1.1.1
traceroute google.com
arp
Address Resolution Protocol (ARP) display and control.
Every network device has a unique Media Access Control (MAC) address. When connecting to a network, your MAC address is assigned to a unique Internet Protocol (IP) address on that network. ARP tables allow networked devices to communicate directly to one another by resolving their IP to their MAC addresses and visa versa.
The arp command shows us the ARP table and gives us the ability to add and remove entries.
arp -aln displays the arp table
sudo arp -ad deletes all arp table entries
ifconfig
Allows us to view and configure network interface parameters.
ifconfig en0 gives us network connection information for the interface en0
ifconfig en0 ether prints just the current MAC address for en0
ipconfig
Allows us to view and control IP configuration state.
ipconfig getifaddr en0 prints our local IP address
grep
A very flexible and feature packed file pattern searcher.
ifconfig en0 | grep broadcast prints the line containing broadcast
arp -aln | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' returns IPs in the arp table
Keep on hacking! See you next session!