Presented by

  • Marcus Herstik

    Marcus Herstik
    @Mherstik
    https://marcus.herstik.com

    Marcus is a practitioner who has managed teams and infrastructure and then moved into education. He loves playing with tech and at short notice (3 weeks) got his RHCSA so he could teach with the RedHat Academy to his TAFE students. When not working/teaching he is studying law hoping to put Tech and Law together. It usually means a late night last minute rush, especially checking Libra office formatting. Sometimes other Linux geeks ask "why Ubuntu as your daily driver?". His reply is "because it's closer to my old Mac. It just works!" If they looked carefully the boot up screen seems to show a new version of BackTrack in the list. That's because he was a CEH but let it lapse because it's more fun playing and learning than re-certifying. Marcus' next project is going to use his Raspberry Pi's during Xmas for his lighting and has already found the shop he can get stuff from and YouTube videos to help him set it all up.

Abstract

For those who have always wanted to know a little about hacking this is an introduction to some of the tools available in Kali Linux and how you can use it to check your network for security flaws (aka vulnerabilities). As an introduction to pen-testing, this is designed for novices who are interested in the Cyber Kill Chain, how to test common systems and those wanting to know how to get started, rather than just watching videos. As such this is not intended for advanced users. Many people use tools and systems like Kali to run penetration tests without really knowing what we are doing. This tutorial will introduce a few tools and will have a vulnerable server or two for you to launch your attacks against ensuring this is a closer to real-life attack, rather than just theoretical. Users will need a version of Kali Linux installed or the ability to quickly copy a virtual machine (VirtualBox is the suggested software for this). Short guidance at the beginning will be provided for this but users will need the VirtualBox software installed. We will start by finding the device, then testing for vulnerabilities and attempting to gain access. A step-by-step guide will ensure that all people get some action and hopefully a greater understanding of the mindset and complexity of what it means to "hack" in to something. Participant will need to bring their own laptop with the following minimum recommended specs: 4GB RAM - 2 will be used by the VM, 20GB HDD space, at least 4 processors, wireless network card, VirtualBox or similar ( VMWare or KVM/QCOW etc). Only VirtualBox will be supported and I allow 10 minutes at most for setup. This tutorial will be run by one of the writers of the TAFE NSW Cybersecurity course and a tutor for Cybersecurity at SCU on the Gold Coast.