Network hacking 201

[Please RSVP on the meetup.com page]

## What is this?

Bring your laptop and learn active attacks on the network layer including TCP session hijacking, DNS poisoning, and TLS downgrade on SMTP.

This workshop builds on the fundamental skills of reconnaissance and ARP-based MitM attacks, which are included in the introductory version of this workshop. If you are a beginner, try to also join for the introductory version first, but if you can’t definitely feel free to come and you can work through the self-guided materials with help from the instructors. Presented materials will be on the intermediate-level skills.

## How will it work?

The workshop will be in person, and most of time will be for you to work on a series of hacking challenges. Additionally, we’ll spend some time at various points to go over presented materials together.

The content will also available online, and you can check them out at notebook.naumachiactf.com. (Note that as of writing this description only the introductory materials are posted there). I encourage you check out the materials and try the challenges ahead of time. Feel free to ask me any questions on Discord at chat.naumachiactf.com.

### Topics we’ll cover

DNS poisoning to gain extend your reach for redirecting traffic.
TCP session hijacking. As the saying goes “I’m the captain now”.
TLS downgrade on SMTP to get rid of all that encryption nonsense.

## What do I need to hack?

You’ll need to bring laptop and the following tools:

OpenVPN: Connect to the challenges you will be hacking
Wireshark (tcpdump also works): Capture and dissect network traffic
netcat (nc): Swiss-army-knife of networking
nmap: Scan and search for vulnerable targets
bettercap: Man-in-the-middle attack tool and network attack platform
python3: Build new attack tools
ettercap (optional): Alternative tool for ARP MitM attacks
arpspoof (dsniff) (optional): Alternative tool for ARP MitM attacks

For more information and installation instructions, check out the dependency page of the workshop materials.

Speaking of the Computer Fraud and Abuse Act: Only use the techniques learned in this workshop in your own home and on other networks where you have consent of those you are sharing it with (e.g. Don’t intercept traffic at your (least) favorite local coffee shop). Not only is it potentially illegal, it’s wrong and extremely rude.

Details
November 14, 2022 6:00 PM - November 14, 2022 8:00 PM
In person, Meetup, Programming
Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, mainly from 3rd party services. Define your Privacy Preferences and/or agree to our use of cookies.
Cancel