NDSU IT, ND Education Technology Council, EduTech, and the ND Information Technology Department are putting on their annual ND Cyber Security conference next Thursday. I've spoken at this iteration of the conference twice, and was looking to put something together for this year's conference.
We had an earlier iteration, and at that one of my co-workers and I put on a workshop where participants executed a variety of attacks against vulnerable systems. This was back in something like 2005, so it was challenging to put on. My boss had suggested doing a CTF this year, but seeing that I've never done a CTF, that sounded a bit intimidating.
I'm a Linux guy that does Java development, but attends a lot of security conferences. Last calendar year I attended four, ours, Dakota State University's DakotaCon, DerbyCon, and The Long Con up in Winnipeg. I see a LOT of attacks against Windows. However, I've never done them. So I came up with the idea of having a hacking village. Most security conferences have a lock picking village, so let's do something like that but with computers.
So with the help of someone in our IT security office, we're putting on a hacking village. We're also enlisting the help of a couple of local pen testers. So the lab will include general attacks, Windows domain based attacks (so I have an excuse to do them), wireless attacks, and we should also have a lock picking village in the same room.
I'll be posting the instructions from the village. Also hope to post about how it goes. This might be something other conferences or user groups may want to try in the future.
This was originally posted on frovarp.dev.
Wednesday, March 6, 2019
Social Engineering Toolkit in the Hacking Village
This is the first of a series of posts describing how to perform the various types of attacks that are available to try in the Hacking Village at the ND Cyber Security Conference. These will serve as instructions during the conference, and as a resource after the conference.
First up is the Social Engineering Toolkit from Dave Kennedy of TrustedSec. This toolkit demonstrates how to perform a variety of social engineering attacks.
From the Toolkit:
First up is the Social Engineering Toolkit from Dave Kennedy of TrustedSec. This toolkit demonstrates how to perform a variety of social engineering attacks.
From the Toolkit:
DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.The attack method to be tested is cloning a website to harvest credentials.
- Open a console on Kali Linux
- setoolkit and then enter to launch
- 1 for Social-Engineering Attacks.
- 2 for Website Attack Vectors
- 3 for Credential Harvester Attack Method
- 2 to clone a site
- Enter to accept the default IP
- https://apps.ndsu.edu/cas/login or a login form your control to clone
- Enter to understand what they are saying
- Launch Firefox
- Go to http://localhost to load the page
- Any credentials that you enter in will be posted back to SET in plain text. DO NOT USE REAL CREDENTIALS.
- Go back to SET console and see provided credentials
More instructions and operations can be found on the SET website at https://github.com/trustedsec/social-engineer-toolkit/
Subscribe to:
Posts (Atom)