BREAKING INTO SECURITY

1

2

JOHNNY LONG

3

JOE MCCRAY

4

BRIAN DOMSCHKE

WHO ARE WE?

5

JUSTIN “SPRIDEL”

BROWNOSINT Ninja

Web App Ninja in TrainingHFC Booth Guy

Newest Co-Host of ISDPodcastBaylor Grad

6

FRANK J. HACKETT

7

Senior Systems EngineerNetwork Guru

Sys Admin From HellSecurity guy in training

WVU Dropout

8

‣Why do you want to listen to us?

‣What’s worked for us and what hasn’t

‣What we’ve done to get involved

‣Tips for Mentors!!

WHAT ARE WE TALKING ABOUT?

LEARN TO COMMUNICATE

9

‣IRC‣irc.freenode.net - use SSL!‣Tools that you use (#snort, #nmap, #ettercap-project, etc)‣OS’s (#backtrack-linux, #pentoo, #ubuntu, etc)‣Ask questions‣Don’t ask if you may ask‣CHECK GOOGLE, FAQ, FORUMS BEFORE!!!

TWEETER!!

10

‣Get an account!‣Get over it and stop shunning all social media

‣Tweet and make friends‣See new ideas‣Links!‣Open and free knowledge

TWEETER CONT’D!!

11

@DerbyCon@Dave_Rel1k@Irongeek_ADC@fjhackett@spridel11@oncee@Hack3rcon@j0emccray@JaysonStreet@nullthreat

@iampr1me@mubix@hdmoore@c0ncealed@gl11tch@hacktalkblog@carnal0wnage@n00bznet@ihackstuff@ISDpodcast

MEETUPS

12

‣Local Spots (AustinHA, NoVAH, PhoenixSSH, OSOC, RVAsec, etc‣Professional Spots (ISSA, ISACA, Infraguard, etc‣Cons! (AIDE, DerbyCon, Shmoocon, Hack3rcon, BSides)‣Make friends! Talk to people. They won’t bite.‣Hangout have a beer‣Listen to the talks don’t just hangout in the CTF all day

ONLINE

13

‣IRC‣Skype‣Google Hangouts‣Twitter‣Failbook‣LinkedIn‣Your Trusted Mentors/Friends/Random Hackers

LEARN TO LISTEN

14

‣Podcasts‣ISDPodcast‣Pauldotcom‣Securabit‣Risky Business

LEARN TO STOP BEING LAZY

15

‣Get involved with those friends you made at the con‣Hackers for Charity - Go sign up!!! (NOW!)‣Random Hacks of Kindness‣Security R00kies‣Make your own group!

BUDGET LABS

16

‣VirtualBox‣VMware Player‣VMware Workstation ($$)‣VMware Fusion ($$)‣Parallels ($$)‣Think small - one victim vs entire network‣Start Vulnerable ‣MS08_067‣Metasploitable(s)‣Webgoat‣Mutillidae

LEARN TO READ

17

‣Books! zOMG‣Professional Penetration Testing - Thomas Wilhelm‣Grey Hat Hacking - Harris, Harper, Eagle, & Ness‣Metasploit: The Penetration Tester’s Guide - O’Gorman, Kearns, Kennedy, Aharoni

‣./command -h‣nano/vi/vim - look at the code!‣Forums‣Googlefu

LEARN WHAT DOESN’T WORK

18

‣Don’t troll‣Take a joke... seriously just take it and laugh‣Be respectful‣Don’t spam‣Be open to new ideas - different approaches‣Don’t expect step by step instructions

LEARN WHAT DOESN’T WORK

18

‣Don’t troll‣Take a joke... seriously just take it and laugh‣Be respectful‣Don’t spam‣Be open to new ideas - different approaches‣Don’t expect step by step instructions

KNOW WHO YOU’RE TALKING TO

19

‣Distinct difference between Anonymous and a security professional‣People lie on the internet‣Not everyone wants to help you‣Protect yourself

KNOW WHO YOU’RE TALKING TO

19

‣Distinct difference between Anonymous and a security professional‣People lie on the internet‣Not everyone wants to help you‣Protect yourself

SUGGESTIONS THAT HELPED US

20

‣Scripting! The power of the “for loop”‣Get comfortable in CLI‣Be an aggressive learner‣Help out where you can‣Give back - don’t only take‣Finding your niche

QUESTIONS AND COMMENTS

21

@spridel11@fjhackett