darkweb.PNG

Event Agenda

  1. Introductions

    1. Beth Ritter-Guth, Director of Instructional Design & American Honors, Union County College; Vice President, FUBAR Labs
  2. What is hacking?

    1. Definition (Merriam Webster): "a person who illegally gains access to and sometimes tampers with information in a computer system."
    2. Glossary of Terms (NOVA)
  3. What is social engineering?

    1. Definition (SET) “any act that influences a person to take an action that may or may not be in their best interest.”
      1. "Social engineering is the human side of breaking into a corporate network. Companies with authentication processes, firewalls, VPNs, and network monitoring software are still wide open to an attack if an employee unwittingly gives away key information in an email, by answering questions over the phone with someone they don’t know, or even by talking about a project with coworkers at a local pub after hours."
    2. Phishing/Vishing/SMiShing/Impersonation
    3. The SET Infographic
    4. Categories of Social Engineers
  4. Who are the hackers?

    1. Ethical Hackers ("White Hat")

      1. EC Council
      2. OWASP
      3. Barnaby Jack
      4. Stephen Wozniak (Apple co-founder) - Phreaker
      5. Neel Metha - Google
      6. Sanmay Ved - Hacked Google (bought their domain for 1 minute)
      7. Jordan Wiens - Hacked United
      8. Reginaldo Silva - Hacked Facebook
      9. James Forshaw - Hacked Microsoft (Windows 8.1)
      10. Alex Miller - Age 12; Hacked Mozilla
    2. Hackers For Good but still illegal actions ("Grey Hat")

      1. Mathew Bevan & Richard Pryce (Hacked North Korea's government and passed to the USAF)
      2. The Jester
      3. Anonymous
      4. Pick from above or below :-)
    3. Criminal Hackers ("Black Hat")

      1. Jonathan James (First Juvenile convicted of hacking at age 15; hacked the US government, NASA)
      2. Kevin Mitnick (Hacked the Department of Defense)
      3. Albert Gonzalez (Leader of ShadowCrew; stole credit cards)
      4. Kevin Poulsen ("Dark Dante" ~ hacked phones to win prizes; now senior editor of Wired magazine)
      5. Gary McKinnon (military hacker)
      6. LulzSec - (Hacker collective; hacked CIA/FBI and other government agencies)
      7. Astra (58 year old Greek mathematician whole stole and sold military grade weapons all over the world for five years)
      8. James Kosta (14 year olf hacked into GE and IBM; instead of prison, went into Navy as a hacker)
      9. Adriam Lamo (the "homeless hacker" hacked the NY Times; he was responsible for turning in Chelsea Manning for providing info to Wikileaks)
      10. Anonymous
  5. How do they do it?

    1. Computers
    2. Phones
    3. Cameras
    4. Audio Devices
    5. GPS Tracking
  6. What is hactivism?

    1. "Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. The individual who performs an act of hacktivism is said to be a hacktivist." (TechTarget Network)
    2. Women in Open Source (WOS)
    3. OWASP Brooklyn
    4. Women in AppSec
  7. How do we learn more?

    1. EC Council
    2. GPEN
    3. OSCP

Tonight's Toolkit

  1. FUBAR Hacks
  2. NOVA Cybersecurity Lab
  3. HTTPS Everywhere
  4. Social Engineering Toolkit
    1. Department of Defense "Interview and Interrogation" Case Study
  5. BeEF
  6. TOR
    1. Read this FIRST
    2. Never maximize a TOR window (you can be tracked)
    3. Always click to forbid scripts
  7. Maltego
  8. VirusTotal

Tools to Use At Home

  1. VirtualBox.org
  2. Qubes OS
  3. Ubuntu
  4. Tails OS
  5. Kali Linux

Terms to Know

  1. Penetration Testing
    1. Phishing (computer based, URL/Email Manipulation; "trusted" source; usually "mass" attacks)
      1. Spear Phishing (Targeting high profile sub groups)
    2. Vishing (Phone based Phishing; "customer support", "mumblers")
      1. "Phreakers" - phone based hackers
      2. Burner Phones - toss away phones ($75 USD)
      3. Spoofing - Impersonation of a company/entity
    3. SMiShing (Mobile phone based Phishing; text based)
    4. Impersonation (delivery person, help desk, etc.)
  2. Elicitation
    1. Establishing "pre-text"
      1. Frame questions: neutral; open ended
  3. Attack Vectors
    1. The Attack Cycle (Information, Relationship, Exploitation, Execution)
  4. DoS Attack - Sending tons of traffic to a website to shut it town

Social Engineering

The Social Engineering Infographic. An infographic by the team at Social-Engineer, Inc all about Social Engineering Threats and Mitigations



The Web

Source:
http://unpromisedone.blogspot.com/2011/09/information-about-deep-web.html

LayersofDW.png



Readings

  1. What is Hacking? (Lifewire)
  2. Famous Computer Network Crimes on the Internet (Lifewire)
  3. What is Hacking? An Introduction (GURU99)
  4. Why we need ethical hackers (Bank Info Security)
  5. The Difference Between The Deep Web and The Dark Web (Quora)
  6. Tor (Anonymity Network)
  7. How to Create and and Use Virtual Machines? (Beginner Geek)
  8. How and Why you should use a VPN (tech hive)

Online Tutorials & Courses (Free)
  1. SANS Cyber Aces

Videos

  1. How to access the dark web
  2. 101 Facts About the Deep Web (Explicit)
  3. The Deep Web - Top 10 Facts
  4. The Man that Solved Cicada 3301
  5. Hackers: The Internet's Immune System (TED)
  6. All Your Devices Can be Hacked (TED)
  7. How to Access the Deep Web
  8. The Dark Web (TedX)
  9. 10 Most Disturbing Things You will Find on the Dark Web (graphic)
  10. The Dark Web
  11. The Dark Web (60 Minutes)
  12. Jamie Bartlett - Inside the Digital Underworld (London)
  13. Trade/Secrets: The Dark Web (Jamie Bartlett)
  14. The Dark Net- Jamie Bartlett - Google Talks
  15. Top Hacker Shows How its Done - TedX
  16. The dark side of the web - Kyle Terry (TED)
  17. Inside Today's FBI: Investigations into the Dark Web (Newseum)