Mano ‘dash4rk’ Paul r3c0n to r00t - Security h@Xs and Soul h@Xs.

Mano ‘dash4rk’ Paul

r3c0n to r00t-

Security h@Xs and

Soul h@Xs

2

whois[Querying whois.org]Name: manoranjan paul > mano paul > @manopaul [IDENTITY] Primary: Follower of Jesus Christ (Christian) DOB: 09/30-1990

[TECHNICAL] Advisor: (ISC)2, Software Assurance Books: The 7 Qualities of Highly Secure Software; Official (ISC)2 Guide to CSSLP CEO: SecuRisk Solutions

[OTHER] Researcher: Shark Biology (dash4rk) Creds: CSSLP, CISSP, MCSD, MCAD, CompTIA Network+, ECSA

Record created on 03-03-19.. Record expires on tbd Database last updated on 07-12-2013

www.hackformers.org

wen u c me, tweet #/@HackFormers

3

What is the topic/series about?

• Security h@Xs– Pentesting processes from r3c0n to r00t– Intro to security tools in the Kali Linux

OS

• Soul h@Xs– Exploits that impact the soul– Intro to tools in the Bible and

the protection in Jesus Christ

www.hackformers.org

It is one thing to get

r00ted in security; It is far

worse to get r00ted in life

4

Agenda

• Teach Security • Teach Christ• Teach Security In Christ

www.hackformers.org

Security h@xs -- getting r00ted in security --

Teach Security

6

Pentesting?

• Answers the question:– Can some entity

penetrate your security defenses?

• Attestation of your overall security posture

• Before ogres h@x0rs do• Attest Security Controls

(safeguards, countermeasures)

www.hackformers.org

7

Pentesting? (contd.)

• Rules of engagement– Scope defined– Get out of Jail card

• Structured process– Discovery to Exploit

to Post-exploitation

• Internal/External scenarios

www.hackformers.org

8

Pentesting – what it is NOT?

www.hackformers.org

9

In the “r3c0n to r00t” series

• I will cover the various tools in the Kali Linux pentest distro/OS to perform the 3 steps pentest process– Step 1: r3c0n– Step 2: r3sili3ncy attestation– Step 3: r00t

www.hackformers.org

10

What is Kali Linux?

• Debian based OS distro– dpkg –i file.deb

• Favorite OS for h@X0rs, pentesters and forensics

• Trivia – Other Names– Kali– Backtrack– Whax– Whoppix– Knoppix

• 300+ security tools

www.hackformers.org

11

Tools, Tools, and more Tools

www.hackformers.org

12

Step 1: r3c0n

• Identify live hosts• Enumerate• Discover• Gather

Info/Intelligence

www.hackformers.org

13

r3c0n - Quotes

• Know your enemy– The Art of War; Sun Tzu

• Know your victim–Mano ‘dash4rk’ Paul

www.hackformers.org

15

Step 2: r3sili3ncy attestation

• Evaluate attack surface

• Analyze vulnerability

• Check exploit

www.hackformers.org

16

r3sili3ncy attestation - Quotes

• The art of being wise is the art of knowing what to overlook.– American Philosopher and Psychologist,

William James (1842-1910)

• The art of being wise is the art of knowing what to look over.–Mano ‘dash4rk’ Paul (19.. – Forever)

www.hackformers.org

17

Step 3: r00t

• Run exploit• Getting pwn3d

www.hackformers.org

19

Demo

• Step 1: r3c0n– 1.a. Who is out there alive?

• Live host identification – netdiscover

– 1.b. What can we find out about the living?• 1.b.1. Scanning (enumeration, discovery)

– dmitry– nmap – zenmap– dnmap_server– dnmap_client

• 1.b.2. Fingerprinting– miranda

www.hackformers.org

20

Demo (contd.)

• Step 2: r3sili3ncy attestation– Is the system vulnerable to exploitation?• metasploit framework (check)

• Step 3: r00t– Getting pwn3d?• metasploit framework (run exploit)

www.hackformers.org

Soul h@xs-- getting r00ted in life --

Teach Christ

22

r3c0n of the living

• Who is out there alive?– Identification of the living (live hosts) • Jesus said, “I am the resurrection and the

life; Anyone who believes in me will live, even after dying.” (John 11:25; NLT)• Those who believe in Jesus shall live (now)

and eternally; they are the ones who are spiritually alive. (John 3:16)• The devil is not interested in those who are

spiritually dead

www.hackformers.org

23

Scan

• What can we find out about the living?– The bad:

• Your adversary (h@X0r), the devil is like a roaring lion (in r3c0n), seeking whom he may devour (exploit) (1 Peter 5:8)

– The good:• The eyes of the Lord search the whole earth

(in r3c0n) to strengthen those whose hearts are fully committed to him (2 Chronicles 16:9a ; NLT)

www.hackformers.org

24

Fingerprint

• Whose fingerprint is on you?– The d3v1l’s

• For you are the children of your father the devil, and you love to do the evil things he does. He was a murderer from the beginning. He has always hated the truth, because there is no truth in him. When he lies, it is consistent with his character; for he is a liar and the father of lies. (John 8:44; NLT)

– God’s• For I hold you by your right hand — I, the Lord your

God. And I say to you, ‘Don’t be afraid. I am here to help you. … I am the Lord, your Redeemer. I am the Holy One of Israel.’ (Isaiah 41:13,14b; NLT)

www.hackformers.org

25

r3sili3ncy attestation

• Is our life vulnerable to exploitation?– No one is righteous; no not one (Romans 3:10)– All are vulnerable.

All have sinned and have fallen short of the glory of God (i.e., vulnerable and exploitable)

- Romans 3:23

The wages of sin is death (getting r00ted/pwn3d)

- Romans 6:23www.hackformers.org

26

r00t – getting pwn3d

• Who 0wns you? – Are you r00ted by the devil?

• a slave to sin– Sin is crouching at the door, eager to control you. But you

must subdue it and be its master.” (Genesis 4:7; NLT)

– Are you r00ted in Christ Jesus?• a servant of the Savior and Lord

– And now, just as you accepted Christ Jesus as your Lord, you must continue to follow him. Let your roots grow down into him, and let your lives be built on him. Then your faith will grow strong in the truth you were taught, and you will overflow with thankfulness.(Colossians 2:6-7; NLT)

www.hackformers.org

27

The conclusion of the matter

• No own wants to be pwn3d!

• To avoid security h@xs – one must implement security controls

• To avoid your soul from getting pwn3d (soul h@x), one MUST be r00ted in the one life control – Jesus Christ!

www.hackformers.org

Points to Ponder

Teach Security In Christ

29

Discussion Points

• Would you consider yourself alive or dead (spiritually)?– Born once, die twice– Born twice, die once

• If you are alive, you are the target!• Are you r00ted by the devil (slave to sin) or are you

r00ted in Christ Jesus?

All who call on the name of the Lord Jesus Christ shall be saved

[i.e., not have their soul h@x3d](Joel 2:32)

www.hackformers.org

30

Closing Thoughts

www.hackformers.org

try {if (uLikedThisPresentationAndMtg) {

subscribeViaEmail();followAndTweet(); // @hackformersgetLinkedIn();emailUs(); // [email protected]

} else {

giveFeedback(); // [email protected] }

} catch(Temptations t) {

r00tedIn(God JesusChrist);} finally {

ThankUandGodBless(); }