Network Hacking 101

Presented at DEF CON 30 (2022), Aug. 11, 2022, 9 a.m. (240 minutes)

Come learn how to hack networks without needing to piss off your local coffee shop, housemates, or the Feds! Bring your laptop and by the end of this workshop, everyone can walk away having intercepted some packets and popped some reverse shells. In the workshop you’ll solve a series of challenges, each in a contained virtualized network where it’s just you and your targets. We’ll start with a networking crash course to introduce you to packets and their layers, as well as how to use Wireshark to dig in and explore further. We'll practice network sniffing and scanning to find your targets, and of course how to execute a man-in-the-middle attack via ARP spoofing to intercept local network traffic. With those techniques, we'll go through challenges including extracting plaintext passwords, TCP session hijacking, DNS poisoning, and SMTP TLS downgrade. All together, this workshop aims to give you the tools you need to start attacking systems at the network layer. Materials: A laptop with Linux or a Linux VM (MacOS can also work, but have a VM installed as a backup). These software tools (detailed installation instructions will be provided in the materials ahead of DEFCON): - OpenVPN: Connect to the challenges you will be hacking - Wireshark (tcpdump also works): Capture and dissect network traffic - netcat (nc): Swiss-army-knife of networking - nmap: Scan and search for vulnerable targets - bettercap: Man-in-the-middle attack tool and network attack platform - python3 (optional): Build new attack tools Prereq: Basic experience with Linux command-line tools Basic familiarity with networking (e.g. you know what IP and MAC addresses are, you could set up your home router, and host a LAN party)

Presenters:

  • Ben Kurtz - Hacker
    Ben Kurtz is a hacker, a hardware enthusiast, and the host of the Hack the Planet podcast (symbolcrash.com/podcast). After his first talk, at DefCon 13, he ditched development and started a long career in security. He has been a pentester for IOActive, head of security for an MMO company, and on the internal pentest team for the Xbox One at Microsoft. Along the way, he volunteered on anti-censorship projects, which resulted in his conversion to Golang and the development of the ratnet project (github.com/awgh/ratnet). A few years ago, he co-founded the Binject group to develop core offensive components for Golang-based malware, and Symbol Crash, which focuses on sharing hacker knowledge through trainings for red teams, a free monthly Hardware Hacking workshop in Seattle, and podcasts. He is currently developing a ratnet-based handheld device for mobile encrypted mesh messaging (www.crowdsupply.com/improv-labs/meshinger).
  • Victor Graf - Hacker
    Victor is a hacker and software engineer from Seattle with a love of network security and cryptography. He most recently worked for a blockchain company designing and building peer-to-peer protocols and systems for non-custodial account recovery. Building and breaking networks was his first love in the world of computers, and he built the Naumachia platform starting in 2017 to bring network hacking to CTFs. With that he has hosted Network Hacking 101 workshops in San Francisco and now in Seattle.

Similar Presentations: