Hi Phil, Here's some demos for your students: BEef - Browser Exploitation Framework MetaSploit/Armitage Videos SSHStrip And of Course AirCrack-Ng They should be exposed at the very least to those things. Sure I would setup all manner of fun honeypots for catching them - but what will you do when you do? On Sun, Apr 21, 2013 at 3:47 PM, Phil Waclawski wrote: > I have an older laptop I was going to reimage, make sure there was no data > on it I cared about, so if it gets stolen, I'll be annoyed, but that's > about it. And I have no intentions of doing ANYTHING illegal, I just want > to learn about what types of attacks are out there, and possibly some > better ways to help my students defend against web based attacks etc. > True, so long as I don't log into ANY account, I can still use the > internet just to browse the web and so on, with the understanding that half > the hotel will probably know what web sites I visit ;) It is tempting to > set up a dummy ssh account with a password that I don't care about > somewhere and see if it gets hacked. > Phil W. > > > On Sun, Apr 21, 2013 at 10:23 AM, Lisa Kachold wrote: > >> Great post Bob! If you are going - do it right! Of course be aware >> while joining the fun of where you break the law; a great deal of >> surveillance occurs from which you could glean a Homeland Security tail for >> a good long time. >> On 21 Apr 2013 08:58, "Bob Elzer" wrote: >> >>> There's no reason you can't bring your laptop, just do the steps >>> >>> Backup your disk or remove it >>> Put in a new disk or erase your current !!! If you backed it up !!! >>> Install a fresh copy of your favorite installation or even backtrack >>> Don't connect to your home or work networks >>> Don't put any of your real info on the computer >>> Go to Defcon, have fun, let them hack away >>> Remember to not use any of your real personal sites or accounts >>> When you're done, wipe everything >>> Put your original disk back in, or restore >>> >>> Then you can tell us all about your trip >>> >>> The only thing you would have to worry about, is someone stealing the >>> laptop >>> On Apr 19, 2013 11:52 PM, "Phil Waclawski" >>> wrote: >>> >>>> Well, I'm attending it in the hopes of learning about how some of these >>>> attacks work, and how to defend against them. Helps me teach my students >>>> better practices (and myself as well). >>>> >>>> To be honest, I had planned on having an old laptop with a brand new >>>> kubuntu install on it (no data I care about) and just doing some blender >>>> work and note taking offline, and never connecting it to a network while at >>>> the convention. >>>> >>>> However, I'm curious, if I set up an ssh tunnel to a server I've >>>> already established a Key system with, wouldn't ssh throw up a huge warning >>>> from a man in the middle attack not having the right "handshake"? At that >>>> point I'd only be hosed if I was dumb enough to say "connect anyway"?. >>>> >>>> Phil W. >>>> >>>> >>>> On Fri, Apr 19, 2013 at 10:30 PM, der.hans wrote: >>>> >>>>> Am 19. Apr, 2013 schwätzte Alan Dayley so: >>>>> >>>>> moin moin Alan, >>>>> >>>>> >>>>> Why in the world would anyone actually attend a conference where you >>>>>> KNOW >>>>>> people are going to attack your electronics and data? Erasing >>>>>> everyone's >>>>>> >>>>> >>>>> It's in the city where people pay to let someone steal from them, so it >>>>> fits the theme. >>>>> >>>>> http://www.newyorker.com/**online/blogs/culture/2013/01/** >>>>> video-the-art-of-**pickpocketing.html >>>>> >>>>> >>>>> credit cards? For the lulz, I guess. It sounds like a bunch of very >>>>>> smart >>>>>> trolls getting together to see who can out-troll who. I would just >>>>>> be collateral damage in such a group. I guess it's an effective way >>>>>> to keep >>>>>> the non-trolls and newbies out of the "defcon club." Or maybe it is a >>>>>> from >>>>>> of hazing. >>>>>> >>>>>> And, if I HAD to go, cash, pen and paper is all I would bring. >>>>>> >>>>> >>>>> Make sure to keep them somewhere safe ;-). >>>>> >>>>> ciao, >>>>> >>>>> der.hans >>>>> -- >>>>> # http://www.LuftHans.com/ http://www.LuftHans.com/**Classes/ >>>>> # Like the maid, I don't do (M$)Windows. - der.hans >>>>> --------------------------------------------------- >>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>>> To subscribe, unsubscribe, or to change your mail settings: >>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>>> >>>> >>>> >>>> --------------------------------------------------- >>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>> To subscribe, unsubscribe, or to change your mail settings: >>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>> >>> >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>> >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** it-clowns.com Chief Clown