Hi Phil,

Here's some demos for your students:

BEef - Browser Exploitation Framework

MetaSploit/Armitage Videos

SSHStrip

And of Course AirCrack-Ng

They should be exposed at the very least to those things.  



Sure I would setup all manner of fun honeypots for catching them - but what will you do when you do?


On Sun, Apr 21, 2013 at 3:47 PM, Phil Waclawski <phil.waclawski@mesacc.edu> wrote:
I have an older laptop I was going to reimage, make sure there was no data on it I cared about, so if it gets stolen, I'll be annoyed, but that's about it. And I have no intentions of doing ANYTHING illegal, I just want to learn about what types of attacks are out there, and possibly some better ways to help my students defend against web based attacks etc.  True, so long as I don't log into ANY account, I can still use the internet just to browse the web and so on, with the understanding that half the hotel will probably know what web sites I visit ;)  It is tempting to set up a dummy ssh account with a password that I don't care about somewhere and see if it gets hacked.
Phil W.


On Sun, Apr 21, 2013 at 10:23 AM, Lisa Kachold <lisakachold@obnosis.com> wrote:

Great post Bob!  If you are going - do it right!  Of course be aware while joining the fun of where you break the law;  a great deal of surveillance occurs from which you could glean a Homeland Security tail for a good long time.

On 21 Apr 2013 08:58, "Bob Elzer" <bob.elzer@gmail.com> wrote:

There's no reason you can't bring your laptop, just do the steps

Backup your disk or remove it
Put in a new disk or erase your current !!! If you backed it up !!!
Install a fresh copy of your favorite installation or even backtrack
Don't connect to your home or work networks
Don't put any of your real info on the computer
Go to Defcon, have fun, let them hack away
Remember to not use any of your real personal sites or accounts
When you're done, wipe everything
Put your original disk back in, or restore

Then you can tell us all about your trip

The only thing you would have to worry about, is someone stealing the laptop

On Apr 19, 2013 11:52 PM, "Phil Waclawski" <phil.waclawski@mesacc.edu> wrote:
Well, I'm attending it in the hopes of learning about how some of these attacks work, and how to defend against them. Helps me teach my students better practices (and myself as well).

To be honest, I had planned on having an old laptop with a brand new kubuntu install on it (no data I care about) and just doing some blender work and note taking offline, and never connecting it to a network while at the convention.

However, I'm curious, if I set up an ssh tunnel to a server I've already established a Key system with, wouldn't ssh throw up a huge warning from a man in the middle attack not having the right "handshake"? At that point I'd only be hosed if I was dumb enough to say "connect anyway"?.

Phil W.


On Fri, Apr 19, 2013 at 10:30 PM, der.hans <PLUGd@lufthans.com> wrote:
Am 19. Apr, 2013 schwätzte Alan Dayley so:

moin moin Alan,


Why in the world would anyone actually attend a conference where you KNOW
people are going to attack your electronics and data? Erasing everyone's

It's in the city where people pay to let someone steal from them, so it
fits the theme.

http://www.newyorker.com/online/blogs/culture/2013/01/video-the-art-of-pickpocketing.html


credit cards? For the lulz, I guess. It sounds like a bunch of very smart
trolls getting together to see who can out-troll who. I would just
be collateral damage in such a group. I guess it's an effective way to keep
the non-trolls and newbies out of the "defcon club." Or maybe it is a from
of hazing.

And, if I HAD to go, cash, pen and paper is all I would bring.

Make sure to keep them somewhere safe ;-).

ciao,

der.hans
--
#  http://www.LuftHans.com/        http://www.LuftHans.com/Classes/
#  Like the maid, I don't do (M$)Windows. - der.hans
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown