[dundee] Flash Talk - 22nd of April - Hacking Tricks for Linux Geeks

[finux at finux.co.uk]

The UAD Linux Society Flash Talk Night – Hacking Tricks for Linux Geeks

Thursday 22nd of April 2010 – 7pm – Meeting Point: UAD Main Campus
Entrance, Bell Street, Dundee

You don't have to be a kernel guru to enjoy this evening, but open minded
and interested in computer security.  The night will have three short
talks all focusing on different areas of ethical hacking techniques, and
promises to have something of interest to many.

The talk is open to everyone, including none students.  You don't even
have to run Linux to come and join us.  The night is free, and there is
always a good banter in the bar afterwards.  So we look forward to seeing
you all

Daniel Hutchinson - ARP Vulnerabilities

This presentation will cover the area of ARP Spoofing. It will include an
introduction to the subject, a taster of the procedures for performing the
attack, and also a brief explanation on the programs used and
countermeasures. This should give the audience enough knowledge to
research the topic further, and give them an insight into Man in the
Middle attacks.

Rorie Hood - Format String exploitation techniques

The presentation will cover a sub-class of buffer overflow exploits:
Format Strings. It will cover the standard C library function printf(),
and how it should be implemented, but more importantly how is can be
misused when not implemented correctly. It will be shown that when
combining format specifiers such as %x or %d with this, we can print out
pieces of the stack. More dangerously however, it will be shown how, and
why we can write directly into memory using the %n format specifier. The
technique of per-byte writing will be conveyed, and a discussion of what
can be achieved with format strings will be presented, though exploitation
payload is not included in the talk

Arron M Finnon - Finux's Facebook API (ab)use for Info Gathering

Attacking a target in ethical hacking requires a certain degree of
knowledge, however tool-kits of vulnerabilities and bags of technical
exploits won't and don't always get you access.  Understanding your target
is key, and knowing the individuals within your target organisation is
priceless.  It has been said in the tech support world, by some “ there is
a technical difficulty between chair and keyboard”, but in security its
the human factor that gets results.

Hacking social media to gain an inside track on your target, has
advantages that aren't as clear to many people as it should be.  Focusing
on the ever growing world of Facebook, and its ability to interconnect
individuals we look at how we can use the very tools supplied by Facebook
itself to developers.  Using the Facebook API we can build a clear picture
of our targets before we even attack them.  If business is war then
information gathering espionage