Adam Ringwood gave tonight’s presentation on the basics of Wireshark. Adam began by talking about TCP/IP, and explaining how network addressing and subnetting works. Topics covered about wireshark included basic filtering techniques, how to export objects from the data in the captured packets, how to follow TCP streams and what to look for when searching for attacks. The hands on segment consisted of challenges, wherein the members had to find specific details in several different .pcap files using the techniques discussed earlier.
Today was kind of an experiment in a new meeting format. As suggested by Adam Ringwood, Chris Higgins introduced the wargame ‘Bandit’, hosted by Over The Wire, wherein players are tasked with accessing a game server via SSH in order to acquire passwords that will grant them access to further levels. In order to pass each level, the players need to learn numerous linux command-line utilities, from netcat to bash scripting.
Bob LeGrand gave his first presentation today on Metasploit Unleashed, a popular tutorial for learning how to use the Metasploit Framework. This presentation was designed to be a follow-up to Chris’ Introduction to Penetration Testing, in order to go over the use of the Framework in more detail. The presentation was shorter, and focused exclusively on Metasploit, allowing members in attendance more time to attempt to discover vulnerabilities with their virtual machines. Chris Higgins later stepped up to give a brief introduction to the Meterpreter Metasploit payload and its myriad uses.
Chris Higgins gave today’s presentation on penetration testing; namely, where to begin if one wants to start honing their penetration testing skills. Topics covered ranged from setting up virtual labs with vulnerable distributions, to learning the basics of the Metasploit Framework.
For the debut of ISUSEC’s new VCloud virtualization software and hardware, the hands-on portion of the presentation allowed each member to have their own virtual lab consisting of a Kali Linux machine and a copy of Metasploitable 2. A basic introduction was given, and everyone was encouraged to discover vulnerabilities for themselves, using techniques described in Chris’ lecture.