null Bangalore Feb 2010 meet - Setting Up A Security Lab - By K.V. Prashant How/where to start learning about security? By setting up your own small/cheap lab easily. Website: http://null.co.in

1. Setting Up A Security Lab K.V.Prashant

2. Setting Up A Security Lab What is most common/repeated/ annoying(sometimes) question on security forums? Ans:- I want to be a Hacker...... How can I be? What should I read? we will try to address this today

3. Web Server DB App Server A Peak Into Malicious World Server Side AttacksPort level attacks, Privilege escalations, Buffer Over Flow, SQL Injection, etc. Client SideViruses, Malware, XSS, Logical Attacks Network Layer VulnerabilitiesMan In The Middle, Sniffing, Spoofing, Wireless hacking

6. Detect Services running on target systems(Nmap)

8. Getting Hands Dirty:- LAB for system hacking Get your network ready…. At least 2 machines, preferably a powerful desktop. Virtualization softwares VMWare player Sun virtualbox

9. Getting into Business:- LAB for system hacking Get vulnerable Operating systems Unpatched Windows 2000, Xp Damn Vulnerable Linux de-ice Hackerdemia pWnOS Ubuntu 7.04 Vulnerable Matriux Security Distros(http://www.securitydistro.com/) Backtrack Matriux Moth/Lambert Helix(Forensic Distro)

10. Getting into Business:- LAB for Web-Applications hacking Insecure Applications WebGoat Hacme Tools(bank, Casion,Books,Travel…) Damm vulnerable app http://demo.testfire.net/ http://testasp.acunetix.com/ Hands on Older versions of CMS tools like XOOPS, drupal OrangeHRM Follow backtrack mailing list & try to replicate issues…

11. Road ahead…. Simulated network lab Cisco emulators Malware analysis lab Static & Behavior based analysis