20-minute Intro to Hacking

Download Report

Transcript 20-minute Intro to Hacking

20-minute Intro to
Hacking
Mike Gagnon, Ethical Hacker
http://mikegagnon.com
First things first…
Ethical Hacking
• Be responsible
• Don’t use hacking for evil
• It’s easy to be caught, and
the penalties are very
steep
Guideline: Never hack someone’s
system without their permission
Why do ethical hackers hack?
• It’s fun
• “War games.” Companies hire ethical
hackers to hack into their systems so that
the companies can learn how to improve
their defenses
• Ethical hackers develop defensive
technology
• Every coder should know how to hack, so
that they know how to write “secure code”
How to hack?
• Hacking =
manipulating a
system to do
something it wasn’t
designed to do
• Like hot wiring a car
http://commons.wikimedia.org/wiki/File:Dash_Wires.jpg
• Hacking computers is often simple
(once you know how computers
work)
How do computers work?
For example: What happens when you type google.com in your browser?
• There is a computer on the
Internet whose address is
google.com
google.com
computes the
response
• Your computer sends a
“request” to that computer
• The google.com computer
computes a “response” and
sends it back to your computer
this response
is a web page:
request
• Your computer shows the
response on your screen
Just like requesting a person to compute something
for you
Example DoS attack
• DoS = denial of service
• Send a request for a very
difficult computation
• It might crash the
computer
• The Air Force once
challenged me to hack
their radar. That’s how I
http://www.ll.mit.edu/mission/cybersec/publications/publ
icationdid it.
http://commons.wikimedia.org/wi
ki/File:C-band_Radar-
Hack my server!
• You have my permission to try to
crash:
http://hackerpuzzle.herokuapp.com
• But I won’t tell you how
• It’s a puzzle
I repeat:
• Be responsible
• Don’t use hacking for evil
• It’s easy to be caught, and
the penalties are very
steep
Guideline: Never hack someone’s
system without their permission
Teach yourself to hack
• It can be a career
• Learn everything you can about how computers
work
• Learn to code
• Learn math (algebra, calculus, statistics, and
beyond)
• Experiment a lot
• Find hacking challenges on the Web
• Be tenacious
• Be patient