Pen-Testing Comps
Wednesday, 3 January 2024

+ Why study how to break into computer systems?
- Jobs jobs jobs
- Build better, more secure systems
- Understand your attackers
- Fun!
- General skill-building

+ Final product
- A Linux VM with vulnerabilities
    a sequence of 3 or more vulnerabilities that
    lead the attacker to root access
- A PDF walkthrough of a solution, including clear
    and detailed explanations (with links/references)
    of the key concepts
- A video walkthrough of a solution

+ Rough schedule
- Weeks 1-3: major categories of vulnerabilities
    (web, permissions, unpatched servers with public exploits, etc.)
- Form groups
- Weeks 4-5: build your first vulnerable VM & get feedback
- Weeks 6-8: plan, execute, and document your final VM(s)
    and make your poster
- Th Feb 29: comps gala, with posters
- Week 9-finals: oral exams; complete your VMs and walkthroughs

+ Classtime
- Discussion of previous activities
- Planning next activities
- Feedback and comparing notes
- Ad hoc technical explanations at your request

+ Time
- 9 weeks goes by fast
- Pen-testing is huge
- We're doing Linux-only for our target machines; see previous 2 bullet points
- This is comps: plan to put in plenty of time (6cr should be about 13 hours,
    but you might want to plan for more if you want to get the most out of it)

+ Count off 1-5 to make groups
- Introduce yourselves
- Share background: how comfortable with Unix command line?
    Networking? (e.g., know what TCP ports are?)
        Vocab: client, server, TCP port

- 1-2 things you're eager to learn
    VM internals
    Categories of vulnerabilities
    Other people's ways of thinking
    Linux internals--what's going on in there?
    Making a big project and showing it off
    ...
- 0-2 things you're worried about
    Apple Silicon problems
    Discomfort with command-line
    Time
    Not knowing what we're doing

+ Messages from me
- Your goal is learning as much as you can
    - start from where you are
    - don't worry about what other people already know
- This takes time. Put in the time, and you'll learn a ton.
- Help each other! Ask for help!
- Comps grading, and what not-passing looks like

+ Kali status?

+ Look at OverTheWire: Bandit 
- What is it?
- How to approach it?
- General cultural issues in the hacking world
- Let's get started