DEF CON 30 Preparation

Step 1: Choose the days you’ll be staying

There are other conferences going on before and after the conference.

Step 2: Choose your hotel

Take a look at the hotels that DEF CON has cut a deal with
https://defcon.org/html/defcon-30/dc-30-venue.html

  • The LINQ
  • Harrah’s
  • Flamingo
  • Bally
  • Paris
  • Planet Hollywood
  • Caesars Palace

The Website says DEF CON will take place at “Caesars Forum, Flamingo, Linq, and Harrah’s”

You could stay at another location, as long as you have access to the metro, it stops right outside of the Caesars Forum.

If you are trying to save money, you can stay off the strip or split the room cost.

I personally like staying at Tuscany which is where BSidesLV has been held for the last few years.

Step 3: Book your flight and or car rental

The sooner you book your flight the cheaper it will be.

If you are driving, you will also have to pay for parking anytime you stay at a casino on the strip.

Step 4: Build your agenda

Take a look at the Talks you are interested in and have 1 or 2 things you want to attend each day.

  • Presentations
  • Demos
  • Hands on Workshops
  • Villages
  • Contests
  • Parties

DO NOT OVERBOOK YOUR TIME!

There is more to DEF CON then what you can experience in 1 year!

Take a look at the forms to follow how things are progressing.

If parties are your jam, you’ll want to follow the twitter account @defconparties for up to date info and a awesome calendar with all the known parties.

Step 5: Plan the time off

You will need to take time off, get your backups in place and with your employer, Significant other, Parents or whoever to make sure you can go.


If part of your job is with security or you have the possibility that your employer will send/reimburse your trip, you should write a justification letter to pitch the idea. You’ll want to include

  • DEF CON can count toward your earning continuing education credits (CPEs, CEUs, ECEs, PDUs).
  • You can Expand your knowledge
  • Learn new skills
  • Meet & Network with Security Professionals
  • Cost breakdown

Step 6: Plan your budget

This conference is largely run with cash, while over the years it’s started accepting platic(Debit and Credit Cards) you’ll still want to bring some cash with you.

Step 7: Plan your meals

You will pay premium price for food when in the casinos.
If you are going on a budget, bring your own protein bars, snacks and such.
One of the places I make a point to go eat at, is an amazing burger joint inside of Paris called Burger Brasserie.

Step 8: Plan your drinking

You will be in the desert, you will need to drink plenty of water.
Bring your own reusable water bottle, and you can refill it almost anywhere.
If you are going to go out drinking, I’d highly suggest a drinking buddy to have your back.
If you are doing it on a budget, bring your own ice chest and go buy your beer at a big box store.

Step 9: Get involved

Go have fun, ask questions, talk with people!
Some of my best memories are meeting people in #LINECON (when you are waiting in line to buy the ticker or get into a presentation)
Stay humble in this crowd, if you don’t know about something, ask questions instead of faking it.
There are a lot of people willing to teach you something new.
Don’t spoil that opportunity by acting like a know-it-all (1337 h4x0r attitude).

Step 10: Know & Practice the 3-2-1 Rule

3 hours of sleep
2 meals a day
1 shower
AT A MINIMUM

There is more to cover but for now, I’ll leave you with DEF CON’s official FAQ

Posted by Gater_Byte in BLOG, DEFCON, 0 comments

Art of Quest Building

Introduction

So, you’re interested in building a quest for the DarkNet? That’s excellent! Maybe you’re doing this because you have an amazing idea for a puzzle. Or maybe you learned something new and you’d like to teach everyone about it. Or maybe you’re looking for a way to earn some more points. Whatever the reason, this guide is here to help you construct a quest that will be not only a valuable addition to the Daemon, but even more importantly, will be fun for DarkNet agents everywhere!

As you are planning out your quest, keep in mind the vision for the DarkNet:

DarkNet is a radical, egalitarian social order: it’s the democratization of technology, production, and information. DarkNet is the organizational side-effect of putting information, technology, and, ultimately, economic power back in the hands of the producers, the makers, and the thinkers of the world.

We want to teach, share, collaborate, and challenge each other to be the best we can be.

In the same vein, this guide is written from our own experiences running the DarkNet, but we are by no means experts on the subject. This guide will continue to evolve as we learn and as we receive feedback from you!

Building a Quest

Target: 1 hour of content per quest (with the possibility of multiple quests in an epic)

Terminology:

  • Epic: A thematically- or topically-connected string of one or more quests
  • Quest: An activity which produces a single, predefined outcome or answer

Foundational Questions

As the title suggests, building quests is more of an art than a science. Like any type of creative process, building a quest can be both tricky and easy at the same time. Writer’s block and “the endless pursuit of perfection” are both real challenges that prevent amazing quests ever getting released. In order to help you along your way, here are a few questions to organize your thoughts (with longer descriptions below):

  • What type of quest do you want to build? Are you more interested in teaching our agents something new, or in challenging an agent’s existing knowledge?
  • What is your core subject matter?
  • Who is your target audience (e.g., people with existing knowledge of network fundamentals, people who’ve never held a lockpick in their life, people who like to play controller-tossingly difficult video games, etc)
  • How difficult should this be for your target audience? For others?

Be judicious as you consider these questions: it is easy to fall into the trap of trying to build “one quest to rule them all” with every element you can think of. Instead, build multiple smaller quests with each only having a single set of elements that together form a greater whole. 

What type of quest do you want to build?

The DarkNet is all about helping our agents grow through a series of trainings and challenges, and both are very important components of achieving our mission of putting power back in the hands of the people. Consider whether you are more interested in teaching someone a new set of skills they might have never seen before or whether you are more interested in challenging someone’s existing knowledge. If you head down the challenge route, make sure there is a way for the uninitiated to learn the content elsewhere!

Teaching quests are our way of taking someone from zero to hero in a structured way, with some problem-set-like challenges along the way to test and cement their knowledge. The priority is on the education versus the mystery/puzzle/challenge, and you will likely end up writing a decent amount of explanatory content and toy puzzles to show off specific aspects of the skill.

Challenge quests, on the other hand, are a way of synthesizing multiple skill domains together and testing an agent’s ability to delve down beyond their current foundational knowledge. This could be done by challenging the agent to combine multiple techniques in a single step of the puzzle or encouraging them to read the raw protocol documentation to discover a new way of using a specific data field.

From a scoring perspective, teaching quests tend to receive a smaller allocation of DarkNet Points and instead prioritize DarkNet Reputation to show off the agent’s newfound skills.

What is your core subject matter?

Now that you have decided on teaching versus challenging, you need to pick out your core focus area for your quest. It is important that you have a clearly defined list of defined topics for the quest to prevent rambling, runaway quests.

For a teaching quest, this should usually stick to a single focus area that could be described to a knowledgeable peer in only a sentence or two. For example, you might build a training quest that focuses on the basics of WEP cracking: triggering ARP packet generation, collecting sufficient ciphertext, and brute forcing the encryption key. Resist the urge to build The Epic Training Quest To End All Training Quests (e.g. WiFi Security would be way too broad for a single training quest). Because you are targeting agents that are unlikely to be familiar with your skill, you want to keep the content bite sized and give them the opportunity to “checkpoint and bail” after an hour (by completing the quest) if it isn’t quite their cup of tea.

By nature, challenge quests are going to be more broad than a teaching quest, but you still need to resist that urge of going too broad. When choosing a challenge quest, consider whether you would like to go for depth or breadth: either you would like to challenge an agent’s in-depth knowledge of a specific area (e.g. the ability to construct/parse raw WiFi frames), or you would like to challenge an agent’s ability to synthesize knowledge across multiple domains (e.g. a simple cipher embedded in an SSTV signal). If you are interested in doing “everything at once, for the epic, ultimate challenge,” take a look at the Advanced Quest Building section below.

A fun hybrid of the two quest types is the “advanced training quest,” in which you are focused on teaching a more advanced skill area, but simultaneously forcing the player to apply their just-learned knowledge along the way. For example, you could teach the basics of sending and receiving Bitcoin transactions in your first training quest, and then focus on building custom transactions in your “advanced training quest.” This arrangement encourages the player to practice their initial knowledge of sending and receiving, but in a novel, assisted way by sending a hand-built transaction. This is a very effective way of chaining together multiple training quests for some epic education.

Regardless of quest type, write down your core subject matter at the beginning and reference it regularly to ensure you are staying on track with your original goals. By all means, feel free to change the goals as you think about it some more; just make sure that you can still present a concise description of the purpose of the quest. One technique for doing this is Key Takeaways: “By the end of this quest, the agent will be able to do X, Y, Z” or “By the end of this quest, the agent will have shown in-depth knowledge of areas X, Y, and Z.” If you can’t fit your key takeaways in a single sentence, you should consider splitting your content into multiple, related quests.

Who is your target audience?

The DarkNet has a wide spectrum of ability levels and specialties, so you will need to be selective in deciding which subset of the agents you would like to target. Also, remember to be respectful of your target audience, especially if you’re doing a teaching quest. Just because your target audience doesn’t know how to write complex regexes or reverse-engineer a piece of malware, doesn’t mean they’re stupid. 

How difficult should this quest be?

For target audience? For others?

Difficulty is a tricky thing, and this is where playtesting (see below) will come in really handy. It’s very easy to fall into the trap of “I know it, therefore everyone else knows it”, and forget to spell out key bits of information which you take for granted but may not be obvious to people who aren’t you.

Aesthetics of Play

In broad strokes, the aesthetics of play are aspects of enjoyment in activities that people will tend to seek and enjoy in differing amounts. People are different in how much the various aesthetics appeal to them and in what amounts, but any given activity or game can only usually focus on a handful. Please read through this writeup on The Aesthetics of Play as they pertain to the DarkNet: https://drive.google.com/open?id=19UXNo-3mWY2pGNptzmebPVRox7OEgJdQ

Other descriptions of the same concepts

Think in terms of the player

Stop yourself regularly and review your quest from the eyes of the player. Is this a reasonable logical jump? Based on the information provided, what are other possible directions the player could be thinking?

Playtesting

Just as you did during the design process, put yourself in the agent’s shoes and walk through your quest. This unfortunately gets more and more challenging as you become more and more familiar with the quest content. So, once you think you’ve got something all figured out, it is time to bring in some outside help! This is the process of playtesting and is crucial to the playability of your quest. Find a friend who is somewhat close to your target audience, and ask them to work through your quest. (Bribery helps!)

Pay attention to the mistakes that are made or roadblocks encountered during playtesting: you will use this information to design your pre-written hints. In fact, you’ll likely even want to playtest your hints just like you’ve playtested your quest!

Designing and Giving Hints

Puzzles are puzzling because you have multiple possible options and are not certain which one is correct.

Example: a child’s puzzle (placing different shaped blocks in cutouts) has a small number of options (piece selection and orientation). A hard physical puzzle has 5000 pieces and 4 orientations. A maniacal physical puzzle has 8 orientations (pieces can be upside down as well).

With each of the above examples, you have a pretty good idea when you get a piece right, and when you are mistaken (“false paths”), you can’t go too long without realizing your mistake (nothing else fits, or something else fits better).

Harder puzzles will have more possible options and potentially more false paths. A good, straightforward puzzle should be very clear when you hit on the right path. A good winding puzzle should feel like you got it right on a false path, but leave this nagging feeling like you missed something and want to go back.

Much of the fun in puzzle solving comes from thinking through the set of options, maybe trying a few, and eventually landing on one that “feels” right. 

Understand where your player’s brain is at so you can eliminate the false path that is getting them stuck and guide them towards the right path

Pre-written hints

Use your playtesting experiences to your advantage here! In playtesting, you had real people make real mistakes. Be prepared for more agents to make the same and similar mistakes.

Providing hints on the fly

Ask questions! Your goal is to constrain the problem space by eliminating unproductive paths or (re)introducing previously eliminated paths.

Have a quest you want to write?

Got through the entire Art (or just skipped down here, in which case we applaud your bravery and recommend you go back and read it)?

Use this form to enter a quest!

Posted by Gater_Byte in BLOG, DEFCON, 0 comments

Interview with Silk and Gater_Byte

Thanks again to Silk for reaching out to do the interview!

It was great chatting with you as always, and I am personally digging your videos!

Go check out the other awesome Videos that Silk (Alex Chaveriat) has made on his channel,

Including our interview, HACKING DEFCON with a URINAL CAKE, and A MUST READ for every HACKER – Daemon by Daniel Suarez

or you can follow him on his twitter at @alexchaveriat

If are are interested in the Holon Network Podcast with Myself and Digital_Tinker, check out
holonnetwork.podbean.com

We stream every Monday at 5:45​ PT (8:45​ ET) at https://www.twitch.tv/holonnetwork

Posted by Gater_Byte in Podcast, 0 comments

Use Jisti as a video conferencing alternative to zoom.

What is Jisti?

Jitsi Meet
More secure, more flexible, and completely free video conferencing.

Jitsi Meet is a fully encrypted, 100% open source video conferencing solution that you can use all day, every day, for free — with no account needed.


What else can you do with Jitsi Meet?

Share your desktop, presentations, and more
Invite users to a conference via a simple, custom URL
Edit documents together using Etherpad
Pick fun meeting URLs for every meeting
Trade messages and emojis while you video conference, with integrated chat.

And it’s easy to get started

Step 1:

First grab some headphones and connect them to your device! It doesn’t have to have a mic built into them, because your device most likely has another Mic. Trust me here, it will save your ears and troubleshooting issues later

Next Go to https://jitsi.org/ and Click the “START A CALL”

Step 2:

This will open the page https://meet.jit.si/

You can name the meeting or it will randomly create a room name.

If you are on a laptop, I suggest you use the chrome browser, and then click the link below to install the Jitsi Meeting extension

https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb?hl=en-US

If you are using a mobile device, click in the bottom left hand corner to download the Jisti app to your phone or tablet.

Here is the link to the app for Android https://play.google.com/store/apps/details?id=org.jitsi.meet

Here is the link to the app for iOS https://apps.apple.com/us/app/jitsi-meet/id1165103905

(Optional) You can connect your calendar and create a reoccurring meeting

When you are ready to meet, click the “GO” button.

Step 3:

It will then ask you for permission to access the Camera and Microphone, and you want to click “Allow”

Step 4:

If you need to change any settings see the picture below locate them.

You can share your screen if you click the icon to the far left.

If you want to share your room information with other people or have the option to call in from a phone, click the “Share & Call-in Info” icon, which is the Circle with the I in the center.

Step 5:

Send the room name to your friends, and they will connect!

If you aren’t talking, its a good habit to mute your mic.

When you are done with the call, you can close the window.

Posted by Gater_Byte in Projects, 0 comments

Scanning, Sniffing, and Enumeration

<Transcribed from Holon X-Ray Training Series 3>

pyre addresses the class

“There are a few key concepts you need to learn to defend yourself as an Agent.  The first is “Keep Your Doors Locked”, the second is “Recognize When You Have Been Pwned”, and the third is “Identity is Everything”.  We’ll focus on the first concept in this lesson.

I’ll avoid an in-depth discussion of the following topics so we can get you into the field as quickly as possible, but the following concepts come out of the OSI model.  This model lays out the seven-layer path that all computer-to-computer network communications follow, from the 7th level Application Layer which holds the applications with which you and your computer work, down to the Physical Layer at Layer 1 which handles the electricity, wireless, and flashing lights at the base of your communications, and back up again on the computer on the other side.  This communication was standardized in layers so that hardware and software from different vendors could handle one or more layers and then seamlessly hand off to the next layer.

Core Concepts

IP Address

IP addresses live at Layer 3, the Network Layer, in the OSI model.  Every computer on a network has a unique IP address, which allows other devices on the network to find them.  There are two types of IP addresses in popular use today, IP version 4 (IPv4) and IPv6; I will focus on IPv4 today, but it is important for you to learn IPv6 to properly defend yourself.

IPv4 addresses take the format ###.###.###.###, which is made up of four numbers separated by periods.  Each number is made up of 8 bits (also known as an octet), which is 2^8, or 2x2x2x2x2x2x2x2 = 256.  This means that each number can be from 0 to 255 (the zero counts as one).  An example of a valid IP address is 192.168.132.254.  An invalid IP address is 10.0.311.1, because the 311 is higher than 255.

Subnet Mask

This is a complicated subject that you can begin to dive into here, https://en.wikipedia.org/wiki/Subnetwork.   To put it as simply as possible, IP addresses on a computer are paired with subnet masks, which identify groups of hosts on a network.  They are in the same format as IP addresses, with four 8-bit numbers separated by periods.  A valid subnet mask is 255.255.255.0.  The numbers on the left, 255, mean that every number in the IP address at that space is fixed/static and identifies ALL the hosts in that network.  As an example, for an IP address of 192.168.0.1 with a subnet mask of 255.255.255.0, every host on the current network MUST have the first three sets of numbers (octets) be the same in their IP address.  A computer with an IP address 192.168.10.2 would be on a different network because the third octet is different from our example.  The 0 in the subnet mask means you can assign any number in that slot (from 1 to 254 – more on why that second number is not 0 or 255 in a moment) to any computer in your network, so 192.168.0.150 with a subnet mask of 255.255.255.0 would also be on our network. 

Now for the reason why IP addresses with 0 and 255 are not used on IP addresses with subnet mask 255.255.255.0, as a simple example.  The 0 in the last octet of the IP address identifies the network, and 255 is the broadcast address.  If you want to send a message to a single computer, you sent it to its IP address.  If you want to send a message to ALL computers on the network, you send it to the broadcast address.  For more complicated subnet masks, the first address in the range identifies the network, and the last address in the range is the broadcast address.

There is a shorthand known as CIDR notation, which allows you to write IP addresses and subnet masks in a shorter format.  More about CIDR can be found at https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing.  As an example, CIDR allows you to write the IP/subnet mask combination of 192.168.0.1 255.255.255.0 as 192.168.0.1/24.

Default Gateway

This is the IP address for the device on your local network that lets you get onto other networks, such as the Internet.  Your computer can freely communicate with other devices on the same network and knows how to find them (using ARP, see below), but your computer does not know how to reach devices on other networks, such as the web server www.google.com.  If you try to reach a computer that is not on your local network, your computer uses the Default Gateway setting and passes the request on to that computer (also called a router) to handle.  Your request then goes from router to router until it hits www.google.com.  It is standard for default gateways to be at the .1 address, such as 192.168.0.1, but it is not required.

DHCP

The Dynamic Host Configuration Protocol (DHCP) is used to automatically assign network parameters (IP address, subnet mask, default gateway, DNS, among other parameters) when your computer joins a network.  This allows you to get onto the network at your local coffee shop without knowing the parameters needed for communication on that network.

DNS

The Domain Name System (DNS) is used to provide user-friendly names to IP addresses.  This is what lets you type www.google.com into your browser, and your computer knows that it needs to reach out to 172.217.11.36. 

To help you understand how DNS works, I’ll start from your computer and work my way out.  When you try to go to www.google.com, your computer,

  1. Checks its local DNS cache to see if you have gone to www.google.com recently.  If you have been there, then it just uses that IP address.   This cache entry is deleted after its TTL – Time To Live time has passed – this feature is used to keep entries from getting old and provide protection in case Google decides to move www.google.com to another IP address.
  2. If the name is not in your local cache, then a process is followed that is explained in detail at https://en.wikipedia.org/wiki/Domain_Name_System under Operation.

Ports

Now that you know how to identify computers on your network by their IP address, let’s look at how we open their doors so we can communicate with them

Ports are the doors on a computer that give access to a program running on that port.  When a program runs on a port, it is said to be ‘listening’ on that port for incoming requests from other computers.  An example would be an email server program listening for requests for new email.

Ports are made up of 16-bit values, or 2^16, and thus can be from 0 to 65,535.  There are a set of ports from 0 to 1023 that have been set aside as “well-known” or system ports.  Many of these ports have been permanently assigned to specific services, such as running web servers (port 80), SSL web servers (port 443), and DNS (port 53).  The ports from 1024 to 49,151 are registered ports – companies reach out to IANA (Internet Assigned Numbers Authority) to be assigned one of these ports for their software.  Ports 49152–65535 are dynamic or private ports that are up for grabs.

When your computer connects to a port, it does so in a predefined series of steps called a protocol.  Protocols let computers speak the same language when they want to do a job such as requesting a web page or downloading new email.  These protocols will also be stacked so that you see protocols from different layers of the OSI model in a single interaction.

One set of protocols handles the software with which you interact, such as http for web page interaction, and DNS for matching up IP addresses with friendly names.  These protocols operate at Layer 7, the Application Layer of the OSI model.

When your computer interacts with ports, those Layer 7 protocols ride on another set of protocols a few layers down in Layer 4, the Transport Layer (skipping a few layers for simplicity).  These are TCP and UDP protocols.  TCP and UDP handle the breaking up of a data stream into chunks called packets.  TCP is used for communication and services that require reliable connections – it does a 3-way handshake for the initial connection, puts packets in order, and does error checking.  Web page delivery and file transfers use TCP.  UDP is used for communications that require speed, where reliability is not an issue.  UDP is used for things like streaming audio or online gaming.

You can see a list of ports and whether they use TCP or UDP at https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Firewalls (Windows, Linux, Mac)

Now that you know about all these open doors, it’s time to close them all except the ones you need

Firewalls are used to lock down access to ports.  Many computers come with a set of ports that are open by default so they can communicate with other computers on your network.  Unfortunately, this means that an attacker can also use those ports to communicate with your computer.  If there is a flaw in the protocol used on that port, the attacker could use that flaw to completely take over your computer.

Firewalls block or allow access using rules.  Most firewalls have three types of rules:

  • Inbound/Input rules block or allow access to ports from the outside world, i.e. other devices on your network.  For example, this type of rule allows other computers to have access to a web server running on port 80.
  • Outbound rules block or allow your computer to reach out to other computers.  For example, allow your computer to reach out to any web server on TCP port 80 or check email on TCP port 110.
  • Forwarding rules block or allow traffic to flow between network interfaces for computers that have multiple interfaces.  This could be a computer that sits on two networks or one that has a wireless interface and a wired Ethernet interface.  Your laptop or work/home computer likely will not need this type of rule.

You can get more information on configuring your firewall at one of the following sites.  Note that you should not mess with these rules unless you are absolutely sure you know what you are doing, otherwise you will be completely cut off from email, the web, your loved ones, and society.  Before changing these rules, see the section on Scanning below so you can see what you have open.

How to configure the firewall for the major operating systems:

Mac

Linux

Windows

Scanning

Scanning is a tool used by attackers and defenders alike.  Scanning allows you to determine who else is on your network (by IP address) and check to see what ports they have open.

My scanning tool of choice is Nmap because it is available for most operating systems and it is full of options.  You can get it from their website at https://nmap.org.  For a great read, check out NMAP Network Scanning by Gordon “Fyodor” Lyon, or browse the Nmap website.

Scanning can take time, so break it into four steps.  You can do a Nmap ping scan (-sP) of the network if you are in a hurry or are doing a very large network; advanced users can feed the output of the scan to a file, use grep and awk to clean it up, and then use that file as your host list, with the -iL filename command.

  1. Scan for interesting hosts
  2. TCP port scanning (can take minutes to hours)
  3. UDP port scanning (can take several hours or days, depending on the size of the network; only do it when you have time)
  4. Application enumeration

Host Scan

First, you need to find the IP addresses of devices in the range you are scanning.  If you are scanning your local network, you can examine your own IP address to get an idea of the range of IP addresses.  On Windows, open a command prompt and type ipconfig.  Look for the IPv4 Address (usually on the Wireless LAN Adapter for a wireless connection or the Ethernet Adaptor for a wired connection) and its subnet mask.  On a Mac or Linux open a terminal window and use ifconfig.

nmap -T4 -sP IPrange -oA outputfile

  1. T4 is the speed of the scan, and you have the option of 1-5.  4 is fast and not as likely to lose packets as a setting of 5.
  2. sP is the ping scan.  This is used for host discovery.  Nmap sends an ICMP echo request, a TCP ACK or SYN packet to port 80, and ARP.  Some of these are only used if you are a privileged user.
  3. IPrange is the range of hosts you are scanning.  Options include single hosts (192.168.0.10), CIDR notation (192.168.0.0/24), ranges (192.168.0.1-254), a comma list of hosts, or an input file with one host per line using the argument -iL.
  4. oA outputs the scan results into several different formats, with the filename being “outputfile”

TCP Scan

nmap -T4 -p0-65535 IPRange

  1. T4 – fast scanning
  2. P0-65535 – scan all ports; you can also use a list of ports to speed up your scan, e.g. 20,21,25,110-150
  3. IPrange is the range of hosts you are scanning.  Options include single hosts (192.168.0.10), CIDR notation (192.168.0.0/24), ranges (192.168.0.1-254), a comma list of hosts, or an input file with one host per line using the argument -iL.
  4. Note that scanning can take some time.  Hit the spacebar to see progress.

UDP Scan

Note that this can take more than a week to complete this scan on a large network, so only use it if you have time

nmap -v -sUV IPRange -host-timeout 900000 -T4

Enumeration

Enumeration is used to determine what software is running on a port.  This tool is useful because some system administrators run services on unusual ports to thwart attackers, such as running web services (port 80) on an email port (110).  A computer may also be behind a port-forwarding firewall, so some of the ports that are discovered are actually on the firewall and not the target computer.  Nmap will probe the port and check the responses against its database.  For speed, use the results of previous scans to target specific open ports. 

  1. TCP Scan: nmap -A -O -T4 -p0-65535 IPrange
    1. Note that this scan can take over an hour to scan 8 devices. 
    1. A – version detection – runs a series of queries against the port to determine what software is running
    1. T4 – fast scanning
    1. P0-65535 – scan all ports; you can also use a list of ports to speed up your scan, e.g. 20,21,25,110-150
    1. IPrange is the range of hosts you are scanning.  Other options include single hosts, CIDR notation (192.168.0.0/24), ranges (192.168.0.1-254), and a comma list of hosts.

Trick

If you ever get a result with no hosts found, or discover that some hosts are missing, then scan the entire network without pinging first using the option -P0.  If a computer’s firewall blocks the initial ping scan, then Nmap will not scan through the list of open ports, even if the computer is operational.

Sniffing

Packet sniffing, or sniffing, lets you see everything that your computer sees at every layer of the OSI model.  The most popular visual tool for sniffing is Wireshark, which you can download at https://www.wireshark.org/.  There is also the command line tool tcpdump on *nix systems.

Modern switches are designed so that you only see traffic that is intended for your computer, as well as broadcast traffic that is sent to the broadcast IP of your network.  If you want to see traffic that is destined for other systems, then you will need to find some way to copy packets to you, through a SPAN port, port mirroring, or network tap, or by inserting yourself in the path through a man-in-the-middle attack.

On Windows systems you need special software called WinPcap to enable the packet capture.  This is installed automatically when you install Wireshark.

Running

When you run Wireshark, it will give you the option of selecting an existing saved packet capture file (PCAP) or a network interface.  Choose your network interface.

Your screen will begin filling with sweet packets.  Here are the default columns:

  1. The No. column shows the packets in the order in which they are seen
  2. The Time column shows the seconds that have elapsed since you started your packet capture
  3. The Source tells who sent the packet
  4. The Destination tells where the packet is going
  5. The Protocol is the protocol seen, (e.g. TCP, UDP, DNS)
  6. Length is the number of bytes in the packet/frame
  7. Info gives some basic information about what is seen in the packet

If you click on a packet/frame you will see more details in the bottom half of the screen.  Note that it lays things out in the order of the OSI model, from the lowers layers at the top to the highest layers at the bottom.  It only shows those layers that are appropriate for the selected packet/frame.

Filters

When running Wireshark for the first time you will find a lot of noise clutters up your view of useful information (unless you are specifically looking for that clutter).  The Display Filter bar at the top of the window allows you to home in on data of interest.  It does not modify the packet data that is stored, only changes what is displayed.  Note that there is also a packet capture filter which allows you to only capture the packets of interest.  

I typically get rid of ARP traffic because it is very chatty, unless I am looking to enumerate other active hosts on the same network.  ARP is generated by a computer on the local network looking for the Layer 2 MAC address (the hardware address that uniquely identifies all networked devices) behind an IP address so it can communicate with it.  I also get rid of ICMP traffic – this is used for error messages and other useful things but can be noisy.  For this filter, use: !(arp or icmp).  Note that these are from the Protocol column.  Continue adding to this filter until you can better-discern patterns in the packet traffic.

Tools

There are all sorts of useful tools, such as being able to follow a TCP conversation or SSL stream (under the Analyze menu, then Follow-TCP Stream or SSL Stream), seeing how much traffic is generated between two hosts (Statistics menu, then Conversations).

Google is your friend – look up anything that you find interesting 

Network Miner is a free tool that will grab useful items out of a packet capture

Remote Packet Capture

If you have SSH access to a computer, you can also do a remote packet capture.  On Windows systems, Wireshark makes it difficult to set up remote connections – the ability to save the connections was removed several years ago, and you have to dig through menus to find the option.  You can use PuTTY’s companion tool plink.exe as an alternative.  PuTTY can be downloaded from https://www.chiark.greenend.org.uk/~sgtatham/putty/ (stay away from putty.org – it is not legitimate), and plink will be installed with it.  Run plink using the following command:

“C:\Program Files\PuTTY\plink.exe” -ssh -batch -T -pw $password $user@$IPAddress -P $port | “C:\Program Files\Wireshark\Wireshark.exe” -k -i –

  • $password is the SSH password
  • $user is the username for the SSH connection
  • $IPAddress is the IP address of the SSH server
  • $port is the port used for SSH, in case it is not the default of 22
  • Wireshark will automatically load and will start displaying packets.  The command prompt will display any error messages and will remain locked until Wireshark is closed.

Linux is a little easier, just run the command:

ssh -l $user $IPAddress tshark -w – not tcp port 22 | wireshark -k -i –

Posted by Pyre in BLOG, 0 comments

2019 What should I bring to DEFCON

What should I bring to DEFCON?

TL;DR At a Minimum you should bring:

  1. Laptop
  2. Cell Phone
  3. Tablet
  4. External Battery Pack
  5. Small Surge Protector

From here it depends on what you want to spend your time doing.

If you are going to the hardware hacking side, You might want to bring,

  • Soldering Iron
  • Solder
  • 3rd hand
  • Magnifying Glass
  • Soldering Mat

If you are going to the lock picking village, you might want to bring,

  • Lock pick Kit
  • Bump Keys

If you are going to hang out in the Wifi or SDR village, you might want to bring,

  • An Alfa Card or card compatible of injection mode
  • RTL-SDR
  • Hack RF

How to prepare your gear for DEFCON.

  • You can start installing early or on the first night you are in Vegas. After you have downloaded what you want to install, get it updated and patched. Once you have installed this for DEFCON, Do not do your banking, social media, or other personal data on the box. If you build up your laptop at home, make sure to forget your home wifi.
    • Before you head to to Vegas, I strongly suggest setting up a personal VPN. (More on this later)
    • When you are at the con, participate in as much as you can, Hit the Villages, Look at the DEFCON Program DVD and Music cd.
    • When you are ready to head back home, place all of the programs, Notes, and material you got at Defcon onto a DVD or USB Drive. Then wipe your hard drive on the last night you at at Vegas. You don’t want something following you back home that is possibly compromised.
  • Cell Phone & Tablet: Same Thing
    • Back up personal info, or just buy a burner phone (with cash)
    • Factory Wipe
    • Load Minimum Account Information
    • Load up useful apps
    • Use it for taking notes, Recording Talks, Taking Pictures, Etc
    • On the last night of the con, back up your data to an SD card or Thumb drive
    • Factory Reset the device
  • External Battery Pack
    • These are very helpful in keeping your devices always charged and ready to go, which leads me to…
  • Small Surge Protector
    • There are over 25,000 people who are bringing their gadgets, and everyone needs to charge, so bring a small power strip or surge protector, so If you find a wall outlet, you and a few other people can charge at the same time.
  • Online services and apps cost money, how do I purchase them safely?

To buy a vpn online, or get a few apps on your defcon ready cell phone or tablet, you need to get money.

What I have done, with high success in the past, is using gift cards/PrePaid Cards.

I have tried a few different ones over the years, and the best one thus far has been the OneVanilla PrePaid MasterCard.

https://www.onevanilla.com/ You can buy them at Walmart, It costs $5 to activate the card but has no fees afterward.

On some sites this will not work, so your mileage may very.

After you have your gear ready to go, you need to secure your coms.

You can check out the past post on how to get a VPN up and running Creating a OpenVPN Server for Defcon.

Till I See You Online,

Signing out

– Gater_Byte

Posted by Gater_Byte in BLOG, 0 comments

2018 What Tech Should I Bring To DEFCON?

What should I bring to DEFCON?

TL;DR At a Minimum you should bring:

  1. Laptop
  2. Cell Phone
  3. Tablet
  4. External Battery Pack
  5. Small Surge Protector

 

From here it depends on what you want to spend your time doing.

If you are going to the hardware hacking side, You might want to bring,

  • Soldering Iron
  • Solder
  • 3rd hand
  • Magnifying Glass
  • Soldering Mat

If you are going to the lock picking village, you might want to bring,

  • Lock pick Kit
  • Bump Keys

If you are going to hang out in the Wifi or SDR village, you might want to bring,

  • An Alfa Card or card compatible of injection mode
  • RTL-SDR
  • Hack RF

How to prepare your gear for DEFCON.

  • Laptop
    • Back up your current data
    • Wipe Hard Drive or Buy SSD dedicated for DEFCON ( a 250 GB drive will only set you back $75)
    • What OS to install: You will need to have the ability to use and learn new tools on both Windows and Linux. You can dual boot, or You can install Linux onto a thumb drive. It will be slower then installing it on a SSD. Here are a few links to where you can download both Linux and Windows’ ISOs.
    • You can start installing early or on the first night you are in Vegas. After you have downloaded what you want to install, get it updated and patched. Once you have installed this for DEFCON, Do not do your banking, social media, or other personal data on the box. If you build up your laptop at home, make sure to forget your home wifi.
    • Before you head to to Vegas, I strongly suggest setting up a personal VPN. (More on this later)
    • When you are at the con, participate in as much as you can, Hit the Villages, Look at the DEFCON Program DVD and Music cd.
    • When you are ready to head back home, place all of the programs, Notes, and material you got at Defcon onto a DVD or USB Drive. Then wipe your hard drive on the last night you at at Vegas. You don’t want something following you back home that is possibly compromised.

 

  • Cell Phone & Tablet: Same Thing
    • Back up personal info, or just buy a burner phone (with cash)
    • Factory Wipe
    • Load Minimum Account Information
    • Load up useful apps
    • Use it for taking notes, Recording Talks, Taking Pictures, Etc
    • On the last night of the con, back up your data to an SD card or Thumb drive
    • Factory Reset the device

 

  • External Battery Pack
    • These are very helpful in keeping your devices always charged and ready to go, which leads me to…

 

  • Small Surge Protector
    • There are over 25,000 people who are bringing their gadgets, and everyone needs to charge, so bring a small power strip or surge protector, so If you find a wall outlet, you and a few other people can charge at the same time.

 

  • Online services and apps cost money, how do I purchase them safely?

To buy a vpn online, or get a few apps on your defcon ready cell phone or tablet, you need to get money.

What I have done, with high success in the past, is using gift cards/PrePaid Cards.

I have tried a few different ones over the years, and the best one thus far has been the OneVanilla PrePaid MasterCard.

https://www.onevanilla.com/ You can buy them at Walmart, It costs $5 to activate the card but has no fees afterward.

On some sites this will not work, so your mileage may very.

 

After you have your gear ready to go, you need to secure your coms.

You can check out the past post on how to get a VPN up and running Creating a OpenVPN Server for Defcon.

 

Till I See You Online,

Signing out

– Gater_Byte

 

 

Posted by Gater_Byte in BLOG, 0 comments

2018 First Time To DEFCON?

How to Survive and Thrive at DEFCON 2018 Edition

First a little background:

My Name is Gater_Byte and this is my opinion on how to do DEFCON Right!

The first DEFCON I attended was 17 and haven’t missed one since,

and I have been helping out with the DCDARK.NET group for the last 5 years.

 

So I am going to impart some CON wisdom that I have learned over the years.

If this is your first DEFCON, this is the first year we have been in 2 Locations (Caesars Palace and Flamingo) & It’s the 26th DEFCON!

 

This is a condensed list of things to help you get started.

 

#1 Find out how many days you want to be in Vegas.

BSides LV is on August 7-8, DEFCON is officially from August 9 – 12 . For those who have deep pockets or get your corporate overlords to pay for your trip, you can get into Blackhat before DEFCON.

 

#2 Hotel: If you haven’t got a room yet, you need to.

For DEFCON, the sooner you get the room the better. Some folks get the room booked for the next year at the end of the con. If you are on a budget, there are plenty of option, including splitting a room. You do not have to stay at the con hotel, but someplace within 20 minute walking distance is a good idea. You still might be able to use the DEFCON block rate in one of their partnered casinos.

 

#3 Flight or car rental

After you have Hotel booked plan your travel to get to the con in time, with some extra time for any unplanned issues.  A cheap way to get there is to carpool with other folks that are interested in going. On Flights, book as early as you can. In my case I have started the trip the day before, and then rested up once I got there, and plan on heading home the day after to miss the major traffic. You are NOT GOING TO GET OUT OF VEGAS QUICKLY if you are driving back home on Sunday afternoon. Everyone and their Grandmother is trying to get back home for the work week on Sunday evening.  P.S. save yourself a buck by finding someplace that you can park for free, most of the casinos now are charging for parking.

 

 

#4 Look at the schedule

Right about this time, 2 months before the con, they start announcing more of the talks. Look at which talks you really want to see. I would strongly suggest, don’t go booking all your time in talks. They are important, but most of them will be online with-in a few months on youtube or you can buy the “boxed set” and have it 2 weeks after the con. I would suggest you go to the villages, workshops, contest, Hallcon (Waiting to get into a room) and the few talks that are not recorded Like SKYTALKS. If you are looking to get a little bit of everything, you will want to checkout the DEFCON 101 Track and the DCDARK.NET contest.

 

#5 Get the time off

Next you will need to clear with your employer, Significant other, Parents or whoever to make sure you can go. I would strongly suggest using a template like RSA or BLACKHAT justification letters you plan to make a request for your work to pay for it. Why do I say to do this after booking? Those other parts go by fast, and if you can’t make it to DEFCON, there is a high probability that someone else who you know is going.

 

#6 Know how much cash you need to have on hand

  • Just to get into the con you will need to fork up $280 CASH, No Debit, No Credit, No Bitcoin, cold hard cash.

 

  • You might want to get DEFCON Swag, which is also cash only, if you are looking for prices, look at the DEFCON Ebay page and get an idea of what things will cost.

 

  • There is also the #BADGELIFE, where a lot of people have made some very cool badges or add-on boards. This has been become a growing tread, and there is a standardization of making an add on board. It’s called “Shitty Add-On” (SAO), it’s based off of I2C. But to give you an idea on just how many boards are “known” about right now, there are just as many being kept under wraps untill defcon. Here is the link to the spreadsheet on known badges and add-ons https://docs.google.com/spreadsheets/d/1NgPj-GdSLcI1Rb2Q2sJ5BP0MO2vm2MXv_sLVqHSL8wM/edit .

 

  • Vendors inside of the con don’t get opened to the Public until Friday morning. Some take Plastic, but again, Cash is king. It where you can buy different types of gear. Anything from used machines from unixsurplus or the latest gear from Hak5  , a few places  Picks if you are interested in the lockpicking scene, No Starch Press is there with amazing Reference materials and offers a good discount if you pick up one of there codes, and to round it all off, the Hacker Warehouse is fairly new but a really cool place to get other specialty gear.

 

#7 You need to eat

If you are going on a budget, you can pack High Protein Energy Bars, Beef Jerky, & Nuts instead of going out to eat. There are some great places to eat, Like one of my personal favorites, Burger Brasserie in Paris. I make it a point to go each year, amazing burgers and killer milkshakes. Another Agent (JoyKil) suggested Thai St. Food and said that they will deliver to the front of the hotel, I have’t tried it, but look forward too!

 

#8 Drinking

Yes this is a hacker con, so there will be lots of drinking. I have talked with the staff of the different casinos over the years, and they have told me that We are some of the best behaved from a lot of conferences. That being said, a buddy system to going out drinking, makes for better story endings, vs trying to find a buddy who crossed a highway to get back to the hotel and passing out drink in the hall. But if the Bar scene isn’t your thing, an ice chest in your room with your own boo’s is just as good with a few friends. I know that some folks have brought a local brew to trade among other beer lovers.

 

#9 Get involved

DEFCON is, what you put into it. Talk to other people in line ( aka #LINECON), because you will be in lines one way or another. If you talk to someone, you have made an acquaintance, if you buy someone a drink, you have made a friend. This is by far the most important thing to do at the con. If you Lurk, and don’t engage, you will not have  the full con experience. Stay humble in this crowd, if you don’t know about something, ask questions instead of faking it. There are a lot of people willing to teach you something new. Don’t spoil that opportunity by acting like a know-it-all (1337 h4x0r attitude). Come to learn something.

 

This is barely scrapping the surface,

but there is the “3-2-1 RULE” at DEFCON.

You need at least:

3 hours of sleep

2 meals a day

1 shower

 

There is more to cover but for now, I’ll leave you with both the

DEFCON OFFICIAL FAQ & DEFCON UNOFFICIAL FAQ .

 

 

Till I See You Online,

Signing out

– Gater_Byte

Posted by Gater_Byte in DEFCON, 0 comments
DarkNet Quest Building Announcement

DarkNet Quest Building Announcement

Hello Agents!

We have something really special for you this year:

Player-generated Quests!

Over the years, all quest content has been developed by the DarkNet Operatives, and it has been on us to brainstorm, investigate, and elaborate on these ideas.

But assuming we are experts on everything is dead wrong: our agents have a vast set of knowledge that we should all share. DarkNet is all about sharing information and ideas, so this year we are introducing a way for our agents to participate in the process: player-generated quests.

Now, other than out of the goodness of your heart, why would you want to do this? We won’t leave you empty-handed: first and foremost, as the creator of the quest, you automatically know all the answers, and you can earn those points right away when the Daemon opens up at DC26.

In addition, we will be awarding Reputation Points as well: a new system we are introducing to reward those agents who best exemplify the values of the DarkNet. More on this in the coming months.

In order to maintain the same quality bar we hold for our own quests, we need you to work on the same timeline as us. Quest writeups must be submitted by 11:59pm PDT on June 3 so that we can begin reviewing, copyediting, and playtesting.

If you have questions, need help, or just want to chat about your interesting quest idea, we have created a new channel: #quest-building .

As always, @staff if you need us. Please remember that this is a public channel, so while we encourage public brainstorming, please save the secret sauce of your quest for direct messages with staff members.

It’s your time to shine! Teach us a new skill, or challenge our knowledge of your area of expertise! https://tinyurl.com/yb7ol36r

Posted by Gater_Byte in BLOG, 0 comments

Darknet Agent Quest Submission Teaser

Hello Agents!

 

The Daemon needs you! Maybe you have an amazing idea for a puzzle. Maybe you just learned something new and you’d like to teach everyone about it. Or maybe you’re just looking for a way to earn more reputation points!

 

Sound like your cup of tea? Well, great news: this year, for the first time ever, the DarkNet is opening its platform for player-created quests!

 

Stay tuned for more information this weekend, when we’ll share everything you need to know about building a quest which not only is a valuable addition to the Daemon, but even more importantly, is also fun for DarkNet agents everywhere to complete!

 

We’re hoping to learn something from you or your holon, so with 120 days til DEF CON, get your thinking caps on for quest submission.

 

More to come - stay tuned!
Posted by Gater_Byte in BLOG, 0 comments