The Linux Society

The UAD Linux Society Flash Talk Night – Hacking Tricks for Linux Geeks Thursday 22nd of April 2010 – 7pm – Meeting Point: UAD Main Campus Entrance, Bell Street, Dundee You don't have to be a kernel guru to enjoy this evening, but open minded and interested in computer security. The night will have three short talks all focusing on different areas of ethical hacking techniques, and promises to have something of interest to many. The talk is open to everyone, including none students. You don't even have to run Linux to come and join us. The night is free, and there is always a good banter in the bar afterwards. So we look forward to seeing you all Daniel Hutchinson - ARP Vulnerabilities This presentation will cover the area of ARP Spoofing. It will include an introduction to the subject, a taster of the procedures for performing the attack, and also a brief explanation on the programs used and countermeasures. This should give the audience enough knowledge to research the topic further, and give them an insight into Man in the Middle attacks. Rorie Hood - Format String exploitation techniques The presentation will cover a sub-class of buffer overflow exploits: Format Strings. It will cover the standard C library function printf(), and how it should be implemented, but more importantly how is can be misused when not implemented correctly. It will be shown that when combining format specifiers such as %x or %d with this, we can print out pieces of the stack. More dangerously however, it will be shown how, and why we can write directly into memory using the %n format specifier. The technique of per-byte writing will be conveyed, and a discussion of what can be achieved with format strings will be presented, though exploitation payload is not included in the talk Arron M Finnon - Finux's Facebook API (ab)use for Info Gathering Attacking a target in ethical hacking requires a certain degree of knowledge, however tool-kits of vulnerabilities and bags of technical exploits won't and don't always get you access. Understanding your target is key, and knowing the individuals within your target organisation is priceless. It has been said in the tech support world, by some “ there is a technical difficulty between chair and keyboard”, but in security its the human factor that gets results. Hacking social media to gain an inside track on your target, has advantages that aren't as clear to many people as it should be. Focusing on the ever growing world of Facebook, and its ability to interconnect individuals we look at how we can use the very tools supplied by Facebook itself to developers. Using the Facebook API we can build a clear picture of our targets before we even attack them. If business is war then information gathering espionage