BSides Buffalo 2026: Back To Basics - Living Off The Land With Homegrown Tools

All right, everyone. This is back to basics, living off the land with homegrown tools. Um, I'm really going to emphasize the basics part of this. You know, this is part of intros. Um, this is actually geared on some experience that I've had in the past few years um, as a cyber security educator. Um, I am Dan Brown. I totally put in there local legend um on LinkedIn when they announced my talk that the local legend Dan Brown will be presenting. I am not in Buffalo nor am I legendary. So I I shot Matt a quick message to him like I am neither local nor legendary. So now as I was putting the slides together I'm like oh hell yeah I'm

putting that in there. Also, full disclaimer, I am not the famed author. Um, uh, when I was at IBM, um, I was there for a little over two decades. There was a manager who always used to ask me how the latest book is going. >> You're right. I just come here to fill my days in between, you know, that, you know, I could be at home writing my next bestseller, but I want to be on that on call rotation being paged out at 3:00 a.m., you know. So, quick background. I'm Dan Brown. Um, I started I got my start pretty much with the Department of Defense. I'm originally from the Utica area. Um, and so I got into the high

school program at the Air Force Research Laboratory at Rome Labs. Okay. Day one, they hired me to do some web design. Okay. Okay. Cool. This is going to date it. HTML 2.0 had just been announced. Clickable image maps. That was the hot new technology. Um, up till then I had some experience on Apple 2, some Commodore 64 stuff, COS, Windows 3.11, and they're like, "Hey, do you know Linux?" I'm like, "I do not." So, they sat me down in front of a $20,000 Spark 20 and said, "You're going to pretty much use the text editor to write web pages, but you need no Unix." And I said, "I don't." My manager walked away, came back a few minutes

later and just had a stack of books and put them down on my desk and said, "Get going." >> Hey, >> all right. So, I did that for a couple years. Um, great, you know, uh, uh, experience. Um, learning kind of the ropes of like IT world, things like that, how things operate. Um, then, uh, I was given some responsibility. Once again, he's going to date me. We ran and our site was predates content management systems. Our website would run about 10 to 14,000 pages depending on projects all static. So we had our own instance of the Excite search engine. As an intern, guess who got to reindex the search engine every week? So I had

some privileges. There was another intern who always say I've got privileges too, but would always laugh it off. So we thought at first he was kind of joking. until one day he kind of busted some chops at the admins. Came back from lunch, they put a post-it note in the middle of his monitor. Security scan in progress. Do not touch. There was no scan. But it turns out he had actually compromised a number of systems at the time. We were running this plus for our authentication. He had tricked someone into running some stuff and he had access to at least 20 or so systems. We're talking root level access. He saw that, panicked, went and logged

into another system, became me, and started trying to cover his tracks. So, I suddenly got very interested in information assurance because at like 19, when you get dragged into an investigation, thankfully the admins had enough logging set up that they saw everything he did step by step. And I walked in, I'm like, "Do I need a lawyer?" They're like, "We just need you to go on record since you had nothing to do with this and that you had no idea." I'm like, "I absolutely had no idea." And they they said, "You know, so we understand. He's been joking about it." He go, "Yeah, he's been joking about it for about a month now." But because he always just laugh it off,

we didn't take it seriously. Some of us actually did have privileges to do things related to our job. So after that, um, you know, I spent some time in Department of Defense doing information assurance, wrote some policies, some checklists for, uh, uh, Linux. We had some researchers who were setting up Linux systems to save money. Um, you know, pretty much one of those summers I had there was a tech sergeant who goes, "Dan, you got to come see this." And like I said, I mentioned they sent me down in front of the $20,000 Spark 20. You know, prior to that, like I said, Commodore 64, Apple 2e, nowhere near that price range. They're like, "This is your workstation." Uh, so what

happened was um, Tech Sergeant, Dan, you got to see this. takes me into the back of conference room. I got a PC setup. There's a gateway, you know, said, "Check this out." I was running Red Hat 1.0. I'm like, "This is freaking awesome because otherwise I need all kinds of hardware. If I wanted to run Unix off the PC at that time, it was a Linux or X and you were paying lots and lots of licensing fees." So, this was suddenly, hey, cool. And I got really interested in that. Um, after the Department of Defense, I was at IBM. I am an IBM badge security focal. I have been through who knows how many audits um everything from

socks to KCO to financial. Um one of the customers that I supported for a while was a large insurance company. They have since been bought by chub insurance. Insurance companies when they want to expand they don't necessarily expand in that area. They just buy a company that already does it. And as such we were shifting around a lot of data. I'm going into screen saver mode here. Awesome.

And I would type in the wrong password. Awesome. That's how you know it's a good password. I have locked myself out. I fat fingered passwords twice. I locked myself out. So, I was at IBM. Like I said, just shy of 21 years. Been through a ton of audits, things like that. um coached a whole bunch of other security focals. Um they really liked me. I had some letters to allow me to do ignore some of the separation of duties. So I was acting kind of a security uh engineer, security admin and a security focal. Uh did some GRC stuff, a lot more stuff and uh some reorganizations that my seat was not part of. We were

self-contained. We supported a lot of the backend IBM uh e delivery. So if you bought software from IBM, it downloaded through our servers. Well, we were self-contained because if you bought stuff from us and couldn't download it, you might get upset. And so we were self-contained. IBM said, "We're going to standardize back in 2023." And I said, "Okay, cool. Who's my new management?" And they said, "Well, about that. Your work is moving, but not your seat." So from there, I found myself looking for work. Um, and I ended up teaching. I now teach cyber security at my alma mater uh St. John Fiser. Okay. As such disclaimer. Yes, I teach at Fiser. Yes, I tell

people I teach at Fiser, but this is not, you know, anything that's being that has been reviewed or approved by Fiser. This is all me. Okay. Why? Why? Back to basics. I have a bunch of students commit. Okay. They're great users. I ask them how to do something. They can tell me step by step exactly how to do it. Okay. How does that work under the hood? I don't know. Some of them have never seen a command line when they come to me. It's not a requirement or a program. But at the same time, like I said, starting in high school, I was messing around with Solaris and stuff like that. Also, why some of them don't get into

it. inexperienced users maybe intimidated by some of the environments and solutions. Anybody here ever install Slackware? All right. Not intuitive. It's not straightforward. It's awesome, but not. And so, as such, you know, I mean, I come from an era where if you wanted to experiment with this, you either had a standalone Linux system or you're doing a dual boot or triple boot or whatever you wanted. Uh oh, you screw up. You're rebuilding the whole system. Your bootloader screw up. >> So, you know, I don't want to sit here and say that they're spoiled, but we'll talk about we get the next steps when we talk like virtualization and stuff like that. And a lot of times when it comes

to cyber security, fancy tools are not needed. Okay. I once had someone join one of my classes. At the time, I was teaching a class in hacking. He's like, "First thing we do, we pick up the phone and start calling people. What do you think our success rate is?" The students are feeling kind of saucy. They're like, "You know what? 50%." He goes, "Higher." Somebody goes, "65." He goes, "Higher." I'm just going to jiggle the mouse here so we don't have that problem yet. But he actually said that they have and they have the the the the stats to prove it. They have 85% success rate. just calling people up, what's your username and password? And I'm like, and they're

like, really? I go, how do you think I applied for this job? And they go, really? I go, yeah, I sat across from the provos. And he said, could you give me an example? And I said, all right, sure. And I'm like, hey, this is Dan from IT. Turns out that the head of our IT department at the time was also named Dan. I don't ever remember a fake name. Awesome. Makes my life easy. You know, I'm like, "Hey, we're patching some stuff." And I mentioned his floor and his office and said, "You know what? We're going to do it this weekend. We shouldn't need to do anything, but if there's a problem, if you just give us your username and

password, we'll make sure everything's ready for you Monday morning so you don't lose any time." It's the prohost. He's a busy guy. He's got meetings all the time. He goes, "God, I don't want to give you my username and password." I go, "It's that simple." Um, so you know in this case I mentioned you know MITER uh T1556 uh 006 essentially MFA it protects everybody right? Yeah, until I call up support and say, "Hey, I'm having some problems. Can you reset reset my MFA? Got a new phone?" And as long as I can sweet talk a little bit tools for that, I just need the gift of gadget. So, in this, you know, and I love this

one. I saw this one. I made a tier list of cyber security hacking tools. The tools don't matter as long as you learn the core concept behind each tool, what it's doing, how it works. It's that simple. >> Just knowing your way around the operating system can help you sometimes with that sweet talking or knowing where things are stored or what permissions should be and maybe aren't. So once again, when I say we're going back to basics, we are going back to the very basics. Know your way around the operating system. Now there's a couple resources. Okay, let's assume who here is brand new in cyber security? just getting started out. You got your custom workstations all set up, your

sacrificial labs, your virtual environments. No, someone off the street. If I say, "Hey, you want to learn cyber security?" Cool. Where do I get started? As crazy as it sounds, one compiler, okay, it's a website lets you run code. Guess what? It has bash environment. When you run it, you can look at the file system. One compiler hasn't come out and officially said it, but poking around, it looks like it's Docker. It looks like they start off a Linux environment, run your script, and shut it down. Cool. You want to learn about commands? You can run all kinds of commands. It's sitting on a file system. You can mess around with all that. You can feed input

into it if you want to. I'll pull that up in a little bit. Another one's a big favorite of mine. Okay. JS Linux for reason has put together a Linux environment that runs right in your browser. Alpine Linux network aware connects through OpenVPN. You start it up. You can make changes to it. You It drops you in his root. You want to learn about Linux? You can learn about Linux. You can start up services. You can connect to other systems. I've built small little just for fun on you know I've built little networks existing in just different tabs in my browser that they can see each other. They can talk to each other. Okay. So I mean these are two of my big

favorites and I like I said I got some screen captures. I'll pull them up at the end. I want to make sure they leave some time for demos and uh stuff. But obviously one compiler, you know, really simply here. It's kind of hard to see with this, but uh um I just put like ls-help. The ls command will list the contents of a directory. And you can see over here as it's output, it dumped essentially all the output that you would see as part of that. Cool. Nothing to install, nothing to maintain. If you don't want to even create an account, you can just go use it. If you want to save your work, you got to

create an account. But you know, one compiler is right there. Like I said, I'm looking for things that I can give my students the ability to mess around with these environments to learn about it in very, you know, lowrisk, no risk type environments, learn your way around because those basics will help you. Okay, over here is just an example of JS Linux. You can see it launches. This is essentially the x8664 version of Alpine Linux. Um, just for kicks, you know, it actually is running Linux uh 6193. Okay, just for kicks, here's the output, you know, here's the output from if config. So, it is on the network. Cancun.org just to show that it actually is on

there. Cool. Once again, mess around with it. I learned Linux essentially by installing, you know, Linux instance and messing around with it until it didn't work anymore and then restart essentially go back through reinstall all over again. I learned a lot, but at the same time spent a lot of time rebuilding. In this case, hey, I'm going to give you a clean slate. Go around, mess around with it, do whatever you want. You're rude. Nobody's going to stop you. Got to be careful though because it is network aware. Limit your troublemaking. You know, that's why we use essentially scan.nmap.org. It's a server out there from NMAP. You know, it's meant there so you can test

tools, things like that. We'll refer back to it a little bit, but you break it, something doesn't work anymore. All you do is click reload. Slate is reset. real low risk, real low cost of entry. >> Anybody see uh it was last year where someone was running essentially Doom out of a PDF? >> Earlier this year, someone said, "Hey, you can now run Linux out of PDF." And guess what? It was just JS Linux. He maintains Bree is really cool. um when he first built this I'm like hey I kind of really need this tool installed for one of my classes day later he's like it's there so he updated the images for me so he's really

cool about it >> so taking advantage of the JavaScript interpreter and acrobat >> this is essentially web ASM compiled into ncript so if you go to uh the bottom of their page when you go there there's a fact if you want to go take a look at exactly and he'll tell you So essentially he wrote a JavaScript version of tiny emu >> and so then he's converted it over to JavaScript. Once again it's not on the shirt but I'll keep my comments about JavaScript. >> Pays bill. >> It does. It also from my perspective is a little bit of job security. But now, so you've got these environments. You can mess around with them. You don't

have to worry about it. Cool. But just kind of sitting there. You got to cursor. What do I do? >> Man pages. Anybody here games? >> There should be more nods and smiles. in it. Okay. Simply said, they connect to the system, they type help, like, "Oh, it's it'll help you." Like, yeah, the more complex the system, the more it has to help you. Man pages. Okay. Man is short for manual. Okay. The man pages for Linux are available in several online ones. Okay. For example, if you go to JS Linux, a lot of the man pages are not there simply because it's a safe space. your download. Every time you launch an instance, you're loading that

image. To have all the extra, you know, uh uh uh file sets, you know, packages on there would make it much much slower. Okay, so there's a couple out there. Man 7 um is Google searchable and then I have essentially the other man pages uh uh from uh Linux. Um, the Linux documentation project does also have uh amp pages, but they were last updated in 2006 according to the website. So, your mileage may vary. So, these are the ones that are usually are pretty uh uh common. All right, cool. I've got resources out there. I can start learning about these different commands, what they do, the options that are available to me. >> What do I start doing with that?

Where do I start? What books do I need to go out and get? Well, guess what? You don't need to get books. They're out there for free. Shots has a book, the Linux Command line. Now, if you're familiar with uh No Stars Press, they do actually have a print version of his book. He also maintains a freely available online version of the book. If you go to his website, I have links at the end, so don't worry about that. But um he has a book out there that starts out essentially background of Linux starting from the very basics, some basic commands, how things work, what the shell does, how the shell works, all the way up through

essentially some shell scripting. We start writing programs for those shells. Okay, can't beat free. Many many years ago, I ordered some stuff uh some uh uh the deck of cards for the scratch projects from MIT back order. Okay, I'll wait. In that time, they're like, "Hey, by the way, here are all the cards in PDF form. Cancel the order." They're like, "Why would you cancel the order?" I go, "Cuz you can't beat free." They're like, "We cannot beat that price." So, they gladly cancelled the order. Like I said, if you really want a physical copy, you can go order a physical copy. What shots offers essentially, you know, an online version of it for free.

So, it has resources. It has exercises. It will step you through those very basics. Okay. Now, going to demonstrate some real basics here. Ping. Okay. If you haven't heard, there's this thing called the internet. It lets computers talk to each other. Before they can do that, we need to know if they can actually see each other on the network. Ping comes in handy. Okay, in this case, ping is a simple simple thing. We're not going to get into the networking aspect of it, but essentially it sends out a message. If I ping a server, hey, are you there? I hope that I get a response back. You can do nasty things with ping but for the most part it's just verifying

connectivity for the purposes of this talk. You can please don't please don't our IT department may not be happy about that but you know for example a real basic example if this ping and I'm saying send three you know pings to scan me to nmnap.org Okay. It'll go out. It'll see if it's there. It'll come back and let me know. Okay. So, really quickly,

Okay, it's there. It's responding. Awesome. >> Step one, we are now started our reconnaissance phase for cyber security. Once again, basics. >> All right. What else can we do now? Another command NC or netcat. You might see NCAAT, you might see netcat, you might see NC. Depends on your distribution and build. Has a lot of different uses. You can use it for remote control, things like that. In this case, we're going to use essentially its ability to test for open ports. Okay, really simply, if we go back and look at those books at those man pages, the documentation netcat, okay, these options are going to say verbose. tell me what's actually going. If I don't

tell it verbose, it'll just go it'll come back by default without going back into the very beginnings of units. Commands usually run silently. If you tell if you give a system a command, it will run and just come back to the prompt if nothing went wrong. In this case, we're telling it be noisy. Tell me what's actually going on. So essentially we're saying verbose. Okay. Z option says don't bother sending any actual data. We just want to see if that port is open. Once again we're going to hit scan.nap.org on port 80. Okay. To see if they're running, you know, a web server.

What's it for? >> That's an insider joke. We both teach at Fiser and we've had students who are seniors go what's it for? So, it's become kind of a tragic insider joke. So, in this case, it comes back and says, you know, hey, it succeeded. That port's open. That system's listening on port 80. And just for the sake of comparison, if I turn off, it's going to be the same one on this one. Plus, I'm undermining my own talk. Not the first time. So, we have these very simple simple tools. Okay. ping netcat. When it comes to networking and connectivity and things like that, it doesn't get really much more basic than this. We're literally just seeing

if it's on the network and what ports listen this. Now, start putting it together. We've got our safe environments. We've learned about these different commands. We've looked at these different resources. He read the man page cuz everyone reads all the documentation right? Lightly. All right.

Just lightly. So, but there's some more. Okay. Some of these are a little bit dated, but the concepts in them are still as valid now as they were. Okay. Secure programming is actually kept up to date by David Wheeler. um advanced bash scripting guide uh by Cooper Mendel Cooper. Um this is part of the I have links to all these. This is part of the Linux documentation uh project. Okay, so you've learned some basics. You've put some scripts together or at least understand how scripting goes. You've learned how to make sure that you're being as secure in your programming as you can be. Okay, this even applies to shell scripts. Okay. So, you go you read over those two

those two guides and we are able to come up with something real simple here. I am not actually going to run this because I don't know what Kenishious's uh uh policy is. It'd be very noticeable if I ran a ping sweep. So, like I debated it this morning. I'm like let's not find out. So, real simply, I'm just using bash. We're starting at one. Okay. And essentially, we're going through we're going to sweep that whole class C network. Okay, we're just going to go out. We're going to send one ping to each one of those IP addresses. So,.1.23 all the way up to 254. We're not going to bother with 255 simply because that's a broadcast and we'll get questionable

results at best. And then we just increment it. Now, in this case, I've been making a lot of use of NMAP's system scan.nmap.org. NAP is a network mapper. One of the things it can do is ping sweeps. This is where we start getting into living off the land. Okay, living off the land allows us to use these tools, these basic commands, just some knowledge here. If I log into a system, okay, I call somebody up and I'm like, "Hey, what's your username and password?" And they give it to me and I log in. If I immediately start going to all the different tool repositories, downloading tools, guess what? any decent any decent setup is going to

go why is this user suddenly downloading end mapap or metas-ploit or other tool sets cool SQL map you know they those are going to raise some flags however this we're looking at what six, seven lines of code. This will do a pin sweep just the same as essentially end map will do. No downloads. If I really want to, I can make this a oneline script that literally runs as a single command. I don't even have to write I don't have to put this in a file. I can literally put this as a oneline script. It'll run right from the command line. Oh, that user ran a command. That's not going to raise any flags. Ping. Ping by itself.

It's used to verify things all over the place. Some organizations will essentially block it from an exterior source, but if I've already tricked someone into giving me their username and password, I'm already in the front door. I'm inside that protection. So, odds are I'm going to get decent results when it comes to that pink suite. I'll know who's out there based on what I see, based on what networks I see. I can expand this. Once again, there's no record of me downloading a tool or using essentially a tool or command that would raise a >> flag

network. I introducing ping to one of my students. So like how how much does that take? I go tell you what I'll start pinging you. Give me your IP address. I'll start pinging you the whole class. I said the minute it starts messing with you, you know, causing problems. Let me know. Whole class like every five minutes. I'm like, "No, it's still fine." Like, "Okay, it's really notice." But if suddenly sudden if someone is watching network traffic, okay, I would hope that your intrusion detection if you suddenly see a sweep from 1 to 254, hopefully someone would be like, "Hey, uh, maybe we should look at that. If not, you probably want to look at your

team and send them back to training." Now, we can do the same thing. Animap does a whole bunch of port scan. It has a lot more options, okay? But at its very basics in terms of this, you know, back to basics, living off the land, and go through it and create the same thing, just using a for loop. FTP, it's out there still. Okay. SSH, hopefully it's configured properly. You know, Tnet shame. It is. I keep telling my students, I go, "It's a great tool, but you really shouldn't be listening for talent traffic." You know, >> yep, your mail. You know, I've got some other stuff in here. You know, you can make this list much bigger. I'll show

you a script at the end that actually will go through and sweep all 65,000 plus. Okay. But all we're doing, same thing, just kind of going net cap, just hitting that port. When it's all said and done, guess what? I have a report that's going to tell me the same as if I ran MAPAP against it. What ports are open on that system? Okay, now the next steps start looking at evasion. Okay, we're inside. Maybe we want to get a little bit more noisy, but at the same time, we still got to protect ourselves. Jitter. Okay, so I have a version of essentially that port scan where essentially I go and I grab all the

ports. Okay, I randomize the ports. I start scanning them in that random order in between each one. This is not going to be a quick operation. I wait I randomly generate a weight between 1 and 10 seconds. That way it's not like once again someone's not sitting in this in you know in our sock going what the hell just happened because they watched me hit a server from port one to 65,000 plus you know all 65,535 you know that might raise some eyebrows but if over the course of a day or so ping you know port and it's not that sweeping motion it might go it go unnoticed. Okay, so we have different types of recon and

attacks. You know, I mentioned essentially the MFA reset that I mentioned from MITER. If you're just starting out, okay, you got your Linux environment to play around with, really low risk. Mess around with it. Oh, I broke it. Reload it. Okay, not a big deal. What do I go? You know, I've got my resources. I learned some of those basics. So, I'm starting to put stuff together some scripts. Where do I go from now? You know, where do I go now? MITER attack and MITER Atlas. Okay, I'm going to talk a little bit more about MITER attack today. It's a nice little matrix. It lays out how these different attacks happen. When you go to

MITER's website, okay, when you go to the attack website, you go to the matrix, they have it broken down by the stages of an attack. When you go to those different stages, they have different techniques. Once again, if you understand how these commands work and how to piece them together to make some of these tools, you can actually recreate a lot of those uh techniques without having to download a single tool. >> Okay, miter Atlas. Anybody here familiar with that? >> MITER Atlas is essentially MITER attack but for LLS. Okay. Now, having said that, there are now clients for LLMs that will run from the command line. So, you might want to start boning up on that. Okay. Now,

you've gone through the basics. You've learned the basics. You're ready to go on the next step. You may want to look into an actual Linux install. They're actually pretty straightforward depending on your install, you know, and I don't want at the risk of sounding like an old man A lot of you younger uh uh attendees are kind of spoiled. You now have the option for virtual machines. You launch something like Virtual Box or VMware or the list goes on and on. Docker, you know, you can load these things up. You can run them in a container. Oh no, I broke it. Okay, so reload the image. Done. You don't have to worry about, did I

just completely screw up my boot record and my whole system's toast? You know, oh, I meant to delete partition two and I deleted partition one. Whoops. You know, you know, goodbye Windows install. I'll miss you. I guess I'm learning forensics now. But you have that. Okay. And there's a ton of guides out there and a lot of these are pretty straightforward. Um you have a lot of the uh uh uh different distributions now actually offering virtual machine images okay we make a lot of use of KI KI has you're running VMware here's the image for you you're running Virtual Box here's the image for you nothing to install download it unpack it and drop it into your virtualization

done once again I can have completely segment it off from my host operating system. Oh no, I broke it. Reload the image. Okay, now make sure I've got a little bit of time for questions and some demonstrations and stuff, but conclusion, knowledge of the operating system, networking, and I emphasize basic networking. Okay, we we're not talking about super complex stuff here and standard tools can accomplish a great deal. I have not shown you anything today that is not part of a vanilla stock install of arguably any license installation out there. But with that, I have the start of a toolkit that once I gain access, I can start doing all all kinds of recon. I

can use it for recon before that. Once again, I didn't want to test the university's policy, but I mean, you could in theory from your evil lair at home run a ping sweep on the university's network and see what's out there. Don't do that. I'm not endorsing that. I always tell my students, I'm like, ask before you do. Now, like I mentioned, it avoids that signature or activity detection. Uh, Matt, everybody here know Matt? Matt Gracie, >> super tall guy. Looks kind of like this, but with glasses and about a foot taller. You know, last summer I was downloading Security Onion to mess around with. Let's just say that our IT department freaked out. downloaded the image, downloads it,

immediately tries to run anti-malware checks on it. Sign signature detection within security onion for our system looked a little too close to the actual malware. >> So, flag it. So, all of a sudden, I'm like, hey, what's going on here? I've got flags popping up all over the place. I got people from our IT department calling me, "Dan, what the hell are you doing?" And like, I just downloaded an image. I haven't even done anything with it. like, "Yeah, uh, get rid of it." I'm like, "Okay, we'll do that." So, that signature detection, if I'm not downloading the actual tools, but I'm able to recreate those with off-the-shelf tools that are built into my Linux distribution,

I'm going to avoid that signature, I'm not going to those nefarious IP addresses or websites. At IBM, I was just get, hey, by the way, we saw this activity coming for for your web servers from this known malicious website. I'm like, why aren't you already blocking it? >> If it's known to be malicious, I have questions, you know, and also activity detection, looking for those. Hey, why is, you know, John Doe suddenly running end map an awful lot? End mapap's one of those tools that can be used both for the forces of good, but also the forces of evil. But John Doe doesn't do anything with networking. So why is he running end mapap? Okay. So once again, we can avoid that.

Just want to see some as long as I'm judicious with my use of it. Like I said, those blatant, you know, baldfaced ping sweeps and port scans. We got to mix that up a little bit. And then lastly, your toolkit is the target's own environment. I don't have to bring anything with me. Once again, big movie guy. Um, anybody here see Swordfish? Okay. Gets tasked with building a worm and he's like, "Oh, hey, I got this copy on like a PDP11 that's sitting in the basement of the university that I used to attend." Okay, cool. That's fine. But once again, he's got to go and download those tools. Just use what you got. And that comes

from truly knowing what is in that environment and knowing the operating system. I'm not going to turn this into, you know, operating system class, but knowing where things are, knowing that different Linux distributions have different things in different places. Sometimes things are set up differently. They use different solutions. I often find myself having to sit back and go, okay, so what distribution am I using? Because files are in a little bit different places. Any questions? And then I'll launch into some quick demos. >> Yes. Is there an advantage over sending the three package with a single package? I do it just out of habit to make sure that I just didn't get lucky. In all seriousness, like I said,

multiple I'll usually do multiple pings. If you notice for the ping sweep, I was only sending one because I want to keep that as quiet as possible. But in this case, I just want to make sure that I didn't get lucky or there's suddenly a problem. Anybody ever have a system that responds half the time? >> Those are fun cuz you ping it and you're like, it's up and they're like then you ping it like 5 minutes later like it's not up. >> Well, and it's like okay, how much infrastructure between you and the destination? So just preference. Any other questions?

>> Love that movie. Looks even better. Okay, so once again, one profiler. It launches into bash. They give you a little symbol. Hello world. Like this one. because they exist below the world. That's great. Awesome. Sorry about that. Now, what happens if I do ls?

What do you know? It gives me output showing me ownership and permissions password. Once again, this is one compiler. There's nothing persistent. So, every time I click run, I'm going to get output and it resets. Okay. But this is a good way to go and learn where things are.

If I cap the contents, you can see it will actually display all of that. So, it is starting up a Linux instance for me to mess around with. I can run commands against it. The downside is one compiler is not network aware. If you try and do anything with a network just says network is not reachable. Having said that though now JS Linux is not just essentially Linux. He has a bunch of other things. He has some other versions of Alpine Linux. He's got some Fedora here. If you really want to mess around with Fred DOSs you can. Windows 2000. These will all run in a browser. Some of them are very slow. Windows 2000

through a browser, but all it takes, you know, for this, it's going to take a second to load. I apologize. It is still used more than I'd like to admit, but you can see it tells me if you really want to, he does actually have essentially a file system that you can NFS if you really want to. So you can actually have persistent files with this. It also has an thing that if I'm working along and I want to save anything with me, I can just use export file and it will essentially present whatever file I give it as a browser download. So don't think that because you're working in your browser that you are just stuck with oh what

it's once when I'm done it's gone. You have essentially this and let me just scroll down to the bottom here. You can see it also has an upload option. So if you've got a script that you want to mess around with or something you want to try out, but once again one compiler not network aware, go crazy. JS Linux network aware be careful. Okay. But obviously I have you know links to the man pages. Yeah, >> the Linux command line by shots. And then um really quickly, this is kind of the more updated version here that actually goes through. You can see I grab all of the ports from Etsy services, randomize them, and then go through and

essentially randomize how often I hit them to kind of essentially introduce what they call jitter. This is all linked, by the way. I'm I I've got a QR code and a link for those that are worried about it. I get it. So, links and scripts. I just essentially created a a a file out in one compiler that has all the links. It has all the scripts that I've shown you. >> Access denied. Seriously, >> one compiler. I'm going to shake my fist at you.

And when I saved it this morning, guess what? >> Which I guess is a good thing. If someone could please double check now and make sure that you're able to see it live. Yes. Okay. >> You put the QR code back. >> What's that? Put the QR code back up. >> I'm sorry. You missed your opportunity. Got to be quicker than that. >> Is there a cost to the account? >> You have a free account up to essentially 25 meg of source code if you want to. There are tiered there's also they've integrated some AI stuff if you want to use some live coding and even different tiers tokens and stuff like that. >> Yes.

Have you ever heard of over the wire before a colleague recommended it to me to gify my Linux CLI as well? Pretty much any of those are good. Um, Metac actually has a bunch of stuff. Um those of you who are students, uh MetaCTM is also launching, um tied with Back Doors and Breaches, their new competitive version online. Um they now have uh they're going to launch it, as far as I know, if they're not already live, free lab Fridays. So every Friday student can go and essentially go to MetaCTF and go to their laboratory and they have two hours of free time, you know, doesn't count against anything. They have different labs slash activities. So

if you want to do more hands-on stuff, that is also 100% free. You just create an account and then free lab Fridays. >> Yeah. >> Thank you for the >> Okay, everybody set with this and scroll away from it. Okay. >> So, once again, I'm Dan Brown.

>> No, no. >> No, but I do mess with my students every now and again. Put it in some dude speak. >> Yeah. >> And they're like, "So, have you ever heard of this dude speak thing?" I go, "I can write and read fluently." And they go, "Really?" And I go, "Hang on." I'll stud up a sentence. and they're like really with essentially pipes and angles or caves and stuff like that. No. Um so hacker dam um is actually a nickname I got um when I was working for the DoD when I transitioned from doing web design to that. One of the things I was tasked with I had my own little kind of like small air gap network to test

things and uh so one guy's like you're you're hacker you know and I was like okay cool. I'm kind of stuck. So awesome. So any other questions? >> All right. Go forth and learn the basics.