Hacking tool presentation

For this assignment, you'll create a short presentation (no more than 8 minutes, so there's a couple minutes left over for questions) about a hacking tool.

See Slack for your small group assignment and your topic.

What your presentation should include

• a demo
• an explanation of what your tool does and how it can be used in an attack
• a rough explanation of how your tool works
• a small number of slides supporting your demo and explanations

Advice

• The goal here is to start understanding a complex software tool, and to share what you learn with your classmates. Read, think, try stuff, and repeat as long as you have time before Monday.
• Hey, remember back in the previous bullet point when I said "try stuff"? Yeah, do that. Hard to learn a tool without using it.
• Check out "man YOURTOOLNAME" and "YOURTOOLNAME --help"
• Organize your slides, demo, and explanations by putting yourself in the shoes of your (senior CS major) audience. If you had never heard of this tool, what would you want to know about it, and what kind of background info and demonstration would you need to get started learning about it?
• I'm watching for clarity, not for fanciness.
• Your comps tasks don't have point totals. Rather, your goal understanding something and sharing your understanding clearly. Focus on that learn/share/learn/share cycle.

• If you choose a tool that is typically run on an attacking machine against a target machine, you have several choices.

  You could make sure the tool is available on your computer's built-in command-line system and use the Kali VM as the target machine. For example, if I wanted to run nmap in my macOS Terminal against a Kali in a UTM VM on my laptop, I would first install nmap on my Mac (probably using homebrew). If my computer ran Windows, I could first install Windows Subsystem for Linux, and then do "sudo apt install nmap" in the WSL terminal to make nmap available in WSL.

  Alternatively, you could use Kali as the attacker and use your host OS as the target.

  Or what the heck, you could use Kali or your host OS as the attacker and use danger.jeffondich.com as the target, with my permission, within reason. (Please don't explode my little server.)

Some tool ideas

Here are some example tools for this short assignment. You're not committing to this tool for the term--you're just learning a little something and sharing it with your classmates.

Also, this list consists almost entirely of command-line tools available by default on Kali, and usable to interact with Linux target computers. If you want to attack Windows, there's a whole pile of additional possibilities.

• nmap
• sqlmap
• hashcat or john
• hydra
• shasum
• burp suite's proxy tool
• curl
• gobuster (or feroxbuster or dirb)
• nc
• tcpdump
• openssl hash functions (e.g., "openssl sha256")
• openssl symmetric encryption functions ("openssl enc")
• wpscan
• enum4linux
• linpeas
• snmpwalk
• ...some other idea...?