LISA16—You've Been Hacked! (Entirely in Safety)

“You’ve been hacked!” The cry echoes around the ballroom. A couple of dozen bemused and anxious faces turn to Branson on the podium as he grins and nods. The members of the four teams turn back to each other and their laptops and begin trying to find out what just happened.

Branson’s tutorial is called “Applied Security Tools for Sysadmins,” but that’s a tame name for this active, engaging full-day session. During the morning, Branson talked about and demonstrated a set of exploratory tools and techniques which are used by both admins and hackers to find vulnerabilities and configuration information. The good guys look so they can close the holes. You know what the bad guys do with them.

The afternoon is a lab hacking session. The room breaks into four teams. Each team has a router and a set of four Raspberry Pi units to work with. Their first task is to find a way into their machines. The only tools they need are a Web browser to look at a “company Web site” and their brains. After that, life gets fun.

Once they get in, it’s time for each team to poke around, see what they can find. They have to look around for what tools the hosts have available. They look for, and then close, any holes they find. Each lab setup has a number of configurations and settings that represent common behaviors that are not necessarily bad practices, but which become resources for anyone who’s broken in. Most of the people in the room are Linux or Unix users already, so the halls they’re wandering aren’t unfamiliar. But now they’re getting a sense of how it feels to wander someone else’s halls, rummaging through the bathroom medicine cabinet and the bottom of the underwear drawer. It turns out that the most common “hacker tools” are also sysadmin bread and butter: find, ls, ps, cat, vi.

Once people are in and comfortable, that’s when Branson starts throwing monkey wrenches. He has scripts to execute various hacks on the lab boxes in real time, and he challenges to teams to find and respond to the attacks. I watched the people in the room throughout the day, and it is clear that Branson kept them engaged and interested. His presentation style is clear and brisk. He intersperses the discussion of the tools and techniques with real-life events and anecdotes.

The lab is moving to a work space within the conference center and will be available to the students for the rest of the week, and Branson plans to continue tweaking the nodes so the teams need to keep alert for changes and new hacks.

I was familiar with most of the content, but I still learned a few things and it was fun even for me to take a day and put myself into the shoes of an intruder. There’s no way you can learn everything you need to know about OS security, but you can begin learning how to develop a mindset of caution and awareness. I plan to check in with a couple of new friends about their experiences during the week.

- Mark