Title of Tutorial: A Successful Blackhat (Script Kiddies) Intrusion; A step by step
demonstration

Tutorial committee chair(s) and members

Chair: Rahmat Budiarto
Co-Chair: Azruddin Ahmad

Objectives:

Demonstrate a successful server compromise thru an unpatched "buffer
overflow" security hole.
Create awareness on how easily a script kiddy can easily compromise
multiple servers in one day without any thorough knowledge of what is
happening.

Synopsis:

Hackers are often categorized as either Whitehat or Blackhat. Both
Whitehats and Blackhats have the know-how to penetrate a system but their
motives are different. A whitehat's aim is to know a system's loopholes to
secure the system. On the other hand, blackhats make use of this knowledge
for personal gain and other selfish and un-ethical purposes. "Script
kiddies" are also sometimes described as Blackhat. Script kiddies are
known to be less sophisticated hackers who launch attacks against computer
systems such as port scanning, server compromise, defacing a website or
launching a Denial of Service attack.

The Script kiddies usually attacks thru well known security holes by mass
scanning of IPs using scripts and exploits that will in time find and
compromise an improperly patched system. The compromised system will later
be used for other attacks or illegal activities. The "script kiddies" -
the less sophisticated hackers - also tend to search for default
installations of Windows 2000 and Linux systems to break into.

There has often been a tendency among System Administrators to discount
the danger of script kiddies, and this can be a misleading and dangerous
thing to do. Script kiddies can have a much greater capability to cause
problems just by their sheer numbers and relentless scanning activities.

Target audience: APAN as well as Local communities

Expected number of participants: 20-25 participants

Preferred time (e.g. 8.24wed morning): No preference

Number of sessions (one session is 90 minutes): 2 sessions

Candidate session chairs and speakers with topics:

Remarks (including special arrangement if any):

Two machines connected to each other on a local LAN but not connected to
other network.

i) Two machines for Demonstration. Attacker & Victim.
ii) An IDS Machine to show hacking activities that will usually be detected
and not to be detected.

Security WG Meeting Slides

Agenda

Intrusion Detection and Prevention System (IPS) – Technology, Applications, and Trend
Dr. Nen-Fu (Fred) Huang