Training

A couple of training classes will be available at the Friday Drop-In event. Training this year will be less formal, think less classroom, and more sitting around with a bunch of dudes, pottering with your lockpicks, or bustin on some unix with a nice rich ale and some snacks. Space is limited, so just turn up on Friday a bit before the training is meant to start, and we'll do our best to fit people in. The content of both is pretty simliar to last year, so if you attended last year, please leave the space for someone new. But feel free to hang out anyway.

Quick List

Details

TitleLearn to Pop Your Locks
Abstract

This is a session going over the basics of lock picking. Even if you have never seen a lock pick, this session will have you popping locks in no time (and no! this isn't a dancing term).

This is aimed at people who have little or no experience with locks and picking. Seats are limited to 10 - 12 people, so we can all get a chance to have a play (please keep your minds out of the gutter).

I hope to have a few sets of tools for sale (about $15 a set).

Topics I hope to cover:

  • basics of how a lock works
  • basics of the tools
  • opening a door lock
  • a play with handcuffs
  • other types of locks

and if there is enough time...

  • world domination
LocationFri 04 1430 @ Meow
Duration150 mins
Named.roc
OriginWellington, New Zealand
BioD.Roc is a UNIX admin who is forced to work with Solaris during the day, and damaged enough to like OpenBSD at night. He also enjoys classical music and long strolls in the park. Should you meet D.Roc at Kiwicon, he likes Rum (dark), sometimes with Coke (TM The Coca-Cola Company).

TitleBareback Unix Privesc: Who Needs Kernel Ohday?
Abstract

Any ol' chump can get from www-data to root with some Linux kernel local privilege escalation expoit - where's the fun in that? It's just not sporting. What sort of monster rocks up to a nest of duck eggs, jams his shotgun in and blasts them with both barrels?

Metlstorm presents a class on unix local privilege escalation from a kinder, gentler era, when people respected filesystem permissions, and the concept of a multi-user OS that provided some actual segregation between users wasn't a tragic joke.

The class will cover the usual range of Unix privilege escalation techniques, with an emphasis on not using off the shelf exploits. Learn to rely on your own skills, a mastery of all things posix, and your trusty shell interpreter. This includes

  • File system permissions: 40 years of fail
  • Exploiting SUID binaries
  • Manipulating process environments
  • Abusing shell, perl, python and other sysadmin glue
  • Local networking and non-IP sockets
  • Password hijinks
  • Leveraging treasure you find lying around

And, in order to help you use your newfound skills safely, some discussion of (but not really hands on) unix intrusion:

  • Post-intrusion cleanup
  • Antiforensics
  • Rootkits, Persistence & Hiding in Plain Sight
  • Pivoting

The class is designed for people who use and administer Unix systems day-to-day - sysadmins, unix programmers, linux-on-the-desktop users, people with beards - who grok unix, but don't actually go around busting into systems. Making the theoretical practical will help you defend better, as well as coming in real handy next time your coworker does something poorly advised...

If your idea of Unix admin starts with "putty.exe" you're probably not the target audience, unless you accompany it with a goodly amount of rage at being forced to use an XPSP2 corp standard desktop build. Familiarity is assumed with a rootshell, scripting, you'll be able to handle complex shell pipelines, and are not afraid to bust out your awk, xargs, tcpdump or strace.

You'll need a laptop (presumably running unix!) with (working) VirtualBox (or be willing to bodge a vbox vm into your hypervisor of choice) and wireless if you want tubes.

At the end of the class, you should have a good understanding of how people who aren't rolling ben_hawkez.c will priv-esc on your boxen, what to yell at your developers about, and be able to pwn up your fellow sysadmins with considerably more aplomb.

LocationFri 04 1500 @ Meow
Duration120 mins
NameMetlstorm
OriginWellington, New Zealand
BioBeards, bacon and beer are the benzine to Metlstorms... err, boffindom? While alliteration may not be his strong point, Metl does at least hold down a job as roach herder with Insomnia Security, engages in rampant punditry on the Risky.biz podcast, and is only partially reponsible for this whole Kiwicon malarky.