Announcement

**Chris** · October 11, 2004, 17:23

Originally posted by nulltone

I'm working on a presentation for a group of about 20 people. Basically, it is designed to increase awareness about the importance of technological security. I've been trying to think of an "attention getter" for the beginning of the presentation. My first idea was to use bluetooth and bluejack a cell phone of an audience member, but I'm not sure if that is the best idea.
Any thoughts on good attention getters I could use for that audience?

Use Aircrack and show that it can crack a 128 bit WEP key in a whopping 6 seconds or less (once you have collected the traffic of course).

**octalpus** · October 11, 2004, 17:28

I'd recommend any demonstrations be done with randomly generated traffic from a server you bring. Messing with other peoples' stuff, even to prove a point, generally gives a bad impression.

**Gadsden** · October 11, 2004, 17:43

Originally posted by nulltone

I'm working on a presentation for a group of about 20 people. Basically, it is designed to increase awareness about the importance of technological security. I've been trying to think of an "attention getter" for the beginning of the presentation. My first idea was to use bluetooth and bluejack a cell phone of an audience member, but I'm not sure if that is the best idea.
Any thoughts on good attention getters I could use for that audience?

What platforms/examples will you have? Owning a Windows box with (pick from your grab-bags of exploits here) and remotely installing VNC is a good attention getter, as well as installing any trojans to make the computer do silly tricks.

I did one on SQL injection demo one time, showing how I was able to hit the systems behind the firewall. The guy almost shit a kitten (and promptly chewed the developer's ass).

As chris said, wifi tricks are good because folks seem to get off on wireless technology.

Another good one is packet sniffing.. show how pop/ftp/IM is all in plain text.

Are you going to have a demo lab set up?

**nulltone** · October 11, 2004, 17:55

Nah, no demo. In fact, I'll only have about two minutes for the demo. The rest should be dialogue.

**Adrenaline** · October 11, 2004, 17:56

you could do the bluejacking, just bluejack your own phone or the phone of a friend/volunteer in the audience. I personally love bluejacking, as lame as it is, just because of the looks on people's faces sometimes. Also fun in large crowds to do it and then look around for who the victim was
:P

**bascule** · October 11, 2004, 18:34

If people in the audience have WiFi laptops, you might consider spoofing deauthentication frames from the AP they're using and knocking them off. It's really annoying when script kiddies do that shit at Defcon and think they're l33t...

**octalpus** · October 11, 2004, 21:24

Originally posted by nulltone

Nah, no demo. In fact, I'll only have about two minutes for the demo. The rest should be dialogue.

You can always set up a demo to be running while people enter. Advertise a wifi network available, say your presentation is available at such and such address, folks should bring laptops to grab it and follow along... then fuck with them while they're trying to connect. Or something. :-)

**ciph3r** · October 12, 2004, 03:53

email for big impact.

I'd say ettercap a machine and show how it displays clear text passwords during login of common email systems such as hotmail, yahoo anything not using SSL (Although ecap can also provide those too). Email has become such a part of life that anyone across gender,age,creed you name it will understand the importance of security/integrity once they see human recognizable passwords flying by.

**AlxRogan** · October 12, 2004, 07:05

Along those lines, check out driftnet or something like that. Another good eye-candy tool for showing off wireless stuff. Dsniff is a perennial favorite of mine as well.

**LosT** · October 12, 2004, 10:50

People like blinking lights and graphics....keep that in mind...but also know who your audience is...

As far as jacking a phone of an audience member, I think that sometimes if a "demo" unit is used it loses some of the edge because you 'set it up' so it's not really the wild....

If people wouldn't like you jacking their phone, why not walk an audience member through jacking their own stuff, killing two birds with one stone: showing how easy it is (you just taught the guy how to do it) and that it is easily done in the wild (you didn't set the jacked item up previously)

Just a thought.

LosT

**teenagehaxxor** · October 12, 2004, 10:58

i say u mess with them man

its always been fun to fuck with peoples heads wen they are doing stuff on thier computers... its always been fun to mess with the school admins laptops when they are using it.. they are like "what the fuck? what is this shut down your laptop and surrender now shit?"
*laughs maniacally*

**nulltone** · October 12, 2004, 11:01

Originally posted by teenagehaxxor

its always been fun to fuck with peoples heads wen they are doing stuff on thier computers... its always been fun to mess with the school admins laptops when they are using it.. they are like "what the fuck? what is this shut down your laptop and surrender now shit?"
*laughs maniacally*

....Uhm, no.

**Nimby** · October 12, 2004, 11:11

nulltone: if you have two laptops, I'd say try the whoppix linux distro ( www.whoppix.info I beleive) ... teh 2.4 version they just released has the VNC dll insertion exploit basically automated ... teh demo movie from before the 2.4 release had them "0wning" a box in under 3 min with that explout, and I've used it as an "attention getter" here at my office as well ...

just a thought :)

**ciph3r** · October 12, 2004, 11:20

0wn3d!

Whoa null forget what the hell i posted. Whoppix rocks i think replaying one of the demo videos would even be enough

Announcement

An example hack

An example hack

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment