Computer Security Demo/Presentation

tomw92 · 12 Apr 2012 at 23:40

Hi all,

As part of a module for my degree I need to do a presentation (with another student) on anything related to computer security. For top marks we need to include a demonstration.

I'd really like to do something ridiculous such as DDOSing the intranet or a man in the middle attack on the lecturer we will be presenting to.

Anyway I'm after your suggestions!

Ta,

Tom

tomw92 · 13 Apr 2012 at 09:48

Cheers for the replies.

I know DOSing would be a touchy topic. Would would highlight some major security issues!

Apart from that I know and can easily do ARP poisoning. I'm happy to learn other things as well, but the demo can't last more than 1o minutes. And we will have access to whatever equipment we take with us into the demo.

tomw92 · 13 Apr 2012 at 14:51

@PianoBasher - Extra marks for something clever! So I'm guessing complex enough for that. As for kit I have access to numerous laptops and lots of networking gear including hubs, switches, VPNs and wifi

@dfarrall - Got any more info about hole 196? Sounds interesting!

@Kobrakai - We have done quite on SQL databases in other modules so we know our way around it a bit. As for websites we have limited knowledge. SQL injection would be really good though.

Ta

tomw92 · 13 Apr 2012 at 15:06

Might do some research into this then, thanks

tomw92 · 13 Apr 2012 at 15:38

J.B said:
MS08-67 in metasploit

My bosses favourite:
Get a member of the audience to mash the keyboard at the windows login screen to show it is an actual password protected account
Use incept to scan the memory via DMA over the firewire port to rewrite the msv1_0.dll
get the audience to randomly mash the keyboard and let it log in. Then explain how DMA works

E:
The first one can be done with one laptop and virtual machines but the second really need two physical laptops with firewire ports

This could be the one! Looks very cool and something we haven't covered in the lectures which is a bonus. Also has some audience participation which would really seal the deal. Having googled it, it seems like it wouldn't be too complex and we would have enough time as well!

Edit:

If the laptops didn't have firewire onboard could we use an external firewire device (USB) or would that totally defeat the object as it would be travelling over USB?