AM
Akash Mahajan
@makash
The Little Service which wasn't there + Fun with SSH
Submitted Jan 9, 2014
Section:
Full talk
Technical level:
Intermediate
A session in two parts.
Learn how to setup SSH as a TOR hidden service
In the first part we will
- Set up SSH
- Set up Tor
- Make SSH a TOR Hidden Service
- Connect to the SSH over TOR
Make life fun for SSH attackers
Since now we have a free port 22
- Setup Kippo
- See the logs
- Make life fun for SSH attackers
Outline
Linux Server Hardening for the Paranoid
An intermediate level full talk that will tell you how to use TOR Hidden services to truly hide your server and stay hidden from Nation States Adversaries and Hollywood Attackers who Can Kill Everyone Remotely and in Style
I gave a talk on Securing a Linux Web Server in 10 Steps or Less. That talk covered basic principles to think about when you decide to secure your server. I got great feedback for the talk and IMHO it was a nice gentle introduction for beginners.
The only problem is, that talk was incomplete. We can’t effectively talk about security without defining or discussing security against whom. Therefore if you would like to keep your machine safe from Nation State Adversaries come learn how you can do that.
Requirements
This is not a workshop. There is no point in getting people to do hands-on stuff on a linux server(which is basically a training nightmare) but it would be nice for the following to happen
- Watch the talk Securing a Linux Web Server in 10 Steps or Less
- Folks attending, should have hands-on experience of the command line (BASH)
- Ideally they would have setup a server or two and also have some vague idea about what TOR is
If you can do the following, don’t attend the talk to just heckle me(unless you let me do the sam to you in your talk, then its all cool)
- Know how to setup a TOR hidden service
- Know how to setup a honeypot
- Work for any organisation that resembles a Nation State Adversary
Speaker bio
That Web Application Security Guy @ The App Sec Lab
I run The App Sec Lab a security company that helps companies become secure. If you are confused about anything in security come and talk to me and I can help you with a roadmap on how to become secure and stay that way.
I am the co-founder+Community Manager for “null - The Open Security Community” and Co-Chapter Lead for OWASP Bangalore
- Website | @makash | Linkedin | Slideshare
TL, DR; I am a funny with an interesting take on things in life that matter - Linux, Security, Having Fun and Teaching cool things to people while they are laughing so that they really really get it.
Links
- Video - https://hasgeek.tv/makash/speaking-in/358-securing-a-linux-web-server-in-10-steps-or-less
- Slides - http://www.slideshare.net/akashm/securing-a-linux-web-server-in-10-steps-or-less
- Funnel - https://funnel.hasgeek.com/rootconf/329-securing-a-linux-web-server-in-10-steps-or-less
- TOR Hidden Services https://www.torproject.org/docs/tor-hidden-service
- TOR as a proxy server https://www.torproject.org/docs/proxychain.html.en
- Kippo http://code.google.com/p/kippo/
Login to leave a comment
No comments posted yet