This Thursday, April 7 at 7PM in Dreese 264, Alek Rollyson will be covering open source security tools from protocol analyzers to vulnerability scanners. This talk is meant as a general overview of tools available as well as their practical applications in security audits and penetration testing. Tools and topics covered will include:

• Wireshark (protocol analyzer)
• Metasploit (penetration testing suite)
• Ettercap (multipurpose sniffer/interceptor/logger for switched LAN)
• Aircrack-ng (set of tools for testing wireless security)
• OpenVAS (open source replacement for Nessus, a vulnerability scanner)
• Nmap (swiss army port scanner)
• Password Crackers (John the Ripper, Ophcrack)
• Distros such as Backtrack, Knoppix STD, Damn Vulnerable Linux
• Kippo (simple honeypot with recording capabilities)
• A few hardening techniques and tools (mandatory access control, port knocking, intrusion detection tools, common sense things, old wive’s tales)

NOTE: This talk is meant for educational purposes only. Techniques demonstrated should only be used on your own systems as using any of these techniques on systems that you do not own has a high probability of you ending up behind bars. These tools will be presented from the perspective of a security auditor and/or a systems administrator wishing to find weak spots in his or her own defenses. Here’s the link to the slides: https://docs.google.com/present/edit?id=0Af5yg4EkTWfdZGhwcGRyYnZfNjRmdnB0bTQ2OA&hl=en