by Akash Mahajan (@makash) on Thursday, 9 January 2014

+14
Vote on this proposal
Status: Submitted
Section
Full talk

Technical level
Intermediate

Media

Objective

A session in two parts.

Learn how to setup SSH as a TOR hidden service

In the first part we will

  • Set up SSH
  • Set up Tor
  • Make SSH a TOR Hidden Service
  • Connect to the SSH over TOR
Make life fun for SSH attackers

Since now we have a free port 22

  • Setup Kippo
  • See the logs
  • Make life fun for SSH attackers

Description

Linux Server Hardening for the Paranoid

An intermediate level full talk that will tell you how to use TOR Hidden services to truly hide your server and stay hidden from Nation States Adversaries and Hollywood Attackers who Can Kill Everyone Remotely and in Style

I gave a talk on Securing a Linux Web Server in 10 Steps or Less. That talk covered basic principles to think about when you decide to secure your server. I got great feedback for the talk and IMHO it was a nice gentle introduction for beginners.

The only problem is, that talk was incomplete. We can't effectively talk about security without defining or discussing security against whom. Therefore if you would like to keep your machine safe from Nation State Adversaries come learn how you can do that.

Requirements

This is not a workshop. There is no point in getting people to do hands-on stuff on a linux server(which is basically a training nightmare) but it would be nice for the following to happen

If you can do the following, don't attend the talk to just heckle me(unless you let me do the sam to you in your talk, then its all cool)

  • Know how to setup a TOR hidden service
  • Know how to setup a honeypot
  • Work for any organisation that resembles a Nation State Adversary

Speaker bio

That Web Application Security Guy @ The App Sec Lab

I run The App Sec Lab a security company that helps companies become secure. If you are confused about anything in security come and talk to me and I can help you with a roadmap on how to become secure and stay that way.

I am the co-founder+Community Manager for "null - The Open Security Community" and Co-Chapter Lead for OWASP Bangalore

TL, DR; I am a funny with an interesting take on things in life that matter - Linux, Security, Having Fun and Teaching cool things to people while they are laughing so that they really really get it.

Comments

  • 1
    [-] Akash Mahajan (@makash) 3 years ago

    Title of the talk inspired by Antigonish poem

    Yesterday, upon the stair,
    I met a man who wasn't there.
    He wasn't there again today,
    I wish, I wish he'd go away...

    When I came home last night at three,
    The man was waiting there for me
    But when I looked around the hall,
    I couldn't see him there at all!
    Go away, go away, don't you come back any more!
    Go away, go away, and please don't slam the door...

    Last night I saw upon the stair,
    A little man who wasn't there,
    He wasn't there again today
    Oh, how I wish he'd go away...

  • 1
    [-] Akash Mahajan (@makash) 3 years ago

    Apologies, I will not be able to present this in person as I will be busy during the re-scheduled dates.

    Maybe someone else can present, I will be done with the slides etc. before April end.

  • 1
    [-] Sreekandh Balakrishnan (@gnuyoga) 3 years ago

    Are you still not going to be available ? now that root conf date is rescheduled ?

    • 1
      [-] Akash Mahajan (@makash) 3 years ago

      I am not in Bangalore on conference dates. The dates are 16-17th May 2014 right.

Login with Twitter or Google to leave a comment