I thought that doing security101 at places like oggis may have been a tactical mistake because I want people to actually learn and benefit from some of this stuff, so having the discussion broken by the wait staff frequently simply murdered all the momentum the discussion had and the event turned into a hacking 101 lab where I just demonstrated attacks.
That being the case doing a security101 class in an actual classroom environment where I can have the attendees comfortable and perhaps even have a projector would likely be far far better. Phelan was gracious enough to let me usurp the january installment of refreshsd to give my security101 talk in a more meaningful and more formal environment. Refresh this month is on the 13th – see refreshsd.org for details, or see the meetup group.
Here is my proposed curriculum:
- How do computers talk?
- what is a packet?
- whats IN a packet?
clear text versus encryption (http, ftp, dns)
how websites pass information around
How to tell if the site you’re on is passing your information encrypted or not.
Some network voodoo – watching the stream
-watching dns queries
(the next three may or may not be permitted depending on qualcomms network configuration)
basic man in the middle example
faking ssl certs
Hope to see you all there!