Packer Currlculum

Adam Cecchem
LevlaLhan SecurlLy Croup
Who Am l?
Adam Cecchem
M.S. LCL Carnegle Mellon
8.S. CS SalnL vlncenL College
LevlaLhan SecurlLy Croup
rlnclpal SecurlLy ConsulLanL
Amazon.com SecurlLy 1eam
Lead Lnglneer
Spllmng Cemlnl, nunchaku
Packlng Lxposed 6
Lh
Ld
Who am l really?*
72.08 Packer
24.92 Lnglneer
* +/- 3.02 margln of error
WhaL school LaughL me
MaLhemaucs
Loglc
rogrammlng
8easonlng
Pow Lo englneer a soluuon Lo a problem
Pow Lo follow gulde llnes, rules, regulauons,
sLandards, and Lhose sllly laws of physlcs
WhaL school also LaughL me.
97 ls LoLally accepLable
WhaL school dldn'L Leach me
WhaL real" code / soluuons look llke
WhaL real deadllnes look llke
WhaL real code and soluauons LhaL comes
from real dead llnes looks llke
WhaL hacklng has LaughL me.
Lnglneers are lncredlbly LalenLed people
l make my llvlng ln LhaL 3
!"#$%&'()* ls broken
Some Lhlngs need nuked from orblL
1he dlsconnecL
Lnglneerlng ls a loglcal process
1haL lnvolves maklng everyLhlng llne up and work
correcLly even when Lhey don'L
Schools have gouen very very good aL Lhls parL
Packlng ls a comblnauon of many processes
Loglcal, creauve, lnslghL, perspecuve, and mlndseL
Less ls oen more
1here ls no spoon
Packlng
llndlng a creauve way Lo make someLhlng
funcuon ln a way lL was never lnLended"
1eachlng Packlng
1rlcks, 1ools
rerequlslLes are hlgh
MlndseL MlndseL MlndseL
1rlcks and 1ools
SecurlLy courses spend a loL of ume here
Many currenL hacklng classes
1ool x allows you Lo nd ?
use x Lool Lo Lry and nd ?
1ake ? and Lry Lechnlque Z
When Z falls move on Lo A-!
A more concreLe example
nmap ls a neLwork scanner LhaL allows you Lo
nd open servlces and porLs
Scan your neLwork Lo nd open porLs
AuempL Lo use an explolL on Lhese servlces
lf Lhe explolL does noL work Lry anoLher
servlce
rerequlslLes are hlgh
SLandard engagemenL lnvolves
knowledge of
1-2 Languages 1 Cu ArchlLecLure
1 Cperaung SysLem or Appllcauon
conLalner
Wlndows, lL/llrefox
neLworklng - 1 roLocol
uaLa sLorage - llle or uaLabase
uebugglng, Scrlpung
SLandard uomaln explolLs
rerequlslLes are hlgh
ulmculL LngagemenL
2-3 languages 1-3 Cu
archlLecLures
Muluple Cperaung SysLems / App
ConLalners
neLworklng : 1-10 proLocols
Pardware : urlvers, lCC1Ls,
1lmlng
Mulu uomaln LxplolLs
nearly lull lnslghL
uebugglng, reverslng, proxles calls,
scrlpung
A loL of scrolllng LexL.
MlndseLs
Lnglneerlng mlndseLs
SLarL ln a consLralned envlronmenL
1hls block wlll noL move Lhus l can bulld
someLhlng on Lhe block
Packlng mlndseLs
- SLarL ln a unconsLralned envlronmenL
- Can l move Lhe block? no?
- Can l move Lhe Lhlng under Lhe block?
- And so on.
ls lL really LhaL hard Lo Leach mlndseL?
1he Coee Shop 1alk
^Abrldged
Packer MlndseL
1he knobs - lree your mlnd
1he chesL- Mallclous MlndseL
lraLe - 1rusL
Llnes - 8reaklng 1he 8ules
1oll 8oad - 8reaklng More 1han Cne 8ule
WhaL schools Leach
1he 4 knobs Lurn and sLop aL 1 Lo 10
Cne knob conLrols SusLaln
Cne knob conLrols Level
Cllpplng no longer works
uon'L Lurn Lhe auack knob
1he llghL wlll bllnk when
your nelghbors Lhlnk Lhe
volume ls Loo loud
WhaL hackers Leach
Make Lhe knobs bllnk.
1he ChesL
1he lraLe
Cn Lhe nexL sllde ls a plcLure of one plraLe
A lraLe
uoLs
ConnecL Lhe followlng doLs wlLh 4 llnes wlLhouL
lllng your pen.
uoLs
ConnecL Lhe followlng doLs wlLh 4 llnes wlLhouL
lllng your pen.
uoLs
ConnecL Lhe followlng doLs wlLh 4 llnes wlLhouL
lllng your pen.
uoLs
ConnecL Lhe followlng doLs wlLh 4 llnes wlLhouL
lllng your pen.
?ou musL
use sLralghL
llnes.
uoLs
ConnecL Lhe followlng doLs wlLh 4 llnes
Pow many
doLs?
uoLs
ConnecL Lhe followlng doLs wlLh 4 llnes
WhaL doLs?
1he CaLe
1he CaLe
Cars drlve on roads
1he gaLe requlres a access card
1he access card ls only granLed
Lo .
1eachlng hacklng
13 Lools
13 very wlde domaln knowledge
70 mlndseL