I'd make the demonstrations visual and limit the technical jargon as much as possible. You'll definitely lose people if you start talking about things like meterpreter and hashes. Honestly, I'd avoid a command-line if you can. Use tools like Cain and Network Miner that clearly present information to an untrained eye. You want to convey the ease with which these attacks can be performed. If the demo is too far over their heads, it's not going to register as a significant threat (i.e. the super hackers with that level of skill are going to focus on governments, banks, celebrities, etc.). The recent DLL hijacking vulnerability<http://www.offensive-security.com/offsec/microsoft-dll-hijacking-exploit-in-action/>would be another good demo if you could use a VNC payload (I haven't tested it). "All you had to do was open a PowerPoint file, and now I can see your desktop."
Make sure they realize why the average user is at risk. However, don't go overboard. There's a fine line between making a point and terrifying someone. We always quasi-joke about how the casual users we perform security awareness training for don't touch their computers for a week or two afterwords. I'm serious. Just explaining what a rootkit is often blows people's minds. You really aren't going to have to do anything l33t to make an impact; I'd focus much more on making it relatable. -A On Wed, Sep 8, 2010 at 3:59 PM, Craig Freyman <[email protected]>wrote: > I'm giving a security presentation to a room full of non IT folks in a few > weeks. The point I want to drive home is that simply having AV and a > Firewall doesn't make you bulletproof. There is a big gap between what the > bad guys can do and what modern security apps can stop or catch. I think one > way to help bridge this gap would be to raise user awareness and to get > users thinking about security issues. I believe most users think that with > AV/Firewall and not clicking on links, they're safe. > > I was planning on doing a live demo (crossing fingers) to make this point. > I will set up a rogue AP ("FreeWIFI Connect to ME!"), connect a client > machine and then demonstrate some MITM attacks. I'll also throw in some SET > to have some meterpreter fun. Password stealing, key logging, sound > recording etc... I know I cant get too technical and if I do, I'll loose the > group. I think this demo would get their attention but was wondering if > anyone has done this before and if so, what did you do? > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
