Giving a Presentation On Backtrack 5 To Master's Degree Students. Suggestions?

[intellikid]

Scenario : I'll be giving a Presentation to Students who've opted for a course on Master of Science in Info. Sec. (and opted Technical Risk Assessment as Choice). They're new to the course and have theoretical knowledge of networking and computers but not specifically attacks using BT.

Constraint : (I have limited time of 1 hour)

Question : As BT contains many tools, I'm confused about what to show them to get them inspired to learn deeper than the theory they're studying now. I want to make the presentation practical where I will show them the most-useful stuff on BT.

On the top of my head, I'm thinking metasploit framework basics, nessus (vulnerabilities), johntheripper (crackers), nmap (scanners), ettercap, snort, ollydbg (reverse Engineering)....etc

What do you guys suggest?

[fl3xu5]

IMHO, You're able to introduce the Basic and Concept the Pentest , BackTrack Overview , Then give a demo related to the metasploit framework use.

[darioq]

Keep it simple. Half of them will be sleeping by the time you talk about tool #12

The idea of walking them through an attack via Metasploit is very nice, but keep in mind that console input might be too small for a beamer (if that'll be your presentation medium)

I'd recommend telling a story. About a guy who got fired and how he will is planning to get back at the company by stealing some important source code. You could tell how he will break into the wireless network, scan for hosts and break into them. It's probably more interessting for them to see what all is possible than what are the exact names and arguments of the tools. You could finish off by talking about how that's about 2% of what you can do with backtrack and loosely talk about the other aspects (not tools) - breaking passwords, finding vulnerabilities etc. At any given time you could tell them that there are multiple ways to achieve a goal with backtrack. like getting an enumeration of all hosts via tool a,b,c.

If you are confident about a live demo, let one of them do it. Take your time and talk a guy through the process, show him what he has to do. That also gives you the time to slowly explain everything you're doing.

Hope some of this helps.
Have fun

[aerokid240]

Just a suggestion. Demonstrate the importance of using secure passwords or pass phrases that meet the typical security requirements, like length, alphanumeric with symbols, not reusing the same passwords, etc. I can see you demonstrating how easy it is to get windows hashes and then going on to cracking them with a tool like john the ripper. Now that you cracked a password, you can re-use that password to login to websites or other protected places. This should help clarify why you should never re-use the same passwords on the internet.

[longjidin]

i think better demo the simple but effective to the student like wireless hacking, sslstrip, ettercap, etherape, metasploit, maybe it will be inspired them to learn more deeply

[charonsecurity]

I did this to my sister to show her the importance of not using Open Wifi: While she was on facebook using her iPad, I simply hijacked her session using my phone ( I think the android app was called DroidSheep) and then posted a message to her wall as her. She was really impressed (shocked really) that this was so easy to do and couldn't believe it was possible. I explained to her, not only facebook, but Banking, Email, what ever she uses is at risk on an open network and never use it for anything other than simple surfing, and even that should be avoided. After that, she makes a point to make sure shes on a secure network.
Makes a great intro demo I think for any class Of course if that is done with a simple phone imagine what can be done with BT.