 Hey folks, Adam DuPay here. I am an assistant professor at Arizona State University and one of the questions I get frequently from people is how do I get involved in security or how can I up my security and my hacking skills. So what I want to do is I'm going to kick off a series of me working through some war games that are available online but I first want to give an introduction as to what these things are. So the great Zardis who is Jan Szosiusz-Daszwili who is also an assistant professor at Arizona State University and who I work with very closely, he organized this great list of war games in this War Game Nexus GitHub repo. And the idea is that to develop and learn security skills we really need a place where we can practice our skills and so that we can get better because like I like to tell my students reading about the theory behind let's say a buffer overflow or some kind of vulnerability is one thing but actually taking that knowledge and putting fingers to keyboard is completely another thing and so if you want to get good at security and you want to really up your CTF skills working through these war game challenges are a great place to do it. Jan here has gone through and created a bunch of links to good challenges. One really good challenge that I'm going to start off with is and so some of these are kind of general if you've never used Linux before or you're very new to this I highly recommend going through Bandit. Actually I have my students in my classes actually work through these war games as part of a homework assignment so if that way they can get comfortable with command line skills. There's other and these are in the beginner categories you have Bandit and Leviathan but we're going to be playing and what I'm going to be working through is Poneble.kr so these are all various binary challenges. My background is much more on web hacking and web vulnerability so I really want to try to up my binary hacking game so I'm going to be working through these and I thought it'd be fun to record that and share that with you as we're going. So if you've never done this before you do need to have some background information. I actually highly recommend this book Hacking the Art of Exploitation. This is the second edition while it's not super modern you won't get all the crazy heap overflow rop style vulnerabilities. It's really good for describing the basics and really getting you used to understanding how to actually go about hacking binaries. So this is a great book and honestly it's not very expensive so I highly recommend it. Another resource that can be useful so I teach a graduate course at ASU called Software Security and so this course all of my my resources from this course are online so you can go through any of these slides that I have if the main one would be application insecurity this will teach you about how to break applications and I've also recorded all of my lectures here which are on this YouTube channel so you can go through and actually see me talk about and give lectures on how to go about exploiting these these services I'm also the little shout-out I'm a faculty advisor to the Pone Devils we're a CTF team and we like to compete in security competitions and with that I think I will end it so how do you play Poneables.kr it's actually really simple you you go to Poneable.kr which is a huge shocker you create an account if you don't have one otherwise you log in and it will tell you so you can see here I've already beaten the first six levels as I was playing through this what you do when there's a level you want to beat let's say with this first one you click on it it will show you okay mommy what is a file descriptor in Linux and so it will tell you to hey SSH this user FD at Poneable.kr on port 2222 and use the password guest so you copy paste this into a terminal and so this is a the other thing I highly recommend the password was guessed the other thing I highly recommend this is a Ubuntu 1604 virtual machine that's running on VMware locally on this Mac and so I always like having a Linux box locally so that I can test things with and mess with so here we can look and we can see okay there's an FD binary that is set UID of FD underscore Pone which means that this binary when we run it on this server will execute with the privileges of FD underscore Pone user and if we check out our ID we can see that we're ID this and we can see that there's a flag there so the flag so if we try to read the flag it'll tell us permission denied we can't do that the only user who can read it is FD Pone and root which means by breaking this binary we should be able to read this flag and then we should be able to cat out FD.C and so this will tell us and describe the C code that actually got compiled into this FD binary and with that I'm gonna leave it here because I don't want to give out any spoilers just in this introductory video so have fun and hack on