Never Ending Security

It starts all here

Workshops about I2P and TOR

Intro to Darknets: Tor and I2P Workshop
This class introduces students to the I2P and Tor Darknets. We cover setting up Tor & I2P, the basics of use, and how to make hidden services. We also go over case examples like Eldo Kim Harvard & the Harvard Bomb Threat, Hector Xavier Monsegur (Sabu)/Jeremy Hammond (sup_g) & LulzSec, Freedom Hosting & Eric Eoin Marques and finally Ross William Ulbricht/“Dread Pirate Roberts” of the SilkRoad, to explain how people have been caught and how it could have been avoided.

Download Slides: http://www.irongeek.com/downloads/into-to-darknets-tor-and-i2p.pptx
Download Video: https://archive.org/download/IntoToDarknetsTorAndI2P/Into%20to%20Darknets%20Tor%20and%20I2P.avi
Notes from video: http://www.irongeek.com/i.php?page=videos/intro-to-tor-i2p-darknets

Darknets: anonymizing private networks talk from Phreaknic
(Networks covered include Tor, Freenet, AnoNet/DarkNET Conglomeration and I2P)

This is a quick and dirty version of my Darknets talk from Phreaknic 2009, I hope to have a better version up soon. It covers the the basics of semi-anonymous networks, their use (political dissidence, file sharing, gaming and pr0n), how they were developed and what they mean to organizations. The main focus will be on the Tor, I2P, Freenet and anoNet Darknets, their uses and weaknesses.

Slides can be found here: http://www.irongeek.com/downloads/darknets-phreaknic.pdf and here: http://www.irongeek.com/downloads/darknets-phreaknic.pptx
And Slides from here: http://www.irongeek.com/downloads/darknets.pptx and here: http://www.irongeek.com/downloads/darknets.pdf

Cipherspaces/Darknets: An Overview Of Attack Strategies:
Darknets/Cipherspaces such as Tor and I2P have been covered before in great detail. Sometimes it can be hard to follow attack strategies that have been used against them as the papers written on the topic have been academic and abstract. What this talk will attempt to do is step back and give an overview of the topic in a manner hopefully more conducive to the understanding of security practitioners, giving more concrete examples. While little to nothing in this talk will be “new and groundbreaking” it should lead to a better understanding of how encrypted anonymizing networks can be subverted to reveal identities.
Live Version from Defcon 19.

Download Video here: http://www.archive.org/download/CipherspacesdarknetsAnOverviewOfAttackStrategies_700/CipherspacesdarknetsAnOverviewOfAttackStrategies.mov
Download Slides here: http://www.irongeek.com/downloads/Adrian-Crenshaw-darknet-weaknesses.pptx

Canned version.

Download Video here: http://www.archive.org/download/CipherspacesdarknetsAnOverviewOfAttackStrategies/Adrian-Crenshaw-darknet-weaknesses.wmv
Notes from the video can be found here: http://www.irongeek.com/i.php?page=videos/cipherspaces-darknets-an-overview-of-attack-strategies

Identifying the true IP/Network identity of I2P service hosts talk
Adrian Crenshaw, Blackhat DC 2011.

This talk will present research into services hosted internally on the I2P anonymity network, especially I2P hosted websites known as eepSites, and how the true identity of the Internet host providing the service may be identified via information leaks on the application layer. By knowing the identity of the Internet host providing the service, the anonymity set of the person or group that administrates the service can be greatly reduced. The core aim of this paper will be to test the anonymity provided by I2P for hosting eepSites, focusing primarily on the application layer and mistakes administrators and developers may make that could expose a service provider�s identity or reduce the anonymity set they are part of. We will show attacks based on the intersection of I2P users hosting eepSites on public IPs with virtual hosting, the use of common web application vulnerabilities to reveal the IP of an eepSite, as well as general information that can be collected concerning the nodes participating in the I2P anonymity network.

Article can be found on: http://www.irongeek.com/i.php?page=security/darknets-i2p-identifying-hidden-servers
Slides can be found on: http://www.irongeek.com/downloads/i2p-de-anonymizing.pdf and from: http://www.irongeek.com/downloads/i2p-de-anonymizing.pptx
Video can be downloaded from: http://www.archive.org/download/DarknetsAndHiddenServersIdentifyingTheTrueIpnetworkIdentityOfI2p/DarknetsAndHiddenServersIdentifyingTheTrueIpnetworkIdentityOfI2pServiceHosts-adrianCrenshaw-blackhatDc2011.mp4

Locating I2P services via Leaks on the Application Layer Project Proposal
While at Phreaknic 14 I did a quick lightning talk on my project to test the anonymity provided by I2P. Mostly I’ll be aiming at web server misconfigurations in eepSites. It starts getting fast at the end because I was running out of time (10 min is kind of short for the subject). Still, I hope it is a good intro to I2P, and my plans.

Slides can be downloaded from: http://www.irongeek.com/downloads/i2pproposal.pdf and from: http://www.irongeek.com/downloads/i2pproposal.pptx
Video can be downloaded from: http://vimeo.com/download/video:30589179?v=2&e=1287376079&h=3dc347c0c7bdaba87161f5e86a166d3f&uh=f4afcf834d3f6b50bab666fc1bc75195

Common Darknet Weaknesses
Presented by Adrian Crenshaw MCSE NT 4, CNE, A+, Network+. i-Net+ “Irongeek”
Ok, this talk did not come out quite as well as I hoped. I should be able to polish it more before Defcon
Darknets/Cipherspaces such as Tor and I2P have been covered before in great detail. Sometimes it can be hard to follow attack strategies that have been used against them as the papers written on the topic have been academic and abstract. What this talk will attempt to do is step back and give an overview of the topic in a manner hopefully more conducive to the understanding of security practitioners, giving more concrete examples. While little to nothing in this talk will be “new and groundbreaking” it should lead to a better understanding of how encrypted anonymizing networks can be subverted to reveal identities.

Video can be downloaded from: http://www.archive.org/download/AideSummer2011/aide3.avi

Cipherspace/Darknets: anonymizing private networks

Download slides from: http://www.irongeek.com/downloads/darknets-aide.pdf and from: http://www.irongeek.com/downloads/darknets-aide.pptx
Download video from: http://www.archive.org/download/AideWinterMeeting/aide8.avi

Installing the I2P darknet software in Linux
This video is intended to get you started with the I2P darknet software under Linux (Ubuntu 10.10 in this case). I’ve done a previous version that details installing I2P under Windows. I2P (originally standing for Invisible Internet Project) can be seen as a networking layer sitting on top of IP that uses cryptography to keep messages confidential, and multiple peer to peer network tunnels for anonymity and plausible deniability. While Tor is focused more for hiding your identity while surfing the public Internet, I2P is geared more toward networking multiple I2P users together. While you can surf to the public Internet using one of the I2P out proxies, it’s meant more for hiding the identity of the providers of services (for example eepSites), sort of like Tor’s concept of Hidden Services, but much faster. Another advantage I2P has is NetDB, a distributed way to let peers know about each other once initial seeding has occurred. Tor on the other hand uses it’s own directory to identify servers, which in theory could be more easily blocked. Both networks have their advantages and trade offs. This video won’t cover the details of I2P’s peering or encryption systems, and may seem kind of rambling, but it should be enough to get you up and running on the darknet. Welcome to Cipherspace.

Download video from: http://www.archive.org/download/InstallingTheI2pDarknetSoftwareInLinux/i2p-darknet-in-linux.wmv
Notes about the video can be found here: http://www.irongeek.com/i.php?page=videos/i2p-darknet-software-in-linux

Hosting Hidden Services in I2P: eepSites and SSH
Here is another foray into Cipherspace. In this video I’ll show how to get your eepSite up and running, along with pointing an HTTP tunnel to another web server besides the build in Jetty, and also how to host SSH inside of the I2P network.
I apologize for it being somewhat meandering, I was doing the video largely off the cuff. Also be aware that “Hidden Services” is more of Tor’s terminology for much the same concept, in I2P you set up “I2P Server Tunnels”.

Download video from: http://www.archive.org/download/HostingHiddenServicesInI2pEepsitesAndSsh/i2p-server-tunnel-eepsite-ssh.wmv
Notes about the video can be found here: http://www.irongeek.com/i.php?page=videos/i2p-darknet-hidden-servers

Advertisements

One response to “Workshops about I2P and TOR

  1. F1 2015 Download 27 May 2015 at 22:22

    I enjoy looking through a post that will make men and women think.

    Also, thank you for allowing for me to comment!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s