8/23/18

This week's Wednesday Evening Training: How to become a hacker! Introduction to (a bit of) security & hands-on hacking

This week's Wedneday Evening Training: How to become a hacker! Introduction to security & handson hacking

Have you ever thought of becoming a hacker? Or to find out how hackers manage to break into systems and/or web applications? This evening we got an excellent opportunity to experience this. One of our security experts, Vincenzo Corona, gave us a workshop to learn some hacking foundations and become familiar with some security best-practices.


So why hacking?

Security of information systems has always been an important topic. In the last decade, however, it even got more important. Since we seem to connect about anything to the internet (the web infrastructure is expanding rapidly) there are much more opportunities for hackers to take advantage of. Moreover: we get increasingly dependent to the internet in our daily life. So the business case for hackers is getting better every day. The more reason to give increasingly more attention to security.

And what better way for architects, sysops and software engineers is there than to learn to think like a hacker?

That is just what we did in this evening's training...

The best way to learn  is to get your hands dirty (figuratively speaking then). We built our own hacking lab using virtual machines and got our hands dirty with some of the most used hacking tools. Step by step we learned how to analyze the vulnerabilities of a target machine, to find and apply various hacking tools and methods and finally seizing complete control over the machine (root control). And this is exactly the way hackers work! It is amazing how much information you can get from a running machine! Even tiny bits of information can give you clues on weak points.
During the training we got plenty of opportunity to ask all kinds of questions on the operating system, working of webserver platforms and networks.


We are very enthusiastic on the way this workshop went. We wil definitely organize additional workshops in which we will explore more advances hacking scenario's. There are plenty of idea's for that, e.g. hacking an IoT infrastructure (in other Wednesday Evening Trainings we are already experimenting a lot with devices like the Raspberry Pi, Arduino and WittyCloud). We will also be paying attention to the countermeasures, both on infra / configuration and software engineering. There are many measures you can take to secure platforms and applications (safe and secure programming). It is a continuous battle, and that is why it is all the more important to keep up.

Thanks Vincenzo, for sharing your knowledge with us! And we look forward to the next sessions!

Resources

No, I'm not going to share links to hacking tools :)

Instead, I'll give you a link to the OWASP site: https://www.owasp.org
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas.
What you will find on their site is, among many other topics, are:

  • Common types of application security attacks
  • Guides, e.g. OWASP Guide to Building Secure Web Applications and Web Services, a Testing Guide
  • Articles specifically about performing security penetration testing on web applications and web services

A site well worth to visit!

To get started, you'll also need a virtual machine. You can download one at https://www.virtualbox.org/.
VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 2. See "About VirtualBox" for an introduction.

Past Wednesday Evening Trainings

You'll find post of previous sessions here: https://www.linkedin.com/search/results/content/?keywords=%23wednesdayeveningtraining

If you wonder what happened with last week's Wednesday Evening Training: it just went on. In our CoZone our Wednesday Evening Training community had a "klusavond" on various topics. I, however, had a workshop abroad in the German Harz on gastronomy.


Next week's Wednesday Evening Training

Next Wednesday Evening Training, we'll have an introduction to Quantum computing and we'll experiment with the Microsoft Quantum Software Development Kit (Q language). Can you imagine? Solving problems with a speed of light?


#wednesdayeveningtraining #capgemini #werkenbijcapgemini #lifeatcapgemini #security #hacking

No comments:

Post a Comment