← back to news

Ethical Hacking Workshop

We have had a great start to the year, in term one we introduced a new workshop called 'Ethical Hacking', which was really designed to be a combination of introduction to Internet infrastructure and online safety.
It was a fun workshop and some of the highlights include:

  • * Using two virtual computers networked together, we introduced a 'Man in the middle' that could intercept Internet traffic that wasn't encrypted, our students could easily see the username and password that they typed into the websites.
  • * Using the 'Man in the Middle' we could fake out the DNS request so that we could trick the user into loading a fake webpage instead of the real one.
  • * We learnt that software has bugs and issues that can create a vulnerability, these vulnerabilities should be reported back to the software maker in a sensible way so they can be fixed. If the software maker doesn't fix the problem then it is published online so that everyone can be made aware of the issue and take action to reduce the risks of using the software. We used our virtual machine to install some vulnerable software and used a tool called Metasploit to 'exploit' the vulnerability. We saw how easy it was to take over a computer once its was compromised.
  • * We saw first hand how users can be tricked to download software from the Internet. We used a tool called 'BeEF' to 'hook' a user's browser. Once hooked we could make the webpage look like it needed them to install software updates. We saw how easy it is to embed code into these files that would initiate a reverse connection back to our server. We explored how to recognise these types of attacks.
  • * We discussed how various online scams work and examined real emails to determine if they were likely to be a scam or real. We discussed how banks and reputable organisations will never ask for personal information.

Overall it was a great workshop, looking at Internet safety from a hackers perspective is a great way to stay engaged and learn about cyber saftey. We are looking at doing a shorter version of this workshop in the April school holidays.