← back to workshops

Ethical Hacking (Intro to internet concepts)

This unique workshop is designed to teach Internet concepts from the perspective of a hacker. Be assured that this workshop is not about black hat (bad) hacking! Everything shown is well known and common knowledge to professionals who work in IT.

We setup an environment that is safe and isolated where we can run a number of network analysis tools. Before we dive into all the tools and goodies we work through a large number of concepts that relate to networking infrastructure. We use tools such as nmap, Angry IP Scan, hping3 to help reinforce concepts and further engage students.

We setup virtual environments that run applications such as Darn Vulnerable Web Application that have purposefully been designed to be hacked. We'll have some fun pulling these apart and understanding the concepts behind it.

At the end of the workshop we hope to our students pulling apart the plot lines in almost all Hollywood hacking movies.

Ethical Hacking (Intro to internet concepts)

The term workshop structure will follow the topics below, whereas the school holiday event will cover these in less detail:

Week 1:

What is ethical hacking? Why is it important?

Network fundamentals

  • IP addresses
  • DHCP
  • Ports
  • Firewalls
  • DNS
  • Routers
  • Ping
  • Proxy

We learn the typical approach of hackers, how they try to enumerate all of the hardware in an environment and build a picture of systems.

Week 2:

The theme for this week will be 'Checking for live systems and open ports'. This will help cement our week 1 learning.

We will run tools such as nmap, Angry IP Scanner and hping3 on a virtual network to learn about the machines and devices we have connected up.

We will cover the differences between TCP and UDP and how the three way TCP handshake works (and where it's weak).

Terms covered this week include:

  • IDS
  • Spoofing
  • OS Fingerprinting
  • DDos

Week 3:

We move into web application vulnerabilities, where we setup a web application that has been designed for hacking. We cover topics such as

  • Databases (SQL Injection)
  • Query string manipulation
  • XSS (cross site scripting)
  • Cookie poisoning

Terms covered this week include:

  • 0 day
  • untrusted data
  • Cookie
  • TLS / https

Week 4:

Our final week moves onto the topic of system hacking.

The terms covered this week are:

  • Escalating privileges
  • Rootkits
  • Keylogger
  • Spyware
  • Randsomware
  • Backdoors