“Life is a journey, not a destination.” —Ralph Waldo Emerson. Opening with this quote, on May 1st, CyberClass held an exciting workshop on Computer Networking—or how data gets from one computer to the next! Participants began by understanding what a computer network was, and why it is necessary. We then introduced the OSI (Open Systems Interconnection) Model, focusing on the Application, Transport, Network, Data Link, and Physical layers. We then conducted an interactive activity where participants simulated the different OSI layers in a network by formatting and transferring messages between breakout rooms. Following this, we introduced IP (Internet Protocol) and explored the function of IP addresses. We then talked about routers, how they direct packets of data, the usage of routing tables, and routing protocols. We ended with a brief discussion of familiar places computer networking can be found in, such as your home router, and how networking is behind the scenes of virtually anything we do on a computer!
On April 10th, CyberClass held a hands-on workshop on Linux, where students explored the basics of this versatile operating system. We began the workshop with background information on topics such as open source, the graphic user interface, what an operating system is, and what Linux is used for in cybersecurity and other fields. Students where then introduced to the command line interface, which we explored by trying simple commands such as "echo" and "yes". We then learned about basic Linux file system navigation commands and file permissions, then applied what we learned to creating a simple Bash script.
On March 27th, CyberClass students joined us for an exciting workshop on classical cryptography. Students began by solving a series of anagrams, from which we developed an understanding of the concepts of transposition ciphers. We then demonstrated encryption using an Ancient Greek tool called a scytale, and students encrypting and decrypting messages using the scytale cipher on their own! We then introduced more transposition ciphers, such as the rail fence cipher and the columnar transposition cipher, and practiced by encrypting and decrypting unique code names for each member. We concluded the workshop by exploring the use of transposition in modern day cryptography.
On February 27th, we held our second introductory workshop on web exploitation! We started out by discussing HTML, CSS, and JavaScript, then went over how to view source code of the website. Students were challenged to find secret messages hidden inside the source code. We also learned about web crawlers through an entertaining Wikipedia game, where we simulated the behaviors of web crawlers! Finally, we learned about HTTP cookies and concluded the workshop with an interesting hands-on SQL injection.
On February 15th, we hosted the Computer Malware Workshop. Throughout the workshop, students learned about different types of malware, or malicious software, and how each of them infected and affected computers. We also explored several examples of malware throughout the history of computer science and their impacts. Finally, we ended the workshop with advice on how best to protect our own computers from malware.
On December 29th, we held our last workshop of 2020 — the OSINT (Open Source Intelligence) Workshop. We began with an introduction to search engines and how they operate. Participants then learned how to use search engines to effectively search the web, through methods such as reverse image searching and advanced search operators. We then played a Googling game in teams, in order to apply what we learned. Afterwards, participants were introduced to common OSINT techniques, as well as the importance of regulating how much information we release onto the Internet in order to defend against malicious actors who may be applying OSINT. We finished with an OSINT activity, where participants were challenged to prove the innocence of a suspect given only a link to an image.
On November 25th, CyberClass hosted the Phishing Awareness Workshop, a workshop that was especially relevant, as students of all ages spent large periods of time online during the Covid-19 quarantine. Since user awareness is the best defense against phishing, we began the workshop by learning about different types of phishing, and strategies for recognizing and avoiding phishing attacks. Participants then took a phishing quiz, in which we attempted to tell whether emails and websites were phishing or legitimate. We concluded the workshop by discussing the consequences and next steps to take in case you do get phished.
On October 18th, we held the Cryptography III Workshop — the third workshop in our cryptography series! We covered the theory of asymmetric encryption and why it fixed issues with symmetric encryption, then learned about the basics of the RSA cryptosystem. We then used RSA to encrypt and decrypt secret messages! After a break, we studied certain insecure implementations of RSA and exploited vulnerabilities in those implementations using Python.
On September 6th, CyberClass students joined us for our Password Security Workshop! In this workshop, we first went over elements of a secure password, such as complexity and length. Next, we explored how passwords are stored securely, covering hashing algorithms and their characteristics. After a fun skribbl game to review key terms, we continued with hash salting and then a demonstration of password cracking in real time.
"Jasoninabin" Steganography Challenge
"Transcontinental Railway" Cryptography Challenge
"Meinkraft" Web Exploitation Challenge
CyberClass hosted CyberClassCTF, an ethical hacking competition created in the popular format of a "Capture the Flag" competition. CyberClassCTF was a beginner competition, with challenges targeted at those who were new to ethical hacking or wanted to explore cybersecurity. It was open to all elementary/middle school and high school students. Over 100 students from across the country competed within 55 formed teams split in three divisions, Elementary/Middle School Division, High School Division, and Open Division. There were a total of 48 challenges across the categories Cryptography, Binary Exploitation (Pwn), Reverse Engineering, Web Exploitation, and Miscellaneous. All problems and their and writeups (solutions) can be viewed on our Github.
On August 11th, we held our Python in Ethical Hacking Workshop! In this workshop, we first introduced basic Python, including variables, lists, and functions! Throughout the workshop, students were challenged to solve problems by writing programs in Python to reinforce their understanding of the material learned and explore the language. To wrap up our workshop, we wrote a script using the Python pwntools library to exploit a buffer overflow vulnerability we introduced in our Binary Exploitation Workshop!
On August 4th, we held the Computer Forensics Workshop! We started off with an introduction to steganography, the art of hiding secret messages inside of images. We then challenged students to solve their own steganography challenges! We also introduced file formats and extensions, including how to fix file headers. Next, we introduced packet capture with Wireshark, in which students analyzed network traffic in order to extract useful data, such as packet length and source IP address, as well as another hidden message!
On July 28th, CyberClass students joined us in the Cryptography II Workshop, which was the sequel to our very first workshop! In this mystery themed workshop, students were tasked with decoding a series of secret clues throughout the workshop, engaging them through fun hands-on activity. We began with an introduction to different number bases and their uses in computer science, then explained ASCII and base64 encoding. After a break, students learned about logic gates and XOR in cryptography.
On July 21st, we held our first Web Design Workshop! In this workshop, we first reviewed the three main components of a website: HTML, CSS, and JavaScript. Next, we introduced several different types of HTML elements—such as paragraphs, headers, images, tables, and lists—and practiced using them on our own websites! We then added style to our websites with CSS, including colors, fonts, and borders. Finally, students were given time to independently develop and design their own websites, then display them in a gallery walk, where they were able to gain inspiration from other students' work.
On July 14th, we held a particularly challenging workshop on the basics of binary exploitation! We started off with an introduction to computer architecture and assembly language, focusing on special purpose registers and the stack. Students were also challenged to interpret assembly language and follow basic operations performed on the stack. Next, we studied how buffer overflows work in theory, then attempted two such exploits of our own: we overwrote local variables, and even changed the flow of a program. To finish off this workshop, we played an exciting and competitive game of Kahoot!
On July 7th, we held our Linux Workshop for over 30 young students interested in cybersecurity and computers! The Linux operating system is a foundational piece of cybersecurity and ethical hacking. During this workshop, we learned about what Linux is, who uses it, and what's fantastic about this operating system: reliability, security, and most of all, how it is open source. We went over commands for navigation of the Linux file system, and wrote a simple bash script to print a line of text. We then covered file permissions and learned essential commands like grep and sudo. We ended with a fun easter egg: aptitude moo. It appears that it does not work...?
On June 30th, over 30 students with an interest in cybersecurity joined us for the Web Exploitation II Workshop, which was Heroes of Olympus themed! In this workshop, the sequel to our first workshop on web exploitation, we ventured into more advanced topics. We started off with some review of the content covered in the previous workshop, as well as a warm up challenge on basic SQL injection. Then, we dove deeper into how SQL really works, and attempted more advanced SQL injections. We also discussed website template engines, their possible vulnerabilities, and how to exploit them. Students were challenged to exploit a vulnerable website and extract confidential information using a server-side template injection. We then went over JSON Web Tokens, their structure, and their usage. We finished off the workshop by doing a quick open-Internet "trivia," to show that knowing how to google for what you want is a skill in cybersecurity.
On June 23rd, CyberClass students joined us in the Java Workshop. In the first half of the workshop, we covered the basic building blocks of any coding language, including concepts such as loops, booleans, variables and if/else statements. Interactive problems were scattered throughout the workshop, such as one where students were challenged to write their own solutions in java for finding the number of squares in the 20th stage of a repeating pattern, which could be done using for loops and if/else statements. We then explored how java programs could be reverse engineered if we understood the code. To try this hands-on, students were given programs and asked to manipulate the code so it produced a specific output. To end this engaging workshop, we played a game of jeopardy on Java and Despicable Me trivia!
On June 16th, we held the online Web Exploitation workshop! In this workshop, we started out by discussing the three main parts of a website, HTML, CSS, and Javascript. We then went over viewing source code and comments in each of the languages, and did two challenges where students were asked to find the "flag" hidden somewhere in the website. We also learned about web crawlers and tried a simple hands-on SQL injection, then talked about HTTP cookies. Overall, we had a great time doing engaging interactive challenge problems as we explored the basics of web exploitation together.
appleappleapple
On June 9th, we held a workshop on Cryptography. This was the first of our weekly summer workshop series, meant to promote youth interest in cybersecurity. The workshop was open to 5-8th graders. During the workshop, we took a trip through history, starting with the oldest and simplest encryption: the Caesar cipher. From there, we talked about the importance of encrypting, from encrypting ancient battle plans, to encrypting today's everyday text messages. We introduced the substitution cipher, showing the encryption process and asking students to try encrypting a word by themselves. We then talked about the weaknesses of these ciphers such as being susceptible to letter/word frequency and dictionary attacks. Vigenere was also introduced as well as the concept behind RSA, the encryption used all over the world today!