Cybersecurity Hacking Topics

This month I taught a cyber security class that had two sessions, each a week long. In both of them we went over the topics listed below…

  • Setting up a virtual machine
  • Booting a Linux distro designed for penetration testing/hacking (Kali-Linux)
  • Using an external wireless card (TP-Link TL-WN722N)
  • Putting the wireless card into monitor mode with airmon-ng, scanning for networks using airodump-ng
  • Capturing WPA handshake by death all devices
  • Navigating Linux filesystem and starting Fluxion shell script
  • Using pyrit to check a WPA handshake and hostapd to spoof/duplicate a network
  • Using SSL and launching a webserver in the background to capture passwords/check them against the handshake with aircrack-ng
  • Scanning a network to see all available devices with cSploit and nMap
  • Performing Man in the Middle attacks and session hijacking with cSploit, NetCut, and Network Spoofer
  • Different types of network security – WEP, WPA, WPA2
  • Dangers of keeping WPS enabled on your router
  • Password managers and their importance to keep you safe online
  • Security patches and update to safeguard from viruses and ransomware
  • Router settings (often 192.168.1.1) and changing its default password to something more secure
  • AdBlock and HTTPS everywhere extension to avoid insecure connections
  • Importance of backing up computers in case of hardware failure or virus attack
  • Creating a guest SSID in order to create a wall between personal devices and foreign devices
  • Updating all browsers to newest version to not be vulnerable on the web
  • Importance of 2 factor authentication on main accounts
  • Identifying and avoiding phishing attempts
  • Using a VPN on public WiFi networks
  • DNS and what its used for
  • How to setup an alternative DNS service (OpenDNS) and block/filter certain content and sites
  • Changing router settings to replace DNS and add port forwarding or blocking
  • Using Wake-On-Lan to turn on a PC remotely
  • Using the Metasploit framework to deploy a Trojan APK to an Android device
  • Setting up a reverse HTTPS listener and waiting for the app to connect to launch meterpreter
  • Using various meterpreter commands to control the device remotely
  • Using the Metasploit GUI, Armitage in order to run exploits against other machines
  • Hail-Mary attack to try all possible exploits to gain access to meterpreter
  • Learned about online anonymity through Tor onion routing protocol and the use of online decentralized cryptocurrency
  • DDOS and DOS attacks with LOIC (Low Orbit Ion Cannon)
  • Brute force online logins with Burp Suite

I think it was a rewarding experience for me as a teacher and I hope I inspired more kids to take on ethical hacking.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s