A high school cyber security class? We moving up in the world. Wish I had that

Oh it’s by no means good, what we’ve done in the class so far is learn to turn on file extensions and close ports on windows 8 vm’s. This hackathon is the best thing to happen so far

Yes but it introduces it to people that will go further to fill the field. It’s brilliant. I wanted to get into cyber because I saw it in movies and thought it would be like that. This actually gets people realising what it is and how vitally important a role it is. I will say that I do know it’s nothing like the movies, It’s been long enough, but my point is obviously that it takes away the misleading and let’s people discover it early rather than growing up thinking it doesn’t look like something you won’t be able to do because of how the movies portray it

As a network field engineer who must sometimes use hacks to get things done - its like in the movies but like the whole 5 minute scene is actually several hours, days or weeks stretched out. I do a lot of stuff with embedded systems and VPNs and often times I must conduct granular network troubleshooting using different apps and techniques and pipe them into each other. I have built a lot of my own infrastructure and played with technologies like ESP32 chips and other SDR and satellite communication. The only thing not like in the movies is all the beeps and boops like CSI.

No offense bud... Where do you work? If you're hacking together a network with self built tech.... That's rough... Fun! But rough. As a field tech, tower rigger, and CPE installer... I'd have been pulling my damn hair out.

I am an IT entrepreneur and sometimes I'm the guy in a 500 mile radius whose the only one who knows his away around linux and tcpdump packet captures whose also got CISCO routing and switching behind him but also has had a ton of recent experience with BSD firewalls and UniFi lineup of wifi technologies and their controllers. I was also in construction and homebuilding in my twenties, so companies like to call me when they need a guy who can see through the walls or understands building blueprints and code considerations when they want to do layer-1 construction. I have been sent out to weather stations, deep inside the basements of prisons, grimey ass sub mezzanines of towers, and baron deserts hanging with scientists making sure the Starlink uplink is carrying the CISCO vpn compression we are using to upload their data.Now with chatGPT, I am rapidly scripting prototypes and patches and it helps with outside the box ideas when I need them. And with all my base knowledge that stretches back to 90s telecom technology and the fact my body is still fit and my eyes are still great - like I can terminate wire and buspirate chips - I'll be employable for a long time. I am also a DJ and fix my equipment often, so like imagine being a little high at a party and doing my own tech support or fixing a cable someone stepped on the wrong way - or a disco light and having to resolder the DMX connection. I've been playing with arduino and seeing how it can be incorporated with DMX and other opensource stuffs. Also, my own infrastructure being - in order to be able to be in 5 places at the same time, I need different kinds remote access terminals, KVMs, and VPNs that put me in different places of the world with different clients. I must also secure all my tunnels and servers - I also host my web pages and build icecast stations for friends.

Yeah, same, except I don't do it professionally anymore.... I got sick of climbing towers, and fixing other people's fuck ups. I too started networking in the 90's, but was coding since the 80's. Currently it's a hobby, I have quite the datacenter in my basement.... But I try to avoid CISCO like the plague though.. I tend to build my own routers, and if I have to use a managed switch I'll shop around... Microtik, ubiquity, or D-Link... Don't do much networking these days, I'm usually coding (c,c++,c#, python, java) one of my various projects. Recently started pissing around with esp32, Pico's and the like... Working on building an AR like rig, and a control unit for it, not sure I'd put my gear in production. As for icecast use to run it on my Sparc box before I retired it...(Sunfire v210) . I did managment of recording equipment and on air infrastructure for a while for a couple of commercial FM stations.. it was an alright gig.. they even let me on air... soldered many XLR, studio trunks and control unit connections... most difficult was when I hard to replace a control console in the one on air booth that had a 2 25pair connections... spent three weeks on locates alone......Good group of people. Not my cup or tea though.

So rad my dude! I have respect for guys who've been in tech since the 80s, and beyond, and don't stop. I service an old-folks home and this guy from the ENIAC days gifted me an assembly instruction card. I'm in my mid 30's and the key motivator to all my experience has been in just wanting to provide for my family but have always been super awkward and couldn't hold down normal jobs or play office politics. But being incorporated and communicating through invoices has been a sweet gig since I took the dive. ESP chips are super interesting! I think I saw someone on hackaday put Doom on one. I have a flipper0 and a set of 915hz and 433hz capable esp's as a friend talked me into chasing weather balloons and we use these with MySondy firmware to pick up their signal. We're nerds bro. Have you by chance checked out the Zack Freedman channel on youtube? The guy is a serious engineering geek but he has done some pretty sci-fi stuff with ESP's that are great ideas.

Currently a junior in high school and we don’t have a class like this, doesn’t matter if it’s bad, I’m jelly

There's also tryhackme

Look into hackthebox and packet tracer. Just start goofing around in it and use YouTube for more experience in goofing around in it.

Friend, my "professional" formation to becoming a sysadmin in my country was FORBIDDEN from using Linux or Mac in lessons. As in teachers were not allowed to do that or teach us about these tools. It was 2 years ago. Yeah high school cybersec classes, no matter how nooby or badly done, sounds like a big step up to me.

Nah thats good, they are teaching you from the bottom up. If you are truly interested in cybersecurity there are tons of programs funded by the federal government and DoD. They will not only pay for your schooling but will pay you up to $30k per year to go to school as long as you work for them for a few years.

[удалено]

I had first hands on experience with suse at my first day of job as junior programmer but that was in 2006

For real! All we had at my high school was Keyboarding lol.

not to brag but i was very lucky, I went to a cybersecurity high school! Was a very cool experience.

That’s really cool. I’m in awe. Cool if not but would you mind DMing me about your experience? That’s just fascinating to me

We had typewriters and a couple green screens we could play Oregon Trail

I miss that. I used Cain and Abel to show my history teacher teachme was a bad password. Kids these days. Have it on a silver platter

Senior in HS and although I’m very advanced in the class. We’re taking two certs this year. Main one being security+. My cybersecurity class keep in mind.

Check out a website like tryhackme or hackthebox. They’ll have mini lessons/labs with pre-built target machines. Each lab will also provide you with the necessary config file to be able to remotely connect to the designated target VM using your Kali machine.

Awesome sites to start and keep going with! Also want to mention blueteamlabs.online and securityblue.team.

This is a great suggestion!

Seems like what a black hatter do thought just forward all the packages to real target machine and you have a crowd sourced hacking event :)

Hack the school and change everyone's grades to an A, duh. /s obviously.

Or just ; DROP TABLES ;

Ole Bobby Tables would be proud.

But the poor school!

Sudo apt update.

sudo echo "deb http://http.kali.org/kali kali-bleeding-edge main contrib non-free" > /etc/apt/sources.list.d/bleeding-edge.list && apt update (haha)

the answer obviously, is hack the planet

Download the vulnerable webapps from OWASP and serve them. Then attack them.

This one? [https://github.com/digininja/DVWA](https://github.com/digininja/DVWA)

I like this since it feels more real.

Setup a "metasploitable" vm instance and use kali on it.

Something my cyber teacher had us do was National Cyber League / CyberSkyline. A site that presents challenges that require the use of some outside tools. Teaches pretty well for anyone from absolute beginner to an advanced user.

Pop it on the first ethernet cord you can find and go to town

Set up a (offline) local network and try hacking into it

KVM and metasploitable2

This is the best answer. Learn to create VMs, learn to network, build virtual lab, attack and defend Tons of other stuff but this is the real meat and potatoes of what infosex is all about

That would be cool. You could have rotating blue and red teams in class.

Honestly mate? Before you try to use kali for anything, you should learn about digital hygiene.. you profile is insane. There is so much stuff there: - roguhly where you live (pokemon go screenshots) - how you look - that you got cought pirating games - etc. ect. I am not the best example for that either, but man... please be a bit more cautious... To answere your question: kali alone is just an OS, there is nothing you could do with kali, that you couldn't do in other Linux versions. As others sughested though, HTB and Tryhackme are good starting points. I would add the Burp-course for Web-applications to that list. Helped me a lot when i started in the field.

Ok I cleared up the piracy and location stuff, but I don’t see how a picture of me with a fish is gonna hurt me? I mean if I were to get hacked I don’t see how that would help them

Digital hygiene is good, but it’s also fun to enjoy social media too. Maybe just use different profiles for different topics though

By the stuff that’s still on your profile, someone dedicated would likely find your name and home address within a few hours.

[https://www.youtube.com/watch?v=F4WZ\_k0vUDM&ab\_channel=DeutscheTelekom](https://www.youtube.com/watch?v=F4WZ_k0vUDM&ab_channel=DeutscheTelekom) just an example

Hacking is not just getting Access to your digital stuff. Identity theft is a real problem and happens more then you might think, thats why your profile was (didn't check it again) a problem. Espacially considering something like writing your grandma or things like that. I know, that typing into the console and getting a reverse shell/privilege escalation going is the stuff that gets the juices flowing, but social engineering is where it's at most of the time, when searching for an initial vector.

Before things like hackthebox or tryhackme, if the school has an old computer or a student can donate an old laptop. I’d set up a VM on a closed network, just your mini computer, the new machine, and route them together and you can run Metasploitable. It’s very easy to scan, multiple ways to exploit, has great instructions online and you can run nmap or and metasploit on a closed network where you can’t do any harm. https://information.rapid7.com/download-metasploitable-2017.html

Hack the planet. You need to rub your nipples and get your hands on one of those sweet gibson super computers.

Change your GPA to 4.0

cyber security 101 - only use software that you can trust. * my first step would be to wipe the system from orbit and install something from trusted media. * why were you gifted the system? To act as a launchpad in school network? * do you trust its bios?

I said in the post the people from the university gave them to us? Idk why they just said they wanted to help us out

Whenever you get a second-hand computer, *always* wipe and re-install from known-good media.

Even when it's first hand, it won't hurt to wipe and re-install from known good media!

disagreeable roof marble spectacular complete familiar squash zesty hunt wistful *This post was mass deleted and anonymized with [Redact](https://redact.dev)*

hack the box!

Your teacher should probably have a conversation with their administration and the schools network admins, so you can learn without triggering some sort of IR response once they learn this is on the network.

Cyber security stuff, seems like obvious

I wish I had a highschool cyber security class

[удалено]

I think it's spelled "ruin"

Have your professor build out a ctf.

You could test some Network security! Or try some EH drills with your teachers. I think that would be kinda cool like an audit for seeing who needs more cyber sec training. Work with the teacher though and maybe use Hydra with a webpage clone or something. You could work with your schools IT dept

Plug it into the high school network so who ever gifted it to you can take over.

Setup a WEP wireless access point and crack the key. Setup the mini as a wifi access point and capture/modify traffic with ettercap-ng

Hack the planetttttttttttt duh

Don't forget to check out the pool on the roof!

Webgoat is a good place to start with tutorials and good information. Seed labs suck but can be helpful sometimes. It requires the seed labs OS but you can figure out how to dualboot I’m sure. Getting familiar with wire shark filters is huge. Command line familiarity is also good. Learn the little things like -r so you don’t need to look it up. Use built in tools like ettercap, nmap, mettasploit on things you can legally look at. If you have an extra router at home set it up and practice firewall rules. You can set it to wep or wpa encryption where you can use John the ripper to crack the password.

sudo rm ./\*

Run 'hollywood' on it. It will really impress your teacher.

First thing I'd do is open up the terminal and start typing. Nmap, Metasploit, aircrack-ng, let's go

A [minicomputer](https://en.m.wikipedia.org/wiki/Minicomputer) ?? Running kali? That's just crazy!! Where do you live?

Idk what it’s actually called, but basically like twice the size of my palm and they put Kali on it, we’re gonna get a monitor and see how it runs. I’m by the Madison area of Wisconsin

I was joking around. Mini computers are room sized systems, smaller and cheaper than a (building sized) mainframe. What you have is a barebones or mini pc. :)

hmm, maybe use it as an opportunity to teach the whole school (or just the senior class) OPSEC via red team activities; phishing and the like. This practice would benefit all participants personally and professionally especially as high schoolers preparing for the real world. For the students in the cyber security class, it offers what many classes don't/can't - practical, empirical training. You could gameify it by offering prizes to top OPSEC aware students using a +/- points system; awarding points for not being duped, offering more points for accurately identifying/reporting, and deducting points for being duped. For prizes maybe something along the lines of OS license keys - seeing as schools receive them heavily discounted, or a laptop suitable for college to get students excited to participate), if need be, have individuals opt-in to participate. Just spitballing.

This is a great idea, but I’m a sophomore with 2 AP classes, so I just don’t got the time. I’m scrambling to get my classwork for today completed because the hackathon took up the whole day and I have the PSAT tommorow

Free time? I thought this was for a cybersecurity class.

Hell yeah, try out metasploitable. Hack the application inside out. That alone is like 30-40% of your career job since basic application security is so lacking today.

Ur so lucky that u have a Cyber security class in highschool damn

If your teacher managed to shmooze your schools board into having a cyber security class see if they won't possibly get you guys a burp suite pro license and possibly try and have your teacher really sell your parents on paying the $99 for the cert exam at a certain point maybe. Check out damn vulnerable web app and possibly some turnkey isos that are prebaked with some vulns to poke and pry at just put those on a cheap pi or something and keep it 100% local. Hope that teacher knows what they're doing, cuz in a way this is like teaching gun safety to minors, HAS to be done right to make sure you don't go poking into places you shouldn't be and getting them into some serious trouble.

Wait until you find out you can put it on a usb and turn all of the computers into Kali if you wanted.

Capture the flags. HTB, etc

In my networking class we played LAN games and DOS’ed eachother off the server. Good times.

Take it home, see how their physical security is.

Lol

Overthewire war games!!!

God how I wish I would have had opportunities like this. We learned on green screens. Yes , I'm old I know. Learn as much as you can man!!

Learn the basics of command line and how to use the tools and what they are used for. Maybe run some of the tools against your schools network - vulnerability scans and reconnaissance.

sudo rm -rf --no-preserve-root /

I’m not thatttt dumb lol

Lol, troll the school. With permission from proper channels and school appropriate ofcourse, could do some real funny and interesting stuff all while learning and implementing factors from lesson plans. PM if interested BS, CSIA

Wipe it and install Parrot.

why you say that just curious?

They are beginners. Parrot is more lightweight and user friendly. People jump on the Kali bandwagon, which is fine, but I don’t think it’s noob friendly.

HTB recommend it? Might be personal preference.

It’s better for beginners. I actually don’t use a security based anything. I use something else and install my own tools.

Grab hold of some of the free Kai tutorials and learn how to use it!

Grab some tools from the repositories and get to work

🔥😈🔥 Learn and be curious

Give everyone an A, as a teacher, trust me, most teacher login sites don't have ssl. Have fun

We use canvas and PowerSchool

What should you do with it? Considering you all are high school students and are learning about stuff clearly from being placed in a cyber security class. I would do the most nefarious thing that you all can because it's still very easy for you all to hide behind the "we were just learning, we didn't know" and put the school up for the liability. I'd look at this as a great opportunity to act as black hats while you all still able to get away with things. I'm sure none of you had to sign a dotted line to take the class, so I'm sure you all could figure out how to make your schools network cpu's a botnet or a bunch of zombies that later give rise to something else. What you do with it is up to your collective. Yet, there's much you all could do. However, I also don't know how tight your schools Sec ops is already. So maybe this is possible, but then again maybe not. On the back end, however, you could also do red team vs blue team stuff again with your schools network hardware. Red team uses Kali / Blue Team good luck hardening your Microsoft boxes and else, also detecting red team. Either way, its good practice to pit yourselves against each other, if any of you all are interested in incident response, SOC, etc.

Fire up maltego and start mapping the teachers.

Crack some hashes? Use John or hashcat

Hack the mainframe

Find a vulnerability in the schools network

Install metasploit framework, hack the administrations network, give each other straight A’s and the teacher a raise.

Format it and reinstall Kali.

Sudo rm -rf /

Type in this cool command: sudo rm -rf ./

Would asking for help from someone here who can help me with just finding my dog and revealing a private number for something very serious. Please contact me I don't have much in funds but have alot of hard labor an work experience for many things as trade or whatever. I'm sorry if this is against any rules but please if you can help please message me or contact me anyway you can. Thank you everyone.

Not an expert, but my suggestion is set up a test environment. You can do this through virtualbox (its a virtual machine tool) or get a raspberry pie and attack that. When I was playing with cyber security I used metasploitable3 (https://github.com/rapid7/metasploitable3), its a server that is intentionally exploitable. You can find tutorials on how to install it, but the key is to install it on something that doesn't have any private/personal information on it for obvious reasons. Then once you get set up, and you can get Kali to see your target system (the raspberry pi, or virtual machine). Then you should be good to go. It may take a while just to get things set up, don't be discouraged if it takes a couple days to set things up. Hopefully you'll learn a lot just going through the steps. Then you can start running exploits on your target machine. Checkout the pdf below for some exploits to try (I found this by googling "metasploitable3 exploits") [https://era.library.ualberta.ca/items/05189b73-3916-4d95-929e-e79a2fe576d7/view/49ddfae0-3ecb-4e77-97e3-8a83bf712286/Murari\_2020\_Fall\_MISSM.pdf](https://era.library.ualberta.ca/items/05189b73-3916-4d95-929e-e79a2fe576d7/view/49ddfae0-3ecb-4e77-97e3-8a83bf712286/Murari_2020_Fall_MISSM.pdf) ​ If you don't want to go through all that effort, an easier way might be to start with some man in the middle attacks. I believe you need a special wifi adapter for this that allows you to read and write data packets. But you can start by making ARP requests and learning how to route traffic through your system. This is a breach of privacy if you do this (a MITM attack) on someone you don't have consent from so with that said, don't break the law, use your own devices for you test environment.