Hacker Mindset Workshop

Hacker Mindset Workshop

If your organization uses applications, platforms or infrastructures, attackers will try to find ways to exploit them. Understanding how attackers think, what they look for, and what systems can be made to do, is an important step towards protecting your assets. In particular developers and IT staff should be aware of how hackers think.

During the Hacker Mindset workshop, a guided, hands-on, technical session will be held where participants will be attacking a vulnerable application. Part frustration, part exhilaration, as these are both key elements in what drives hackers and will help you understand why hackers do what they do. We start with a vulnerable web application, and end with total control over the web server by compounding small design mistakes, vulnerabilities, and misconfigurations.

Why should you attend?

• Learn to spot small points of interest within applications that support compromising a system
• Learn how to think like a hacker
• Understand the difference between a black hat hacker and an ethical hacker

This is a very interactive workshop with lots of exercises, demonstrations and quizzes to support effective learning.

Who should attend?

This training is suitable for:

• Developers
• General IT staff
• Security management staff
• Non-technical staff with technical affinity
  

Required Skills & Expertise

This workshop is suitable for any skill level; some basic understanding of how typical websites are built up is useful. The workshop will be adjusted to the audience. Bring your own laptop to the workshop, the only ‘tool’ that we will use is a web browser. No specialized programs are needed.

Program

The duration of this training course is half a day.

12:30 Introduction to the trainer

• Introduction of the trainer (an ethical hacker)
• Walkthrough of the agenda

12:45 Think like an attacker. How do you do that?

• The training will take the participants along for a trip into his way of looking at systems.
• What are hackers looking for?
• What does it mean to take a different approach?

13:00 Common vulnerabilities and how these can be exploited

• The trainer will show several common vulnerabilities that can be found in (web-)applications.
• Multiple attacks and variations will be shown and discussed.

13:30 Demonstration: "From pop-up to system compromise."

• The trainer will demonstrate how a seemingly small issue can have a large impact.
• The goal is to create awareness and to demonstrate how 'realistic' such an attack is.

13:45 Variations on attacks and combining pieces

Most applications these days have a proper security baseline. Most frameworks help the developers to build safe applications. The training will demonstrate how you still can use small vulnerabilities to generate significant risks that jeopardise the entire application.

14:00 Coffee break

14:15 Hands on: Hack and attack the training lab

• The participant will experience firsthand what it's like to hack. Both the frustration and the excitement will be dealt with as these are essential elements in what drives hackers.
• Under supervision, the participants will hack a purpose built (vulnerable) environment especially developed for the Hacker Mindset Workshop.

16:15 Explanation and detailed walkthrough of full system compromise

• In a detailed walkthrough, the trainer shows how to go through the environment with a hacker's mindset.
  
• The purpose is to convey the Hacker Mindset and the way of thinking.

16:30 Wrap up with questions and answers