Learning Outcome 1: Ethical Hacker
Download the complete set of exercises from the body of knowledge
How did You obtain Body of Knowledge about the involved subjects?
Ethical Hacker is the first and only learning outcome which is focused on the attacking part of cyber security: red teaming. Throughout this phase, I had to do the BoK documents and do phases 0 and 1 of the team project, along with the personal vulnerability investigation.I have gained knowledge on the matter by studying the subjects in order to be able to complete the body of knowledge exercises. The BoK document is where i first applied this knowledge and practiced with it. Throughout phase 1 of the project i created the necessary documentation for a penetration test. I have further applied my knowledge by working on the personal vulnerability investigation. How did you apply your skills in the project?
Due to an unfortunate set of circumstances, we were not able to finish the phase of the project concerning the ethical hacker part. However, we managed to demonstrate the sufficient level of knowledge through the BoK documents and the work we have achieved in phase 1, as said by our teacher. Me and my team have managed to get in contact with two companies and make a certain level of progress with both of them. We have created clear and concise documentation, such as the project plan, pentest plan, and pentest agreement. The pentest plan contains clear planning and task division, with each step of the future penetration test having an assigned time slot and person(s) who would work on it. What have you learned considering this Learning Outcome?
I have learned plenty of ways to attack a system, and also the fact that most systems are way more vulnerable than I initially thought. I have learned new ways of attacking a system, such as cross-site request forgery, wireless hacking, password cracking, network sniffing and spoofing, but I also worked with familiar concepts, such as SQL injection, and cross-site scriptng. In my opinion, Ethical Hacker is by far the most interesting learning outcome and I really enjoyed doing the exercises related to it. What are you proud of?
I am proud of the way I worked on an individual level, where, despite a slow start, I mobilized very well and managed to finish everything ahead of schedule. Despite the fact that me and my team were not able to complete phase 1 of the project, I can say that I am proud of the way we communicated and worked until the companies stopped replying to us. Which aspects do you want to develop further?
Out of all the chapters of the cyber security semester, the ethical hacker part is the one I want to develop further the most, because I liked it the most and since I am doing a lot of web development, it can help me create better defenses, now that I know the main forms of attack. I would like to go deeper into topics such as password cracking, or CSRF for example. What will you do differently next time?
I do not think I would change my approach on an individual level, because everything worked really well in that regard, but I would change the way I managed the team project. Having been always proactive, professional and communicative before, I was expecting to carry on with this trend in this project as well. Unfortunately, this was not the case. I became passive and only waited for the project leader to assign me tasks, which I would always fulfill. Whenever I wanted to come up with an idea or to suggest a different approach, I would either be completely quiet about it or just mention it briefly. This has never happened before and after this experience I will make sure that it will never happen again. What grade would you give yourself on the corresponding Learning Outcome?
This has been the largest learning outcome in terms of length and number of exercises. While the group project work did not go according to plan, we still have some progress there and we achieved to demonstrate our knowledge. On the individual side, I managed to get positive feedback for both the BoK documents and the personal vulnerability investigation. Overall, I believe that an S would be the fair grade.