MCSS × GDSC: Intro to Cybersecurity Workshop
0 likes48 views
This document serves as an introduction to cybersecurity, outlining various industry roles such as SOC analyst, malware analyst, penetration tester, and bug bounty hunter. It discusses certifications, resources for learning, and practical exercises including a hands-on demo involving exploitation vulnerabilities. The content aims to inspire newcomers about the possibilities in cybersecurity while providing essential information on skills and learning pathways.
![EZ Linux Reference
● pwd - print working directory
● ls - list files in current directory
● cd [path]- change current directory
○ cd .. - go up one level
○ cd / - go to root directory
○ cd - go to home directory
● cat [filename] - print contents of file
Connecting to the Demo
● Visit your assigned http://34.130.93.18:port/ site (make sure you’re using http, not
https)
● If you find the flag hosted on the server, enter it in the discord server stage chat so we
know who won, we’ll contact you with your prize!](https://image.slidesharecdn.com/infosec1-230311045321-479d07d8/85/MCSS-x-GDSC-Intro-to-Cybersecurity-Workshop-29-320.jpg)
MCSS × GDSC: Intro to Cybersecurity Workshop
- 1. Hey Hackermans! Here is where you'll learn how to become a yourself!!
- 2. What are we learning today? While this is a beginner introduction to cybersec… we want to first inspire you by what you can do in the field of cybersecurity Industry Roles What can you do as a cybersec engineer? Certifications and Resources How you can learn/practice cybersecurity? (Certs, books, websites) Web Vulnerabilities OWASP Top 10 with examples Hands-on Demo! Exploit a command injection vulnerability (and win a $20 gift card 👀)
- 3. Recovery and investigation! Rewarding public to find bugs for you?? How do you make money though? 01 05 Which one's your favorite? SOC Analyst Detect attacks even before they happen… Malware Analyst Analyzing and reversing malware samples Forensics Bug Bounty 04 02 Penetration Tester Break through defenses before the hackers do 03
- 5. "an ounce of prevention is worth a pound of cure" - Benjamin Franklin
- 6. SOC Analyst Identify attack vectors Monitoring infrastructure Anomalies/suspicious activity over the network Response & Resolution Oh! you found something sus… time to fix it :) Potential places an attack can happen in your software?
- 7. SIEM ● Security Information and Event Monitoring Systems ○ Splunk ○ IBM QRadar ○ ArcSight Network Security ● Firewalls ● Monitoring traffic Threat Hunting ● Vulnerability assessments ● Penetration testing SOC Analyst - Skills
- 9. Bug Bounties ● Get PAID to discover and report security vulnerabilities ● Payment can range anywhere from $0 to thousands ● Some platforms:
- 11. IRL Examples!
- 13. Snapchat IDOR
- 15. How to Get Started: Certs ● HackTheBox Certified Bug Bounty Hunter ( HTB CBBH) ○ $210 exam, $8 monthly student subscription ● OffSec Web Assessor (OSWA) ○ $1599 Course + Exam
- 17. Penetration Tester/Ethical Hacker ● Employed by a company to hack them ● Responsibilities: ○ Simulating cyber attacks for the purpose of identifying vulnerabilities ○ Produces reports with findings and any recommendations ○ May assist during remediation process *Bug bounty = freelance pentesting*
- 18. How to become a pentester ● Get certified! ○ OffSec Certified Professional ○ HTB Certified Penetration Testing Specialist
- 20. Malware Analyst ● Takes apart malware to determine how the attack was deployed ● Determines what the attacker was trying to gain from the malware ● Dissect the exploit and identify the key vulnerability that was exploited which is then fixed by the developers
- 21. Malware Analyst - Skills ● Understanding of: ○ Operating Systems ○ Networking ○ Memory analysis ● Reverse Engineering ○ Assembly, Debugging, Analyzing code ● Malware analysis tools ○ Volatility, IDA, Ghidra
- 22. Forensics 05
- 23. Conduct analysis of log files, evidence, and other information Analyze Confirm what is known about an intrusion and discover new information Identify Report any detected and identified details about the intrusions Report
- 24. Tools used
- 25. Learning Resources ● Multiple Websites: ○ Hackthebox.eu ○ tryhackme.com ○ picoCTF ○ pwn.college ● Textbooks -- ○ Practical Malware Analysis ○ Practical Binary Analysis ○ Hacking: The Art of Exploitation!! ● Infosec course -- CSC347 and CSC427 at UTM
- 26. Certifications Offensive Security Industry standard HackTheBox Academy Affordable
- 27. Prelude: OWASP Top 10
- 28. Hands-on Demo!
- 29. EZ Linux Reference ● pwd - print working directory ● ls - list files in current directory ● cd [path]- change current directory ○ cd .. - go up one level ○ cd / - go to root directory ○ cd - go to home directory ● cat [filename] - print contents of file Connecting to the Demo ● Visit your assigned http://34.130.93.18:port/ site (make sure you’re using http, not https) ● If you find the flag hosted on the server, enter it in the discord server stage chat so we know who won, we’ll contact you with your prize!
- 30. CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon and infographics & images by Freepik Thanks! Do you have any questions? Please keep this slide for attribution @gdscutm @utmmcss