More Than a Scavenger Hunt
Sharing knowledge is one of the main values at Warpnet. Therefore, we organise several courses to help people get up to speed in the field of Information Security. One of our most important courses is the Ethical Hacking course, in which we teach the participants how to responsibly research the security of a system and, most importantly, report their findings.
To give participants a hands-on experience, it is important that they have access to a controlled environment in which they can practise their new skills. Therefore, we have developed our own Hacklab. The participants get access to the Warpnet Labs portal. Within the portal they can enroll into a course, then they can retrieve an access package for that course containing a VPN connection and start their own personal hacking environment containing over 10 or more hacking challenges that have been built based on real-world experience.
One of the most requested features by educational organisations, is a way to prevent students from cheating. By giving each student a isolated lab environment, we already prevent them from piggybacking on some other student’s work. In addition to this, we require individual write-ups and reports from all students. Lastly, we have personalised the machine’s flags to prevent them from simply sharing them with other students. The well-known hacking platform HackTheBox has recently implemented something similar they call flag rotation1 as well.
Since all of our previous hacking challenges already contained flags, one of the design challenges we faced was to come up with an efficient way to replace these with the personalised variant. We came up with the idea to simply mount them over the original flag. This way, they would still be in the same place and we wouldn’t have to adapt all of our old hacking challenges to fit the new format.
We currently do not make use of a centralised server to collect the submitted flags, which can make it complicated for a teacher to check whether the personalised flags are correct or not. To solve this, we make use of a so-called “human-hash”2, combined with some secret constants per machine to create a hash that serves as the proof for that machine. Students can track their own progress by submitting the flags in the portal interface. However, submitting homework and reports are key to our courses. When students want to submit written work to their teacher, they should include their personal human-hash. By doing so, the teacher can compute the same hash and thus verify its validity.
Reporting is Key
Of course, one could still ask a fellow student for their exploit or write-up, and quickly grab their personal flag from the system to obtain some points. Therefore, it is mandatory to submit a write-up or report for each and every machine in order to obtain any points at all. Sharing knowledge goes two ways, and the most important instrument for an ethical hacker to present his or her findings is through the report he or she delivers. For that reason, we attribute more value to the report than to the flag in evaluation of a student. In writing a report, it is essential that the risk is presented in an understandable manner, and that the findings are reproducible. This way, we make sure that our courses are more than just a scavenger hunt for flags.
In the end, hacking is not about reading a book and getting to work. A lot of it is learned through practice and achieving the right mindset. Mastering the art of penetration testing comes with a lot of self-education and perseverance. Our courses try to stimulate this not only by providing students with real-life hacking scenarios, but also by sharing a critical review on their first draft of the report. This enables them to improve on their draft before submitting a final version, which similar to how we work at Warpnet.
I hope this gives some insight in the thought process we went through when building our courses and the hacklabs portal. In a new version there might be more controls to track a student’s progress during the courses, but our priority will remain with teaching and measuring reporting skills, and true-to-life scenarios.
In case you are interested in our courses, or in the hacklabs, feel free to contact us!
How to Automatically Generate Clients for your REST API
While working on some code to retrieve additional information from the bunq Python SDK, we noticed that this SDK was automatically generated. We ended up monkey patching it, as we couldn’t make a pull request to the SDK and the API specification or SDK generator wasn’t publicly available. This aroused our interest about the automatic generation of API clients.Lees meer