Uncategorized

HackItForward

noobhaxor / September 13, 2017

So, here’s this thing I’ve been working on. . .

. . . for a while now, actually. And I say I’ve been working on it, but really, I’ve had a lot of help from some awesome people(Josh, Larry, Ron, Jason). What is it, exactly? Well, it’s this thing you see. Well, you will see. Shortly.

For those of you that know me, you know that the only thing I like less than talking is talking about myself. But I need to tell you this story because the ending is freaking awesome.

I’ve been in IT/Cyber/Whatevs for a long while now – started as a sysadmin, now a pentester. I’ve been lucky enough to go to some cons here and there and learn some cool stuff from some awesome people, both at cons and on the job. The one thing I’ve been adamant about from the outset is that I need to repay this, or pay it forward somehow. People take time out of their days/weekends to teach me and others, and to help us learn. I need to repay that – not to those people per se, but the community at large if I can. It took me a little while to figure out how, due to a few different reasons ranging from my inability to code my way out of a paper bag (How do you spell C plus plus?), to my attention span (Squirrel!), to sometimes having a little attack of the ole Impostor Syndrome (Thanks @webbreacher). The idea that I came up with isn’t anything groundbreaking. I’m not droppin’ sweet 0-days. I’m not even giving talks at cons (though there’s a talk in here – I just need to find it, and the courage). It’s actually a really simple idea. Teach our future warriors of the Cybers.

Yep. That’s it. Like I said. Simple(ish). Getting started was a little more difficult than I would have thought, but I’ve had a lot of support. So much support in fact, that the owners of the company I work for set up a 501(c)(3) called EnRichMinds, and going forward we had support from inside an actual educational institution at the high school level (Which, if you want to teach, is kinda important).

So, what have we done with that support? We volunteered to help with an awesome program that helps students begin their education in cyber security. Students in high school (some of whom go to the same high school that I graduated from) with a wide range of backgrounds in the cybers, who are interested in getting into the cybers were going to actually listen to what we had to say about the cybers (Cyber!). And we got to do some cool hands-on-keyboard labs. We walked them through an intro to Linux (Kali, obvi), basic networking, some intro to webapps (DVWA), and we even hacked a wireless network or two.  This was a (mostly) weekly thing where my colleagues and I volunteered to help get the people who will be protecting our data after we retire, excited about infosec and the cybers.

It culminated in a CTF at the end of the school year (Thanks FacebookCTF – Totally awesome framework!) where we had a few groups of students face off against each other. And we were able to keep these high school students engaged for nearly an entire school day. Yes, we fed them donuts and pizza, but still. Teenagers, excited and engaged for an entire school day. Win!

If that weren’t enough, the students invited us back shortly after the CTF to present us with a picture that they all signed — pretty cool. But I still haven’t gotten to the best part. The students have a class project that they work on throughout the year where their goal is to raise a certain amount of money for a scholarship fund. They met their goal, and surpassed it. What, you may ask did they do with the excess funds. Did they have a pizza party? No. Did they split the excess amongst themselves? No. Did they give us gift cards? Nope!

Here’s the awesome part of the story that I promised. Remember how I said that my bosses set up a 501(c)(3)? I’ll be damned if those students didn’t donate their excess funds to that charity. It’s like paying it forward paid it forward.

<Insert ‘Yo dawg’ or ‘Inception’ meme here>

Where do we go from here? Good question. We’re still working on that. We’re starting to teach a new group of students now. Of course, we still need to teach the staples, but we’ll need to expand, get better, become more knowledgeable (because if there’s one thing students will surely do, it’s ask questions you don’t know the answer to). In short, we need to do better.

if you’re in the MD/DC area and want to help, email me at noob \at\ noobhaxor.com or you can reach me on the twitters @billy_macco