On the 12th of December, I attended a four day workshop called Hands on Hacking that was being offered by one of Britain’s top information security companies: Hacker House; and I’m telling you, this was arguably the best thing to happen to me in literally years! Matthew—the instructor—and my classmates were extremely fun to be around with, the coursework was intense as f—-, and the experience was just fantastic!

* Fun Fact: This post’s title is a reference to Oxford University’s "A Very Short Introduction to…" series.



Image Source: Hacker House Website

The Organisers

Matthew Hickey is a British hacker with years of experience in the field, several formal ceritifications, and most recently a CREST fellowship. He’s also probably the friendliest instructor I (or anyone for that matter) will have. No seriously, when we were discussing the pedagogy of hacking during a lunch break, this guy has the patience to listen to me ramble on about figures like Peter Gray, Alfie Kohn and that bloke who’s sorta like Karl Marx but 20% cooler. Matthew made the class very hands-on (like the workshop title suggests) and gave more attention to practical skills as, as opposed to mere rote-learning that we’re all familiar with.

Jennifer Arcuri is an American-British business woman with a very diverse background, ranging from a Disney radio personality, to a French translator, to a film director, to the CEO of a state-of-the-art cybersecurity firm. I was only able to talk to her in person briefly (I believe she was giving a talk somewhere else), but can still vouch for her being awesome. She helped me attend the workshop by lowering my entrance fee, and from my interactions with her on Twitter, you can tell she’s a really kind and well-meaning person!

The Course

I can’t discuss specific aspects of the course (cos’ I wouldn’t want to spoil the fun *wink*), so I’ll try to give my description no more detail than what’s shown on their syllabus. The course begins with Matthew preparing myself and other classmates with notebooks, reference guides, manuals, virtual machines, and even Hacker House themed pens! The course is structured in the following format [1]:

  • First Day
    • Legal and Ethical Aspects
    • Open Source Intelligence
    • DNS and Domain Hacking
    • E-mail Attacks and Mail Infrastructure
  • Second Day
    • Web Server Infrastructure Hacking
    • Virtual Private Network Attacks
  • Third Day
    • File Servers & Internal Infrastrucutre Attacks
    • UNIX Server Infrastructure
    • Databases
  • Fourth Day
    • Web Application Assessments
    • Windows Enterprise Environments
    • Password Cracking

Matthew starts out the course by emphasising the importance of the ethical and legal aspects of hacking; how seemingly harmless things like publishing open-source backdoors/implants, or just accessing a PASSWD file from a Google dork can land you in legal problems.

Matthew teaches a methodological approach to penetrating systems, which involve first performing reconnaissance, then passively and actively probing a system, then preparing and lauching an attack, exploring the system and considering pivoting, and finally “cleaning-up”. While there is the traditional pencil-and-paper ‘pop quiz’ at the end of the day, the workshop is a lot more “hands on” and geared towards learning hacking at a more conceptual level. We are taught the theory of a particular aspect of hacking, the tools* used to perform the hack, a demonstration of the hack and finally we are to perform the hack ourselves.

Finally, the class ends with Matthew giving students who successfully demonstrated the ability to do basic computer penetration a certificate of completion. He allowed us to keep the virtual machines and other material so that we can continue practicing our offensive security skill set.

* note that sometimes we are to carry out a ‘hack’ manually (e.g., when exploiting an injection bug in a web application, we should sometimes insert the exploit in the browser’s URL form).

The Experience

Like I said in the introduction, this was the BEST THING TO HAPPEN TO ME IN YEARS!!!1. Seriously, my university should have Matthew as a guest lecturer, discussing topics like hacking, ethics, drones, or just any topic that he’s knowledgeable on. While I feel that he can sometimes give the ‘theoretical’ aspects of at a fast pace, he’s gives great “one-on-one” quick advice when myself and other students are doing the “hands on hacking” aspect of the course.

The students there all came from interesting backgrounds and were very fun to be around with; though I won’t name them or give out contact details for obvious reasons. One classmate has an interest in cryptocurrencies like Bitcoin and Ethereum and honestly—after talking to him—I can conclude that he’s better than Robert C. Merton and Harry Markowitz at this investing game. Another classmate is (and no, I’m not joking) a Russian hacker who challenged* my vague ideas of using machine learning to predict new malware. She told me that I needed to define a “control” group of normal software to compare to “malicious” software, which threw me out of the loop for a while, and she also suggested I attend ‘hackathons’ and discuss my ideas with them.

Some minor things about the workshop is that Hacker House had a really good catering company (my favourite food from them was the DIY taco), and the location they picked for the venue had a very “warm” feeling.

* a tiny bit of background: I have a lot of ambitious ideas, one of them involving using machine learning to “predict” new malware.

The Future

I guess my only criticisms of the course is that Matthew sometimes goes a little too quick when presenting the theoretical aspects of a topic in hacking, that the price of the workshop was expensive (note that Jennifer Arcuri was kind enough to lower the price for me), and that there could be more days in the course. But these are very minor, the content and experience was definately worth the price!

Hacker House plans to launch an online version of Hands on Hacking in 2018 and it looks like their training programme will expand. It would also be nice for Hacker House to do workshops on specific topics (like exploit development or recon). Either way, this programme was awesome af and I felt 20% cooler taking this!

#HandsOnHacking

References

[1] From their syllabus: http://static.hacker.house/doc/HackerHouse_HandsOn_Hacking_Syllabus.pdf