Anatomy of an Attack
In this fourth module of the Introduction to Cybersecurity for High School Students and K12 Educators course, the lessons will describe the steps an attacker would take when attacking a computing infrastructure. The module covers the first 2 steps in the 4-step process including: reconnaissance and exploits. Students will work on the Kali Linux box associated with the course in the Virginia Cyber Range.
- Enumerate the steps that attackers take to attack
- Describe strategies used during reconnaissance: Social engineering, Search Engine Hacking, WHOIS database to gather information, and Network scanning/enumeration
- Explain how common vulnerabilities in software help manifest exploits
- Enumerate common software exploits including buffer overflows, cross site scripts and SQL Injections.
- Enumerate common network based exploits including denial of service, sniffing and spoofing.
Lesson 1 enumerates the steps of an attack and describes the first step: reconnaissance. Lesson 2 covers the step on exploits. The module does not cover the last 2 steps of an attacks as that material is beyond the scope of a foundational class. However, instructors can optionally cover malware as a potential backdoor. Students can use the Linux box associated with the course to practice both these steps. There are also several other resources available on the internet that instructors can incorporate into their class. These include:
- Google Gruyere (https://google-gruyere.appspot.com/)
- Hack This Site (http://www.hackthissite.org/)
- Easy CTF (https://www.easyctf.com/)
NOTE: Instructors should note it is highly recommended that most all of the exercises in the course (and in this module) can be completed using the virtual environment on the Virginia Cyber Range: K12 CYBER SECURITY CONCEPTS USING KALI LINUX, so if they plan to use multiple exercises from different modules, adding that environment to their course is sufficient for students to use for all of the labs.
- K0069: Knowledge of query languages such as SQL (structured query language).
- K0070: Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- K0119: Knowledge of hacking methodologies in Windows or Unix/Linux environment.
- K0206: Knowledge of ethical hacking principles and techniques.
- S0052: Skill in the use of social engineering techniques.
- Vulnerability Analysis (VLA)