Weasels and the construction of knowledge in Offensive Security
Abstract
Currently, the concern about cybersecurity has increased in organizations given the increase in cyberattacks – both in quantity and complexity. These attacks seek to exploit vulnerabilities in digital assets, that is, computers, networks, mobile devices, among others. Regarding how to mitigate such attacks, there are methods and techniques to investigate these exploits by analyzing the attack vectors through practices that simulate the attacker's behavior. In order to disseminate the knowledge involving exploiting simulations and attack vectors analysis, a methodology was developed with the goal of creating a cybersecurity culture space to help participants grow their knowledge in the area. This paper presents an experience report of the implementation of this methodology to learn concepts and techniques present in the area of Offensive Security through the use of online cybersecurity training platforms.
Keywords:
Cybersecurity, Offensive Security, Knowledge Building
References
[n.d.]. Alarming Cybersecurity Stats: What You Need To Know For 2021. [link]. Accessed:2021-10-18.
[n.d.]. Brasil já é o 5º maior alvo global de ataques de hackers a empresas. [link]. Accessed: 2021-10-18.
[n.d.]. Discord Weasels. https://discord.gg/gzRhets5jR Accessed: 2021-10-25.
[n.d.]. Hackthebox. https://www.hackthebox.eu/ Accessed: 2021-10-25.
[n.d.]. Número de aplicativos falsos cresce 225,1% no Brasil; tecnologia permite até abrir câmera do celular da vítima. [link]. Accessed:2021-10-18.
[n.d.]. Site das Lojas Renner sai do ar após ataque hacker. [link]. Accessed: 2021-10-18.
[n.d.]. STJ é alvo de ataque de hacker e Polícia Federal investiga o sistema. [link]. Accessed: 2021-10-18.
[n.d.]. Tryhackme. https://tryhackme.com/ Accessed: 2021-10-25.
Daniel Dalalana Bertoglio and Avelino Francisco Zorzo. 2017. Overview and open issues on penetration test.Journal of the Brazilian Computer Society 23, 1,1–16.
Matt Bishop. 2003. What is computer security? IEEE Security & Privacy 1, 1, 67–69.
Matt Bishop. 2007. About Penetration Testing. IEEE Security & Privacy 5, 6, 84–87.
Kevin Bock, George Hughey, and Dave Levin. 2018. King of the Hill: A Novel Cybersecurity Competition for Teaching Penetration Testing. In 2018 USENIX Workshop on Advances in Security Education (ASE 18). USENIX Association, Baltimore, MD. https://www.usenix.org/conference/ase18/presentation/bock
D. Geer and J. Harthorne. 2002. Penetration testing: a duet. In Computer Security Applications Conference, 2002. Proceedings. 18th Annual. 185–195.
Christopher Hoadley. 2012. 12 What is a community of practice and how can we support it? Theoretical foundations of learning environments 286.
Linda C Li, Jeremy M Grimshaw, Camilla Nielsen, Maria Judd, Peter C Coyte, and Ian D Graham. 2009. Evolution of Wenger’s concept of community of practice. Implementation science 4, 1, 1–8.
Jelena Mirkovic and Terry Benzel. 2012. Teaching Cybersecurity with DeterLab. IEEE Security Privacy 10, 1, 73–76.
Rose Shumba. 2004. Towards a More Effective Way of Teaching a Cybersecurity Basics Course. In Working Group Reports from ITiCSE on Innovation and Technology in Computer Science Education (Leeds, United Kingdom) (ITiCSE-WGR ’04). Association for Computing Machinery, New York, NY, USA, 108–111.
Matthew Swann, Joseph Rose, Gueltoum Bendiab, Stavros Shiaeles, and Fudong Li. 2021. Open Source and Commercial Capture The Flag Cyber Security Learning Platforms-A Case Study. In 2021 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 198–205.
Lindsey J Thomas, Moises Balders, Zach Countney, Chen Zhong, Jun Yao, and Chunxia Xu. 2019. Cybersecurity Education: From Beginners to Advanced Players in Cybersecurity Competitions. In 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). 149–151.
Luke Topham, Kashif Kifayat, Younis A Younis, Qi Shi, and Bob Askwith. 2016. Cyber security teaching and learning laboratories: A survey. Information & Security 35, 1, 51.
Etienne Wenger. 1998. Communities of Practice: Learning, Meaning, and Identity. Cambridge University Press
Andrew Whitaker and Daniel Newman. 2005. Penetration Testing and Cisco Network Defense. Cisco Press, Indianapolis, USA.
Chuan Yue. 2016. Teaching Computer Science With Cybersecurity Education Built-in. In 2016 USENIX Workshop on Advances in Security Education (ASE 16). USENIX Association, Austin, TX. https://www.usenix.org/conference/ase16/workshop-program/presentation/yue
[n.d.]. Brasil já é o 5º maior alvo global de ataques de hackers a empresas. [link]. Accessed: 2021-10-18.
[n.d.]. Discord Weasels. https://discord.gg/gzRhets5jR Accessed: 2021-10-25.
[n.d.]. Hackthebox. https://www.hackthebox.eu/ Accessed: 2021-10-25.
[n.d.]. Número de aplicativos falsos cresce 225,1% no Brasil; tecnologia permite até abrir câmera do celular da vítima. [link]. Accessed:2021-10-18.
[n.d.]. Site das Lojas Renner sai do ar após ataque hacker. [link]. Accessed: 2021-10-18.
[n.d.]. STJ é alvo de ataque de hacker e Polícia Federal investiga o sistema. [link]. Accessed: 2021-10-18.
[n.d.]. Tryhackme. https://tryhackme.com/ Accessed: 2021-10-25.
Daniel Dalalana Bertoglio and Avelino Francisco Zorzo. 2017. Overview and open issues on penetration test.Journal of the Brazilian Computer Society 23, 1,1–16.
Matt Bishop. 2003. What is computer security? IEEE Security & Privacy 1, 1, 67–69.
Matt Bishop. 2007. About Penetration Testing. IEEE Security & Privacy 5, 6, 84–87.
Kevin Bock, George Hughey, and Dave Levin. 2018. King of the Hill: A Novel Cybersecurity Competition for Teaching Penetration Testing. In 2018 USENIX Workshop on Advances in Security Education (ASE 18). USENIX Association, Baltimore, MD. https://www.usenix.org/conference/ase18/presentation/bock
D. Geer and J. Harthorne. 2002. Penetration testing: a duet. In Computer Security Applications Conference, 2002. Proceedings. 18th Annual. 185–195.
Christopher Hoadley. 2012. 12 What is a community of practice and how can we support it? Theoretical foundations of learning environments 286.
Linda C Li, Jeremy M Grimshaw, Camilla Nielsen, Maria Judd, Peter C Coyte, and Ian D Graham. 2009. Evolution of Wenger’s concept of community of practice. Implementation science 4, 1, 1–8.
Jelena Mirkovic and Terry Benzel. 2012. Teaching Cybersecurity with DeterLab. IEEE Security Privacy 10, 1, 73–76.
Rose Shumba. 2004. Towards a More Effective Way of Teaching a Cybersecurity Basics Course. In Working Group Reports from ITiCSE on Innovation and Technology in Computer Science Education (Leeds, United Kingdom) (ITiCSE-WGR ’04). Association for Computing Machinery, New York, NY, USA, 108–111.
Matthew Swann, Joseph Rose, Gueltoum Bendiab, Stavros Shiaeles, and Fudong Li. 2021. Open Source and Commercial Capture The Flag Cyber Security Learning Platforms-A Case Study. In 2021 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 198–205.
Lindsey J Thomas, Moises Balders, Zach Countney, Chen Zhong, Jun Yao, and Chunxia Xu. 2019. Cybersecurity Education: From Beginners to Advanced Players in Cybersecurity Competitions. In 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). 149–151.
Luke Topham, Kashif Kifayat, Younis A Younis, Qi Shi, and Bob Askwith. 2016. Cyber security teaching and learning laboratories: A survey. Information & Security 35, 1, 51.
Etienne Wenger. 1998. Communities of Practice: Learning, Meaning, and Identity. Cambridge University Press
Andrew Whitaker and Daniel Newman. 2005. Penetration Testing and Cisco Network Defense. Cisco Press, Indianapolis, USA.
Chuan Yue. 2016. Teaching Computer Science With Cybersecurity Education Built-in. In 2016 USENIX Workshop on Advances in Security Education (ASE 16). USENIX Association, Austin, TX. https://www.usenix.org/conference/ase16/workshop-program/presentation/yue
Published
2022-04-24
How to Cite
DALALANA BERTOGLIO, Daniel; NUNES, Henry Cabral; FILIPPI, Pedro Cordeiro; ZORZO, Avelino Francisco.
Weasels and the construction of knowledge in Offensive Security. In: BRAZILIAN SYMPOSIUM ON COMPUTING EDUCATION (EDUCOMP), 2. , 2022, Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 109-117.
ISSN 3086-0733.
DOI: https://doi.org/10.5753/educomp.2022.19204.
