Sprint 1


https://imgur.com/bL27FG7

Hi, my name is Harry Louskos and I’m currently taking 41151 Summer Studio - Cybersecurity: An Offensive Mindset. I’m enrolled in the BSCiT course as a final year majoring in Internetworking and Applications submajoring in Network Security. Whilst my interests are not entirely within computers, I do find myself leaning towards the networking field as provides a means of developing a physical and software-based system that, when they break are quite enjoyable to fix. In terms of security, wireless and web app hacking seem to draw my attention the most as whilst it creates an outlet to challenge my problem solving and creativity, they are also the some the most enjoyable to break.

My motivation for the studio revolves around the fact that I simply do not know nearly where in security I want be. I also feel that my knowledge is nowhere near as complex as anyone else’s especially the members in the CSEC Society that show immense aptitude in the field. By completing the studio, I’m hoping that my path towards the workforce becomes clearer and that my knowledge expands well above my current stage.

What do I want out of this studio?

  • Clearer job path
  • Portfolio for future employment
  • In depth technical knowledge
  • Improved research skills
  • Insight from the CSEC members
  • Enhanced time management

SLO 1 - Engage with stakeholders to identify the problem

The studio was lucky enough to get a presentation by a security specialist from GitLab. Essentially the key takeout was that social engineering seems to be the key factor is security weakness. This is due, based on my observation through the exploitation of human emotion. An example of this was the ILOVEYOU email. As a victim reads the message, a spike in the dopamine hormone would result in the person feeling good and would make them pursue the matter further. Thus, they will click the obfuscated file and launch the worm into their machine .

SLO 2 - Apply design thinking to respond to a defined or newly developed problem

Our group chose to research the OWASP Top 10. These are essentially, the most sought after attacks in enterprise. Number 1 on the list was injection, this would mainly entail SQL injection. Thus in terms of design thinking, a solid validation software would need to be installed to ensure the data that is being fed to the data field is not fuzz and will not cause spit out data that an unauthorised user should not see

SLO 3 - Apply technical skills to develop, model, and/or evaluate design

The group was able to demonstrate the importance of OWASP Top 10 through a powerpoint presentation. This is a list of the most utilised and thus malicious attacks in the past year or so. They are used as a guideline for vulnerability identification and can assist in enterprise to evaluate their own security risk.

This skill was demonstrated in the studio through a CTF run by OWASP themselves called Juice Box. This CTF is deliberately vulnerable web application that allows players to leverage different exploits varying in complexity.

SLO 4 - Demonstrate effective collaboration and communication skills

Since I had to continually communicate with tutors and other group members, I found myself reaching out with others for assistance. This was escpecially needed for the static website, which currently has not been set up due to some unsolved errors. Fortunately, I had Darshil, Max and Andre to help me out hosting setting up the page, which I found very difficult as it was very new to me, since most my expertise is elsewhere.

SLO 5 - Conduct critical self and peer review and performance evaluation

The feedback from Larry indicated that I was on track with the SLO’s and on course to complete the studio. He did however mention that I did display excessive hand and feet movement when I spoke during the presentation, which is definitely something to improve on. Another aspect would be to not leave a submission until the last 30 minutes.

As a group in general, we have to work on getting to the point. This lack of comprehension resulted in the presentation going too far overtime, however we were lucky enough to be let off with a warning and was told that we would be stopped at 6 minutes sharp should we do another presentation.