Hacking Hacking (web application hacking/cracking workshop #1)

[Renski]

I'm afraid my plans for the hacking hacking workshops were delayed due
me changing jobs. However, now that's all settled, I think its time to
choose a date.

Saturday 16th looks good, so unless there are any objections on that
day from 1300 I'll be running a workshop on the basics of web
application hacking. Could someone with access add it to the calendar?

Who is the workshop for?
* Focused on complete beginners initially
* If you're already a web app hacking ninja and don't like teaching
others you'll be bored
* No prerequisite knowledge required

Ethical/Legal Issues
* All hacking will be performed on specially built test machines owned by me
* No one will be encouraged to attack real sites, this is for
education and fun, not so you can get yourself arrested under the CMA
and blame me.

What you'll get out of it
* Knowing how various web based attacks work will help protect you
whilst surfing on the Internet
* Allow you to test your own sites for common security weaknesses
* Hopefully it'll be fun

Equipment Requirements, you will need...
* A laptop which can access the space's wireless
* Firefox
* I do have a spare laptop and a spare notebook which you may borrow
if you don't have a portable computer, though let me know in advance
of the day
* The sun/oracle java runtime environment (that's sun-java6-jre for apt users)

Please reply and let me know your skill level if you think you'll
attend so I can get an idea of numbers and ability.

Best,

Renski

[Chris Mear]

On 8 April 2011 10:22, Renski <goo...@dmcdonald.net> wrote:
> I'm afraid my plans for the hacking hacking workshops were delayed due
> me changing jobs. However, now that's all settled, I think its time to
> choose a date.
>
> Saturday 16th looks good, so unless there are any objections on that
> day from 1300 I'll be running a workshop on the basics of web
> application hacking. Could someone with access add it to the calendar?

I've added that to the calendar.

Could you put the details on the 'events' bit of the wiki homepage?

http://wiki.hackspace.org.uk/wiki/London_Hackspace

<snip workshop details>

> Please reply and let me know your skill level if you think you'll
> attend so I can get an idea of numbers and ability.

I'd like to come. I write web apps and have some general knowledge
about common attack vectors, but have never actually attempted to
crack into a site using any specific techniques (except by accident).

As a side note, there was some talk previously about doing some
testing using the One Click Orgs app as a target. We've released 1.0
now, and definitely still up for this (probably for a future
workshop?).

Thanks for organising this!

Cheers,
Chris

[Renski]

I've just seen there is also Classroom HackSpaceChallenge/Hackweekend
on the 16th on the events section, but its not in the calendar. Will
we be tight on space given this is running at the same time?

[David]

Hi,

I'm interested in coming along to this. I work as a software engineer
with some sysadmin work. I have web applicaiton development expereince
and have used frameworks like metasploit before in CTF wargames, but
that was a while ago now and it would be cool to have a refresh.

David

[Jaimal Chohan]

Hi,

I'd be up for this. I'm an experienced c# web app developer. Know the basics of "this is hack and that's a hack" but last time I even thought about any of that was a few years back, this would be a good refresher.

[Alex Muller]

On Apr 8, 11:22 am, Renski <goo...@dmcdonald.net> wrote:
> Please reply and let me know your skill level if you think you'll
> attend so I can get an idea of numbers and ability.

Yes! I'd absolutely be up for this. I mostly deal in HTML & CSS, but
I've mucked about a bit with Rails and Django.

The extent of my knowledge is the Wikipedia article on SQL injection,
so starting at the very beginning would be much appreciated.

Cheers,

Alex

[Will Pearson]

On Apr 8, 12:57 pm, Renski <goo...@dmcdonald.net> wrote:
> I've just seen there is also Classroom HackSpaceChallenge/Hackweekend
> on the 16th on the events section, but its not in the calendar. Will
> we be tight on space given this is running at the same time?
>

Could have sworn I put this in the calender.

Re: space. No one has currently put down that they are going the
hackerspace challenge thing. So I am guessing it will be a quiet
affair.

Will

[Renski]

Let me know if the situation changes, then I'll reschedule, as you
were there first.

[Mark Steele]

I'm thinking I'll drop in - just moved in near the Hack Space and have
been meaning to come check it out for the first time.

I'm an infrastructure engineer, so advanced IT knowledge, but haven't
done any dev or real hacking out side of a bit of password brute
forcing.

[Don B]

  I'll drop by for that on Saturday. Used to do Oracle database support/dev, website dev/support though these skills are somewhat rusty. Currently working a a web project of my own, so I'd like to brush up on these skills to help secure the site :-)

--
Don.

[Ben Grinsted]

I'm planning to drop in for this. Have basic web application knowledge from a few years ago and used to do web development. Other than that, 5 years working in infrastructure and networking/security roles.

[Darren Hubbard]

Hi mate,

Will you be running any more of these? Unfortunately something's come up for Saturday and I won't be able to make it now - shame, was looking forward to it :-(

Cheers,

Darren

On 8 April 2011 10:22, Renski <goo...@dmcdonald.net> wrote:

--
**********

darren....@gmail.com

[Renski]

If it goes well, yes, I plan on making it a regular thing. At the end
of the evening I'll also be posting some notes about what we did,
release a CTF competition (as long some bright spark doesnt figure it
out during the workshop), and i'll be dropping the firewall that
protects the test server and link it on here.

Darren

[Prestwick]

I'm a brand spanking new member so will definitely pop in!

Similar to Mark I'm a Datacentre Engineer but haven't done any dev or
hacking work outside of this.

On Apr 8, 10:22 am, Renski <goo...@dmcdonald.net> wrote: