Hacking Hacking (web application hacking/cracking workshop #1)

21 views
Skip to first unread message

Renski

unread,
Apr 8, 2011, 5:22:09 AM4/8/11
to london-h...@googlegroups.com
I'm afraid my plans for the hacking hacking workshops were delayed due
me changing jobs. However, now that's all settled, I think its time to
choose a date.

Saturday 16th looks good, so unless there are any objections on that
day from 1300 I'll be running a workshop on the basics of web
application hacking. Could someone with access add it to the calendar?

Who is the workshop for?
* Focused on complete beginners initially
* If you're already a web app hacking ninja and don't like teaching
others you'll be bored
* No prerequisite knowledge required

Ethical/Legal Issues
* All hacking will be performed on specially built test machines owned by me
* No one will be encouraged to attack real sites, this is for
education and fun, not so you can get yourself arrested under the CMA
and blame me.

What you'll get out of it
* Knowing how various web based attacks work will help protect you
whilst surfing on the Internet
* Allow you to test your own sites for common security weaknesses
* Hopefully it'll be fun

Equipment Requirements, you will need...
* A laptop which can access the space's wireless
* Firefox
* I do have a spare laptop and a spare notebook which you may borrow
if you don't have a portable computer, though let me know in advance
of the day
* The sun/oracle java runtime environment (that's sun-java6-jre for apt users)

Please reply and let me know your skill level if you think you'll
attend so I can get an idea of numbers and ability.

Best,

Renski

Chris Mear

unread,
Apr 8, 2011, 7:29:16 AM4/8/11
to london-h...@googlegroups.com, Renski
On 8 April 2011 10:22, Renski <goo...@dmcdonald.net> wrote:
> I'm afraid my plans for the hacking hacking workshops were delayed due
> me changing jobs. However, now that's all settled, I think its time to
> choose a date.
>
> Saturday 16th looks good, so unless there are any objections on that
> day from 1300 I'll be running a workshop on the basics of web
> application hacking. Could someone with access add it to the calendar?

I've added that to the calendar.

Could you put the details on the 'events' bit of the wiki homepage?

http://wiki.hackspace.org.uk/wiki/London_Hackspace

<snip workshop details>

> Please reply and let me know your skill level if you think you'll
> attend so I can get an idea of numbers and ability.

I'd like to come. I write web apps and have some general knowledge
about common attack vectors, but have never actually attempted to
crack into a site using any specific techniques (except by accident).

As a side note, there was some talk previously about doing some
testing using the One Click Orgs app as a target. We've released 1.0
now, and definitely still up for this (probably for a future
workshop?).

Thanks for organising this!

Cheers,
Chris

Renski

unread,
Apr 8, 2011, 7:57:58 AM4/8/11
to london-h...@googlegroups.com
I've just seen there is also Classroom HackSpaceChallenge/Hackweekend
on the 16th on the events section, but its not in the calendar. Will
we be tight on space given this is running at the same time?

David

unread,
Apr 8, 2011, 8:32:22 AM4/8/11
to London Hackspace
Hi,

I'm interested in coming along to this. I work as a software engineer
with some sysadmin work. I have web applicaiton development expereince
and have used frameworks like metasploit before in CTF wargames, but
that was a while ago now and it would be cool to have a refresh.

David

Jaimal Chohan

unread,
Apr 8, 2011, 8:39:59 AM4/8/11
to london-h...@googlegroups.com
Hi,

I'd be up for this. I'm an experienced c# web app developer. Know the basics of "this is hack and that's a hack" but last time I even thought about any of that was a few years back, this would be a good refresher.

Alex Muller

unread,
Apr 9, 2011, 3:00:10 AM4/9/11
to London Hackspace
On Apr 8, 11:22 am, Renski <goo...@dmcdonald.net> wrote:
> Please reply and let me know your skill level if you think you'll
> attend so I can get an idea of numbers and ability.

Yes! I'd absolutely be up for this. I mostly deal in HTML & CSS, but
I've mucked about a bit with Rails and Django.

The extent of my knowledge is the Wikipedia article on SQL injection,
so starting at the very beginning would be much appreciated.

Cheers,

Alex

Will Pearson

unread,
Apr 9, 2011, 4:04:09 AM4/9/11
to London Hackspace


On Apr 8, 12:57 pm, Renski <goo...@dmcdonald.net> wrote:
> I've just seen there is also Classroom HackSpaceChallenge/Hackweekend
> on the 16th on the events section, but its not in the calendar. Will
> we be tight on space given this is running at the same time?
>
Could have sworn I put this in the calender.

Re: space. No one has currently put down that they are going the
hackerspace challenge thing. So I am guessing it will be a quiet
affair.

Will

Renski

unread,
Apr 9, 2011, 4:32:37 AM4/9/11
to london-h...@googlegroups.com, Will Pearson
Let me know if the situation changes, then I'll reschedule, as you
were there first.

Mark Steele

unread,
Apr 13, 2011, 11:22:04 AM4/13/11
to London Hackspace
I'm thinking I'll drop in - just moved in near the Hack Space and have
been meaning to come check it out for the first time.

I'm an infrastructure engineer, so advanced IT knowledge, but haven't
done any dev or real hacking out side of a bit of password brute
forcing.

Don B

unread,
Apr 14, 2011, 6:25:41 AM4/14/11
to london-h...@googlegroups.com
  I'll drop by for that on Saturday. Used to do Oracle database support/dev, website dev/support though these skills are somewhat rusty. Currently working a a web project of my own, so I'd like to brush up on these skills to help secure the site :-)
--
Don.

Ben Grinsted

unread,
Apr 15, 2011, 9:30:08 AM4/15/11
to london-h...@googlegroups.com
I'm planning to drop in for this. Have basic web application knowledge from a few years ago and used to do web development. Other than that, 5 years working in infrastructure and networking/security roles.

Darren Hubbard

unread,
Apr 15, 2011, 7:17:17 PM4/15/11
to london-h...@googlegroups.com
Hi mate,

Will you be running any more of these? Unfortunately something's come up for Saturday and I won't be able to make it now - shame, was looking forward to it :-(

Cheers,

Darren



On 8 April 2011 10:22, Renski <goo...@dmcdonald.net> wrote:



--
**********

darren....@gmail.com

Renski

unread,
Apr 16, 2011, 3:21:57 AM4/16/11
to london-h...@googlegroups.com
If it goes well, yes, I plan on making it a regular thing. At the end
of the evening I'll also be posting some notes about what we did,
release a CTF competition (as long some bright spark doesnt figure it
out during the workshop), and i'll be dropping the firewall that
protects the test server and link it on here.

Darren

Prestwick

unread,
Apr 15, 2011, 9:04:32 PM4/15/11
to London Hackspace
I'm a brand spanking new member so will definitely pop in!

Similar to Mark I'm a Datacentre Engineer but haven't done any dev or
hacking work outside of this.


On Apr 8, 10:22 am, Renski <goo...@dmcdonald.net> wrote:
Reply all
Reply to author
Forward
0 new messages