ZenHackAdemy: Ethical Hacking @ DIBRIS

Demetrio, Luca; Lagorio, Giovanni; Ribaudo, Marina; Russo, Enrico; Valenza, Andrea

doi:10.5220/0007747104050413

Cited by 8 publications

(5 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The latter topic integrates hacking principles, conditions, and differences in hacking types (ACM et al, 2017). Moreover, practical training positively impacts highly motivated students, increase their interest in the field, and encourages them to consider cybersecurity master's studies (Demetrio et al, 2019).…”

Section: Problem Identificationmentioning

confidence: 99%

Teaching pentesting to social sciences students using experiential learning techniques to improve attitudes towards possible cybersecurity careers

Melnikovas

Lugo

Maennel

et al. 2023

eccws

View full text Add to dashboard Cite

Labor market analysis shows that there is a significant shortage of experienced cybersecurity professionals, and this trend is expected to continue in the future. In addition, young people who are reluctant to choose STEM subjects in school typically do not see cybersecurity as a part of their future because they believe it demands exclusive technical knowledge that is beyond their reach. We aimed to change this perception among students of the social sciences, assuming that by providing social science students with the basics of cybersecurity, it would be possible to raise their awareness and encourage them to consider this field as a potential career option. Our team has designed a concise technical course based on Kolb's model that employs experiential learning to provide students with a basic knowledge of ethical intrusion (penetration testing). During the 32-hour subject, cadet officers with no prior IT education experienced all the steps of hacking both into a remotely accessible and physically accessible computer, including initial reconnaissance, vulnerability scanning, exploitation, and privilege escalation. A hands-on practical task of breaking into a highly vulnerable remote computer allowed for the evaluation of knowledge and skills as well as the reinforcement of learning experiences. In order to assess how the students' perceptions of the cybersecurity profession have changed based on the theory of planned behavior, they were asked to provide feedback immediately after the course and one year later. The results indicate that the short, technically challenging, but practical course based on experiential learning had a significant and positive effect on participants' attitudes: they were substantially more likely to consider cybersecurity as a future career, and some of them began participating in other cybersecurity courses or activities. It is reasonable to assume, therefore, that providing similar technical courses to social science students will encourage them to pursue cybersecurity-related careers in the future.

show abstract

Section: Problem Identificationmentioning

confidence: 99%

Teaching pentesting to social sciences students using experiential learning techniques to improve attitudes towards possible cybersecurity careers

Melnikovas

Lugo

Maennel

et al. 2023

eccws

View full text Add to dashboard Cite

show abstract

“…Various experiences using gamification or CTF-like competitions have been published for cybersecurity education as well. In most cases these experiences involve university students attending cybersecurity classes, e.g., see [2,4,5]. In these papers CTF-like exercises are used to train and/or evaluate students.…”

Section: Related Workmentioning

confidence: 99%

“…The application is implemented to support scalability through client-side execution. To achieve this, all components are hosted on static GitHub Pages 5 and thus requiring no computation on the server-side. The only exception is the printing queue appearing in the copier room.…”

Section: Online Escape Roommentioning

confidence: 99%

A Nerd Dogma

Costa

Lualdi

Ribaudo

et al. 2020

Proceedings of the 21st Annual Conference on Information Technology Education

Self Cite

View full text Add to dashboard Cite

Capture the flag (CTF) events challenge the skills of security experts. Although CTF are competitive events rewarding the winners with prizes and glory, their ultimate goal is to strengthen the competences of the participants. For this reason, they should attract new participants even among beginners. Nevertheless, CTF are often regarded as if they were exclusively for the security specialists. In this paper we introduce A NERD DOGMA as a CTF appetizer. Briefly, A NERD DOGMA is an entry-level CTF combined with an escape room game. The game was implemented as both an on-site facility and an online web application. Here, we describe the two implementations as well as two experiments, one of which carried out during the COVID-19 lockdown. We also discuss the preliminary results and the activities planned after these experiments. CCS CONCEPTS • Applied computing → Interactive learning environments; • Security and privacy → Human and societal aspects of security and privacy.

show abstract

“…Cyber defense (as well as offense) relies on security experts that must be properly trained through handson activities [1] and equipped with adequate security tools. This simple fact is boosting the interest of the international community toward creating cyber ranges.…”

Section: Introductionmentioning

confidence: 99%

“…Similarly, the Open Cyber Challenge Platform (OCCP) [4] includes a limited number of scenarios. 1 Instead, the annual NATO Locked Shields initiative [5] relies on a virtual scenario renewed yearly and only used for two days. As mentioned above, reusing the same scenario drastically reduces the effectiveness of the training activity and, thus, the usefulness of the cyber range.…”

Section: Introductionmentioning

confidence: 99%

Automating the Generation of Cyber Range Virtual Scenarios with VSDL

Costa¹,

Russo²,

Armando³

2022

JOWUA

View full text Add to dashboard Cite

A cyber range (CR) is an environment used for training security experts and testing attack and defense tools and procedures. Usually, a cyber range simulates one or more critical infrastructures that attacking (red) and defending (blue) teams must compromise and protect, respectively. The infrastructure can be physically assembled, but much more convenient is to rely on the Infrastructure as a Service (IaaS) paradigm. Although some modern technologies support the IaaS, the design and deployment of scenarios of interest are mostly manual. As a consequence, it is a common practice to have a cyber range hosting few (sometimes only one), consolidated scenarios. However, reusing the same scenario may significantly reduce the effectiveness of the training and testing sessions. In this paper, we propose a framework for automating the definition and deployment of arbitrarily complex cyber range scenarios. The framework relies on the virtual scenario description language (VSDL), i.e., a domain-specific language for defining high-level features of the desired infrastructure while hiding low-level details. The semantics of VSDL is given in terms of constraints that must be satisfied by the virtual infrastructure. These constraints are then submitted to an SMT solver to check the satisfiability of the specification. If satisfiable, the specification gives rise to a model that is automatically converted to a set of deployment scripts to be submitted to the IaaS provider.

show abstract

ZenHackAdemy: Ethical Hacking @ DIBRIS

Cited by 8 publications

References 4 publications

Teaching pentesting to social sciences students using experiential learning techniques to improve attitudes towards possible cybersecurity careers

Teaching pentesting to social sciences students using experiential learning techniques to improve attitudes towards possible cybersecurity careers

A Nerd Dogma

Automating the Generation of Cyber Range Virtual Scenarios with VSDL

Contact Info

Product

Resources

About