PyLadies Ghana Offensive Security Workshop: HackHerWay24

PyLadies Ghana Offensive Security Workshop: HackHerWay24

This workshop utilized the "Pico CTF" challenge platform, facilitating hands-on experience through real-time problem solving and interactive learning.

Overview

PyLadies Ghana organized a one-month cybersecurity workshop on Offensive Security, held both in-person and virtually. The workshop ran from May 25th to June 22nd, 2024. Sessions began at 12:30 PM at SB Incubator on the first day, continued from 10 AM to 2 PM virtually via Zoom on subsequent days, and concluded with an in-person session from 9 AM to 5 PM at SB Incubator, Accra, on the final day.

Workshop Details

Facilitators:

Derick Brown: Cybersecurity Trainer

Derick tutoring

Faiza Seidu-Adam: Information Security and Privacy Analyst

Faiza tutoring

Organizers:

Joyce Lokko: PyLadies Ghana Communications Lead

Theresa Seyram Agbenyegah: PyLadies Ghana Programs and Events Lead

Yaa Nuamah: PyLadies Ghana Lead

Participants:

Media: 2 members

Trainees: 15 participants

Professionals: 4 additional professionals

Day-by-Day Breakdown

Day 1: Inaugural/Boarding Session

The workshop kicked off with a welcome address by Theresa Seyram Agbenyegah, followed by an icebreaker session where participants introduced themselves and shared two truths and one lie. An onboarding session and installation party followed, where participants downloaded VirtualBox, Kali Linux, and PicoCTF for practice. Facilitator, Derick Brown and Faiza Seidu-Adam covered the following topics:

• Introduction to cybersecurity concepts: confidentiality, integrity, and availability

• Basics of Kali Linux: dual booting, using VMware, file and directory management

• First scripting lesson in Kali Linux

Example Commands:

• ls - list files

• mkdir - create directory

• cat - display file contents

• touch - add file to a folder

• ifconfig - find IP address

• nmap - network scanning

• echo - add text to files

Day 2: Ethical Hacking

Facilitator Derick Brown provided an overview of ethical hacking and steps to penetration testing. Topics covered included footprinting, email and password vulnerabilities, and reading Google Maps for location data.

Day 3: Network Topology and Scanning

Participants learned about network topology, using nmap for network scanning, and specific commands to scan particular ports.

Example Commands:

• nmap - general network scanning

• nmap -p 21-30 - scan a specific range of ports

Day 4: Metasploit and Password Cracking

The session focused on setting up Metasploitable, hacking into vsFTP, and password cracking techniques.

Day 5: Closing Ceremony

The final day began with re-introductions and a recap of the cybersecurity journey. An icebreaker session, led by Theresa Seyram Agbenyegah, had participants share the craziest and most interesting things they’ve done and sing a song by their favorite artist. Facilitators Derick and Faiza then led a recap of the Capture the Flag (CTF) activities, highlighted assignments, and conducted a practical session. This was followed by lunch and the distribution of swag.

A panel discussion featured six tech professionals from diverse backgrounds:

Joyce Dzifa Lokko: Software Engineer

Abigail Afi Gbadago: Software Engineer and Proposal Writer

Faiza Seidu-Adam: Security Analyst

Dorothy Ewuah: Software Engineer

Derick Brown: Cybersecurity Instructor

The discussion, moderated by Theresa Seyram Agbenyegah, covered topics such as reasons for choosing tech careers, interesting and challenging moments, the importance of tech communities, and final words of advice.

Conclusion

The facilitators emphasized hands-on and practical demonstrations, ensuring active participation from all attendees. The workshop concluded with the presentation of awards to the top five participants and closing remarks by Theresa Seyram Agbenyegah.

Key Highlights:

• Interactive and practical sessions

• Engaging and informative discussions

• Recognition and awards for outstanding participants

This workshop was a valuable experience for all participants, providing deep insights into offensive security and practical skills that will benefit their future endeavours in tech.