PyLadies Ghana Offensive Security Workshop: HackHerWay24
This workshop utilized the "Pico CTF" challenge platform, facilitating hands-on experience through real-time problem solving and interactive learning.
Overview
PyLadies Ghana organized a one-month cybersecurity workshop on Offensive Security, held both in-person and virtually. The workshop ran from May 25th to June 22nd, 2024. Sessions began at 12:30 PM at SB Incubator on the first day, continued from 10 AM to 2 PM virtually via Zoom on subsequent days, and concluded with an in-person session from 9 AM to 5 PM at SB Incubator, Accra, on the final day.
Workshop Details
Facilitators:
• Derick Brown: Cybersecurity Trainer
• Faiza Seidu-Adam: Information Security and Privacy Analyst
Organizers:
• Joyce Lokko: PyLadies Ghana Communications Lead
• Theresa Seyram Agbenyegah: PyLadies Ghana Programs and Events Lead
• Yaa Nuamah: PyLadies Ghana Lead
Participants:
• Media: 2 members
• Trainees: 15 participants
• Professionals: 4 additional professionals
Day-by-Day Breakdown
Day 1: Inaugural/Boarding Session
The workshop kicked off with a welcome address by Theresa Seyram Agbenyegah, followed by an icebreaker session where participants introduced themselves and shared two truths and one lie. An onboarding session and installation party followed, where participants downloaded VirtualBox, Kali Linux, and PicoCTF for practice. Facilitator, Derick Brown and Faiza Seidu-Adam covered the following topics:
• Introduction to cybersecurity concepts: confidentiality, integrity, and availability
• Basics of Kali Linux: dual booting, using VMware, file and directory management
• First scripting lesson in Kali Linux
Example Commands:
• ls - list files
• mkdir - create directory
• cat - display file contents
• touch - add file to a folder
• ifconfig - find IP address
• nmap - network scanning
• echo - add text to files
Day 2: Ethical Hacking
Facilitator Derick Brown provided an overview of ethical hacking and steps to penetration testing. Topics covered included footprinting, email and password vulnerabilities, and reading Google Maps for location data.
Day 3: Network Topology and Scanning
Participants learned about network topology, using nmap for network scanning, and specific commands to scan particular ports.
Example Commands:
• nmap - general network scanning
• nmap -p 21-30 - scan a specific range of ports
Day 4: Metasploit and Password Cracking
The session focused on setting up Metasploitable, hacking into vsFTP, and password cracking techniques.
Day 5: Closing Ceremony
The final day began with re-introductions and a recap of the cybersecurity journey. An icebreaker session, led by Theresa Seyram Agbenyegah, had participants share the craziest and most interesting things they’ve done and sing a song by their favorite artist. Facilitators Derick and Faiza then led a recap of the Capture the Flag (CTF) activities, highlighted assignments, and conducted a practical session. This was followed by lunch and the distribution of swag.
A panel discussion featured six tech professionals from diverse backgrounds:
• Joyce Dzifa Lokko: Software Engineer
• Abigail Afi Gbadago: Software Engineer and Proposal Writer
• Faiza Seidu-Adam: Security Analyst
• Dorothy Ewuah: Software Engineer
• Derick Brown: Cybersecurity Instructor
The discussion, moderated by Theresa Seyram Agbenyegah, covered topics such as reasons for choosing tech careers, interesting and challenging moments, the importance of tech communities, and final words of advice.
Conclusion
The facilitators emphasized hands-on and practical demonstrations, ensuring active participation from all attendees. The workshop concluded with the presentation of awards to the top five participants and closing remarks by Theresa Seyram Agbenyegah.
Key Highlights:
• Interactive and practical sessions
• Engaging and informative discussions
• Recognition and awards for outstanding participants
This workshop was a valuable experience for all participants, providing deep insights into offensive security and practical skills that will benefit their future endeavours in tech.