After attending Worcestershire Skills Show we decided to reflect on what the 3 demonstrations that we were showing and also the tips, advice and other information that we were telling to visitors.
At the event we showed off 3 demonstrations:
- ‘Live’ Hacking Map - We thought that it would be a great idea to have some very visual examples of hacking, both to entice people to our stand and also to show people the number of attacks happening at the moment. We switched between various different maps throughout the day but Kaspersky’s Real-time Cyberthreat Map was the most visual that we found. We also found out near the end of the event that the map wasn’t really live (because the internet died), but it was still a great demonstration.
- Password Cracking - We also decided on showing off
hydrawhich is a hacking tool which can be used on a login page to break into an account. We created a login page before the event which would be hosted on a local network at the event so that we wouldn’t get into any trouble. This login page was designed to have a weak password that would be easy to crack, but not so easy for humans to guess.
hydragoes to the login page and keeps testing passwords until it finds one that works. So in the demonstration we showed that it was important to have a secure and long password to ensure that it can’t be quickly ‘guessed’ with a program like
- Bad USB/Backdoor - Our final demonstration was showing off 2 attacks. We had a specially programmed USB stick that can act as a keyboard, typing out commands on any computer. We then gave this USB to one of the visitors to plug into a laptop. Most of them were very surprised when the saw the computer start to type out commands. The commands that were run from this USB then gave another computer ‘backdoor’ access into the computer that the USB was plugged into, letting us spy on the webcam and look at what people were typing on the keyboard. This was our best demonstration of them all and it definitely surprised lots of people that a USB could do this much harm.
We spent this session reviewing and we came up with a list of suggestions and things that we learnt for future events (e.g briefing whole team on demonstrations more before event).