Your SlideShare is downloading. ×
0
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Presentation

700

Published on

Published in: Technology, News & Politics
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
700
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
1
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Hacking Tay’les of the 1 st Degree Doctor_Hacker @ twitter BSides London, 25th April 2012(My opinions...not my employers).
  • 2. Who he? Colin McLean (Dad) ◦ Lecturer at Abertay University, Dundee for 213/4 years 7907 days – 28,465,200 secs  Mech Eng, Mechatronics, Computing  Developed the B Sc in Ethical Hacking at Abertay University, Dundee in 2006.  The first undergraduate degree in the world with the word “Hacking” in the title.
  • 3. The story… ◦ The idea ◦ The early days ◦ B Sc EH 2.0 ◦ End Games. ◦ Quickly!
  • 4. The idea.. How did this come about?
  • 5. 2005 – KTP Project Two year government funded project with NCR R&D, Dundee. Risk analysis of an NCR ATM. ◦ “Identify all possible risks to an NCR ATM, their possible dangers and their mitigations”. ◦ Involved security staff at NCR and me identifying all the possible ways of hacking into an ATM.
  • 6. Colin had a thought…  We weren’t thinking like defenders.  We were thinking like attackers.  We MUST think like the opposition in order to know how to stop them.The more devious we are the better we candefend.
  • 7. Security in Education Other degrees in “Computer Security” were looking mainly at the mitigations. They did not appear to examine the hacks. Graduates who think like hackers? Hence the world’s first undergraduate degree in “Ethical Hacking”.
  • 8. Programme design Input to the content of the degree from NCR. Input and support from various other companies. Programme validation panel included Head of School @ Northumbria University.
  • 9. In truth…  The course was not as first imagined.  “Internal” validation was difficult. ◦ Had to fight off “not enough ethics” and “more law modules”.  It took some years before the course matured.
  • 10. Hacking interests themedia we publicly released the degree….In June 2006, BBC Reporting Scotland & STV News Polish TV, Brazilian TV. Live on Canadian Radio. Interviewed live on French TV Newspapers had a field day… “Doctor Hacker!” The Sun Newspaper. “Lord Voldemort” (PC1 News) “Les Pirates Ecosse” There was also resistance.
  • 11. Academics comments “A title like that would be a catastrophe for the University.” “Crass programme names that bring our discipline into disrepute.” “I doubt it would look good to prospective employers.” http://www.ics.heacademy.ac.uk/resources/faqs/answers.php?id=56
  • 12. The “establishment” had ago If penetration testing is what is being taught, then that is how it should be labeled Rather than seeking to use marketing spin to gain credibility within an industry that is seeking to improve its professional image. “Ethical hacking should not be considered to be an accepted professional industry term. http://www.bcs.org/content/ConMediaFile/7266
  • 13. A stolen slide.. Security, Social + Physical Engineering, Educating Staff etc.link
  • 14. And by the way… The BCS validated the Ethical hacking degree at Abertay University in 2010. This is the earliest that it could have been validated.
  • 15. The early days….
  • 16. Entry procedures Tried to mirror medical degrees. ◦ Interview. ◦ Ethical scenarios. ◦ Disclosure check. ◦ Sign on the dotted line. Also, legal issues are paramount in early stages.
  • 17. Who is suitable for EH?
  • 18. Cohort #0 They could certainly think outside the box. ◦ Not the usual cohort.
  • 19.  2 students over 50. 1 student aged 16. 2 female students. 2 English students. Only 4 completed thehonours degree. 3 completed degrees inother subjects.
  • 20. Within 18 months, 6babies. Did I mention that thisisn’t a penetration testingdegree?
  • 21. Taking a side step… A troll had lived in the (alleged)“Full Disclosure mailing list” (2002’ish). He was one of the earliest known (alleged) trolls.
  • 22. The people gasped.. The troll was leaving….
  • 23. Hurrah! The people waved him goodbye with hearty cheer.
  • 24. Timeline….. (alleged) Troll went missing 1st September 2006 ◦ Abertay’s Ethical Hacking degree started around then. (alleged) Troll went back to FD January 5th 2007. ◦ One of Abertay’s students did not return in January. He was welcomed back.
  • 25. Some serious questions.1. What about hacking group members? ◦ Difficult to identify. ◦ Whistle-blowing would be a possibility. ◦ Abertay reserves the right to remove any student. ◦ We NEED to educate about hacking techniques.3. Many people have proved not to be suitable for an EH degree. ◦ How does the industry effectively make use of the talents of these people?
  • 26. BSc EH 2.0 What it’s become… PS The students still volatile!
  • 27. New facilities (Sep 2010)
  • 28. The syllabus (briefly!) Themed:- ◦ Programming. ◦ Networking. ◦ Ethical Hacking. Four year honours degree in Scotland. ◦ Year 1 and 2 still geared towards “basics”. ◦ Year 3 and 4 much more research and self- learn.
  • 29. “You should teach us X” Culture of project work as assessments:- ◦ Year 1 Ethical Hacking – Mini project ◦ Year 2 Ethical Hacking – Project ◦ Year 2 Smart Programming – Project ◦ Year 3 Ethical hacking - Web security project ◦ Year 3 Ethical Hacking – Mini-project ◦ Year 3 Ethical Hacking – Exploit development ◦ Year 3 Group Project - Student chosen ◦ Year 4 Network Management – Network Security project ◦ Year 4 Honours project
  • 30. Student Centred Learning Students encouraged to create their own CV’s, mould their own careers. In many cases, students can learn what THEY think is important. Documentation skills (& feedback on this) are more prominent.
  • 31. E-Hacking modules.  General security Internal & External Pen testing - Firstbase techies (2 staff)  Penetration testing  Web Application testing Exploitlab 5.0  Exploit Development - Saumil Shah & SK Chong 2011  Reverse Engineering  Password security CEH (3 members of staff) NCR work  Malware analysis “Other” companies  Etc.Staff training & company involvement essential.
  • 32. End games Random ramblings.
  • 33. Students talking @cons BruCon Security Conference 2011 ◦ “Smart Phones – The Weak Link in the Security Chain, Hacking a network through an Android device” by Nick Walker and Werner Nel BruCon Security Conference 2011 ◦ “Script Kiddie Hacking Techniques by Ellen Moar BSides London Security Conference 2011 ◦ “DNS Tunnelling: Its all in the name!”, Arron "finux" Finnon BSides Berlin Security Conference 2011 ◦ A Salesmans Guide to Social Engineering by Gavin Ewan
  • 34. A question So are there jobs? ◦ We are a vocational University. ◦ Companies are coming to us (e.g. NGS). ◦ Qinetiq interested after 3 summer placements. ◦ PwC stole(!) two of our students this year! ◦ Current grads are out there. ◦ Current hons year are easily getting jobs.
  • 35. Finally.. Is the sensationalistic title necessary? ◦ Security mindset, culture is VERY important. ◦ All aspects of security are important. ◦ Ethical Hacking is what we are doing. The future? ◦ Graduates are now out there. ◦ Summary – course has been a success.
  • 36.  Questions?

×