This document provides information about an upcoming cyber security workshop in Lesotho. The workshop will be presented by Mr. Theko Moima, a certified ethical hacker. It will be aimed at government officials from the ministries of education, defense, police, and justice. The objectives are to equip government with cyber skills, enable protection against threats, and demonstrate cyber attacks and vulnerabilities. The workshop will use both Sesotho and English and include both technical and everyday language explanations. It will involve demonstrations of attacks and defenses using attendees' own devices. The document outlines topics that will be covered including cyber crime, security, hackers, the CIA triad model, hacking methods, and examples of common attacks.

1. CYBER-SECURITY
TALKS 2019
Presented by: Mr. Theko. Moima
C|EH
Email: moima@catholiccomprehensive.co.ls
Date: 1st , 2nd Aug 2019

2. EXPECTED AUDIANCE
• Minister of Education and Training
• Ministry of Defence and national security
• Ministry of Police
• ministry of Justice

3. ABOUT THE PRESENTER
• Certified Ethical hacker from EC Council
• Head of IT Department and cyber security instructor at
CCCC.
• Former IT student at L.U.C.T
• Work experience in IT (full stack php developer, multiple
software, Exploits, Network engineering, support Etc)

4. OBJECTIVES
• To equip the government with skills pertaining cyberspace.
• To enable protection mechanisms against various cyber
threats.
• To demonstrate how various cyber attacks occur with
countermeasures to government.
• To show government its vulnerabilities that could provoke
loss of interest by investors.

5. LEGAL DISCLAIMER
• Misuse not the information from this workshop.
• You will be shown how cyber crime occur, thus prepare your
concience.
• This workshop is all about cyber security in offensive mode.
The tools, techniques and the presenter shall not be used
against the country but to protect it.

6. EXPECTATIONS FOR THIS WORKSHOP
• languages Sesotho and English
• 90% Offensive security
• 40% technical language and 60% ordinary language.
• Demonstrations with our own devices for ethical mind's sake
except on web technology.
• Note: To beat up a hacker, you need to think like one. we
hack before bad hackers do for us.

7. The cyber space
• Cyberspace refers to the virtual computer world.

8. WHAT IS CYBER CRIME?
• Cyber crime is the use of computers and networks to perform
illegal activities such as spreading computer viruses, online
bullying, performing unauthorized electronic fund transfers,
etc.
• Individuals, organizations run lots of funds as a result of cyber
crime.

9. SO WHAT IS CYBER SECURITY?
• Cybersecurity is the practice of protecting systems,
networks, and programs from digital attacks.
• cyberattacks are usually aimed at accessing, changing, or
destroying sensitive information; extorting money from
users; or interrupting normal business processes.

10. WHO COMMITS THIS ATTACKS?

11. WHO COMMITS THIS ATTACKS?
• Cyber criminals (usually known as black hat hackers or
crackers).
• A computer hacker is any skilled computer expert that uses
their technical knowledge to overcome a problem.

12. THE C.I.A TRIAD
• is a model designed to guide policies for information security
within an organization.
• Not to be confused with the Central Intelligence Agency.
• Many organizations fail this model when it comes to
information security

13. C.I.A TRIAD
• Confidetiality: right information to write people at right time.
• Integrity: maintaining the consistency, accuracy, and
trustworthiness of data over its entire life cycle .
• Availability: refers to the actual availability of your data.
Authentication mechanisms, access channels and systems all
have to work properly for the information they protect and
ensure it's available when it is needed.

14. Basic Hacker classes
• Script kiddies
• White hat hackers
• Grey hat hackers
• Black hat hackers
• State sponsored hackers e.t.c

15. HACKING
• To attack systems, networks, and applications by exploiting
their weaknesses in order to gain unauthorised access to
data and systems.
• Goals of hacking: Data theft, Destruction, or Alteration,
elevated priviledges or any other unauthorised action.
• So Ethical hacking???
• - use of hacking knowledge, skills, tools, to demonstrate
the true exploitable vulnerabilities of a system for better
security.

16. ETHICAL HACKING
• Ethical Hacking is identifying weakness in computer systems
and/or computer networks and coming with
countermeasures that protect the weaknesses.
• Ethical hackers are the guardians to the cyber, they use
hacking skills and tools to protect IT.

17. HOW HACKERS PLAN YOU
• For a cyber assassination to succeed, hackers undergo some
steps:
• -Open source intelligence (footprinting & recon).
Where: -IoT
-Dumpster diving
-Social media databases
-Websites
-Search engines e.tc
• Scanning and enumeration:
-vulnerability scanning, fingerprinting etc

18. HOW HACKERS PLAN YOU
• -gaining access
Where: -Passwords problem
-Server vulnerabilities
-Untrained IT staff
-Mobile and systems malware
-Unaware staff
• Post exploitations:
-Elevating priviledges e.tc
• Clearing tracks: deletes all traceable info about an attack.

19. HACKING YOU:PLANNING

20. OSINT (RECON)
• Data about target is gathered from publicly available sources
e.g (facebook, linkedin, twitter, photos (images), google (and
other SEs), Internet of things and many other sources).
• The information gathered using OSINT is used to plan various
attack vectors against the target.
• OSINT is usually passive..

21. OSINT (RECON) DATA
• Geolocation for target
• Phone numbers and emails
• Positions held by personnel
• Server information and vulnerabilities
• Misconfigured cameras, plants and SCADA
• Usernames and passwords
• Buggy websites
• Plaintext protocols
• Server administrator information.
• Web administrators details etc.

22. ATTACK VECTORS
• Hackers base themselves with OSINT data when they start
penetrating into systems and networks.
• The following are some of the attack vectors used: -Databases
-Untrained staff
-Websites
-Server or software misconfigurations
-Simple passwords

23. BASIC CYBER ATTACKS
• Client side attacks:
• -malware (PC and mobile)
-Social engineering attacks
-Phishing attacks
• Man in the middle attacks (sniffing, ip spoofing, js injection
etc)
• Denial of service attacks
• Server side attacks: based on server configuration or
proogramming flaws.
-misconfigured ports or protocols
-remote code execution etc
-Web attacks

24. MOST VULN INSTITUTIONS
• All goverment ministries
• Financial sector
• Parastatal institutions
• individual computer users of Lesotho.
• Private sector (with tech giants involved).
• Mining sector

25. DEMOS
• OSINT, WP attacks, social engineering, mobile platforms,
windows, websites and man in the middle attacks.