Instructors: Scott J. Shapiro & Sean O'Brien
We are delighted to announce a first on Lawfare: A live online class on hacking and cybersecurity.
The live course will be open to Lawfare's material supporters, and we will edit and post each recorded class session as videos that will amount to a public course on computer hacking.
Whether one joins live or watches the videos later, students will learn to use virtual machines to "hack" other virtual machines using standard attacks such as packet sniffing, buffer overflow, IP spoofing, certification forgery, Adversary-in-the-Middle (AiTM or MiTM), SQL injection and Cross Site Scripting (XSS).
Drop into the class and be ready with this Command Line Interface (CLI):
Though we will be using Kali Linux this CLI will get you started and following along at the start of the class. After the second week, when we move to more complex concepts and examples, this CLI will no longer be useful.
To prepare for the course, students must download:
- VirtualBox virtualization software that will run a "virtual machine" operating system
- Virtual machine (VM) versions of Kali Linux, an operating system specifically designed for hacking and penetration testing.
We require students to run virtual machines to avoid problems on their own operating systems - in this way, they are running a special "OS within an OS" that won't mess with their Mac or Windows environment.
NOTE: More adventurous or experienced users may install Kali Linux directly on their hardware without virtualization or can try virtualization software such as VMware, which may be a better option for your unique situation. However, the instructors and our support staff will not be able to help troubleshoot or guide users choosing these alternative options. As hackers say, YMMV.
To effectively run virtual machines inside your host operating system, we recommend these minimum hardware specifications:
- 4 GB of RAM
- 32 GB of disk space
- 64-bit CPU (multiple core) with 2 GHz speed or better
- See note about the latest Mac M1/M2 models below.
- High definition graphics card
- Broadband Internet connection
- Latest versions of Windows, macOS, or GNU/Linux (Ubuntu, Debian, or CentOS recommended)
A good rule of thumb: Use a computer no older than the start of the Covid pandemic. We will try to accommodate students who do not have these minimum specs available, such as users with 32-bit machines. See note about the latest Mac M1/M2 models below.
The latest Apple Mac models use a custom M1 or M2 ARM chipset that is not 64-bit architecture. This is a relatively new development, and virtualization on these Mac M1/M2 machines can be tricky. On these systems, the best solution seems to be Parallels, with VMware Fusion as an alternate option.
CLICK HERE and download the VirtualBox installer for your operating system. You may also need to install the Extension Pack on your operating system, depending on settings.
VirtualBox installation tutorials:
- Video for Windows users
- Video for Mac users
- GNU/Linux users: Ubuntu | Debian | CentOS
CLICK HERE and download a 64-bit pre-built virtual machine (VM) image of Kali Linux. You will add this VM image to VirtualBox to boot into Kali Linux inside your host operating system.
Kali Linux setup tutorials:
Kali Linux VMs are distributed in a compressed 7-Zip .7z format. If your OS does not have software to extract 7-Zip files, please try installing one of these options:
You may have to restart your system to make sure virtualization drivers are loaded by your OS. Once you can boot Kali Linux, please log in. If you have installed Kali via the VirtualBox VM method we recommend, the default credentials are:
- username:
kali - password:
kali
Don't worry, we'll show you how to change this default password (and crack the weak passwords of other users)!
Scott's Video Intro | Watch Replay
- Our Approach
- Introduction: Information Security
- Setting Up VirtualBox & Kali Linux
- Command Line Interface (CLI)
- The Filesystem Tree
Videos:
- Admin / Root Access
- The Kernel
- Userspace
- Processes
- Rootkits
- Permissions
- Creating Users & Groups
- Credentials & Cracking
- Principle of Least Privilege
- Privilege Escalation Attacks
- Breaking
/etc/shadow
- Historical & Current OS's
- Unix
- GNU/Linux
- macOS
- DOS
- Windows
- Android
- iOS
- Other Computers
- Mainframes
- Internet of Things (IoT)
- Industrial Control Systems
- Planes, Trains, & Automobiles
- Adversary-in-the-Middle Attacks (AiTM or MiTM)
- Networking History
- Client/Server Model
- Networking Models (OSI & TCP/IP)
- Physical & Internet Infrastructure
- TCP/IP & UDP
- Changing Your Network Identification
- Request/Response via the Web
- State
- Ports, Sockets & Sessions
- Network Address Translation (NAT) & Network Devices
- Virtual Private Networks (VPNs)
- Distributed Denial-of-Service (DDoS)
- Obfuscation & Hashes
- Public/Private Key Exchange
- RSA algorithm
- HTTP Encryption (SSL/TLS)
- Email Encryption (PGP/GPG)
- Certificates
- Backdoors
- DNS & Policy
- Firewalls
- Proxies & Reverse Proxies
- Network-based Intrusion Detection Systems (IDS)
- Content Delivery Networks (CDNs) & Anycast
- Delivering Payloads
- SQL Injection Attacks
- Metasploit Framework
- Using Metasploit
- Onion Routing (Tor)
- Censorship Circumvention
- Configuring Tor
- Sharing Files Anonymously
- Trusted Software Distribution
- Software Verification
- Hardware Assurance
- Free & Open Source Software (FOSS)
- Open Source Hardware
- Types of Cybercrimes
- Varieties of Malware
- Fraud & Phishing
- Data Breaches
- Crime as a Service
- Social Engineering
This class is based upon materials developed by Scott J. Shapiro, Sean O'Brien, and Laurin Weissinger at Yale Law School since 2018. Some of these materials have been collected at another repository, though the design of the class has changed over time. Laurin's contributions have been covered by tech press and both Scott and Sean have talked about their approach to the course in Yale media.
These class materials are ethical Free and Open Source Software (FOSS). Any and all original work contained in this repository that is authored by Scott J. Shapiro, Sean O'Brien, and/or any guest instructors is released under the GNU AGPL version 3 or any later version. See LICENSE for more information.
Lawfare™ is a trademark of the Lawfare Institute and any and all representations of that mark in this repository are © copyright Lawfare Institute.