[ How to Teach Hacker Highschool: Unit 2 ]

Hacker Girl

This is the second unit of my course for teachers, which brings together a lot of material I generated while working as Project Manager for the Hacker Highschool v2 Rewrite Project, 2012-2016. This session discusses some of the issues you may deal with in proposing and setting up a Hacker Highschool class.

So here’s the video of Unit 2, with the links it mentions below. Tell us what you think in the Comments, and thanks for taking a look.

POWERPOINT: http://gnorman.org/HHS/Teacher_Training_Unit_2_GN_017-11-20.pdf

Uncut Lessons: http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/School for Hackers: https://schoolforhackers.com for Hacker Nightschool and Hacking 101

ISECOM: http://isecom.org

Hacker Highschool: http://hackerhighschool.org

Hacker Highschool (http://www.hackerhighschool.org/) is a free, open curriculum from ISECOM (http://www.isecom.org/). Uncut lessons are available at http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/.

–Musical Credits–
Cold Funk – Funkorama by Kevin MacLeod is licensed under a Creative Commons Attribution license (https://creativecommons.org/licenses/…)
Source: http://incompetech.com/music/royalty-…
Artist: http://incompetech.com/
Music promoted by Audio Library https://youtu.be/Vhd6Kc4TZls

Online victim resources:
https://www.hackthissite.org

https://www.root-me.org/

http://scanme.nmap.org/

“A Teen’s Guide to Cyber Security”

Hacker Girl

I get some great suggestions from friends and readers. This week I’ve been looking at a genuinely interesting compilation of material for teens and their parents.

One of my biggest interests is studying – and learning techniques for securing – the way teens behave online. There’s some articulate discussion and well-chosen materials for teens and parents: highly recommended.

https://www.hotspotshield.com/resources/teens-guide-to-cyber-security/

(With thanks to DM and K 😉

[ How to Teach Hacker Highschool: Unit 1 ]

We’re getting started with this course for teachers, which brings together a lot of material I generated while working as Project Manager for the Hacker Highschool v2 Rewrite Project, 2012-2016. This session discusses some of the issues you may deal with in proposing and setting up a Hacker Highschool class.

So here’s the video of Session 1, with the links it mentions below. Tell us what you think in the Comments, and thanks for taking a look.

POWERPOINT: http://gnorman.org/HHS/Teacher_Training_Unit_1_GN_2017-09-09.pdf

Uncut Lessons: http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/School for Hackers: https://schoolforhackers.com for Hacker Nightschool and Hacking 101

ISECOM: http://isecom.org

Hacker Highschool: http://hackerhighschool.org

Hacker Highschool (http://www.hackerhighschool.org/) is a free, open curriculum from ISECOM (http://www.isecom.org/). Uncut lessons are available at http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/.

–Musical Credits–
Cold Funk – Funkorama by Kevin MacLeod is licensed under a Creative Commons Attribution license (https://creativecommons.org/licenses/…)
Source: http://incompetech.com/music/royalty-…
Artist: http://incompetech.com/
Music promoted by Audio Library https://youtu.be/Vhd6Kc4TZls

Hacker Highschool: TV Interview on Fox New Mexico

This was a fun little gig:

“[Fox Interviewer” Nikki is joined by Glenn Norman, a Security Consultant, Teacher and Project Manager for Hacker High School, to discuss the innovative teaching method to teach security awareness and how it came to be.”

Published on Jun 25, 2012

Teaching Security Certifications in New Mexico

Glenn at work

I’ve been trying for some seven years to get the University of New Mexico to let me start offering hard-core cyber-security (i.e. hacking) certification courses, without even a whiff of success until recently. The Marketing Department and Custom Training division surveyed our captive audience, which is pretty sizable: Sandia National Labs, Los Alamos National Labs, Kirtland Air Force Base and three other bases in the state; sizeable state, county and tribal entities; and mega-corps like Intel and HP.

We looked at their interest in ITIL, (ISC)2’s CISSP, ISACA’s CISA, Cisco’s CCNA-Security, GIAC’s GPEN, ISECOM’s OPST, EC-Council’s CEH, and Offensive Security’s OSCP.

One big factor that all clients considered was national and local demand for certified pros here in New Mexico. While many of the job sites aren’t completely forthcoming about how many jobs match a keyword, LinkedIn offers hard numbers for both global and state job openings that request or require particular certifications. LinkedIn reported:

8954 job listings that mention ITIL certification, 26 in New Mexico;

9,036 jobs mentioning the CISSP, 22 in New Mexico,

8,779 jobs mentioning the CISA, 4 in New Mexico,

11,416 job listings that mention the CCNA, 37 in New Mexico

395 jobs mentioning GPEN certification, 1 in New Mexico,

13 jobs mentioning the OPST certification, 0 in New Mexico,

3006 jobs mentioning the CEH, 2 in New Mexico, and

794 jobs mentioning the OSCP, 1 in New Mexico.

Of these, the last four could be called the “hackiest.” ISECOM’s OPST showed very weak numbers both global and locally, so despite some interesting aspects to its practice, none of our audience members showed the slightest interest. The GPEN showed more global-level strength, and attracted some attention from the national facilities, but needs to exist in the ecosystem of GIAC curricula. The OSCP is the truly hard-core hacker’s cert, with its 24-hour examination, but isn’t really “taught” at all; you have to hack and crack your way to a conclusion. It kind of cuts out the middle-man (teachers).

Mentioning the CEH started phones ringing immediately. UNM let me set up an InfoByte session to discuss all these certs and get a feel for what people would pay for. Which cert made ears perk up? The CEH.

I know quite a bit about the organizations and people that were in play in the creation of EC-Council. Despite the extremely tricky test, one individual’s “Run Away From the CEH” propaganda campaign (you can find the various renditions of the article in lots of places in the Internet) succeeded in spreading an early conception that EC-Council is a “diploma mill,” among other accusations. I’ve studied v8 and v9, and find the CEH has definitely matured as a certification, with an exam that is still quite tough, and more tightly focused on current issues and tools than ever.

So finally – finally! – I got the certification and UNM scheduled one section of a Certified Ethical Hacker class. Where I’ve had to struggle to find students to make some classes run, the CEH class made minimum enrollment (5 students) within hours of appearing in the online catalog. And certain entities are already asking about custom and on-site trainings, always a sign of a program with legs.

We’ll see how this first section goes. If interest persists or increases, my next campaign will be urging UNM to become an “official” EC-Council training center (and getting myself EC-Council instructor certified). While the word “official” carries some weight, when you self-study or get “unofficial” training you simply pay $100 extra above the $650 test registration fee.

I’ll have a lot to say about how I studied, what materials I used and my impressions (without details, of course) of the exam. For the moment I’m delighted to have found a pony that can run in this race. Updates will follow.

Syllabus: CompTIA A+ 220-901 and 220-902 Courses

UNM Continuing Education

CompTIA A+ 220-901 and 902

Instructor:  Glenn Norman

Text

CompTIA A+ Complete Study Guide, Third Edition (Exams 220-901 and 220-902)

ISBN 978-1-119-13785-6

Learning Objectives

Understand the CompTIA A+ Exam Objectives

Collect and utilize sample exams and questions

Increase hands-on familiarity with Windows and Linux

Understand virtualization

Pass the 901 and 902 tests.

Course 1: 220-901

Day 1

Introductions, experience and objectives

Texts, sample tests and sample questions

Assessment test

Chapter 1

Working With Components

Bus Details

Connectors

IRQs and Addresses

Utilities

Hands-on teardowns: workstations and processors

Day 2

Chapters 2 and 3

IDE, SCSI, SAS

Power Supplies

Expansion busses

Exercises: Disk management tools; Open VMs

Day 3

Chapters 4 and 5

Video standards and hardware

Custom configurations

Exercises: Hands-on video hardware; Linux and Windows command line

Day 4

Chapters 6 and 7

The OSI model

TCP and UDP

Exercises: Command-line tools

Day 5

Chapters 8 and 9

Wifi standards

Encryption and security

Laptop architecture

Exercises: laptop teardowns

Day 6

Chapters 10 and 11

Mobile devices

Printing and Imaging

Mechanisms

Laser Printing and Charlie

Page Description Languages

Diagnostics

Exercises: Mapping to printer, configuration, test page

Day 7

Chapter 12

Troubleshooting

Exercises: Installing PsTools

Course 2: 220-902

Day 8

Chapters 13 and 14

OS Troubleshooting

Boot and Recovery

ASR and ERD

Tools and Consoles

The Registry

Boot Files

File Systems

Attributes

Exercise: Restore Points

Day 9

Chapter 15, 16 and 17

Windows editions

Windows 7 administration

Windows Vista administration

Utilities

Remote Desktop/Remote Assistance/VNC

Advanced Startup and the Recovery Console

The Command Line

Exercise: Startup Script, Remote Connections

Day 10

Chapter 18

Mac OS

Linux

Exercises: Command-line tools

Day 11

Chapters 19 and 20

Security

Networking and services

Virtualization

Day 12

Chapter 21

Mobile OSs

Day 13

Chapters 22 and 23

Troubleshooting theory

Operations

Policy and Proceedure

Exercise: Practice Test

Hacker Highschool: Download Uncut Lessons

Here are the lessons I produced as a contributor and Project Manager of Hacker Highschool, 2012-2016, complete and uncut, with the names of all contributors intact.

These lessons are distributed under the Creative Commons 3.0 License. Parts of these lessons are Copyright 2016 Glenn Norman. For updated project information visit http://hackerhighschool.org.

HHS_en1_Being_a_Hacker.v2_GN_2015-09-28.pdf

HHS_en2_Commands.v2.GN_2015-01-06.pdf

HHS_en3_Beneath_the_Internet.v2.GN_2013-08-06a.pdf

HHS_en4_Playing_With_Daemons.v2_GN_2013-12-09.pdf

HHS_en5_System_Identification.v2.GN_2015-06-23.pdf

HHS_en6_Malware.v2_GN_2014-12-10.pdf

HHS_en7_Attack_Analysis.v2_GN_2014-12-22.pdf

HHS_en8_Forensics.v2.GN_2015-01-07.pdf

HHS_en9_Hacking_Email_GN_2014-12-24.pdf

HHS_en10_Web_Security_and_Privacy.v2.GN_2015-08-13.pdf

HHS_en11_Hacking_Passwords.v2_GN_2015-08-21.pdf

HHS_en12_Legalities-and-Ethics.v2_GN_2013-10-17.pdf

HHS_en13_Cloud_Computing.v2_GN_2013-10-25.pdf

HHS_en14_Databases.v2.GN_2012-08-22.pdf

HHS_en15_Doxing.v2_GN_2012-09-23.pdf

HHS_en16_Exploits_and_Vulnerabilities.v2.GN_2013-06-29.pdf

HHS_en17_Mobile_Devices.v2_GN_2015-05-12.pdf

HHS_en18_Physical_Security.v2_GN_2012-10-02.pdf

HHS_en19_Wireless_GN_2013-07-01.pdf

HHS_en20_Social_Engineering.v2.GN_2013-07-01.pdf

HHS_en21_Hacktivism.v2.GN_2013-11-02.pdf

HHS_en22_Cyberbullying.v2.GN_2013-01-24.pdf

Online Education: A list of Internet educators

Online Education

For the most part, I teach live classes. But I’ve used and reviewed many online school platforms (yes, including the obvious ones). Udemy and the like offer some excellent materials – and some not-so-exellent – but there are full-on universities online too, that offer real degrees, as well as the many certification organizations and trainers.  This list isn’t an endorsement of any of these, but unless I see real value, providers don’t make this list.

Cyber Degrees

Not primarily a training site, Cyber Degrees is a great resource for people looking for the right degree or certification to advance their careers. They offer school listings, descriptions of career paths and degrees and a ton of useful resources. If you’re considering online education, start right here and know the field before you spend a dime. Highly recommended.

http://www.cyberdegrees.org/

University of the People

It’s accredited, which is huge: these are real AS, BS and MBA degrees in Business Administration, Computer Science and Health Science. And it’s free.

http://www.uopeople.edu/

Interactions, Trust and Google Chrome: my Veracode article

Glenn Norman on Veracode

During my time as Project Manager of Hacker Highschool (2012-2016) I had the opportunity to write articles for several security publications. This article, “Interactions, Trust, and Google Chrome”, appeared on January 14, 2016, and looked at the obvious and not-so-obvious trusts we give Google and interactions we allow with them.

I’m not a Google Hater; in fact I find their tools really useful in my consulting work. But I’m very cautious about sharing certain things, for instance my wifi network passwords. Check it out for a fuller discussion.

Article links:

https://www.veracode.com/blog/2016/01/interactions-trust-and-google-chrome

Google cache: https://webcache.googleusercontent.com/search?q=cache:2y8kFQkdBxgJ:https://www.veracode.com/blog/2016/01/interactions-trust-and-google-chrome+&cd=1&hl=en&ct=clnk&gl=us

Perma.cc cache: https://perma.cc/KL36-8RZA

Author profile:

https://www.veracode.com/blog/author/glenn-norman

Google cache: https://webcache.googleusercontent.com/search?q=cache:KPmWIWVgB98J:https://www.veracode.com/blog/author/glenn-norman+&cd=1&hl=en&ct=clnk&gl=us

Perma.cc cache: https://perma.cc/F832-EMF4