Review: EC-Council’s iLabs Platform

Glenn Norman

I’ve been trying to bring “hacker” training to UNM for over ten years without much success. Only in the past two semesters have I been able to run an Ethical Hacking class based on the CEH, but where my past efforts didn’t bring students, the CEH did.

Red Team work has long interested me, likely because years of managing high-traffic websites left me with lots of scars and an urge to fight back. There are some interesting programs: the OSCP, GIAC certifications, and the CEH probably make up the short list. I’m highly interested in the GIAC certs, but man are they expensive. The OSCP from Offensive Security is the real hardcore hacker’s cert, even if most HR people haven’t figured that out yet. The CEH, on the other hand, is widely recognized by HR but doesn’t enjoy quite the same purists’ esteem.

So I approached Jay Bavisi online, and he connected me with ECC VP Eric Lopez and ECC University VP David Oxenhandler. Eric and David met with me to talk about marketing ECC courses and materials to UNM administration, and gave me a stack of books two feet high – and an account on ECC’s online training platform, iLabs 2.0. I’ll have more to say about specific books and certs, but here I’m going to talk about iLabs itself.

By now almost every teacher has dealt with a few learning management systems (LMSs). My list includes build-it-yourself platforms like Blackboard, Moodle and WordPress LMS; ready-to-go courses on sites like Udemy and Coursera; and some great pre-built platforms for building tests and courses like Mettl and Braincert. They all have a lot in common in terms of features and interfaces: videos or scenarios to play, guided exercises, mostly textual interactions (if any) with the instructor and other students.

I’ve also been spending a lot of time on hacking sites like root-me.org and HacktheBox, which are very different from the LMSs. The best of them fire up virtual machines for students to practice on, which is a lot more realistic than the guided walk-throughs most LMSs offer.

iLabs merges these two models. ECC has given me permission to share screenshots from that environment, so let’s do a walkthrough, starting from the login page.

iLabs Login
iLabs Login

I received a welcome email with instructions on setting up my account and using an Access Key to start running the course materials. My key got me into the CEHv9 course. Remember that the CEH is transitioning to version 10, so there will be some differences in the newer version.

iLabs Tab: My Training
iLabs Tab: My Training

From here I had four tabs to choose from: My Training (the current screen), My Transcript, Courses and Contact.

iLabs Tab: My Transcript
iLabs Tab: My Transcript

My Transcript showed that at the moment, I had basically completed no training (at least on this platform). No surprise. I can see this being useful once I’ve studied a few more certs.

iLabs Tab: More Courses
iLabs Tab: More Courses

The Courses tab takes us to a Course Catalog that will immediately made my mouth water: Advanced Penetration Testing, Incident Handler, Forensics Investigator. It’s a lineup that’s grown dramatically, and seems aimed directly at GIAC. Yes, I tried getting into other courses (hacker!) and that wasn’t possible, at least without making myself a nuisance instead of a guest. But now I have an appetite for more.

Going back to the Courses tab, I clicked on the Certified Ethical Hacker – CEH v9 link, and arrived at the summary page for the program.

CEH Course Activities List
CEH Course Activities List

These are the familiar sections of the CEHv9 training. Clicking the Launch button takes us to a preliminary test of our system, then lets us launch the actual test lab. Clicking the button opens a new window while our test environment is launched.

iLabs: Starting the Lab Environment
iLabs: Starting the Lab Environment

Module 1 is all about learning to use the iLabs platform, and provides a walkthrough of the interface’s features. It’s an information-intensive environment, so pay close attention at this stage. There are a couple of places on every screen that may offer tips; learning where to look helps a lot once we’re doing active work.

iLabs: Lab Orientation
iLabs: Lab Orientation

Next, in this and all Modules, comes a couple of screens of information: Objectives and the lesson Scenario.

iLabs: Module Instructions
iLabs: Module Instructions

Clicking through the Information screens takes us to the first virtual machine we’ll use, a Windows Server 2012 instance. Choose the Machines tab and click on Windows Server 2012, if it’s not already selected.

iLabs: Virtual Machine Ready
iLabs: Virtual Machine Ready

We’ll need to locate the Commands menu at the top of the screen in order to log into the VM. It’s not clearly labeled; look for the lightning bolt at the top of the scroll bar on the right. It pops open a dialog where we can send a Ctrl-Alt-Delete to get a login form.

We’ve got an amusing choice here: use the Commands menu, click Type Text, then click Type Username; or click in the Machines tab on the username; or type it into the form ourselves. Do aspiring hackers really need this much hand-holding? Probably not, but this feature is also likely just an element of the LMS. Choose a method, and enter the username and password.

The next screen comes up every time we open this VM, which is just a result of starting an absolutely fresh installation. Obviously we don’t need to set up the whole server, so simply cancel the dialog.

iLabs: Server Setup
iLabs: Server Setup

Notice that the bottom of the VM’s screen is cut off on my 15″ laptop monitor (1366×768). Checking the available resolutions, I found it’s already at its lowest option, 1024×768. While this isn’t a big deal, it is a bit annoying to have to scroll to see everything. I couldn’t find a setting to resize the VM window, but the interface is complex enough that I may have missed it. (Let me know below if you find it.)

iLabs: Starting Firefox
iLabs: Starting Firefox

Next comes opening Firefox. This requires telling Firefox that we don’t want to update to the latest version. Why? Because the VM is running an older version that supports the outdated Firebug plugin. I expect that the version 10 course will use a newer utility that works in current versions of Firefox (as I mentioned, this is the now-retired version 9).

Note the instructions in the blue box at the bottom of the screen, which direct us to enter the target website’s URL (which is not an actual online domain).

iLabs: Moviescope.com
iLabs: Moviescope.com

Once we’re on the Moviescope site, open the Firebug console. Firebug, by the way, has since merged into the Firefox Developer Tools. In the lab, some Firebug features won’t work, but clicking through the interface tabs does for the most part. And of course the functions Firebug offered are still available in Firefox, so in real life you don’t have to stick to an old version of the browser.

iLabs: Firebug Error
iLabs: Firebug Error

The instructions steer us to the HTML inspector in Firesheep, and into the scripts present on the page.

iLabs: The Debugging Environment
iLabs: The Debugging Environment

Click to expand one of the scripts and it gives up its code.

iLabs: Moviescope Javascripts
iLabs: Moviescope Javascripts

After taking this quick look at the scripts the lab points out that these visible scripts are ripe for the plucking. Then the Module starts us into another software installation.

CEH Tools
CEH Tools

The CEH has a heavy concentration in hacking tools, and candidates are expected to be familiar with the functions of quite a few of them. This is where this LMS shines: we get to set up, run and see the output of these tools on a live VM system. When I studied for the CEH, everything I worked with was text and slideshows. I’m a geek and an instructor, so I went out and got, installed and tried out every tool that was mentioned (this took a LONG time), so it’s nice to see that this course puts the tools right in my hands.

Drive E: has a tasty little stash of software we’ll be using. In this case, we’re steered to the Web Data extractor, which we install and run.

Web Data Extractor
Web Data Extractor

“Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.” – http://www.webextractor.com/

Our target web site is small, so the scan completes quickly. When it’s done it lets us know.

Web Data Extractor - scan complete
Web Data Extractor – scan complete

Now we can dig through the results, which are excellent for Reconnaissance-stage hacking: one scan saves us the trouble of digging around for the target’s email addresses, phone numbers etc.

Web Data Extractor - scan results
Web Data Extractor – scan results

After some discussion, we’re led to another installation, this time of the WinHTTrack Website Copier.

iLabs: Installing WinHTTrack Website Copier
iLabs: Installing WinHTTrack Website Copier

“HTTrack … allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site’s relative link-structure. Simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link, as if you were viewing it online.” – http://www.httrack.com/

iLabs: Starting WinHTTrack Website Copier
iLabs: Starting WinHTTrack Website Copier

Once we’ve chosen a project name, we can review the configuration.

iLabs: Configuring WinHTTrack Website Copier
iLabs: Configuring WinHTTrack Website Copier

So bang, click OK and turn it loose. When it’s done it’s not completely clear what you’re supposed to do. From the Index of Projects page, click on the only one: our Test Project

iLabs: Scan Results WinHTTrack Website Copier
iLabs: Scan Results WinHTTrack Website Copier

Now we can click through pages and examine code without waiting for the live site to load them for us.

iLabs: Examining the Copied Site
iLabs: Examining the Copied Site

After some discussion and examination, we’re shown out the door to this Module and back to our summary screen: Status Complete. From here we can scroll down and launch Module 2, Scanning Networks. We can’t, however, skip ahead. We’ll have to run the Modules in order. After doing each one, we can go back and review.

iLabs: Post-Module Summary
iLabs: Post-Module Summary

This is only the top of the page…

iLabs: 17 Modules
iLabs: 17 Modules

…there are a total of 17 Modules to work through. Most of them run between a half hour and 1.5 hours.

iLabs: CEHv9 Module 2
iLabs: CEHv9 Module 2

Going forward, we get to use more real VMs, not just Server 2012. Module 2 takes us straight into doing network scans in Kali (oh fun!). We’re not playing with a simulation, either. This is live practice on real machines.

Learn On Demand Systems
Learn On Demand Systems

By now it should be pretty clear that I really like the environment. If ECC had built it themselves I’d be amazed, because it’s such a large-scale project. Fortunately they did what any smart IT person does, namely finding the best and latest tech that currently exists. (You don’t try to re-create YouTube when you want to stream videos, do you?)

The ECC iLabs system is an instance of the Learn On Demand Systems (http://www.learnondemandsystems.com/) environment. They bill their product as “Experiential Learning Solutions,” and the name fits. This LMS isn’t just boring slide shows and droning videos; it’s real hands-on practice.

I should point out that iLabs is just one part of an ECC training course. ECC also provides a huge stack of printed material for the CEH and their other courses. But I’ll review that in another article and tie this review up for now.

Let me end by suggesting that this is a whole new game for the Certified Ethical Hacker credential. ECC has put huge work into updating the cert, as I’ve seen from brief looks at v10 materials. And the CEH is the pen testing/auditing cert that’s most recognized, and most requested, by the recruiters who are looking for my students. I feel pretty good about the prospects for bringing this cert to UNM, and attracting both current CS/MIS students and adult professionals. You’ll hear how it works out right here. Good luck!

[ How to Teach Hacker Highschool: Unit 3 ]

Hacker Girl

This is the third unit of my course for teachers, which brings together a lot of material I generated while working as Project Manager for the Hacker Highschool v2 Rewrite Project, 2012-2016. This session offers some hints on conducting classes, and help for you to be a great teacher of hacking. Polish your Google Hacking skills, learn to search more safely, show your students easy ways to start coding and start getting familiar with your eyes and ears on the network: Nmap and Wireshark.

Here’s the video of Unit 3, with the links it mentions below. Tell me what you think in the Comments, and thanks for taking a look.

Powerpoint: http://gnorman.org/HHS/Teacher_Training_Unit_2_GN_017-11-20.pdf

Uncut Lessons: http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/

School for Hackers: https://schoolforhackers.com for Hacker Night School and Hacking 101

Hacker Highschool (http://www.hackerhighschool.org/) is a free, open curriculum from ISECOM (http://www.isecom.org/). Uncut lessons are available at http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/.

Google Advanced Search Operators: http://www.googleguide.com/advanced_operators_reference.html

DuckDuckGo Search Engine: http://DuckDuckGo.com

http://www.ikeahackers.net/

https://www.buzzfeed.com/readcommentbackwards/40-creative-food-hacks-that-will-change-the-way-yo-dmjk?utm_term=.ve0pYaR41#.oy7357LoM

https://www.wikihow.com/Hack-an-Xbox-Controller-Into-a-PC-Gamepad

https://www.wikihow.com/Create-a-Fake-and-Harmless-Virus

https://www.wikihow.com/Write-a-Batch-File

https://www.wireshark.org/

https://nmap.org/

–Musical Credits–
Opening and Closing: Loops by Mark D’Angelo, copyright 2017
Cold Funk – Funkorama by Kevin MacLeod is licensed under a Creative Commons Attribution license (https://creativecommons.org/licenses/…)
Source: http://incompetech.com/music/royalty-…
Artist: http://incompetech.com/
Music promoted by Audio Library https://youtu.be/Vhd6Kc4TZls

[ How to Teach Hacker Highschool: Unit 2 ]

Hacker Girl

This is the second unit of my course for teachers, which brings together a lot of material I generated while working as Project Manager for the Hacker Highschool v2 Rewrite Project, 2012-2016. This session discusses some of the issues you may deal with in proposing and setting up a Hacker Highschool class.

So here’s the video of Unit 2, with the links it mentions below. Tell us what you think in the Comments, and thanks for taking a look.

POWERPOINT: http://gnorman.org/HHS/Teacher_Training_Unit_2_GN_017-11-20.pdf

Uncut Lessons: http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/School for Hackers: https://schoolforhackers.com for Hacker Nightschool and Hacking 101

ISECOM: http://isecom.org

Hacker Highschool: http://hackerhighschool.org

Hacker Highschool (http://www.hackerhighschool.org/) is a free, open curriculum from ISECOM (http://www.isecom.org/). Uncut lessons are available at http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/.

–Musical Credits–
Cold Funk – Funkorama by Kevin MacLeod is licensed under a Creative Commons Attribution license (https://creativecommons.org/licenses/…)
Source: http://incompetech.com/music/royalty-…
Artist: http://incompetech.com/
Music promoted by Audio Library https://youtu.be/Vhd6Kc4TZls

Online victim resources:
https://www.hackthissite.org

https://www.root-me.org/

http://scanme.nmap.org/

Hacker Highschool: TV Interview on Fox New Mexico

This was a fun little gig:

“[Fox Interviewer” Nikki is joined by Glenn Norman, a Security Consultant, Teacher and Project Manager for Hacker High School, to discuss the innovative teaching method to teach security awareness and how it came to be.”

Published on Jun 25, 2012

Teaching Security Certifications in New Mexico

Glenn at work

I’ve been trying for some seven years to get the University of New Mexico to let me start offering hard-core cyber-security (i.e. hacking) certification courses, without even a whiff of success until recently. The Marketing Department and Custom Training division surveyed our captive audience, which is pretty sizable: Sandia National Labs, Los Alamos National Labs, Kirtland Air Force Base and three other bases in the state; sizeable state, county and tribal entities; and mega-corps like Intel and HP.

We looked at their interest in ITIL, (ISC)2’s CISSP, ISACA’s CISA, Cisco’s CCNA-Security, GIAC’s GPEN, ISECOM’s OPST, EC-Council’s CEH, and Offensive Security’s OSCP.

One big factor that all clients considered was national and local demand for certified pros here in New Mexico. While many of the job sites aren’t completely forthcoming about how many jobs match a keyword, LinkedIn offers hard numbers for both global and state job openings that request or require particular certifications. LinkedIn reported:

8954 job listings that mention ITIL certification, 26 in New Mexico;

9,036 jobs mentioning the CISSP, 22 in New Mexico,

8,779 jobs mentioning the CISA, 4 in New Mexico,

11,416 job listings that mention the CCNA, 37 in New Mexico

395 jobs mentioning GPEN certification, 1 in New Mexico,

13 jobs mentioning the OPST certification, 0 in New Mexico,

3006 jobs mentioning the CEH, 2 in New Mexico, and

794 jobs mentioning the OSCP, 1 in New Mexico.

Of these, the last four could be called the “hackiest.” ISECOM’s OPST showed very weak numbers both global and locally, so despite some interesting aspects to its practice, none of our audience members showed the slightest interest. The GPEN showed more global-level strength, and attracted some attention from the national facilities, but needs to exist in the ecosystem of GIAC curricula. The OSCP is the truly hard-core hacker’s cert, with its 24-hour examination, but isn’t really “taught” at all; you have to hack and crack your way to a conclusion. It kind of cuts out the middle-man (teachers).

Mentioning the CEH started phones ringing immediately. UNM let me set up an InfoByte session to discuss all these certs and get a feel for what people would pay for. Which cert made ears perk up? The CEH.

I know quite a bit about the organizations and people that were in play in the creation of EC-Council. Despite the extremely tricky test, one individual’s “Run Away From the CEH” propaganda campaign (you can find the various renditions of the article in lots of places in the Internet) succeeded in spreading an early conception that EC-Council is a “diploma mill,” among other accusations. I’ve studied v8 and v9, and find the CEH has definitely matured as a certification, with an exam that is still quite tough, and more tightly focused on current issues and tools than ever.

So finally – finally! – I got the certification and UNM scheduled one section of a Certified Ethical Hacker class. Where I’ve had to struggle to find students to make some classes run, the CEH class made minimum enrollment (5 students) within hours of appearing in the online catalog. And certain entities are already asking about custom and on-site trainings, always a sign of a program with legs.

We’ll see how this first section goes. If interest persists or increases, my next campaign will be urging UNM to become an “official” EC-Council training center (and getting myself EC-Council instructor certified). While the word “official” carries some weight, when you self-study or get “unofficial” training you simply pay $100 extra above the $650 test registration fee.

I’ll have a lot to say about how I studied, what materials I used and my impressions (without details, of course) of the exam. For the moment I’m delighted to have found a pony that can run in this race. Updates will follow.

Hacker Highschool: Download Uncut Lessons

Here are the lessons I produced as a contributor and Project Manager of Hacker Highschool, 2012-2016, complete and uncut, with the names of all contributors intact.

These lessons are distributed under the Creative Commons 3.0 License. Parts of these lessons are Copyright 2016 Glenn Norman. For updated project information visit http://hackerhighschool.org.

HHS_en1_Being_a_Hacker.v2_GN_2015-09-28.pdf

HHS_en2_Commands.v2.GN_2015-01-06.pdf

HHS_en3_Beneath_the_Internet.v2.GN_2013-08-06a.pdf

HHS_en4_Playing_With_Daemons.v2_GN_2013-12-09.pdf

HHS_en5_System_Identification.v2.GN_2015-06-23.pdf

HHS_en6_Malware.v2_GN_2014-12-10.pdf

HHS_en7_Attack_Analysis.v2_GN_2014-12-22.pdf

HHS_en8_Forensics.v2.GN_2015-01-07.pdf

HHS_en9_Hacking_Email_GN_2014-12-24.pdf

HHS_en10_Web_Security_and_Privacy.v2.GN_2015-08-13.pdf

HHS_en11_Hacking_Passwords.v2_GN_2015-08-21.pdf

HHS_en12_Legalities-and-Ethics.v2_GN_2013-10-17.pdf

HHS_en13_Cloud_Computing.v2_GN_2013-10-25.pdf

HHS_en14_Databases.v2.GN_2012-08-22.pdf

HHS_en15_Doxing.v2_GN_2012-09-23.pdf

HHS_en16_Exploits_and_Vulnerabilities.v2.GN_2013-06-29.pdf

HHS_en17_Mobile_Devices.v2_GN_2015-05-12.pdf

HHS_en18_Physical_Security.v2_GN_2012-10-02.pdf

HHS_en19_Wireless_GN_2013-07-01.pdf

HHS_en20_Social_Engineering.v2.GN_2013-07-01.pdf

HHS_en21_Hacktivism.v2.GN_2013-11-02.pdf

HHS_en22_Cyberbullying.v2.GN_2013-01-24.pdf

My Years With Hacker Highschool: Should We Be Training Hackers?

Glenn Norman

Flash forward from my first conversations on LinkedIn with Pete Herzog in 2010 to February of 2015, and one of the most persistent topics about Hacker Highschool: Should we be doing what we were doing at all? Were we training evil little script-kiddies, or maybe al-Qaida?

That whole line of thinking leads straight back to the problem of definition: “hacker” means something very different to the public than it does to the hacking community itself. Yes, we were in fact trying to bring young people into the hacking community, but no, we were not leading anyone to a life of crime. Far from it. Examples of ominous consequences are sprinkled liberally through Hacker Highschool, and discussion of exactly how visible you are when you’re doing inquisitive things.

The Hechinger Report tackled exactly this issue in the article “Should we train more students to be hackers?” by Chris Berdik, who defines it brilliantly (see links below):

For many people, the word ‘hacker’ conjures up shadowy criminals unleashing malicious cyber attacks. Beyond the headlines, however, there’s a whole world of hacking that has nothing to do with criminality and everything to do with becoming inventive, autonomous and more secure members of a society immersed in technology. Broadly speaking, these young hackers fall into two groups — security hackers, who learn how computer networks can be attacked in order to better defend them, and hackathon hackers, who compete in all-night coding binges to invent new applications and re-engineer hardware.

Notice that there’s no major third group called “criminals.” One way or another, it’s all about the engineering, about figuring things out and making things work and keeping things running. There’s a definite mentality here, maybe similar to aspiring chessmaster mentality or violin virtuoso-in-training mentality.

Chris quotes me:

“It’s the hacker mentality,” and technology employers can’t get enough of it, says Glenn Norman, a network security consultant who teaches the subject at the University of New Mexico.

Norman also teaches security hacking to high school students at an after-school club in Albuquerque called Warehouse 508. He’s a co-developer of “Hacker High School,” a nine-lesson curriculum published by the Institute for Security and Open Methodologies (ISECOM), a nonprofit network security consultancy.

The whole reason I was into all of this was the grins I get when my students open a whole new set of digital eyes on the universe. But I could see, as my teaching career approached two decades, a long, steep decline in younger students. My security courses brought lots of mature network admins and developers, but fewer and fewer students under 30. Were high school students losing interest? Or were they, I began to suspect, being steered away? Consider:

As college hackathons proliferated, high school hackers started to filter into the competitions. Soon, they started high-school hackathons. One of the first was held in March, 2014, at Bergen County Academies High School in Hackensack, New Jersey. Jared Zoneraich, now a senior at the school, organized the all-night coding bash (hackBCA) along with other kids he’d met at college hackathons. Four hundred students showed up….

I think there’s plenty of interest, if the will can be found. I’ve worked on too many hiring committees in my consulting career seeking highly qualified and specialized people that I knew would eventually be hired on an H-1B visa. There’s a huge debate on both sides about whether there really is a STEM worker shortage, whether the US can or does generate as many tech workers as the enterprise needs, whether we really need to bring tens of thousands of tech workers from overseas when we have American workers training their own cheap replacements.

So I hooked up with, and then managed, Hacker Highschool, and promoted it locally and nationally. It was a time-sucker and I loved it. But it wasn’t sustainable for me.

Hacker High School’s founder, Pete Herzog, managing director at ISECOM, says that despite the curriculum’s popularity, it’s becoming too costly to support and update, and won’t survive much longer without corporate sponsorship.

How true.

http://hechingerreport.org/train-students-hackers/

Google cache: http://webcache.googleusercontent.com/search?q=cache:yjNudF4MBtYJ:hechingerreport.org/train-students-hackers/+&cd=1&hl=en&ct=clnk&gl=us

Perma Link: https://perma.cc/95QB-TDFQ

My Years With Hacker Highschool: In The Beginning

Glenn at work

I first started talking with Pete Herzog through LinkedIn in 2010. His pocket institute, ISECOM, had produced some really interesting material, including the Open Source Security Testing Methodology Manual (OSSTMM) and Hacker Highschool (HHS). Lots of his ideas were great, but wrapped in language that made them really difficult to understand. In my innocence I thought, “Hey, I can contribute by drastically improving the quality of the prose here.” Soon I was working on a lesson, and by 2012 Pete had asked me to take over as Project Manager of Hacker Highschool.

It was a fun, and hysterically busy, beginning. We charted out a whole series of lessons beyond the original 12 released in 2004, and enlisted what grew to become a cadre of contributors over 200 strong. There’s a trail of articles and updates by me, Pete and many others that chart that effort. It was a ton of fun, and I met a lot of great people, but it also consumed every bit of my free time for several years, and most important, didn’t make money.

Eventually we tried to improve the financial situation, but that’s a story for another post. (We weren’t successful.)

Anthony Freed, a cool open-source writer and commentator, penned the article “Hacker Highschool Revamps Lesson One on Being a Hacker” (November 29, 2012) at https://www.corero.com/blog/278-hacker-highschool-revamps-lesson-one-on-being-a-hacker.html (cache at https://webcache.googleusercontent.com/search?q=cache:ui9CjyGtt6wJ:https://www.corero.com/blog/278-hacker-highschool-revamps-lesson-one-on-being-a-hacker.html+&cd=1&hl=en&ct=clnk&gl=us, Perma link at https://perma.cc/5ZMN-SYE5 ):

Hey kids, wanna get your hack on? The developers of Hacker Highschool, a free cybersecurity awareness and education project, have just issued a newly revamped version of the organization’s first lesson plan titled Being a Hacker, and will soon be reissuing updated curricula for all 23 of the course’s tutorials.

Pete described it as “open, free”, which is not to be confused with Open Source (the 2004 version was copyrighted, and version 2 was released under a Creative Commons-attribs-no-derivs “license”):

“This open, free project is a relaunch of the lessons first published in 2004. Over 60 volunteers, led by me and managed by Glenn Norman have been working months to provide a total of 23 lessons. The first of which has been released today, ‘Lesson 1, Being a Hacker’. The final lesson is on Trolling,” Herzog said.

Ah, those optimistic early days. I wish we could have made HHS a viable ongoing enterprise, but there’s no money in “open and free.” There is, however, a viable business model for shared community education about hacking, and I’m working to develop that now (2017) at School for Hackers (S4H): https://schoolforhackers.com/. I’ll have a lot more to say about S4H in coming posts, but for now I’ll just say it’s NOT about teaching teens cyber-security awareness; it’s very much for adults.

Stay tuned.

Hacker Highschool: Foreword and Copyright Statement

Foreword From Glenn Norman, Project Manager, 2012-1016

Downloads: http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/

As I’ve described in an earlier entry, I first got in touch with Pete Herzog and ISECOM (http://isecom.org) in 2010 through LinkedIn because, as a professional editor, I thought I could make a contribution to the writing and layout of some of his products. Initially I thought about working on the OSSTMM (http://osstmm.org), but accepted Pete’s offer to work on lessons for Hacker Highschool (http://hackerhighschool.org). In 2012 Pete asked me to take on the job of unpaid volunteer Project Manager for the Hacker Highschool Version 2 Rewrite Project, which I accepted.

Over the next four years I managed over 10,000 emails, almost 100 contributors and over 200 supporters of the project. Some of the lessons went through as many as 50 drafts, all of which I managed and edited. I learned a tremendous lot about hacking, hackers and hacker culture, most of it positive. By 2016, however, financial pressures forced me to relinquish the role of Project Manager.

The Hacker Highschool materials are open and free to the public, released under a Creative Commons Non-Commercial, No Deriviatives, Attribution Required License, which is an extension of copyright not formally embodied in law. Formal, legal copyright, of course, is always owned by the creator of a work, unless the creator is paid, or signs away rights in a contract. This means that all materials contributed to Hacker Highschool remain the copyright property of the contributors.

After my departure, ISECOM chose to keep our contributions but remove the names of several people from the Contributors pages, including mine.

So to preserve record of the contributions of the many good people of the Hacker Highschool rewrite project, here are the lessons that are my work product as the volunteer Project Manager of the Hacker Highschool Version 2 Rewrite Project from 2012-2016.

Parts of these lessons are Copyright © 2016 Glenn Norman, including editing, arrangement, verifying and integrating contributed materials, and original text. All rights are reserved, though these documents may be freely distributed provided this statement remains intact.

All other materials remain the copyrighted property of their respective contributors, beyond their use and acknowledgment in Hacker Highschool Version 2.