As part of my continuing research into how to introduce kids and teens to infosec, I ran across this great non-profit site called Hacker Highschool run by ISECOM. You may have heard of this group before — they maintain the OSSTMM, or the Open Source Security Testing Methodology Manual.
Hacker Highschool itself offers a series of PDF lessons with content and hands-on exercises that teach the fundamentals of information security. Although ISECOM designed the course for self-study with an email list for questions and answers, instructors can use the material in a traditional classroom setting as well. And the best part of all — it’s free. Now, if you are planning to teach this class to make a profit, they do ask for a mere $150/year license. That price also gets you access to their “cloud” lab for exercises.
(Note: As part of a campaign to bring forward some of our older posts that we feel still benefit the community, we’ve added this article to our Best Of category that will periodically get tweeted out. Please mention it to me on Twitter or contact us if there are any other posts you feel we should include in this category. This post was previously categorized under Infosec Blogs/Podcasts. [email protected]grecs)
After skimming the material I can honestly say that it looks to be an excellent resource for giving kids, teens, and even some adults a basic background in the security field. Each chapter contains between 25 and 50 pages of detailed content, exercises, and other resources where students can learn more. Just to give you a feel for the content, here is the table of contents for the current curriculum. I’ve augmented it some in parentheses just to give you a better idea for the content in each chapter.
- Lesson 01 – Being a Hacker (31 pages; what hacking is and tons of other resources on where to learn more)
- Lesson 02 – Essential Commands (25 pages; all the basic command line operators for Windows [even the famous TracerT 😉 ], Linux, and OS X)
- Lesson 03 – Ports and Protocols (25 pages; anything fundamental you can possibly think of related to networking, including topics such as the OSI model, TCP/IP, protocols, and IP addresses)
- Lesson 04 – Playing With Daemons (29 pages; further networking but at the application layer, including http, smtp, irc, ftp, telnet, ssh, dns, and dhcp)
- Lesson 05 – System Identification (32 pages; how to find out as much as possible about networked systems using tools like whois, dig, nslookup, traceroute, nmap, and netcat)
- Lesson 06 – Malware (Viruses, Trojans, etc.) (12 pages; just your standard chapter on the different types of malware and countermesures against them)
- Lesson 07 – Attack Analysis (47 pages; overview of different threats, examples of past threats, attack techniques, and mitigations such as IDSs, sniffing/Wireshark, and honeypots)
- Lesson 08 – Forensics (53 pages; basic OS overview and where to find the goods as well as tools and techniques for doing forensics on them)
- Lesson 09 – Hacking Email (36 pages; how email works followed by its vulnerabilities and how to attack and defend it using tools like PGP/GPG, dig, SEAK, and Maltego)
- Lesson 10 – Web Security and Privacy (24 pages; how the web works, its common vulnerabilities, how to attack and protect it, and tools like netcat, Nikto, and proxies)
- Lesson 11 – Passwords (13 pages; just some basic background on passwords and interesting topics like password cracking)
- Lesson 12 – Internet Legalities and Ethics (14 pages; legal implications and laws dealing with “hacking” along with double-use technologies such as ECHELON and CARNIVORE)
To check this great free resources out, head on over to their main page.
Today’s post pic is from Seguridad Informática. See ya!