During my internship at Radically Open Security, i had the opportunity to help with the building of a CTF made for the CyberHeroes week of Cyberworkplace.
I found Cyberworkplace’s initiative so great that i asked if i could volunteer for the CyberHeroes week. They did not only accepted that i volunteered, but also invited me to come as a participant.
What is Cyberworkplace?
Cyberworkplace is a dutch initiative based in Rotterdam. It « is a non-profit initiative that helps reduce the current shortage of cyber security experts in the labor market and provides much-needed 21st-century skills to vulnerable young people (dropouts/ gamers/students, who lack practical experience in their study programs).
The training/lessons given at Cyberworkplace are inspired by modern teaching methods such as peer-to-peer techniques and project-based learning. » (source: https://cyberworkplace.tech/wat-is/)
What is CyberHeroes ?
« CyberHeroes is a one-week training program that brings together twenty talented youngsters from The Netherlands and New Mexico, USA. Together they will be trained in ethical hacking skills to address current security threats. Over the course of one week they will take on hacker battles, work on CSI-type cyber challenges with local police, study the history of cryptography, learn to fight cyber crime alongside international hackers, and much more. » (source: Cyberheroes booklet)
Day 1: Cryptography and Lockpicking
Philip Zimmerman made a great talk about cryptography and data protection.
He exposed the evolution of the Internet and the impact it had on privacy.
Oscar Koeroo started his workshop by a talk about his work at KPN and how they handled security.
On 2012 KPN got hacked, this year they decided to set up a Security Operation Center to handle better such incidents.
KPN CISO Strategy and policy is made available for everyone here
After this introduction, he started explaining cryptography concepts.
He then detailed RSA encryption.
Finally we practiced RSA encryption and encrypted with our own messages and numbers.
He mentioned a very good tool to help us for the assignments:
We ended the day with lockpicking, now i really want to buy my own lockpicking set! 😀 It reminded me of the video game called Skyrim, except it is much easier with a joystick^^
Day 2: CTF with Radically Open Security
In the morning, Daan Spitz was introduced and the CTF started.
Daan works for Radically Open Security who sponsored the event and gave a CTF that he made.
In the afternoon, Melanie Rieback CEO of Radically Open Security was introduced she presented ROS and gave a great demo talk about cracking passwords.
We cracked the password « TreeHouse1234 » in less than 33 seconds!
Demo and slides can be found on ROS’s github.
Day 3: On a boat with the dutch Police
On day 3, we spent all day at the Seaport Police of Rotterdam.
We had the opportunity to meet Dirk-Jan Grootenboer, Peter Duin and other great police officers. They presented the Seaport Police and their work.
The Cyber Resilience unit has different goals:
- Awareness of cyber threats and risks by citizens, corporations and other organisations
- Know how to act: reactive, preventive, pro-active
- Work together to share knowledge and new opportunities offered by technology
- Resulting in continuous growth of cyber resiliency
- From cyber security to cyber resilience
- From reactive to pro active thinking and acting
- Catching the advantages of cyber with an open eye for the risks
(source: Police officers talk)
Then, we had a CSI like challenge and a Police Patrol Boat Adventure. We were able to work on our social engineering skills and see the huge port of Rotterdam (largest in Europe).
On the afternoon, Floor Jansen and Marinus Boekelo joined us to present the Hack_Right initiative and explain the amazing take over of Hansa Market a dark web marketplace.
Hack Right is an initiative to help young hackers who commited a small crime, to get back in the right path and use their skills for ethical hacking.
It consists of 4 modules
- Restorative justice: if you commit a crime you break your connection with the victim to repair this boundary you have to do something for the community. In this module, cyber criminals are confronted with the damage and possibly even with the victims.
- Training: ethical and legal boundaries
- Coaching: personal connection between coach and offender. This involves providing longer guidance to the offender, linking them to someone from the community.
- Alternative: indicates the opportunities on the labour market and teaches young people where to develop their talents
(source: Floor Jansen’s talk and Mediawijzer’s article)
Day 4: Cybersprint at The Hague Security Delta and US Ambassador residence
In the morning, we worked on « Make it Smart » Maarten van Duivenbode introduced us to smart objects and how to use them. We were able to program lights and their colors.
In the afternoon, we visited Cybersprint at The Hague Security Delta.
Cynthia Schouten made an introductive talk and gave us a tour of the campus. We visited: Hogeschool Leiden’s IOT lab, we were introduced to a mixed reality tool that aims to train student in forensics with simulated crime scenes
Then, we visited Splendo that introduced us their smart bikelock project for X-bike.
After the tour, Peter van Eijk who works at the municipality of the Hague presented the Hack Den Haag CTF. A CTF to help the city of the Hague to be more secure.
Finally, Soufian El Yadmani made an amazing talk about his adventure to cybersecurity. He explained that he was hired as a cybersecurity analyst at Cybersprint by winning a CTF. His team and him travel to many CTF competitions.
His secret to be a good ethical hacker? Practice, practice, practice!
After our visit to The Hague Security Delta Campus we went to the US Ambassador’s residence for a reception for the Cyberheroes program. There, Peter Hoekstra the Ambassador of the US, Anouk Vos from Cyberworkplace and Charles Ashley III from Cultivating Coders talked.
The Ambassador, is now a proud hacker in a beautiful Cyberworkplace hoodie and the owner of a CyberHeroes medal!
Day 5 and 6: Trip to Leeuwarden, no escape possible 😀
On the last two days of CyberHeroes, we were invited to Leeuwarden for a CTF at the amazing Hacklab.
Leeuwarden is a beautiful historical city in the north of Netherlands that has been European Capital of 2018.
The CTF gave us the opportunity to learn a lot.
After all this hacking we did we had to go to jail… joking we just spent the night in a former prison: Alibi Hostel
But before going to sleep, we took part in a great escape game made by Henk Van Ee founder of Cybersafety4u in which we had to unlock a hacker’s phone.
To conclude this awesome week, we all got a certificate and a CyberHeroes medal.
Needless to way i was very proud to participate and help for this great adventure.
I would like to take the time to thank Radically Open Security (Melanie and Anh) without whom i would not have heard about Cyberworkplace.
Thanks also to Anouk, Nasya and Maria from Cyberworkplace that welcomed me for this week.
They all made an amazing work and i would definetely recommend everyone who has the opportunity to take part in a week like this.
Volunteer or help Cyberworkplace any way you can, they do such an amazing work for students and cybersecurity lovers.
To go further:
- CyberHeroes booklet
- CyberHeroes flickr
- Cyberworkplace’s website
- Cultivating Coders
- Radically Open Security
- Radically Open Security on github
- Operation Bayonet: Inside the Sting That Hijacked an Entire Dark Web Drug, Wired
- Article in dutch about Hack Right initiative, Mediawijzer
- The Hague Security Delta