Overthrowing Evil Corp.
“People always make the best exploits. I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads.”
-Elliot (Mr. Robot)
As appropriate as it is harrowing, this quote allegorizes MIST’s Penetration Testing workshop held on 19th and 20th January, 2017. The aim of workshop was to provide a simplified understanding of information gathering, system hacking, and everything in between.
The first day of the workshop saw the venue, NLH-201, chock-full of 80 people install all the required system tools while being introduced to procedures of exploiting vulnerabilities. It also encompassed the viability of Penetration Testing as a job option. This would include evaluating the security of an IT infrastructure by safely trying to identify vulnerabilities that may exist in operating systems, application flaws, or user behavior. Concepts like N-maps, IP address variations, and social engineering were also touched upon.
Day 2 saw the participation reduced to half of day 1, yet the curiosity and enthusiasm in the room across both days remained nearly unaffected. Having established common ground for everyone in the audience, it was now time to put on a figurative white hat, and begin hacking. After a relatively slow start discussing firewall evasion, and network scans, step-wise instructions were provided as well as elaborated upon when necessary during the demonstration of exploitation of the Windows XP OS. The ability to remotely manipulate files after gaining access obviously didn’t fail to impress.
A shared opinion across various audience members was echoed by Kartik Shah, a first year enthusiast: “It started off a little boring, but once we got to the hacking part, it was really interesting. The workshop itself was very beginner friendly.”
Rishabh Shrivastava, a member of MIST’s Managing Committee, and an organizer of the workshop explained that although it is trial and error based, Penetration Testing had a plethora of real world applications. Coupling that with the fascinating thrill of actually hacking a computer like you would see on a show, made it the obvious choice for their first event of the semester.