AtariJaguar

Starflight 1 and 2 haha...

Someone posted this in another thread, and thought I'd post it here too... looks like an awesome option also. http://overthewire.org/wargames/bandit/bandit0.html

Oh wow... that's a great find PoSH... http://overthewire.org/wargames/bandit/bandit0.html This is something even my 9 year old can do too... thanks!

Thanks, gotta remember though that she's 9. W3SCHOOLs is really for someone who's much older... maybe a teenager, that has the patience and attention span. That's why I was hoping maybe there's something we can subscribe to. If I find something, I'll post it back here. Bigbiz! Are you talking about this? https://girlswhocode.com Just checking it out now... that looks pretty awesome!

Thanks Davee! I appreciate the comments. I started off as a programmer, but got into Cyber Security from a defensive standpoint. As a programmer, I got head-on into writing programs to pull back Windows forensics artifacts, without any concept on whether they would be useful or not. I'm not sure if this is right, but having done this for almost a decade now, I'm thinking the best way to learn defense, is to learn offense first. I didn't always agree with that. But it seems to make sense. In defending a network, you are looking for the adversary. But how can you defend against an adversary if you don't know what an adversary does? In being an adversary first, you know the process. I mean, I could flip this, but I still think you learn "what to look for" from a defensive standpoint, having done it offensively. Me personally, I find defense to be far more exciting and entertaining than offense.... that's just me. I will Blue Team all day long rather than Red Team. But I'm in the minority there, as everyone else would rather Red Team. Since it's fun for people, it's easier to learn... and like you said, learning the fundamentals is easier when you're having fun. I thought I might start her off with some basic wireless stuff... understand the purpose of encryption. I think you're right about web development too... she's actually mentioned that. Do you know of any kid-friendly web development sites? Is there like a "GeoCities" for kids or something? Quick question... and I think I may have asked this a few years ago. Is there anywhere that I can maybe get a list of what's legal and what's not in terms of hacking/pentesting? I'd say "common sense," but it seems there's a lot of grey area. It also seems to change day by day? I'd like if there were some laws/guidelines that were laid out simply on "does and don'ts?" Yeah, she'll respect others property. She's the only kid her age I know that carefully opens the door to the car so she doesn't ding the car next to her when she gets out. Thanks for your response!!!

Long story short... you have to get certs. I'm sorry, it sucks. Long version: I started my career as a computer programmer back in late 1997 with my first professional job. That was during the time when even a fry cook could get hired at $12 an hour after reading "Learn Visual Basic in 21 Seconds." After the .COM bust, and programmers were about as useless as Real Estate Agents were after the housing crash... people got picky. Through most of the 2000s... I would generally toss resumes in the trash when I saw certs on them, because I thought they were a joke. College degrees is where it was at... and that's what we focused on. But... over the years, particularly in the past 7-8 years, certs have become very important. Whether they are actually an indication of skill, or not... most companies require you to have them as a condition of employment. Most HR people don't have a clue what any of that means, but they just know that you need them. Especially with most application systems, they do text searches and without certain key terms showing up, your resume will never even get looked at by a real human. I understand what Barry above is trying to say, but unless you are already established in your industry and have contacts, then no one really knows what you're capable of, and / or cares. Regardless, many companies now demand you get certs, even if you know more than everyone. My company required me to get any number of certs, so I was like... ok, I'll just get the CISSP so you'll shut up. But... the economy is on fire again, and none of that really matters if you're just looking to get your foot in the door. But, I'd not have let the Security+ lapse...

BLUF / TL;DR: For the 8-10 year old range, what is the best way to teach a kid about / how to hack? Any video series? Online subscription? A "kids-KALI," anything? LONG ASS STORY NO ONE WANTS TO READ: Hey guys, thought I'd put this out there. My child has the unfortunate circumstance of being an offspring of mine. I'm trying to prepare her "technically" as much as I can, in any way that I can. I got her a computer when she could barely talk. She started on Windows XP, and got her started in Gamestar Mechanic about 3 years ago at the age of 6. At 8, I got her into "Scratch," which is also an online game design program. For the past Summer, she's been using Code Monkey (which is pretty excellent for teaching programming basics), and I bought her a separate computer which she installed Ubuntu on, and she uses that for doing most internet things, and using her Windows 10 machine for things like Scratch. She's pretty sharp, and has picked up a lot. But I'm wondering how I can involve her in learning hacking concepts? I've done some things with her as time permits, but I would love to know if there's any kind of formal training program... like Code Monkey for software development? Bonus question (bonus for me), any good learning programs / routines to teach kids how to use Linux? Like with Windows 10, she can do a lot... but doesn't even know what PowerShell or DOS is... and I'd like for her to learn BASH and such in Linux too. Thanks!!!

Hi! I was at a convention last year (and just thought of this again now), and one of the presentations was on an open-source product that you could download (or even buy a piece of hardware) that allowed you to add a host to your network that gave off indicators that it was a SCADA device, or... any number of other systems. It's some kind of <insert name> Project... I can't remember what it's called. The point of the project was that people would be tempted to hack it, or at least run exploits against it. These metrics could then be used to help defend or protect the real SCADA networks (or whatever device it was) against the most common threats. Can ANYONE tell me what the name of this is? It's driving me nuts. Thanks! Second question, if I do put one of these hosts on my network (to help the project), am I not totally putting my entire network at risk?

Pheromones? Is this just something to add to your food to make it taste better, or is it supposed to make girls more attracted to you? Hahah... Sometimes, the pheromones hit hard, and I'm like, damn... I really want to hit that, and sometimes I can tell the other person is feeling that too because maybe I'm accidentally giving signals, but I keep repeating in my head, your married, your married, just ignore it... change the subject! Human chemistry is strange...

Thanks guys, I appreciate it. I'm in the US. I just want to make sure that I (and my friend) stay legitimate. It's not that I'm concerned with people finding out, it's just that I don't actually want to skirt the law. The only thing is... looking at stuff on my own network is basically totally lame. It's so much more educational when I'm able to look at stuff from an outside perspective. There seems to be a lot of grey area, I guess that's why the Hak5 people say... "Hack responsibly." Sort of a YMMV...

Oh that's so awesome. Damn, I only have 2 more posts I can make, but this was worth it.

1 - Is it LEGAL to set your wifi receiver to monitor mode, and collect packets in the open air? I've heard that this is legal SO LONG as you don't attempt to decrypt (or crack) any traffic that is encrypted. Can you guys confirm? There seems to be a court ruling in 2012 that confirms this, but I don't really see anything after that, so is that the final word, essentially? 2 - Is it legal to (when staying at a hotel) packet sniff the hotel wifi, or wired network? Technically, most hotels have "open" WiFi, but it requires registration before you'll be given a DNS connection that will allow you to access the internet. 3 - Adding on to #2, can you connect to one of these networks that are technically "open" at the association point, and once on, run discovery tools like NET DISCOVER (ARP responses), and run NMAP? I mean, as long as I'm not altering anything, or attempting to change anything, is there anything wrong with this? 4 - I totally understand that using a Pineapple in pretty much any perspective, other than within your own home is totally illegal; however, is there any way to use it in the wild, but make it legal? Like... is there a way that perhaps you can use it, but have it not connect back to the internet (provide no connection back out obviously) and have a relay page that says... "NOT A VALID NETWORK, PLEASE DISCONNECT?" 5 - Is it legal to send "De-authorization" packets to devices that are connected to a private wireless network, and then sniff their reconnection traffic? EVEN IF... I have no intention of using that data or attempting to connect to the AP for which I sent those de-auth packets? 6 - Finally, totally hypothetical question here... let's say I had a friend (haha) that accidentally ran a tool that attempts to brute-force an AP using the 4-digit pin attack on the WPS feature... ok, let's say this friend accidentally did it to some random neighbor's Wifi AP, but didn't realize it until a few minutes later that he wasn't actually doing it to the one that he had set up purposely for the point of doing this. And, let's say that it only ran for a few minutes and never got through anyway? What laws were broken, if any? Thanks guys, I appreciate it.