Cyber Security Workshop with Dr. Mawudor

Dr. Bright Gameli Mawudor

Last weekend we were graced with the presence of Dr. Bright Gameli Mawudor who was, until recently the Head of Information Security and Risk at Cellulant in Nairobi, Kenya. Essentially, his role was to ensure that all technological systems are secure. On the side, the cyber security and research guru is the co-founder of AfricaHackon, the first technical computer security collective, which attracts the best and brightest security professionals, in Africa. Many know Dr. Mawudor practices cyber security but few know he also practices physical security, Kung Fu, so watch out. To learn more about him, visit his website at brightzeed.com…misuse his information at your peril…he will find you and he will …hack you.

The topic of the workshop was about Cyber Security Kill-Chain which is basically how hackers find one’s personal information. Dr. Mawudor impressed the audience by demonstrating how easy it is to hack your neighbors wifi, send a victim a fake Facebook prompt/pop-up message asking for an email and password, how an ordinary app, when reverse engineered can become a hacking tool used to siphon a victims’ information in as little as a second and illustrating the dangers of Social Engineering, which is a gathering of personal information through manipulative gambits.

A few highlights of the workshop are as follows:

Google is the number one highway for hackers. The more information they can glean from the search engine, the easier it is for a target to fall victim.

The strongest passwords are not the ones filled with an amalgamation of symbols, caps and numbers, but the ones filled with spaces. In addition, he encouraged adding the two step verification and backup code when logging into a personal email account.

The more information hackers are able to accumulate from Google on an individual, the easier it is to become a statistic. The speaker mentioned a number of tools and devices that could be used to trace a target such as Theharvester, as its name implies, is used for harvesting information, Nmap, used for network scanning, Raven, a publicly available hacking tool, Mara, a mobile framework for reverse engineering, DataSploit, a data visualizer, Maltego, a reconnaissance tool, Xerosploit, used for sniffing networks and ssl stripping, BeEF, a browser exploitation framework, Shodan, a search engine for hackers who want to access internet connected devices and finally, a few of the most spoken about devices and web app of the afternoon: The Bash Bunny, Rubber Ducky, Wifi Pineapple and Google Dorks:

A hacking tool

The Bash Bunny, Rubber Ducky and Wifi Pineapple are all physical access tools. The Bash Bunny and Rubber Ducky are a memory stick look alike that calls a script which replicates and copies information contained in a windows computer in a matter of seconds. The Rubber Ducky acts and runs as a human interface device which injects keystrokes into the targets computer device. Then, the Wifi Pineapple, a wifi auditing platform, scans wifi networks in order to gather information that can be used for fraudulent purposes.

Google Dorks is a tool used to weed out advanced and specific queries. This tool helps one simply take advantage of materials already available on Google. Absolutely no hacking is involved in this process. Some examples are as follows:

Type in this query to search for materials on Google: “intitle:index of” book name author pdf

Example: “intitle:index of” How to Kill a Mockingbird Harper Lee pdf

This technique allows one to access hidden files in the backend part of a website which is normally not accessible to the public. Imagine searching for a book on the Amazon website. The frontend page shows you the books and their prices, however, behind the scenes is a mere bookshelf. Therefore, this query allows you to get free material from anywhere on the world wide web. Google dorks as a tool eliminates the limitations of access to materials that have to be paid for, by availing them for free.

Type in this query to search for materials on Google: “intitle:index of” music name mp3

Example: “intitle:index of” mozart violin concerto 3 mp3

This accesses itunes music file.

Type in this query to search for materials on Google: site:com filetype:pdf type of information

Example: website:com filetype:pdf Entrepreneurism

This formula helps to find specific topics or files in journals on a targeted website.

Type in this query to search for materials on Google: +(“index of”) +(“/ebooks”|”/book”) +(chm|pdf|zip|rar) +bookname

Example: +(“index of”) +(“/ebooks”|”/book”) +(chm|pdf|zip|rar) +Learn Python the Hard Way

A result of a query search for Harry Potter books

This technique is used to find specific topics or files in books or ebooks on a targeted website.

Finally, Dr. Mawudor answered that one question everyone was dying to ask. How do I become a hacker? Cybrary.it. It is a free and open source online platform that teaches all one needs to learn about Cyber Security.