Pwn College Web Security Curriculum: A Comprehensive Overview

Pwn.college offers a first-stage educational platform designed to provide students and interested individuals with hands-on experience in core cybersecurity concepts. Emphasizing "practice makes perfect," pwn.college operates on an open-source philosophy, encouraging early and frequent releases. Although currently in BETA, the platform strives to become a polished educational resource.

Introduction to Pwn College

Pwn.college aims to bridge the gap for newcomers (white belts) who possess zero security knowledge, guiding them towards becoming yellow belts capable of reasoning about simple security challenges and participating in CTF competitions. While the material is designed for beginners, it delves into complex concepts, including the inner workings of operating system kernels.

Created by Zardus (Yan Shoshitaishvili) and kanak (Connor Nelson) for the CSE 466 course at Arizona State University, pwn.college is structured as a set of modules covering various topics. Each module includes lectures (with slides available and videos forthcoming) and practice problems auto-generated for each user. Challenges are available in both teaching and testing formats, offering varying levels of guidance. These challenges are run directly on pwn.college, with practice mode providing root access and a fake flag, while real mode requires exploitation to read the flag.

In addition to directed modules, pwn.college features a wiki-like collection of hacking concepts. The infrastructure and web-facing content are open source, encouraging contributions through pull requests and issues. However, the modules themselves are closed-source due to the inclusion of source code and solution scripts.

Core Cybersecurity Concepts and Challenges

The pwn.college curriculum covers a range of cybersecurity topics, including web security, cryptography, and network protocols. The platform offers numerous lab exercises and challenges designed to reinforce these concepts.

Web Security

The Build it Break it Fix it (BIBIFI) security contest, aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. Pwn.college offers courses like "Web Security" and "Intercepting Communication".

Other platforms and resources for web security learning include:

Hack This Site: A free training ground for users to test and expand their hacking skills through various challenges, articles, and resources.
OWASP Hackademic Challenges: Realistic scenarios with known vulnerabilities in a safe, controllable environment, ideal for classroom use.
OWASP Juice Shop: A modern and sophisticated insecure web application with a vast number of hacking challenges of varying difficulty, suitable for security trainings, CTFs, and security tool testing.
WebGoat: A deliberately insecure web application maintained by OWASP designed to teach web application security lessons through exploitation of real vulnerabilities.

Cryptography

The "Cryptography" course on pwn.college has been significantly updated. It covers essential topics such as AES, TLS, and key exchange. The platform includes challenges such as "AES-CBC-POA-Encrypt" which involves encrypting arbitrary data using a decryption algorithm that exploits the stderr output sent by a remote black box.

Key cryptographic challenges and concepts explored within the pwn.college curriculum include:

XOR Operations: Understanding how XOR works and its applications in encryption.
One-Time Pad and Many-Time Pad: Exploiting vulnerabilities when a one-time pad is reused.
AES-ECB-CPA: Cracking the AES cipher using chosen-plaintext attacks in ECB mode.
AES-CBC Tampering & Resizing: Manipulating ciphertext and IVs in CBC mode to alter the decrypted plaintext.
AES-CBC-POA (Padding Oracle Attack): Exploiting padding vulnerabilities in CBC mode to decrypt ciphertext.
DHKE (Diffie-Hellman Key Exchange): Understanding and implementing Diffie-Hellman key exchange.
RSA: Implementing and breaking RSA encryption.
RSA Signatures: Exploiting weaknesses in RSA signature schemes.
SHA1 and SHA2: Brute-forcing desired values using SHA1 and SHA2 hash functions.
TLS: Implementing simplified versions of the TLS handshake.

Networking and Internet Protocols

Seattle provides students with a Python-based language and a tool-rich environment that simplifies distributed deployment and monitoring of programs running across Internet hosts. Seattle can help instructors augment lectures with real-world, hands-on assignments across thousands of computers.

Read also: Phoenix Suns' New Center

Understanding Internet protocols and network security is crucial for cybersecurity professionals. The curriculum includes challenges related to TLS and network communication.

Hands-on Learning and Practical Skills

Pwn.college emphasizes hands-on learning through practice problems and challenges. These exercises allow students to develop practical skills in cybersecurity, networking, operating system administration, and coding.

Labtainers

Labtainers provide controlled and consistent execution environments in which students perform labs entirely within the confines of their computer, regardless of the Linux distribution and packages installed on the student's computer or VM. The only requirement is that the Linux system supports Docker. Labtainers includes over forty-five lab exercises. The framework is free and open, making it easy for educators to create and share their own Labtainer exercises.

DETERLab

DETERLab offers excellent support for teaching. Students benefit from using DETERLab, too. They develop practical skills in cybersecurity, networking, operating system administration, and coding.

EDURange

EDURange provides rapid feedback to students and faculty, aiding in the assessment of student learning. EDURange focuses on creating scenarios that support and nurture the development of analysis skills rather than memorized scripts, recipes, or standard command line and GUI settings for a particular tool.

Read also: About Grossmont Community College

Curriculum Framework and Learning Objectives

The curriculum framework used by pwn.college is designed to provide a structured and coherent learning experience. This framework sets the parameters, directions, and standards for curriculum policy and practice.

The framework used for Introduction to Cybersecurity was modeled after the AP Computer Science Principles curriculum framework, which in turn was based on the Understanding by Design® (Wiggins and McTighe) model. It was designed by educators from high school and higher education, who collectively have vast experience teaching computer science and cybersecurity.

Big Ideas and Essential Questions

The big ideas are broad, encompassing areas of importance to cybersecurity. That is, they are so important that all aspects of cybersecurity are affected by them. When writing a curriculum that maps to the framework, the scope of these ideas will be intertwined in lessons throughout the entire curriculum. The big ideas, in conjunction with a cybersecurity mindset, should drive how we teach so that students have enduring knowledge of at course completion. Underlying the big ideas are a set of essential questions. This summative knowledge base is listed under each big idea as an enduring understanding statement(s).

Enduring Understandings and Learning Objectives

Enduring understandings are statements summarizing important ideas and core processes that are central to cybersecurity and have lasting value beyond the classroom. Enduring understandings synthesize what students should understand as a result of knowing about and doing cybersecurity. Enduring Understandings are lasting and nearly unchanging. Course assessments should directly address these understandings.

Learning objectives (LO) lie beneath enduring understanding statements within the framework and each enduring understanding has least one learning objective. Learning objectives work in tandem with the cybersecurity mindset by requiring students to complete tasks that will prepare students to successfully understand the defense of a system. Completed LOs give students the working knowledge needed in order to create a lasting knowledge (enduring understanding) of cybersecurity. Essential knowledge (EK) statements provide clarity on the learning objectives by offering specific statements of fact that students should know at the end of the course.

The Cybersecurity Landscape and Career Paths

The cybersecurity landscape is constantly evolving, with new threats and vulnerabilities emerging regularly. The NICE Framework establishes a taxonomy and common lexicon that describes cybersecurity work and workers irrespective of where or for whom the work is performed.

Career Opportunities

There are many career paths available for individuals with cybersecurity skills, ranging from security operations center (SOC) analysts to application security consultants and CISOs.

SOC Analyst: Working shifts (usually remotely) for a 24/7 enterprise tier threat response contractor, analyzing system logs and network traffic to spot problems.
Application Security Consultant: Conducting security assessments, source code reviews, and dependency analysis for clients.
CISO (Chief Information Security Officer): Leading an organization's cybersecurity efforts and overseeing security policies and procedures.

Bug Bounties and Exploit Development

Selling exploits for a lot of money. Many of these seem to be located in the Emirates now like ZeroZenX. The way this works is they pay you over time not all at once that way there's an incentive for you to not turn around and resell to a competitor. Instead of freelancing for bounties the researchers working for dfsec receive a bonus for any major bug found on top of whatever large salary they're already being paid.

Bug bounty programs offer financial rewards for researchers who find and report vulnerabilities in software and systems. Exploit development involves creating code that leverages these vulnerabilities to gain unauthorized access or cause harm.

The Role of Open Source

Poul-Henning Kamp is involved in the FreeBSD project and here he imagines what would he do if he were tasked to 'control' or sabotage open source. It reminds me of back in the day when many people writing 'security Android ROMs' all disappeared and abandoned their projects and he imagines in the talk how legit developers are purposely bribed to do so being put on some nice salary at a 'friends of NSA' company.

Open-source software plays a crucial role in cybersecurity, providing transparency and allowing for community-driven security audits and improvements.

The Importance of Continuous Learning

Egor Homakov a security researcher once wrote this post (now deleted) Why it sucks to be a Security Researcher. He is completely blackpilled and tells us how nobody cares or wants to fix the problems. If you raise the alarm you are threatened or dismissed because everyone just wants to keep the status quo and make it somebody else's problem later. He wrote multiple warnings to the Rails git repository and they hand-waved the problem away as 'impractical' and 'would never happen' so he started his security career by hacking the repository.

Given the ever-changing nature of the cybersecurity landscape, continuous learning is essential for staying ahead of emerging threats and maintaining relevant skills.

tags: #pwn #college #web #security #curriculum