Skip to main content

Work Experience

·456 words·3 mins
Cyber Security
Josh
Author
Josh
I’m a Year 12 student studying Data Science and Web Dev, looking into a future in Cyber Security

Overview #

On the last week of school last semester I went to a cyber security work experience with ASD. It was a week long experience where we got to complete a mock-scenario where we would go through different stages and learn different parts of the process to figure out who the perpetrator is, what they did and where they attacked from.

I am not able to talk about the specifics of the scenario as we want to keep it a surprise for future participants, but I can talk about a few key points such as tools used and some of the things I learnt in the process.

I will keep it brief here due to the inability to talk many specifics but will be able to talk about the tools used and skills learned.

Tools used #

I learnt to use many tools in the process, such as:

  • Wireshark - a packet analyser
  • Procmon - a process monitor
  • Process Hacker - a process monitor
  • Exiftool - a metadata extractor
  • CyberChef - a data manipulation tool

Which allowed us to figure out how malware was installed and what the malware did, where it was pushing data to, and any other data found in the process. After recovering more data, we were able to decode multiple layers of encryption to find the final message, where it was initially hidden and could be found through exiftool.

Skills learned #

Throughout the program, I learnt to:

  • Find a piece of malware and analyse what it does
  • Find and exploit vulnerabilities in a website to gain access to any data stored by the perpetrator
  • Decode multiple layers of encryption from the data found on the server
  • Use the data found to find the location of the perpetrator

To do this I had to learn to:

  • Use the tools listed above
  • Use the linux terminal
  • Understand how encryptions and decryptions work
  • Understand how to find vulnerabilities in a website
  • Understand how to find and analyse malware
  • Learn how to solder (There was a robotics component to the program)

NOTE #

We were also informed to not use any of the things we learnt to use any of these methods without permission (to attack), as it is illegal to do so and wouldn’t be ethical.

Conclusion & Reflection #

I was very glad to take part in the work experience as I was able to learn a lot about cyber security and how to approach a cyber security incident. I was able to develop my skills in problem solving and critical thinking, as well as learn many new skills and tools. If I had the chance I would definitely do it again, and would recommend it to anyone interested in cyber security.