Tech Learning Collective
Tech Learning Collective is an apprenticeship-based technology school for radical organizers headquartered in New York City that provides a security-first IT infrastructure curriculum to otherwise underserved communities and organizations advancing social justice causes. They train politically self-motivated individuals in the arts of hypermedia, information technology, and radical political practice. Founded and operated exclusively by radical queer and femme technologists, they offer unparalleled free, by-donation, and low-cost computer classes on topics ranging from fundamental computer literacy to the same offensive computer hacking techniques used by national intelligence agencies and military powers (cyber armies).
Launch Your Own Website Phishing Attacks
The most common way attackers steal passwords, install malware on a victim's computer, or get employees to grant them unauthorized access to critical business systems is through so-called phishing attacks. A phishing attack is surprisingly low-tech, which is part of what makes it so devastatingly effective. Learning to spot these attacks is one of the most important things you can do to protect yourself online, since a hacker's tricks, called "lures," can appear anywhere from an email, to a Facebook message, to a real website that looks exactly like one you recognize! In this attack/defense exercise workshop, you'll learn how frighteningly easy it is for these scam sites to be built from the ground up, both manually and with tools like the Social Engineer's Toolkit. You'll also learn all about the tricks they use to fool you into falling for them.
Password Superpowers: How to Crack Hashes and Stump Hackers
This workshop teaches you how to use "password recovery" tools like John the Ripper and hashcat to find out what the password of a given user account or password-protected file is. By using free software programs that automate a technique called hash cracking, you can find out exactly how strong (or not) your own passwords are. Also in this workshop, you'll learn about equally free password and secrets management apps like KeePass that help you practice good password hygiene so that you don't reuse passwords or use weak passwords that don't offer as much protection as you might have thought before you learned how easy it can be to "crack" encrypted passwords yourself. This workshop will also provide an automated lab environment for you that you can spin up on your laptop so that you can follow along with the instructor and get cracking immediately.
World Wide Wars: Introduction to Exploiting Web Applications
This workshop will introduce you to a free and professional-grade software program that is used to attack websites called the OWASP Zed Attack Proxy. In a specially prepared lab environment, you will see how real-life attack techniques like code injection are discovered and used in order to gain unauthorized, administrative access to websites and steal information like user passwords. By seeing how and why the attacks work, you will be better prepared to defend your own accounts and any websites you might be building or be responsible for protecting.