This one went pretty well, especially given it was entirely online. Big thanks to
my wonderful students for making it work under pandemic conditions.
A few ideas for next time:
- Provide a video or lecture explaining ARP and routing tables before doing the PITM assignment.
- In the PITM assignment, sometimes people's initial Metasploitable ARP caches are trivial. We need
to get Metasploitable and Kali to talk to each other first to get the ARP caches populated to prevent
confusing the heck out of the students.
- When I asked people to explain how their chosen Metasploit exploit works, they (understandably)
paraphrased whatever explanations they could find online. For example, there's a Java RMI exploit
that involves some sort of issue with object deserialization, but nobody who tried that exploit
was able to state clearly how deserialization turned into malicious code execution. And in general,
for all the exploits people tried, their "how it works" explanations were so-so. So I think I need
to have a couple assignments/labs during the term where we dig more deeply into the details of a thing.
In the past, I've occasionally lectured on the exact contents of an X.509 certificate file (which gets
you into ASN.1, DER, base64, etc.), and that may be a good starter example of a "let's really figure
out all the gory details" exercise. Then later, we could do a all-the-way-to-the-bottom sort of
investigation of a Metasploit exploit and payload.
- The web security and history video assignments produced some pretty great videos. I should make
sure that people watch some of each other's videos.