· By Codomo Singapore
5 Cybersecurity Projects For Beginners
It's been a somewhat peculiar past few months. As we witness, the global pandemic unfolding before our eyes, most of us sit at home with more time in our hands than usual. During this crisis, many of our responsibilities have been curtailed or exist on a much smaller scope so free time has inadvertently increased, leaving people with plenty of opportunities to pick up new skills, learn and take part in more activities and spend their time productively.
But free time is not the only thing that has seen an increase due to this global crisis. Studies by the International Association of IT Asset Managers (IATAM) has found that at-home work due to the COVID-19 pandemic is leading to a spike in cyber attacks. The recent compromise of half a million Zoom accounts, of which you may have heard of, is only one of the many examples of data breaches carried out recently.
If you are someone who has recently started learning about cybersecurity and would like to put your newly acquired knowledge to test, you have come to the right place.
In this article, I will attempt to point you towards some exciting projects and cybersecurity games. What better time to embark on these cool projects than now, when there’s both the time to do it and is the need of the hour.
Before diving deep, if you would like to access some of our free resources on computer networking and programming, or even cybersecurity games, click here.
Caesar Cipher
The Caesar Cipher is one of the simplest and most widely known encryption techniques. The encryption step performed by a Caesar cipher is often incorporated as part of more complex schemes, such as the Vigenère cipher, and still has modern applications in the ROT13 system (you can Google these later!). The method involves shifting each letter in the alphabet to either the left or right by a certain number and writing the message using the new alphabet arrangement.
The shift number can be varied so decrypting a Caesar cipher without knowing the ‘shift’ can be tedious to do manually. You would have to go through 26 (the number of possible shifts) possibilities and that's definitely not something I would fancy doing.
Luckily the process is fairly straightforward and so you can make a program do the repetitive stuff for you.
- That’s why a cool project for you could be to write a program that does both encryption and decryption of codes using the Caesar Cipher. There are plenty of guides online for building a Caesar Decrypter.
- If you are looking for a tougher challenge, you can click on the link here and check out ‘The Ultimate Potato Cracker Challenge’. This is a series of 8 challenges where you have to figure out the encryption method and crack the password. You can try the different common encryption techniques and crack the password.
If things get too difficult something that could boost your confidence, is chanting,
“M Pszi Gcfiv Wigyvmxc”
Keylogger
Keylogging is, as the name suggests, the action of recording the keys entered on the keyboard on a computer. Keyloggers can be used for both legitimate and malicious purposes. There are a bunch of keylogger software apps that are available for download online mainly for activity tracking. The most common uses are for parental control over their children’s device usage and for tracking of employees’ non-work related activities on their work devices.
However, when used as a form of malware, a keylogger can pose a serious threat to the user of the device that has a keylogger surreptitiously installed on it. It can be used to intercept passwords, login details, credit card details, and other sensitive data entered via the keyboard. The following project ideas could be ideal as it provides an opportunity to learn about the different methods a hacker can break into your system and gain sensitive information. Understanding how the malware work can be instrumental in staying safe from it.
- Your project can be to build a simple keylogger, using python to understand how exactly it works so that you can get a better idea of how logged data is transmitted to your hacker. Click here for a clear and comprehensive guide.
Here is an example of a very simplified keylogger:
- You can even do research and conduct an analysis of how a keylogger can be detected and what are the steps that can be taken to remove one from your personal device. Some useful links could help you get started: how to detect a keylogger - article, video
- Lastly, to challenge yourself, you could even find out how to make a keylogger that works on a virtual keyboard (one which does not require key inputs from the user). Check out this link for some cool information on this.
Hash Function
Hashing is like encryption; you take some normal text and transform it into gibberish. Except, in the case of hashing it is a one way transformation. There are many different algorithms that are used to convert a bunch of plain, normal words into these hash values.
Seeing how they are quite difficult to crack, they are used by many companies to store information (like passwords) in databases. Even if a hacker manages to gain access to this warehouse of information, nothing will make any sense as it is all gibberish. This is why hashing is such an integral and commonly used method in cybersecurity.
To have a more thorough read on this check out this article.
- Your project could be to look up the different hash functions out there, understand how they work and write your own hash encoder on Python
However, hashing is not a foolproof method; it is still and has been for a long time, vulnerable to brute force attacks. These attacks are attempts by malicious hackers to crack passwords and gain access to people’s accounts by using nothing but time and computing power.
- In fact, you could try this yourself. [insert link] It is the same article like the one linked above and it shows how you can create your own brute force password cracker.
Since it is common and not that difficult for hackers to use brute force hacking methods, people have devised clever methods to keep sensitive data secure. For example, Dropbox uses a 4-layered encryption method that will ensure that the resources and time required to brute force through these layers will make the acquisition of actual data meaningless.
- Therefore, another project you could embark on is researching these multi-layered encryption systems and learning how they make the data more secure. A few examples for you to start with are ‘salting’ and ‘bcrypt’.
Watch this great video summary for a quick understanding of this issue
SQL Injection
Structured Query Language (SQL) is the language that is used to communicate with databases. You can use SQL to retrieve, add, update or delete information from the database.
SQL Injections are malicious attacks by hackers that exploit certain vulnerabilities of a website’s database. These attacks generally allow an attacker to view data that they are not normally able to retrieve. Many high-profile data breaches in recent years have been the result of SQL injection attacks. Some examples include:
- Back in 2017, a hacker breached more than 60 universities and government agencies using SQL Injection. High profile universities like Virginia Tech, Cornell University, the Rochester Institute of Technology, and Purdue University were breached.
- An SQL Injection attack on Yahoo back in 2012 caused the compromise of 450,000 Yahoo users’ passwords.
There are many SQL injection vulnerabilities that open up possibilities for hackers to launch attacks.
- A cool project for you could be to find out the common vulnerabilities and how they allow hackers to accomplish their malicious goals. If you have not already, you could also take this as an opportunity to introduce yourself to the query language syntax and learn more about queries and databases.
- If you want to take the project further you can run SQL injection vulnerability assessments on websites. Of course, you would need to get permission from the website owner first. Alternatively, you can make your own fun website to test on.
- Lastly, you can find out the different methods to prevent an SQL injection attack and possibly implement them on the website of your own to test the method.
Packet Sniffer
A packet in computer networking is a small chunk of data (literally a packet). Each packet includes a source and destination as well as the content (or data) being transferred.
What a packet sniffer does is to gather, collect, and log the packets that pass through a computer network.
Network administrators often use the collected data to monitor bandwidth and traffic. However, ill-intentioned packet sniffers can capture unencrypted packets that carry sensitive data like passwords.
- Your project could be to build your own packet sniffer on Python and use it to intercept packets traveling on your own home computer network. Check out this example for a guide.
-
You could use a Virtual Machine software to emulate two separate computer systems.
More information on this can be found here
- A fun analysis of the data could be carried out to monitor consumption trends on a network. It would be a good idea to research the legal limits of packet sniffing to get a general idea of where you should draw a line.
Conclusion
For almost all of these projects, there are plenty of online resources and guides you can refer to. You can even take a look at some fun cybersecurity games to test your concepts! There are a few modules and packages you would need to install for the python projects so do not hesitate to do so. For a guide on how to download python packages, you can click here.
You can also try playing a cybersecurity board game, Enter The Spudnet. This tabletop game is inspired by how the internet works and it gives you an understanding of computer networking, as well as the cyber threats we encounter online.
The most important thing for these projects is to have an open and adventurous mindset. Be willing and eager to try new things even if they may seem beyond your current knowledge level. The importance of knowing how to stay safe online is more vital than ever in the current context. It would be best to use this special time to get a firm hold on cybersecurity and computer networking concepts and put them to practical use. If you are looking for more interesting reads on these topics click here.
So what are you waiting for? Get ready to set sail on this spudtastic journey and be sure to watch out for the pirates (like bugs and other hindrances).