top of page

BEFORE THE WORKSHOP

Disclaimer

​The instructor(s) are not responsible for any loss, incidental or consequential damage, or loss arising out of installation, use (unauthorized or otherwise), errors, mistakes, accident, theft or fraud, destruction, or any part of the provision of services.

 

If you have questions, consult a lawyer.

1. Environment Setup (before the workshop - on your computer)

This workshop page is intended to be used in an interactive environment where the instructor is available. In case you have questions, feel free to contact the instructor.

To perform the activities in this workshop, you will need to:

  1. Make sure you have at least 25GB disk space on your computer

  2. Install VirtualBox (download)

  3. Follow the directions here to download and import the Kali-Attacker-2020 VM (.ova) into your VirtualBox 

Before you proceed to the next section, make sure the following checklist is complete:

❏ VirtualBox Installed

❏ Kali-Attacker-2020 is imported and you can login (root/toor)

❏ You took a "snapshot" of the VM

2. Connect to LUXOR-VPN

Before performing this step, you should have your VPN credentials (username and password) which you will use to connect to a VPN called "LUXOR-VPN". If you don't have those credentials, email the instructor with the subject "LUXOR-VPN Credentials" and include (a) your full name and (b) your .edu email address in the body of the email. If you have those credentials, keep them handy and follow the directions here to setup your Kali-Attacker-2020 VM with your VPN credentials.

 

Before you proceed to the next section, make sure the following checklist is complete:

❏ You can connect to LUXOR-VPN

❏ You have a 12.12.5.* address when you run the ifconfig tap0 command

Connect to VPN
Test VPN Access

3. Test your VPN access

While you are connected to LUXOR-VPN open a terminal and run the following ping command: 

ping 13.13.13.1

 

You should see a response that looks like this:  (press CTRL+C to stop pinging)

Test-VPN.png

Note: If you are not connected to LUXOR-VPN you will receive a "Destination Host Unreachable" message.

4. Register on the https://wifi.ahmed.ai site

We will use the https://wifi.ahmed.ai site during the workshop to validate the WiFi access point passwords you were able to crack. Go ahead and click the "Register" icon as shown in the screenshot above. Enter a username of your choice, the school email you registered with to this workshop, and a password you don't care about. Yes, you read that right. This site is insecure, so please don't use a password you use for important accounts.

Note: Make sure you type https (not http), otherwise the site will be unreachable.

Register on wifictf
wifi ahmed ai.png

Note: You don't need to do anything else on https://wifi.ahmed.ai at the moment. Don't try any of the challenges on the site, they have a limit on the number of times you can enter a flag.

5. Register of an account on www.ahmed.ai

The workshop step-by-step instructions and material will be available on https://www.ahmed.ai . Thus, go ahead and sign up for an account using your institutional (.edu) email. Watch the YouTube video below on how to create your account (as soon as possible).

Register on ahmed.ai

Once you sign up, I will receive a notification to approve your account. Once your account is approved, you will receive a notification and you will be able to login and access the workshop resources

6. Acceptable Use Policy

Kindly note the following “Acceptable Use” policy:

   - The resources made available during the workshop should be used for the authorized activities only.

   - Attacking resources outside the scope of the workshop devices is prohibited.

   - Protect your user credentials (username and password). You should not share login credentials with anyone else.

   - You dedicated resources must be used by you only.

   - Access only information that is your own, that is publicly available, or to which you have been given authorized access.

   - You must NOT use another person's system, username, password, files, or data.

   - You must NOT bypass authentication/authorization mechanisms (such as passwords) or access control information.

Acceptable Use Policy
Finish

7. Let me know you finished setup

Please let me know when you are done with this setup process. If everything went smooth, let me know you are good to go. If you are having difficulties, let me know which step you are having difficulty with and include a brief description of what is going wrong.

8. (OPTIONAL) Advance to the next level

If you have time and would like to make yourself comfortable with getting started, you can advance to the next level here.

Advance
bottom of page