Cyber Explorers Program


Santa Teresa Highschool Program

Cyber Explorers is a 7-week immersive program aimed at introducing Cyber Security discipline to high school and middle school students.The program doesn’t assume any exposure to computers and computer science. The first 3 sessions are tabletop fun games and exercises introducing concepts of Cyber Security like Cryptography, Network Security, Defense in Depth, Incident Detection, Incident Response et al.

The students will start early in the program on a team project which could be a cybersecurity-related puzzle, poster or a project. This is a deliverable which students are expected to showcase in the Cyber Explorers finale - which would be attended by parents, teachers and potentially rest of the school.

In the latter half of the program after a session on Ethics and signing of a displayable ethics pledge, we introduce hands-on exercises and threats which students will replicate in a lab environment. We start the labs with a gentle introduction to shell and operating systems and the drop into network security, log analysis and forensics.


Its a wrap! The Cyber Explorers Program Demo day was on Thursday May 23, from 5-7pm at Santa Teresa High School - Multi Purpose Room, 6150 Snell Ave, San Jose, CA 95123. Its a wrap!

Photos Program Photos (please add any photos you have): Demo Day, Escape Room, Board Games, General.

Industry Feedback: Check industry evaluations of the projects below.

Student Feedback & Opportunities: Links coming soon. We are offering two paid certifications for Comp TIA if the students complete them before July 15 with the help of test out curricula.

Next Up We are have our annual Hackathon on June 1 at Merritt College. Application details are available now! Last day to sign up is Thursday, May 3 , 2019.


Student Projects & Industry Feedback

Harry Python

Maheswari Bajji, Alexa Mesh, Simran Kaur

The board game mimics the mind of a hacker (how they hack) and lets people be more observant to prevent from being hacked in the future. The board game is a circle with different colored spaces. Each color has a different scenario and hacking techniques that players need to learn and use to solve a problem(e.g. blue = cryptography, red = steganography etc.). By doing this we hope people learn about hackers and hacking techniques and will be vary about hackers the next time they are online.

Style: Board game

Industry Feeback

  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Great job. Fun!
  • Caleb Fenton (Research Lead, SentinelOne)--With good questions, this could be a fun game. Good example question in the presentation.. You could even sell expansion pack cards and crowd source additional questions.
  • Sudarshan Srinivas (VP Marketing, Obsidian)--Harry Python is an interesting approach to gamify cybersecurity education. Cybersecurity is everyone's responsibility.

Cyber Valley

Jenny Le, Elysia Oh, Enya Do

This Cyber Security based Oregon Trail game will teach players about cyber threats, the importance of having secured systems, and difficulties new businesses face. Along the way, players will also gain valuable teamwork, leadership, management, and communication skills.

Style: Board game

Industry Feeback

  • Caleb Fenton (Research Lead, SentinelOne)--Lots of cards, seemed thoughtful, and wow, laminated -- hardcore.. I'd pay 20$ for this to play with friends.
  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Great idea and content. Funny, but in a good way
  • Sudarshan Srinivas (VP Marketing, Obsidian)--Like the creativity behind the idea. Get into game play a bit more and talk about the objectives during the presentation.. Love the humor in the cards!

Slyther-in-Code

Andrew Khadder, Ryan Hoang, John Lee, Ryan Jin Parnaso

The project is Clue-hacker edition, and it informs about cyber security and hacking. In the game of Clue, there is one murderer, one weapon, and the room where it happened. Our version of Clue will include a hacker, method of attack, and the IP address of the hacker. The game raises awareness for cyber attacks; potentially, it has a positive effect on players. The goal is to make people aware of where they are putting their personal information. Our project will provide clues to a player to help solving the mystery of who, how, and where they got hacked.

Style: Board Game

Industry Feeback

  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Good research. Good job engaging with the judges
  • Sudarshan Srinivas (VP Marketing, Obsidian)--I liked the audience engagement and presentation style. The speakers clearly explained the objectives, game play and methodology. Good job.. Interesting spin on cybersecurity awareness training.
  • Caleb Fenton (Research Lead, SentinelOne)--Studying why people get hacked is an important part of security. Lots of companies have educational campaigns for their users to make them more difficult targets.. Why do people get hacked can be answered many different ways, bro!

Desaipher

Niklesh Giragama, Mohid Fawad, and Kasey Doan

Our project is a type of encryption. It uses the ceaser cipher as its base. The problem that we are trying to solve is to send messages without getting any transmissions or interruptions from an anonymous User. The caesar cipher uses a number and shifts a letter by that number. That is how it gets encrypted. Instead of numbers, we are using words. Each letter in the word correlates to a number. Those number will be the shift for the word or phrase. This is a simple encryption that most people can understand if they get a walkthrough of it. It is a way to give people an introduction to encrypting words and phrases.

Style: Software

Industry Feeback

  • Caleb Fenton (Research Lead, SentinelOne)--Cool idea, good for learning. Roll not thine own crypto. This is kinda like using a XOR encryption. Would've been neat to see some attacks on the encryption or entropy / hardness measurements.. It's a rotating, multi-stage cesar cipher, neat.
  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Great way to address crypto for a game. Creative
  • Sudarshan Srinivas (VP Marketing, Obsidian)--You took a good technical topic -- crypto -- and did solid research on it. This rabbit hole goes deep. Research how hackers try to brute force their way past Caesar cipher.. The example helped explain how the cipher works.

Complete Lockdown

Rushil Desai, Yagnesh Veeraraghavan, Aaron M

Our project is a cyber security software that senses any trojan horses that might be downloaded onto your computer. This software allows to prevent any trojans to get onto your computer. Trojans can do a lot of damage, so this software can really help you prevent losing important information. Whenever you download a file, our software scans the file for trojan horses. If the software finds a trojan horse then it will immediately stop the download.

Style: Software

Industry Feeback

  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Good research skills. Educational
  • Caleb Fenton (Research Lead, SentinelOne)--It's hard for me to gauge how much effort was put into this, but the site looks really good, presentation was really good, and I'm genuinely curious to know how you plan to make everything work.. I hadn't heard about the Chinese attack, but I can read more on the site, which is public.
  • Sudarshan Srinivas (VP Marketing, Obsidian)--Good work researching anti-virus and endpoint protection. I'd love to see an implementation of the project.. You did a good job picking a specific topic that is very relevant today and diving into it.

CryptoCrack

Henry Chen

A set of cryptographic challenges. Ranging from easy to difficult.

Style: software

Industry Feeback

  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Good job, very creative. Challenging
  • Caleb Fenton (Research Lead, SentinelOne)--CTFs are hardcore. Making questions is pretty hard. This looks highly technical. You know it's a good demo when you're working on it furiously the whole time, including while you're supposed to be demo'ing. potatosalad is a pretty good hostname
  • Sudarshan Srinivas (VP Marketing, Obsidian)--Ambitious project, well researched, and showed depth of research. Well done!. CTFs are a great hands-on way to learn about cybersecurity.

Pineapple Team

Vikram Nandi,Sheila Nguyen

Cyberbullying is a very common thing. Rude comments are made and rumors are spread. This is a problem because it cannot be contained. The post or comment cannot be taken down by anyone but the original user unless it is reported. Our poster will educate user on the same.

Style: Poster

Industry Feeback

  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Good job. I definitely learned some new terms related to this topic.. Informative
  • Sudarshan Srinivas (VP Marketing, Obsidian)--Love the enthusiasm and the quality of research that went into the cyberbullying presentation. You can take it to the next level by getting into specific "what-if" scenarios, maybe even role playing.. Great effort behind the project! Keep up the good work.
  • Caleb Fenton (Research Lead, SentinelOne)--This is a new problem and it's a genuine problem. Kids are vulnerable and it's easy for bullies to hide behind keyboards.. I learned the word "fraping", so that's cool.

DarkNet Messaging

Govind Pimpale

Anonymous messaging service, implemented on the TOR network.

Style: Software

Industry Feeback

  • Caleb Fenton (Research Lead, SentinelOne)--Decentralization is the future. Privacy is where it's at. Pretty cool working prototype, and it's cool to stretch to support files.. "stay dank"
  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Good job. Creative
  • Sudarshan Srinivas (VP Marketing, Obsidian)--Great job researching Tor and deploying a creative anonymous messaging service. I also liked that Govind thought through areas for improvement and potential security issues.. Continue researching what you can build on Tor! Lots of opportunities.

Team Without a Name

Jenna Young, Nathan Yacovetta

Many people do not know about security threats of websites they are visiting. People also lack knowledge of what type of information and with what sites it is safe to share with. Our solution helps with this problem with a chrome extension.

Style: Software

Industry Feeback

  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Good job educating on safe browsing. Good explanation of an existing problem
  • Caleb Fenton (Research Lead, SentinelOne)--Chrome extensions are an interesting direction to try educating users and making them more secure. I like the next steps ideas. There are similar ideas to this, and configuring HTTPS, SSL/TLS, and webservers in general is complex, and many configurations can go wrong, so there's a lot to check for.. I could see something like this being useful for the computer illiterate.
  • Sudarshan Srinivas (VP Marketing, Obsidian)--The team presented a simple, effective solution to build awareness about potential data leaks that users may not be aware of. Good to see that they thought through next steps to keep the project going. Continue with the project!. Lack of user awareness is a bigger threat to security than advanced attacks today.

Securing Virtual Machines

Andrew Dang, Ganesh Pimpale

One problem in cybersecurity is lack of human resources. Not enough people are knowledgeable of Cybersecurity or interested to learn and have potential jobs. Our idea is to make an introductory CTF for beginners.

Style: Software

Industry Feeback

  • Sudarshan Srinivas (VP Marketing, Obsidian)--Andrew and Ganesh gave us a good sense for what the CyberPatriot competition feels like. Great to see the depth of knowledge at the high school level and work that went into the project.. Good work motivating the freshmen to join Cyberpatriots.
  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Looking forward to seeing your progress. Interesting program with great potential
  • Caleb Fenton (Research Lead, SentinelOne)--I see the epic games launcher, so is fortnite part of the VM? I don't know much about the bugs that are in the VM but it could be an interesting challenge. I could tell y'all had a good presentation but were just a bit rushed because of time constraints.. Cyber Patriots looks fun. I'd never heard of it until today.

Introduction to Cisco Networking Challenge

Sanjana Nandi, Katrina Bui, Gayathri Eleswarapu

This is an overview of the Cisco Networking Challenge in the CyberPatriot competition.

Style: Software

Industry Feeback

  • Sudarshan Srinivas (VP Marketing, Obsidian)--The team did a good job talking about the networking portion of the Cyberpatriots competition.. Good work getting the freshmen interested in Cyberpatriots
  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Network security is an often overlooked aspect of security. Good job. Helpful content
  • Caleb Fenton (Research Lead, SentinelOne)--Cool presentation and the course looks really technical. Low-level networking knowledge is fairly rare now-a-days but it is absolutely invaluable for certain positions and problems.. Low level networking knowledge creates a good foundation and gives you insights on how you can do certain attacks, hack protocols, etc.

MockPatriot

Marek Pinto etal

Cyberpatriot is a very fun competition. It is really hard to explain what happens in a CyberPatriot competition to others. It is really fun, but it’s hard to communicate how fun it is or to give a demo of how a competition goes. We provide virtual images with vulnerabilities ranging in difficulty.

Style: Software

Industry Feeback

  • Brian Koref (Senior Director Information Security, Sage Intacct, Inc.)--Good description of an interesting program. Informative
  • Caleb Fenton (Research Lead, SentinelOne)--Patriotism is cool. You seemed very comfortable during the presentation so I see a future for you in sales or sales engineering.

Temp Temporary

John Vo, Sean Park, Jinsung Park, Kris Iotov

We present tips and ideas to defend your identity.

Style: Software

Industry Feeback

Program details

SessionDescriptionNotes
1

Introduction to Cyber Security (Hands-on No Computers) (Cypher-1-3, Cryptography & Steganography).Real world attacks analyzed (1-3 Printed) Video Content [Attack/Movie]

  1. Written exercise
2

Introduction to Cyber Security through Board Games (Hands-on No Computers) (IR - Scenarios/ Role Play) [D0x3d, Cyber Threat Defenders, Control-Alt-Hack]

  1. We covered five board games - Security Cards, Dx03D, Cards Against Security, Stratego, and Hacker. Details below.
3

Simulating A Cyber Security Range with an Escape Room (Hands-on No Computers) Project- Puzzle/Posters/Program with a team of 3-5

Our Escape Room is Harry Potter themed

4

Ethics Personal Security (Password Manager, Do Not Track, Phishing awareness,..)

Ethics exercises

5

Introduction to Shell - with a game (ls, cat, grep, pipe, nmap, …)

  1. Session #5 Install PuTTY
  2. OverTheWire Bandit Challenge
  3. Session #5 Unix Command Challenge - Challenge Form
  4. Session #5 Optional Challenge - Challenge Directory ZIP
  5. Project Ideas
6

Cyber Threats Demonstrated On Networks (WEP Attack & Wireshark)

  1. Project Ideas Excerpt
  2. Session #6 Network Security Follow along
7

Red Teaming - Cyber Threats Demonstrated On Individuals (Rubber Ducky)

  1. Project Ideas Excerpt Review & Plan Formation
  2. Session #7 Red Teaming Follow along
  3. Announcements
    1. 5-Minute Team Presentations next week
    2. Explorers Escape room in San Francisco Public Library
8

Introduction to Physical Security

  1. Project Background Research & Preparing for Tuesday presentations Project Document
  2. TestOut Lesson 4 Physical Security Labsim
  3. Announcements
    1. 5-Minute Team Presentations Tuesday, May 7th
    2. Explorers Escape room in San Francisco Public Library
9

Team Project - Session 2 & Introduction to Forensics

  1. Project Milestone - 5 Minute Presentations Project Proposal & Plan
  2. Forensics exercise with disk data analysis - Follow along
  3. Announcements
    1. Volunteers for San Francisco Public Library Explorers Escape Room
10

Introduction to Data science for CyberSecurity

  1. Project work - Prototype Developement
  2. Data Science for CyberSecurity-
    1. Access logs, OS logs, Application logs, Service logs, syslogs
    2. Introduction to Intrusion Detection
  3. Announcements
    1. Cyber Patriots Application
    2. Volunteer for the Cyber Explorer Escape Room @ Bay Area Maker Faire
11

Team Project - Session 3 - students will work on team projects

  1. Project work Feedback & Presentation plan
  2. Announcements
    1. Invitation for Cyber Explorers Demo Day, May 23 5-7pm, Multipurpose Room Santa Teresa High School, San Jose, CA.
    2. Volunteer for the Cyber Explorer Escape Room @ Bay Area Maker Faire
12

Introduction to Career Paths in Cyber Security

  1. Conversation with Mel Masterson, AirBnB Security
  2. Project Milestone - Final presentation preparation.
  3. Announcements
    1. Invitation for Cyber Explorers Demo Day, May 23 5-7pm, Multipurpose Room Santa Teresa High School, San Jose, CA.
    2. Volunteer for the Cyber Explorer Escape Room @ Bay Area Maker Faire
    3. We will work on Cyber Patriots images (OS & Networking) next session.
13

Lab session tailored to a Cyber Patriots Challenge

  1. TestLab - Cyber Patriots
    1. ISO images VMWare Player - problems (45 mins)
    2. Packet Tracer Image - Cisco Packet Tracer (30mins)
14

Project Demonstration & Cyber Security Topic Presentations,Team Presentations

Through the Cyber Explorers, we aim at having a strong industry partnership using guest lectures, hackathons and exposing students to career paths. One of the session labs will be tailored as a Cyber Patriots test - which will introduce students to the Cyber Patriots program and other relevant national initiatives.

The program finale will showcase student work and projects to a broad audience. During the duration of the program, we will offer an extensive cybersecurity library and a raspberry pi based project lab environment. We strive to align this program to other industry efforts and also offer a hackathon.

Board Games Introduced

  1. Security Cards: This game gives players an opportunity to explore cybersecurity threats from multiple perspectives. The cards have four categories: human impact, adversary’s motivation, adversary’s resources, adversary’s methods. Within these categories, the cards give example scenarios and ideas to jumpstart group games and discussion.
  2. Dx03D: A tabletop turn-based security game focused on informally introducing students to cybersecurity concepts. The flow of the game requires players to act as attackers at some points, compromising and looting the other team’s infrastructure, and as defenders other times, attempting to patch exploitations and secure against further attacks.
  3. Cards Against Security: This game is a remix of the popular Cards Against Humanity card game centered around security concepts. The adlib style cards have been reworked to introduce security terms and concepts.
  4. Stratego: Stratego is a turn-based strategy board game where opposing armies attempt to secure the other team’s flag. This game has a defensive and offensive component where you must strategize where to place your pieces and where to attack your opponent.
  5. Hacker: In Hacker, players work together to solve progressively harder puzzles. These puzzles follow the flow of creating a program, attack incident and subsequent incident response. As the puzzles get more difficult other obstacles are added forcing players to continuously think outside of the box.

Project Ideas & Process

  1. Enhance the Cyber Explorers escape room
  2. Develop a poster against Cyber Bullying & Teen education.
  3. Develop a poster and tools for person cyber security - tools, image guide etc.
  4. Work on the Cyber Security games - Security & Privacy cards, Dx0D
  5. Ideas from Students