Eman S. Alashwali

Achievements → 1st Hacking Competition

2013: Hacking Projects in the Security Lab

In 2013, I proposed the idea of incorporating hacking projects in the Computer & Information Security lab (CPIS312) taught at FCIT-KAU.

In this experiment, I proposed several ideas for "known" real-life attacks to my students. The students were required to implement the attack (demo), write a short paper, and conduct a presentation and poster about the attack of their choice. At the end, the students presented their posters in the FCIT Open Day 2013 event. Our aim was to raise awarness about some real-life attacks to the rest of the college students and staff.

Fig 1. - A view of the student posters in the FCIT-KAU Open Day 2013

Fig 2. - A view of the student posters in the FCIT-KAU Open Day 2013

Here I share with you some of these projects:

  1. Al-Thomali, B., Al-Harbi, S. and AL-Zahrani, S. (2013) Social Engineering Attack: Real Life Example.
    Abstract | Experiment Screen Shots | Poster
  2. Tounsi, A., Al-Ghamdi, E., Al-Mohayawi, R., Younis, S., and Kadi, M. (2013) Click-Jacking and Phishing
    Abstract | Experiment Screen Shots | Poster
  3. Alyousif, M.A.M, Basaffar, N., Alselmi, A. and Aljuhani, G. (2013) WEP and WPA Wireless Networks Cracking Using Backtrack.
    Abstract | Experiment Screen Shots | Poster
  4. Al-Zahrani, M., Al-Harthi , M. and Mutahar, G. (2013) Mobile Phone Security Risk.
    Abstract | Experiment Screen Shots | Poster
  5. Alawi, A., Badgale, N. and Al-subhi, R. (2013) Cross Site Scripting.
    Abstract | Experiment Screen Shots | Poster
  6. Algari, R., Al-Harthy, S. and Al-Malki, T. (2013) Network Sniffing: Real-World Examples.
    Abstract | Experiment Screen Shots | Poster

I shared the whole experience in a paper published at the Internation Journal of Electronic Security and Digital Forensics (IJESDF) with the title: Incorporating Hacking Projects in Computer and Information Security Education: an empirical study" . The paper explains why I belive that the idea of hacking projects is worth doing. I also shared the student sentiments towards such projects from several aspects such as helping them better understand computer security concepts. Note: the paper in the link is a preprint version that was accepted for publication by the published. The final version available at inderscience .

2014: Adding More Fun..Hacking Competitions in Security Lab

In 2014, I proposed delivering two hacking excercises for known attacks in a form of competition. In the first exercise, the students competed each other trying to extract their competitior's Windows Server password without prior knowledge about the password. In the second exercise, the studets competed me!! I configured 2 wireless access points using broken security protocol and the challenge for the studnets is to break the wireless network security key without prior knowledge about the key. The figures below illustrates briefly the two competition scenarios:

Fig 3. - The two hacking competitions given to students in 2014

This experiment was also shared and published in the IEEE Global Engineering Education Conference held at Tallin, Estonia in 2014. The paper can be found here.

2015: Open the Competition to all Students

In 2015, I made a prepsentation entitled: "Can You Break It?" about the hacking competitions the students take in my security labs. The IEEE branch chair, Wejdan Mousa proposed opening the competition to all the college studnets. Thanks to Wejdan, and Aisha Ayoub, Haneen Fatani from KAU IEEE branch who helped in preparing the competition. It was an interesting experience and the first of its kind competition at FCIT-KAU.

Fig 4. - The announcement for the 1st hacking competitions in 2015

The competition lasted for 2 weeks with 2 challenges based on known attacks. Every Thursday, we released one challenge. I authored and configured the two challenges: The first challenge was about SQL Injection. I built a delibrately weak website that is vulnerable to SQL injection attack and the challenge was to log in without having any prior knowledge about the password.

Fig 5. - The 1st challenge: breaking into a web site database

The second challenge was breakign 2 wireless networks configured with broken security protocols, namely, WEP and WPA protocols.

Fig 6. - The 2nd challenge: breaking into 2 wireless networks

Ther results were as follows: we had 8 teams participated with total of 17 members. All teams have made great efforts. The 2 winning teams were:

  1. Team: Crash Bash. Members: Maram Mohammd Mashatt & Nuha Gazzaz
  2. Team: White Hat. Members: Hajar Mohammed & Samaher Al-Harthi

It was an exciting experience for me and for the students.

Note: all hacking projects and competitions are implemented in virtual environments (e.g. virtual websites, networks, self-owned devices, etc.). I understand the ethical aspect of implementing these projects. I also make the rules clear to the students and take precautions.