Summer Studio: Cybersecurity: An Offensive Mindset

A summer studio takes place approximately a month before the usual Autumn university session, utilizing a condensed teaching format of 4 weeks instead of a usual university semester. Out of the many choices to select from, I chose Cybersecurity: An Offensive Mindset as my 6-credit summer course as my personal aim was to find an internship immediately after the holidays.

On the first day (4/02/2019) we were assigned to present upon a Cybersecurity topic of our own choice in groups of 4 to 5. The task was due on Wednesday (in two days), so I got to work immediately with picking out a group. The team I decided to join was composed of a mixed skillset, with the veterans being Jason, Andre and I as we were involved in the UTS Cybersec society beforehand. However, the new members: Frank and Vishal were both hard working software engineering students in their final year. The group selection gave us a perfect opportunity to practice our interpersonal, leadership and communication skills.

^ We decided to use Microsoft Teams as a form of communication.

I strongly believe in the importance of team communication, so we used one of my preferred tools, Microsoft Teams to act as our project planner. After we dissected the project into 4 steps, we used google slides to complete our presentation slides. Of course, there was initial friction within the team when we were trying to decide upon the topic, but after a couple of rounds of voting we decided to research bug bounty and isolated steam as our technical case study. 

^ Our team presenting at the front

The topic we chose to present is the bug bounty program, where you “get paid to hack things”. A bug bounty is a program which crowdsources bug hunting for target software products and services which rewards hackers reporting these bugs with money and recognition.

We then delved into a case where valve pays 15000 pounds to a hacker who found a steam bug that generates free games. Artem, who was the hacker, passed in specific URL parameters that gave him access to API endpoint calls to get multiple game Product keys.

Overall the presentation went extremely smoothly and gave us an important insight of teamwork, and provided the students with a fresh way to learn from each other. Thus despite the gap between each individual student’s ability and experience, it was a great event that enabled us to establish a bond with our peers.

Side note, the teaching staff was extremely supportive as they conducted their teaching. Larry was very direct and concise when disclosing information, while the Microsoft Team class group was also a great addition to aid our communication when we wanted to voice our questions. Darsh is very supportive in the communication side as he answered all my questions about the presentation task, and gave our ideas great feedback.