The UMBC Cyber Defense Lab presents
A Practical Introduction to Penetration Testing
Dr. Arno Wacker
University of Kassel, Germany
and UMBC 2017
12:00noon Friday, 28 April 2017, ITE 227, UMBC
While many students learn the theoretical concepts of cybersecurity and cryptology at universities, their exposure to real life systems and the application of learned theoretical foundations in the real world is usually limited. Additionally, most students and sometimes even students of cybersecurity often deal with cybersecurity threats on a very abstract level, thereby being unaware that these threats are not abstract but real for everyone, including for themselves.
Therefore, this talk intends to raise the awareness about real cybersecurity threats for everyone by demonstrating live the process of penetration testing a system. I will show live how an attacker can gain control over a victim’s PC in a matter of seconds, and how this attack can be prevented. To do so, several techniques and tools will be used, including breaking a WPA-protected wireless network, defeating SSL/TLS encryption, and obtaining a reverse shell with system rights on the victim’s computer.
By experiencing these attacks in a simulated penetration test, we can gain a deeper understanding of the theoretical foundations and their implications for real-life scenarios. With this knowledge, the attack vectors can be mitigated to a bare minimum. In many cases, the cybersecurity-aware usage of IT systems is already countering many real threats.
Prof. Dr. Arno Wacker is an assistant professor with the University of Kassel in Germany and the head of the research group Applied Information Security (AIS). Currently, he is a visiting assistant professor at UMBC teaching the network security class. He is also the lead of the open source project CrypTool 2 and a member of the steering group of MysteryTwister C3 . His main research interests are modern security protocols for decentralized distributed systems, computerized cryptanalysis of classical ciphers, and cybersecurity awareness. At the University of Kassel, he teaches classes about cryptology and cybersecurity. Additionally, he regularly offers cryptology workshops for students at local schools and gives talks about penetration testing for companies. Email: <>