This blog will discuss 3 infosec projects that are under $100 to get you started in Cybersecurity or Infosecurity by giving you hands-on experience to develop your skills.
Right now the market is flooded with people who are just getting started and who are trying to get into cybersecurity. This blog will discuss three projects that are under $100 to get you started in Cybersecurity or Infosecurity by giving you hands-on experience to develop your skills.
These three projects are all super doable for a beginner and they should teach you a lot of skills that will transfer into your first job.
This is not a tutorial. Instead we will focus on each project, what it consists of, the outcomes, and the skills that you will develop from completing it.
Each of these projects will be using a raspberry pi. This is a single board computer. These little computers are awesome for hobbyists. They run between $5-$100, they can run Linux and they even have their own version of Linux maintained by the raspberry pi foundation called raspbian. There are tons of projects and tutorials and add-on boards that can add functionality to your raspberry pi. They aren’t the most powerful computer, but they get the job done and they are perfect for the three projects we are going to go through.
The PiHole is a DNS black hole that is designed to black hole domains that you program it with such as ads. What that means is that you plug in a raspberry pi to your wifi router and then when you go to a website it's going to go to your router, go back to the raspberry pi, and the raspberry pi is going to tell your router if that website exists.
You can program your raspberry pi to say ads.samsung.com doesn’t exist. That would mean that any ads from that website, ads.samsung.com, aren’t going to load on your wifi network. This takes a lot of configuration, but there are a ton of great resources out there to set up your own PiHole.
It’s a great way to clear up your TV from unwanted ads in the menu, or removing ads from your internet browser all the way across your network on every single device.
This project, the PiHole, is going to consist of installing LInux on your raspberry pi, installing the packages for your PiHold software, and configuring a static IP address. That’s going to involve setting up the static IP address on the raspberry pi itself and also in your router and firewall settings. Then you are also going to have to manage it.
You can get off-the-shelf lists of domains, websites, IP addresses, that you should block with your PiHole, but you’re going to have to go in yourself and make changes to this to keep things working and to block new ads that are coming out.
Find the project here.
The outcomes of this project are that you can block any domain on your network. This means you could block adult content, you could block games that you don’t want people to be looking at, you can block ads, which is the primary resource for this, and you can also block malicious websites or IP addresses. So there is a security aspect to this. You can use your PiHole to improve your information security.
The skills that you’ll develop from setting up your PiHole are:
Whitelisting and Blacklisting. That’s allowing websites through your PiHole and blocking websites on your PiHole, DNS (Domain Name System), networking, DHCP, routing, and obviously Linux because Linux is going to be running on your PiHole.
If you really enjoy your PiHole project and you want to keep going on that, the next steps would be maintaining it, working on the whitelist and blacklist. A more advanced project along the same vein would be setting up a firewall, intrusion detection system, and an intrusion prevention system.
Common software that you’ll want to use for that is probably Opensense, PFsense and SNORT. Within PF sense there is a software called PFblockerNG and you can use that to do basically anything your PiHole does. So those are some great next steps.
A honeypot is an attractive target for hackers. A honeypot looks appealing to them and once a hacker tries to hack into your honeypot, it notifies you and gives you all the data like what kind of attack was performed against it, and who performed that attack.
These are fairly easy to set up and they give you really valuable threat data. It’s really important to enterprise or even in your own security at home to know when people are trying to hack into your computers and what kind of attacks they are using.
A honeypot consists of installing Linux on your raspberry pi, installing the packages for your honeypot (we recommend open canary), configuring your honeypot, and using the data you get from your honeypot.
Find the project here.
The outcomes of this project are going to be that you’re learning what hacking attempts look like. This is super valuable if you want to go into a blue team role in information security. Another outcome is that you’re going to know when there is a threat actor on your network. You can configure the honeypot to email you or send you a different notification when it detects a hacking attempt which is super valuable. You’re also going to get threat data of who is trying to hack into you which is another thing that is super valuable.
The skills you’ll learn from setting up your own honeypot are networking, different attack types, log analysis from looking through the logs on these attacks, network security and Linux.
If you enjoy your honeypot project and you want to continue with similar projects, we recommend blocking the bad guys that you catch, running a network vulnerability scanner, and maybe using the data you get from your honeypot to create your own threat feed. This is a list of known bad actors that is published online. There are tons of them out there published by different cybersecurity companies and research institutions and other people can use that data to block bad guys on their network or vice versa. This is a really cool project and it’s pretty impressive.
This device looks like a tamagotchi but it’s powered by a raspberry pi. There is a raspberry pi inside of the Pwnagotchi keychain and it has a screen and sometimes other features, like a fit battery.
A Pwnagotchi is a passive wifi hacker. This is a little bit of a legal gray area depending on where you live and what you’re using your Pwnagotchi for. A Pwnagotchi, as you’re walking around, can detect nearby wifi networks and kick people off of them. Then when people try to reconnect to the wifi automatically, the Pwnagotchi steps in and captures the wifi handshake.
That handshake includes a hashed version of the wifi password. If you were malicious, you could break that hash and get the password to their wifi.
You can also add GPS modules to you Pwnagotchi which will allow you to create a map of wireless networks near you. This is commonly referred to as warwalking and there’s tons of projects for warwalking online that are super cool.
Pwnagotchi consists of building the device, installing the operating system that comes pre-configured with everything you need, connecting over SSH, and walking. You could also crack the hashes that you got from your Pwnagotchi.
Find the project here.
Outcomes of the Pwnagotchi are that you will capture wifi handshakes, and you’ll map wifi in your area.
The skills that you’re going to develop from this are: wireless security, hardware assembly, networking, SSH, 3D printing, and Linux, once again.
Next steps if you enjoyed your Pwnagotchi would be: cryptography, learning how hashing algorithms work, hardening your wifi to prevent someone with a Pwnagotchi from stealing your handshakes and hacking into your wifi, advanced wifi hacking, and using something like a hack5 wifi pineapple to learn other types of wifi penetration testing and hacking.
Other advice on these projects that we covered today is that when you follow the steps for a project you don’t actually learn anything unless you research it. So you can follow all the steps to go through these three projects, but if you’re not asking questions like “what’s DNS?”and looking up what DNS is, you’re not really going to learn much.
I recommend that as you go through the instructions for these three projects, you look up every single term and you make sure you understand what these projects are doing exactly.
I also recommend writing down everything you do. This is going to give you a record of what you’ve done and give you an example of your work. You want to document every issue you run into and then you want to publish this online on your GithuB.
This will be impressive to your employers so they can see an example of your writing and the projects that you've done. Doing these projects obviously won't guarantee you a job, but it will guarantee you applicable skills and some hands-on experience.
I recommend anyone who is trying to get started in information security to get started in information technology. Entry level infosec jobs are IT jobs. And don’t give up. If you’re interested in information security, keep pushing and someone will give you a chance.
.svg)
