One of the most intensive learning experiences at 42 is a Piscine – for this one, a week-long, immersive program filled with hands-on projects. Delivered as PDFs, these projects push students to explore and implement solutions independently. The Cybersecurity Piscine, held at 42 Berlin, focuses on essential topics in software security and highlights the importance of writing robust and secure code.
During this Piscine, participants tackle practical challenges such as identifying vulnerabilities, securing applications, and applying best practices in cryptography and authentication. By working under tight deadlines, students gain not only technical expertise but also experience in time management and problem-solving under pressure. This week-long dive into cybersecurity equips participants with a strong foundation in safeguarding software systems.
Arachnida: Web Scraping and Metadata Analysis
The Arachnida project at 42 Heilbronn showcases the power of Python in data extraction and analysis. It consists of two components: Spider and Scorpion, each designed to tackle specific tasks related to web scraping and image processing.
Spider is a web scraper that downloads images from websites based on user-defined input parameters. Students learn how to navigate HTML structures, handle web requests, and automate the retrieval of media content while respecting ethical and technical considerations.
Complementing this is Scorpion, a tool for extracting metadata and EXIF data from the downloaded images. This part of the project dives into understanding file formats, metadata handling, and exploring how such information can be used or manipulated in real-world scenarios.
Together, Spider and Scorpion provide a comprehensive introduction to web scraping, data extraction, and the intricacies of working with media files in Python, preparing students for more complex data-driven challenges.
ft_otp: One-Time Password Generator
The ft_otp project introduces students to the core principles of secure authentication by creating a One-Time Password (OTP) generator in Python, compatible with popular authenticator apps. This project requires implementing HMAC (Hash-based Message Authentication Code) from scratch, providing a deep understanding of how hashing ensures data integrity and authenticity.
To enhance security, the project also incorporates Fernet encryption for securely storing and retrieving the user's secret keys. This allows students to learn the critical distinction between hashing and encryption, gaining insight into their roles in cybersecurity.
A key feature of the project is generating QR codes that enable seamless communication with authenticator apps, streamlining the setup process. By completing ft_otp, students not only understand the mechanics behind OTP generation but also develop a practical tool that highlights the importance of secure key management and user-friendly authentication mechanisms.
ft_onion: Hosting a Darknet Service
The ft_onion project introduces students to the world of secure and anonymous web hosting by setting up a service accessible exclusively through the Tor network. Using Docker, students deploy an Nginx server and configure it to block direct access, ensuring that the service can only be reached via a Tor relay.
This project provides hands-on experience with advanced networking concepts, including the Tor protocol, reverse proxies, and secure configurations for anonymous web services. By hosting their own Darknet website (of course, without any illegal content), students gain a practical understanding of how hidden services operate and how privacy can be maintained on the web.
Through ft_onion, students explore the ethical and technical aspects of anonymity online, acquiring skills in secure service deployment and responsible use of privacy-focused technologies.
reverse_me: Binary Reverse Engineering
The reverse_me project challenges students to delve into the field of reverse engineering by analyzing binary files to reconstruct the original C code. This task requires logical thinking, attention to detail, and proficiency with various tools and techniques for binary analysis.
Students utilize tools such as strings for extracting readable text, objdump for disassembling binaries, and gdb for debugging and stepping through execution. Advanced decompilation tools like Ghidra are also explored to understand the structure and functionality of compiled programs.
This project teaches critical skills in understanding low-level programming and binary structures, enabling students to interpret compiled code and uncover the logic behind it. Through reverse_me, participants gain a solid foundation in reverse engineering, a valuable skill for debugging, security research, and deeper insights into software behavior.
stockholm: Malware Simulation for Learning
The stockholm project provides students with a controlled environment to explore the mechanics of malware, focusing on file encryption and decryption. Utilizing symmetric encryption, the program encrypts specific files in predefined areas of the system using a shared key, which can later be used to decrypt the data. To ensure safety and ethical use, all testing is conducted within a secure Docker container.
Through stockholm, students learn how symmetric encryption works, including key management and the practical implementation of cryptographic algorithms. The project also highlights the importance of ethical considerations in cybersecurity, ensuring students understand the potential impact of such tools while developing their skills in malware analysis and defense strategies.
This hands-on approach gives participants a deeper understanding of encryption and file security, preparing them for real-world scenarios in secure software development and threat mitigation.
inquisitor: Man-in-the-Middle Attack Simulation
The inquisitor project introduces students to the concepts and mechanics of Man-in-the-Middle (MitM) attacks in a controlled and ethical environment. Using Docker Compose, students set up a simulated network where they intercept and analyze FTP protocol traffic by positioning themselves between communicating devices.
The project involves leveraging ARP (Address Resolution Protocol) spoofing to redirect traffic through the attacker’s system, enabling the capture or manipulation of transmitted data. This practical exercise demonstrates the vulnerabilities of unencrypted protocols like FTP and highlights the importance of secure communication practices.
By completing inquisitor, students gain a comprehensive understanding of network security, the risks posed by MitM attacks, and methods for identifying and mitigating such threats. The project emphasizes ethical hacking principles and prepares students for roles in cybersecurity and network defense.
vaccine: SQL Injection Exploration
The vaccine project allows students to explore the vulnerabilities of improperly secured applications by practicing SQL injection techniques in a controlled and ethical environment. The objective is to uncover the structure of a database and extract data by exploiting weaknesses in user input handling.
Through this project, students learn how SQL injection attacks work, including crafting malicious queries to bypass security measures and manipulate database operations. The exercise emphasizes identifying common vulnerabilities, understanding the impact of such exploits, and applying best practices to prevent them.
By completing vaccine, participants gain valuable insights into database security and the importance of robust input validation and parameterized queries, preparing them to build secure and resilient applications.
