Students at Walla Walla University are encouraged to complete an internship before they graduate, and some majors require it as a graduation prerequisite. Jacob Priddy, 2020 graduate in computer science and electrical engineering, fulfilled this experiential learning requirement with a unique project.
The two-part project started by hacking a computer. The goal of this project was to bypass the security and anti-malware programs to gain complete control of the target computer. Priddy was able to break through the security systems of a compromised computer he targeted through social engineering, a style of attacking a computer to gain access, particularly by manipulating people into divulging confidential information. Priddy finally bypassed all security solutions and attained domain administrator credentials, the highest level of access on that machine.
“A couple highlights of the project were the morning I gained domain administrator on their network after bypassing the computer’s anti-malware and application whitelisting software, and when I pulled their database of passwords and cracked over half of their employee’s passwords,” said Priddy.
The second portion of the project involved simulating a random person who gets physically close enough to a building to connect to a location’s internet service, plants their own computer onto it, and finally gets credentials that allow a foothold on the internal network. Once Priddy was able to complete these steps, he was able to migrate around the network without having to do a social engineering attack. “After I gained the highest level of access on their network, I then performed some post-exploitation actions, such as cracking passwords. In the end I was able to break over 140 of their employee's passwords,” said Priddy.
“I learned firsthand that nothing is ever 100% safe and secure,” said Priddy. “There is always a way as long as people are involved, because people make mistakes. I also learned to have more persistence and not give up. When something doesn’t work, read more, look over things, and try something a little different.”
In this digital age where social engineering attacks are increasing in frequency, talents like Priddy’s are more and more in demand by companies and institutions around the world.
Posted Aug. 7, 2020