As the clock strikes midnight on December 31st, we usher in a new year full of promise, potential, and opportunity. The new year is a symbolic time to turn the page, reset our focus, and prioritize what truly matters. Whether you’re looking to improve your health, advance professionally, or simply create a more intentional life, starting with a clear, actionable plan is key. Enter the WWW Plan: Water, Weight, and Wisdom — a simple yet transformative approach to building habits that stick.

What is the WWW Plan?

The WWW Plan is built on three pillars that address both physical and professional well-being:

1. Water: Hydration is the foundation of health. Drinking water consistently throughout the day boosts energy, improves concentration, and supports overall wellness.
2. Weight: Whether it’s managing your weight, increasing physical activity, or improving your diet, this pillar encourages intentional choices for a healthier lifestyle.
3. Wisdom: Professional growth and personal development take center stage here. It’s about dedicating time daily to learning, setting goals, and pushing yourself toward greater achievements.

The Daily Structure

The WWW Plan thrives on a simple daily routine:

• Start with a Workout: Kick off each day with movement. Whether it’s a brisk walk, yoga, or a gym session, this habit energizes your mind and body for the tasks ahead.
• 30 Minutes of Focused Work: Spend at least half an hour on a professional or personal goal. This might mean advancing a project, learning a new skill, or even journaling to reflect on your progress.
• Drink Water Throughout the Day: Keep hydration at the forefront. Starting your morning with a glass of water and carrying a refillable bottle can help maintain this habit.

Why the WWW Plan Works

The WWW Plan works because it’s adaptable, measurable, and grounded in daily habits. Here’s why it stands out:

• Holistic Approach: It doesn’t just focus on one area of improvement. By balancing health and growth, it ensures you’re developing both physically and mentally.
• Consistency is Key: The beauty of the WWW Plan is its simplicity. These three daily goals are easy to incorporate into any routine, making it more likely you’ll stick with them.
• Room for Growth: Each pillar is flexible. Whether you’re starting small with 5-minute workouts or diving into intensive skill-building, the plan scales to meet your needs.

A New Year’s Reflection

The start of a new year is an opportunity to reflect on where you’ve been and where you want to go. The WWW Plan helps bridge that gap by focusing on what you can do each day to move closer to your goals. Small actions compound over time, creating lasting change.

This year, let’s ditch the overly ambitious resolutions that fade by February. Instead, commit to a manageable, impactful plan that prioritizes your health, professional growth, and self-care. The WWW Plan isn’t just a framework for success; it’s a mindset for living intentionally and embracing the possibilities that come with a fresh start.

Here’s to a year of hydration, movement, and wisdom. Let’s make 2025 the year of balance and growth!

When I am at LGS’s and tournaments I mention that I use card games as part of my curriculum in my cyber security class. I get a lot of confused looks and a lot of “I wish I had you as a teacher!” comments. I started this blog to share my experiences and build a resource for other educators who enjoy TCG’s and see the benefits of the lessons learned that are hard to be taught other ways.

How did it start?

These days, when you walk into my classroom you might think that you took a wrong turn and walked into an LGS. Playmats cover the desks, over 30,000 Magic cards on the shelf, MTG banners on the wall it is a classroom that I love walking into and many of my students do as well. It isn’t the traditional vibe that you get when walking into a classroom that’s for sure but it’s our happy place.

When I first started teaching, my students asked if they could spend there lunch in the classroom because they wanted to play a card game. As a past YuGiOh player (very casually) I was of course welcoming to the group of 2-3 students that wanted to play Magic the Gathering. I had no idea how to play Magic and I vaguely remember it from my middle school days when some kids in my boy scout troop played.

As the students played I asked questions and decided to get a few commander decks. I had the students teach me how to play and man did we go down a rabbit hole. That year many of the students in the class wanted to learn to play so I ended up picking up every commander deck that I could find. The commander deck collection is now over 60 commander decks. Any and all free time in the classroom was dedicated to playing MTG. It was at that time when I started researching gamification in the classroom as a part of my masters in Education. It was at that time that the light bulb went off and I have been integrating games into the curriculum for the last 4 school years.

Are you Magic only?

I have many different games in the classroom. I try to buy starter decks of the more popular games that come out like the following:

• Digimon
• YuGiOh
• Lorcana
• Starwars Unlimited
• Flesh and Blood

A lot of times, I don’t know how to play these games but my students do and I get to learn a little more about what is popular at the time.

What skills do you focus on?

One day our state support team was walking through the halls and inquired about what my students were playing because they were so engaged. It was at that point that I spelled out exactly what skills they were learning. Over the next few posts I am going to break all of these down:

These skills are crucial to my students success especially in the field of cyber security.

Stay tuned for more!

TJ

What is one skill that all new hires should have?

That is a question that I ask my advisory committee all the time, nine times out of ten they say they are looking for professionals who are able to troubleshoot issues in a methodical way. Whether you are helping a user figure out why their software won’t load, or you are trying to upgrade the storage array on the server, and it isn’t working, having a sound method will help you work through the largest and smallest of technical issues.

Note: I also put together a video about the process sharing tips and tricks that can be found here:

One of the most widely recognized methodologies is the CompTIA Troubleshooting Method. In this blog post, I will briefly explore the key steps of this method and how it can empower you to troubleshoot with confidence.

Identify the Problem:

The first step in the CompTIA Troubleshooting Method is to clearly define and understand what problem the user is experiencing. This requires actively listening to the user and asking probing questions to gather relevant information. The goal of this conversation is to obtain a comprehensive understanding of the problem so you can accurately troubleshoot the issue. It is also key during this phase to get as much information as possible about when the issue occurs as well as any changes in the environment.

Do Research:

During this step you will start looking at your company’s knowledge base or online and seeing if other users are experiencing the issue. We want to make sure that we are not re-inventing the wheel if we don’t have to. A quick Google search at this point could save you hours in the long run.

Establish a Theory:

After identifying the problem, the next step is to develop a hypothesis or theory that explains the root cause. This theory should be based on logical reasoning and knowledge of all of the different systems that the machine interacts with. At this point you are coming up with an “educated guess” if you will and this educated guess will help focus your efforts and help you to be more efficient at solving the user’s issues.

Test the Theory:

Once you’ve come up with a theory, it’s time to roll up your sleeves and put it to the test! This step is all about diving into the nitty-gritty details and running a series of diagnostic steps and experiments to either prove or disprove your hypothesis. This hands-on, approach is like being a detective on a mission, helping you narrow down the possibilities and uncover clues that will guide you on your troubleshooting journey.

Establish a Plan:

Based on the results of the testing phase, you will now develop a plan of action to address the problem. The plan may involve applying a known solution, implementing temporary workarounds, or taking further steps to isolate the root cause. Note that during the establish a theory step, you had several different possabilitiues, the purpose of this step is to establish the “best” plan to move forward with.

Implement the Solution:

With a well-defined plan in place, it’s time to implement the chosen solution. This could involve configuring settings, replacing faulty components, updating software, or performing other relevant actions. Make sure that you are taking into consideration the entire picture when you are implementing your solution as you do not want to cause more disruptions in your user’s environment and you want to make sure that downtime is as minimal as possible.

Verify Full System Functionality:

After implementing the solution, you should now make sure that the issue is solved, and the system is functioning optimally. During this step, I would also do any other maintenance tasks that need done like system updates, cleanup, etc. The last thing that I want is to be back in front of this user the next day because they ran a software update, and it broke their machine again.

Document the Solution:

The final step of the CompTIA Troubleshooting Method emphasizes the importance of documentation. Be sure to document the entire troubleshooting process, including the problem description, the steps taken, the solution implemented, and any lessons learned. This documentation serves as a valuable resource for future reference, enabling others to benefit from the troubleshooting process and facilitating knowledge sharing within the IT team. Developing good note taking habits early on will pay off in dividends in the future.

Closing:

The CompTIA Troubleshooting Method provides a structured and systematic approach to resolve IT issues effectively. By following these steps, you can approach troubleshooting with clarity and precision, minimizing downtime and maximizing productivity. Whether you’re a seasoned IT veteran or just starting your journey in the field, mastering this methodology will undoubtedly enhance your problem-solving skills and elevate your value as an IT pro!

Before you go,

Are you studying for your ITF+ exam? If so check out this FREE guide I put together with over 15 pages of outlines, explanations, and practice questions that can help you get your ITF+ certification. Download it here: Get my free Unofficial ITF+ Study Guide (tjhouston.com)

Are you wanting to start your certification journey, but you don’t know where to start? There are a ton of entry level certifications out there from companies like CompTIA, Microsoft, SANS, and many others. Today we are going to help decide if CompTIA is a good place to start.

Today, we are talking all about the CompTIA A+ certification, the pros and cons of the certification and whether it is worth it for you to focus on this certification in 2023. Read until the end where I share some of my favorite resources to get you started.

What is the CompTIA A+?

The CompTIA A+ certification is comprised of two different exams that shows employers that you have a basic understanding of IT (Information Technology) skills, and you are able to perform basic helpdesk tasks and even more importantly is it shows that you are an employee who is trainable.

When you are first starting out in the IT world, many times this is the de-facto standard when it comes to getting your foot in the door. It is a tried-and-true certification that many employers trust when they are looking to hire technology focused talent.

Importance of certification in the IT industry

In the IT industry it is hard to really gauge how much someone knows just based on a resume. With the advent of AI this is going to get even harder to get qualified candidates. That is where certifications come in. With the A+ you have a very large body of knowledge that you need to prove that you have knowledge of in order to get the certification. So much information that they break it into 2 different certifications.

Pros of the CompTIA A+ certification

1. Get passed the HR gatekeepers

Like I mentioned above, employers need a way to vet applicants when they are getting 100’s if not 1000’s of applications. By having a certification requirement, they are eliminating applicants that do not meet the needs of the job. You could have all of the technical skills in the world but unfortunately HR gatekeepers will likely throw out your application if you don’t have the required certifications. This opens up those doors for you to at least get an interview.

2. Prove you have comprehensive knowledge of foundational IT skills

I love certifications because it gives you an outline or framework of what to study. The A+ is no different. The A+ tests your understanding of all aspects of IT including Hardware, Networking, Mobile Devices, Operating Systems, Troubleshooting, Cloud, Security, and also operational systems like best practices. The A+ also focuses a lot on developing your troubleshooting methodology. This is what employers are looking for when it comes to hiring an entry level technician. Not necessarily do you know everything there is to know about technical topics, but do you know where to find the answers and do you know how to walk through an issue to determine the root cause.

3. Industry recognition and credibility

If you take a minute and just do a search on “CompTIA A+” on your favorite job search site you will see that across the board, in every industry you will find some type of role available. That is because of how widely accepted the CompTIA A+ certification is. Also, you can see from the screenshot above, the A+ also appears on the DOD 8570 list of certifications. This is the list of baseline certifications that you must have to perform IT related jobs within the DOD (or contractors).

Cons of the CompTIA A+ certification

It may seem like a no brainer to go after this certification but let’s talk about a few of the cons of the certification as well.

1. Financial Investment

Certifications are not cheap especially when you are paying for them out of your own pocket. Let’s break down the cost of getting the A+ certification.

Exam Fees:

The A+ certification requires 2 different exams in order to get the A+ certification. Each of those test vouchers cost $246 which means if you didn’t pay for anything else, the minimum you are going to spend on the A+ is $492. That is a lot of money. Now if you are in the state of Ohio, we have a grant that you can apply for to have this paid for (if you are currently employed) called TechCred (TechCred | Ohio.gov). Other states might also have a similar program setup to “Upskill” their workforce. Also, if you have a .edu email address you can get a discount on your certification vouchers and prep materials on the CompTIA store by signing up with that email address.

2. Time commitment for studying and preparing

Like I stated above this certification is 2 tests and that is a lot of content to study especially if you don’t have any background in IT. I teach this content as my full-time job at a local high school, and it takes us at least 15 weeks, at 3 hours a day, to get through all of the content. Make sure that you are ready to dedicate a few hours a day to this certification to get through and fully understand all of the content.

Note: At the end of the post, I have a few recommendations for some courses and books to help you get started.

3. Limited scope and depth

At the risk of sounding cliche, the A+ exam goes a “Mile Wide, and an Inch Deep”. What I mean is it scratches the surface of many different topics and it doesn’t go super in depth to any one topic. Again, this is an introductory certification so that is ok, but I don’t want anyone to think they are going to be a subject matter expert on all of these topics once they get their A+ certification. The A+ is your launching point, not your landing pad.

4. Frequent updates and expiration

You may think you are done once you pass the exam but that isn’t the case. The A+ exam is constantly being updated to the latest and greatest technology that comes out. This is great for employers because they are making sure that candidates are up to speed on relevant technology, and it also makes sure that people are not plateauing when they get into the IT field. Stagnation isn’t good for anyone.

The CompTIA A+ will need to be renewed every 3 years. There are 3 main ways that you can renew your certifications.

Get a higher-level certification.

The easiest way in my opinion is to get a higher-level certification before your A+ expires. When you get a higher-level certification, it will automatically extend your A+ certification. In my case, I have worked all the way up to the CASP+ exam so I only have to worry about getting that certification renewed and all of my other certs will renew.

CEU’s

CEU’s or continuing education credits, are a way to show that you are growing within the IT field. If you get a certification that is outside of CompTIA and at least 50% of the objectives match the A+ exam then you can receive CEU’s for that certification. You can also take college classes, go to an IT conference, or utilize your work experience. To learn more about using CEU’s to renew your certifications, check out the CompTIA website here: Earn Continuing Education Units (CEUs) | CompTIA IT Certifications

Take the test again

The final way is to simply take the A+ exams again, this is a bit counterintuitive as it costs more than going for say the Network+. But know that it is an option.

Real-world application of getting A+ certified

So, we have talked about the pros and cons of the A+ certification but what can the A+ actually do for you. First and foremost, like I mentioned earlier, it opens the doors to entry level IT positions like Helpdesk Support, Desktop Support, and more general, IT Technician. These are all great launching points for your IT career and tend to pay a bit higher than minimum wage (average starting is between 40/45k a year) Help Desk Technician Salary | Salary.com

Getting the A+ certification is a great steppingstone into the IT world, and it helps you get started on your certification journey. Once you get started in the field, you may find that you really like cyber security, the A+ has given you a baseline level of knowledge that you can directly apply to getting started with your Security+. CompTIA does a great job of building a pathway for you to succeed.

Note: Once you get hired, many empolyers will pay for your certification vouchers in some way. Make sure, as you are applying for jobs that you ask about continuing education programs.

Conclusion

I really like the A+ certification for what it covers. As someone who has hired countless IT technicians, we always preferred those who had the certification. The A+ is probably one of the most sought-after certifications in the IT industry and it is regarded highly amongst employers. The biggest downside is the cost of the exam especially for those of you are younger and are just getting started. If you can find a way to overcome the cost, I think the A+ is a great place to start in 2023.

My Picks for Studying for the CompTIA A+:

Books

CompTIA A+ All In One Guide: https://amzn.to/3PHq5oc

CompTIA A+ Complete Study Guide: https://amzn.to/3PHq5oc

Videos

Home — Professor Messer IT Certification Training — CompTIA A+, Network+, Security+

Mike Meyers on Youtube: (5) Mike Meyers on: What is the CompTIA A+ Exam? — YouTube

Hello everyone! I hope you are enjoying your summer! I just wanted to let you know that I just dropped the latest video in my CompTIA ITF+ Training Series.

In this video, I talk about operating systems and what their purposes are when it comes to the devices we use every day. I also released a new study guide for the ITF+ that you can download can here: Get my free Unofficial ITF+ Study Guide (tjhouston.com)

As always if you need absolutely anything please feel free to reach out!

There is an old addage, those who cant do, teach. For some professions, that is true but when it comes to teaching cyber security, this is not the case. My skills as an IT professional and cyer security SME have grown leaps and bounds since becoming a teacher. Cybersec is a vertical that you can’t just sit back and be passive, the world of IT changes daily. Below are some ways that I continue to grow and learn as a cyber security teacher.

Reading / Writing

One of my mentors once said,

“If you ain’t readin you ain’t leadin” and that is so true when it comes to being a teacher. Nothing against other subject areas but every day I feel like I am teaching something new. In order to stay on top of the industry, I need to constantly read and stay on top of what is going on in the world and give back by documenting my learning on this platform.

Reddit

My go to place to stay up to date on the world is Reddit. Warning, there are some subreddits that get a little cray but there are some AMAZING resources for people who are trying to enter the industry or who are trying to hone their craft. My top 3 subreddits that I check constantly are:

r/HomeLab — https://www.reddit.com/r/homelab/

r/Cyber Security — https://www.reddit.com/r/cybersecurity/

r/Pentesting — https://www.reddit.com/r/Pentesting/

Together these communities are over 1 million users strong. If you have a question chances are someone can answer it for you. Also, there are posts on these subreddits daily which is great for someone who is teaching a subject area that changes constantly.

Youtube

Youtube is full of amazing content for folks in the cyber security and IT world. Youtube is a great place for myself and my students to learn more about the world of IT. It is for that reason that I not only consume information but also create content on the platform to help others. If you want to follow along with my journey, you can follow me here: https://www.youtube.com/tjhouston

Some of the creators that I follow:

Network Chuck — https://www.youtube.com/@NetworkChuck

Lawrence Systems — https://www.youtube.com/@LAWRENCESYSTEMS

Keith Barker — https://www.youtube.com/@KeithBarker

LearnLinux TV — https://www.youtube.com/@LearnLinuxTV

David Bombal — https://www.youtube.com/@davidbombal

Books Currently Reading

Finally, the old school, books. I love listening to Audiobooks whenever I am in the car or out running the roads. Right now I am currently listening to:

1. The Perfect Weapon — https://amzn.to/3mZVYfE

The perfect weapon is all about using cyberweapons to take aim at societies all over the world. The book takes you through how the US and other countries has used these inexpensive tools to take over elections and blow-up centrifuges from hundreds of miles away. This book is a previous to what the new normal is going to look like.

1. American Kingpin — https://amzn.to/3ozf8tc

American Kingpin is the story of Silk Road creator Ross Ulbricht. The book reads like a primetime thriller and gives you context of why he created the ultimate free market, The Silk Road.

Conferences

There is no substitute for in person learning and networking. I love going to conferences and surrounding myself with other people who are trying to solve the same problems that I am. Now that we are in a post covid world, these conferences are back in full swing and I am excited to both teach and learn at the following conferences:

1. National Cyber Summit — https://www.nationalcybersummit.com/

When I first came aboard at ACWHCC I caught wind of this conference. Graciously they sent me and what a conference it was. This conference is held in Huntsville, Alabama and it brings in the top cyber security professionals from all over the world. While I was there, I was able to network with the folks over at ITProTV, a site that has built me as an IT professional.

2. Making Schools Work — https://www.sreb.org/conference

This year I am focusing on being a better educator and helping my school be one of the best schools in the area. This is an all-new conference for me and I am excited to learn more about education and how I can be a better teacher.

3. Ohio eTech Conference — https://oetc.ohio.gov/

This conference is near and dear to my heart. I have presented at this conference multiple times and I love being able to network with other educators from all over the state and learn new skills that I can integrate into the classroom. So much of what I do depends on technology, and I am always looking for new ways to connect with my students with the different tools that are available.

Volunteering

I am a huge proponent of giving back as much as I can. I don’t want my education to go to waste and I look for every opportunity to give back to my fellow teachers and my fellow IT pro’s. Two ways that I do this is by offering weekly EdTech PD in my classroom for teachers to come and learn about what tools are out there as well as brainstorm different ways to use technology in their classroom. A second way that I volunteer is by being part of the OC3 community (https://homelandsecurity.ohio.gov/oc3) that we have here in the state of Ohio. For years I have sat on the education subcommittee but this year I am applying to be part of their cyber response team in which I can help communities all over the state of Ohio respond to cyber threats when they present themselves.

Working in the Industry

I feel that the best way that I can share real life experiences with my students is to stay working in the industry. During the summer I take on consulting gigs that allow me to be an active participant in the IT world and help small businesses with their IT and Cybersecurity needs. This not only helps me stay sharp but also it helps me place my students in jobs to start their career in IT.

Military Service

As many of you know, I am an active member of the Ohio National Guard as a 25B (IT Support Technician). In my role as a 25B I am responsible for communication and data flow both on the battlefield and here at home. This role has helped me grow as an educator by coaching and mentoring those around me to get their certifications and learn new ways to teach my content.

Every day I am learning something new and finding new ways to be a better educator. This is a profession that I absolutely love and I look forward to many years teaching and mentoring the next generation of cyber warriors. What are some ways that you continue to grow? Podcasts, networking groups, other social media platforms? I would love to hear your ideas and how you continue to grow.

As always, if you need anything, please feel free to reach out!

At the career center, we always have to find unique ways to not only get new students into the program but also retain the talent that we have. The last 3 years have been a rush trying to find the right curriculum to help build a strong cyber security and IT workforce and I havent really spent a lot of time putting my marketing skills in use to grow my program. This past week I have been outlining ideas for the new year and I put together a pretty comprehensive plan for the upcoming school year. My goal is to share a lot more of what we are doing in the classroom with both the local community and society as a whole.

If you would like to see my plan (as a PDF) you can click here.

If you would like to use my template feel free to use the Google Docs version here and click “File” and then “Make a Copy”

Would you add anything else? Let me know!

This is a fun machine that explores many different attack vectors for local machines and teaches you to use some cool tools like Hydra and Crunch! Let’s see if we can get all 130 points! Scroll to the bottom for a video walkthrough. You can download this box from VulnHub directly: https://www.vulnhub.com/entry/rickdiculouslyeasy-1,207/

Enumeration

To get started we made sure our VM’s are both attached to the local adapter only and ran our netdiscover scan to see what other machines are on our local network.

sudo netdiscover -r 192.168.56.0/24

IP Address Located! 192.168.56.107

Now let’s get nMap Automator fired up

./nmapAutomator.sh -H 192.168.56.107 -t All

If you are not familiar with nMap automator, check out the github page for more info: https://github.com/21y4d/nmapAutomator

Within the first few seconds we see that there are some standard ports open, so while nMapAutomator does its thing, lets check out the website that is running on the machine.

Poking around on port 80

To get started, I like poking around on the website itself to see if I can find any clues in the source code or see if I can find something juicy in the robots.txt file. Navigating to the main index page, I didnt see anything to helpful. I always check robots.txt (https://moz.com/learn/seo/robotstxt) to see if there are any pages that they are hiding from crawlers. In this case, I found a few entries in the robots.txt file that led us to something that could be useful in the future.

Let’s go back and check in on nMap Automator…

So, it looks like the full scan yielded some more opportunities to get some more points so let’s check and see if we can do some banner grabbing to see what software these services are running.

As you can see, we get a lot of information back just by trying to “knock” on some of the ports.

I tried my best not to but I had to see what this reverse shell was, a quick LS to see what was in the folder led me to another flag. 20 points down!

There was not much access outside of that, it looks like we were locked into /root/blackhole. Maybe we can revisit this later.

Port 21

So that marks off 2 ports, let’s check out port 21. If we check out our nMap scan, we can see that anonymous FTP is allowed and the scan shows a Flag living in the FTP directory. Let’s connect and see what that flag says!

In order to download the flag we need to use the get command.

ftp 192.168.56.107
username: anonymous
password: blank
get FLAG.txt

Port 9090

So lets go see what is on port 9090, once we get to the site, we see that there is a gigantic flag on the page. That was kinda easy?

We do get a login page though maybe after we figure out some creds, we can use it to see what access we can get.

Back to Port 80

So earlier we found a few juicy things in the robots.txt file but let’s see what else was found during our nMap scan.

Interesting, there is a folder called passwords, that seems too good to be true…

5 flags down! 80 Points to go. Lets see if there is anything in the passwords.html. At face value there isn’t anything on the site but if we look at the source, we can see that there is a password in the comments.

Let’s go check out those cgi-bin directories.

If you remember back to our earlier scan, there were 2 files in our robots.txt file that the owner was trying to hide. These two files were root_shell.cgi and tracertool.cgi. The root shell sounds fun lets check that one out first.

Turns out that was a DEAD END

Let’s check out the tracertool script. It looks like we can enter an IP address and it will show the results below the text box. I wonder if we can enter in other commands. Sadly we cannot. It just goes to a white screen.

But could we try to send multiple commands in case it is filtering? Let’s try listing the contents of “/”

Ok so this has potential, we have a password for a user (winter) but we dont have any users yet. All of the users on a linux machine are saved in the passwd file. More info on the passwd file here: https://linux.die.net/man/5/passwd

Instead, lets try to use the tail command since any users are going to be at the end of the file anyway.

So what services do we have that can login?

Now that we have some users to try and a possible password to try, we need to figure out where that password is used. The following ports have services that allow login: Port 9090(cockpit), Port 21 (ftp), Port 22 (ssh), Port 2222 (ssh).

I was going to start with the 9090 page but there isn’t any submit buttons so thats a No Go

Lets try FTP — no luck, the login failed

Lets try SSH on port 22 — ssh

How about SSH on port 22222?

ssh -p 22222 Summer@192.168.56.107

That looks like it works! Another Flag Found!

Now that we have ssh access to a limited user, lets see what kind of other files we have access to.

That journal.txt.zip and Safe_password.jpg looks tasty. Let’s download those to our local machine.

scp Safe_Password.jpg zodiak@192.168.56.106:/home/zodiak/Desktop

Once the file is on our local machine let’s see if we can open them. If open the photo it is just a picture of Rick but there has to be more, lets check the exif data with a tool called strings.

After we run the file through strings we see a password for the journal called Meeseek.

So lets take a look at this journal. Unzipping it gets us another flag. 20 points!

50 Points left

Rick had some files in his home directory and the notes from the last flag mentioned that the safe pin is 131333, time to dig in.

To test the file, I downloaded the script to my local machine and added the execute permission so I could run it. When I ran it I got a message that I needed to use command line arguments so I ran it with the pin from the last flag and below is what was printed on the screen.

So now we need to figure out how to get Ricks password. The password has 1 uppercase, 1 digit and 1 of the words of his old band name. (The Flesh Curtains). To do this we are going to use a tool called crunch (https://www.kali.org/tools/crunch/).

crunch 7 7 -t ,%flesh > flesh.wordlist
crunch 10 10 -t ,%curtains >curtain.wordlist

This will create a text file that has all of the possible combinations for the two different words flesh and curtains.

Now it’s time to use hydra in order to try to access the machine as an elevated user. I ran Hydra and didn’t get access. hmmmm

Lets try capitals this time

crunch 7 7 -t ,%Flesh > Flesh.wordlist
crunch 10 10 -t ,%Curtains >Curtain.wordlist

It looks like we have a password!

Lets login to the box as RickSanchez and the password P7Curtains

Once we are in, lets become a super user (note the last clue told us to sudo)

And there we have it, the final flag!

I always look for different ways to keep my students entertained and engaged with the content. These are 3 activities that I keep going back to year after year to help my students understand my content and engage at the higher levels of Bloom’s Taxonomy.

Present EVERYTHING

Over my tenure working in Informational Technology and Cybersecurity, I have been asked, almost on a weekly basis to present some type of information either to a board, to a group of teachers, or to community members. In an effort to get my students more comfortable with presenting in front of groups, we present a TON in the classroom. From weekly current events to choosing the best way to solve a technology problem I am constantly having students in the front of the class creating presentations to share and teach others about their topic and share their thoughts. I have also started to organize community engagement sessions for cyber security.

Playing Magic the Gathering and other board games

I have gone down the rabbit hole of playing “no screen” games in the classroom because of the tremendous growth I have seen over the last few years. The soft skills that we need in the workforce cannot be trained out of a textbook, they need to be hands-on and games like Magic allow us to do just that! A few good articles that I have found are:

The effectiveness of intervention with board games: a systematic review | BioPsychoSocial Medicine | Full Text (biomedcentral.com)

ERIC — EJ964264 — Using Games to Support the Curriculum: Getting Teachers on “Board”, Knowledge Quest, 2011

Board games for kids: Do they have educational benefits? (parentingscience.com)

For cyber security teachers out there, check out “Backdoors and Breeches”. BandB is a Dungeons and Dragons-like card game where students can role-play what they would do in different cyber security situations. https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/

Capture The Flag Competition & Murder Mysteries

Continuing on with our “gamification” idea, CTFs or “capture the flag” competitions are used HEAVILY in the cyber security world to find bugs and also to test critical thinking skills. During these CTFs you have a myriad of challenges that range from finding OSINT (publically available data), hacking into devices, or simple programming exercises. There are varying levels of challenges and they all revolve around finding the answer or the “Flag”. Students have the opportunity to win $ or even get their college paid for. One website that I keep an eye on is https://ctftime.org/. This website is the home of all things CTF and lists events that are upcoming as well as results from previous events. Two of the CTFs that we participate in every year is NCL or National Cyber League https://nationalcyberleague.org/ as well as Picoctf https://picoctf.org/ .

If you would like to practice your CTF skills check out the following sites:

https://overthewire.org/wargames/

https://ctflearn.com/

Who doesn’t love a little bit of cross-collaboration?

Over the last 2 years, I have been working with the criminal justice class to compete in a murder mystery lesson in which we mix up students from different classes and they work together to solve a mystery. We have all of the clues loaded into our own CTF platform (https://docs.ctfd.io/). I purchased all of the cases from Target and Amazon during black Friday and I can’t recommend a better activity to get the students thinking critically and having fun!

Here is an example of one of the case files that we do: https://amzn.to/3FBVzWK

At the end of the day, our goal is to help our students get employed in whatever career they choose. Soft skills and critical thinking are key skills that help our students stand out when they enter their careers and these off-the-wall activities have helped my students do just that.

About a year ago, I was introduced to the world of Magic the Gathering from my juniors. When I first saw them playing, I brushed it off as just another card game, but there was something about it that kept my interest. I sat back as an observer for a few weeks and as they were playing, I noticed that there was so much alignment with my curriculum, so I jumped in headfirst, and I haven’t looked back since. In this series I take a deep dive into what I have learned over the last few years being a learner and teacher of Magic The Gathering.

What is Magic The Gathering (MTG)?

MTG is a card game that originated in the 90’s in which you take on the role of a wizard who can travel between different planes (aka “Planeswalker”) and fight other players by casting spells, using artifacts, and summoning creatures. Because of the age of the game there are thousands of cards and millions of decks that can be built and a rulebook that is over 250 pages long! Traditionally the game was based around a 60-card deck but today the “Commander” format is much more popular.

There are 5 main colors of cards that are used and require that color of mana to play the cards. Below you can see the color wheel that explains the different themes of the mana colors of the cards. Rem D’Ambrosio mentions in his article “Running a MagiKids Group for Kids with ASD” that this is where he starts when new players are first starting. Learning a mono color first and then adding in other colors as you go.

What have we learned so far?

Over the next few articles, I want to take a deep dive into the different lessons that we have learned so far and how they have benefitted my classroom. The biggest benefit that I have seen so far, in the career tech classroom, is the strong community that has been built from having a common interest. I teach cyber security and my students come from our different feeder schools. Leaving behind all of their friends to come to a new environment with a new set of students is intimidating. By finding a common interest I have seen friendships built that I believe will last much longer than the two years that my students spend with me.

Other topics we will be exploring-

• Critical Thinking
• Strategy
• Communication
• Reading Comprehension
• Lower Screen Time
• Mental Health
• Business
• Competition
• Teamwork
• and Conflict Resolution

But what if kids can’t afford cards?

Early on, I noticed that students were bringing in spare decks for others to use so I purchased a few preconstructed decks to be used in the classroom. That was great but students wanted to build their own decks to use or make upgrades to the classroom decks. I searched around the internet and found Magikids which collects cards that otherwise would be tossed and sends them to schools like mine for students to use and be creative. If you want to check out Magikids head over to their website www.magikids.org.

Sources for more information

• Magic: The Gathering — Wikipedia
• MagiKids by Weirdcards — The Official Website of MagiKids
• Color — MTG Wiki (fandom.com)