Educational Playtime: Penetration Testing Sandboxes

Cybersecurity is not an easy field to get into. The hours of training and prerequisite knowledge needed for one to fully participate in such an environment are daunting and often prohibitive of newcomers in the field. Despite being present for decades, the topic has seen some of the most rapid expansion and shift in scope of any technical field in history. While there is no shortage of resources detailing the ins and outs of all types of cyber-security, they are often locked behind thousands of dollars’ worth of classes and training. With the help of the internet, however, many firms around the world have begun sharing their experience through free, online “sandbox” systems that allow an aspiring hacker or cybersecurity developer to hone their skills.
One well-known example of this type of free-to-play sandbox is run by microcorruption.com, a website dedicated to teaching the basics of embedded software security. By giving the user a virtual disassembler to analyze embedded assembly code reverse-engineered from a mock target, the user gets to follow the entire process of cracking the password to a “warehouse” located somewhere in the world. The challenges are by no means easy, increasing in difficulty as the user proceeds through the levels, however they aren’t impossible either – every level has a way forward, it’s just up to the user to find their way through.
In line with our dedication to bring awareness to the need for cybersecurity in connected and autonomous vehicles, Trillium is developing an online remote penetration testing module specifically designed to introduce users to the basics of automotive security. By guiding the user through the process of discovering and exploiting vulnerabilities in an imaginary vehicle’s telematics unit and putting them in contact with the vehicle’s CAN bus, visitors will have the opportunity to see the security needs at every level in connected vehicle communications. By bringing the user to a terminal in contact with a real-life Trillium BrainBOX hardware module, the highest-quality user experience is achieved, along with a peek into the profound protection provided by Trillium’s SecureGO IVN security.
Community-driven, free-to-use educational platforms such as those listed above are the manifestation of what cybersecurity is all about – preparing the world to be safer and more secure for everyone. Without a culture of security by design emphasized at every level of society, humanity sees no greater threat to the connectivity-driven future than cyber-crime.