addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupsimageimagesinstagramlinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1outlookpersonJoin Group on CardStartprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

Learning to Hack for Fun (How malicious hacking works & how to stay safe)

Be careful—while you were reading this, I was stealing your cookies! Just kidding. But was I?

Do you have to be scared of things like that? What about XSS or XSRF attacks? How do they work? Are you vulnerable when you're browsing the web at Starbucks? Are your websites making your users vulnerable to being attacked?

Unless you actually learn how these attacks work, it's easy to be a little spooked. Sometimes caution is advisable, but sometimes we worry needlessly. The best way to know which threats are worth worrying about is to actually try out these attacks ourselves. By seeing exactly how common hacks work, we'll learn the best way to protect ourselves and our users. Hopefully we'll also learn a little bit about how malicious hackers think, which is the best way to protect ourselves. Don't worry: nothing we do will be illegal, nor will any of it cause anyone's person or property any harm.

We'll start out the class by learning about the most common means of malicious hacking: social engineering. (Sometimes, the best way to gain access to restricted systems is to look under someone's keyboard, where they've written down all their passwords.)

Then, for the majority of the class, we'll learn about some more sensational ways that malicious hackers do their dirty work. We'll actually try out these hacks for ourselves, either against each other (if we're comfortable with each other), or against the instructor, who will have throw-away websites and a computer ready for it. We'll try these hacks by hand, and we'll also download some tools that allow them to be carried out more easily. These are some of the things we may try out:

• Stealing cookies 

• Snooping on network traffic

• Cross-site scripting attacks (XSS)

• Old-school lock-picking?

• And maybe more! 


Familiarity with the following will help:

• The command line

• HTML and JavaScript

• Basic knowledge of how servers and clients/browsers interact (HTTP!)

You can use any operating system (Windows, OSX, Linux). We'll be using a few Google Chrome extensions, so you'll need to have that installed. We may also use a Firefox extension, so please have that installed, also.


Chad Ostrowski has never maliciously hacked anyone, nor does he want to. He doesn't even look at people's hands when they're typing in passwords, for fear that he might accidentally identify their keystrokes. He enjoys music, literature, exploration, and West Philly. He works at PipelineDeals and blogs at

Join or login to comment.

  • Dave D.

    Chad stood up a site for the class which really helped to demonstrate the concepts. He did a great job of explaining the landmines or traps that developers need to be aware of.

    April 22, 2014

  • Sarah G.

    I am bummed that I missed this too! I got caught in traffic on a long road trip back to Philly. Chad, will you be offering this class again?

    April 15, 2014

    • Chad O.

      Probably! No definite plans and no date yet, but the first one went well and I think I could make the next one go better!

      April 15, 2014

  • Elizabeth F.

    Man, bummed that I missed this class. :(

    1 · April 15, 2014

  • Chad O.

    Let's see if Meetup properly scrapes script tags out of these comments! <script>alert('I steal cookies!')</script>

    April 15, 2014

    • Chad O.

      Good work, Meetup.

      April 15, 2014

  • Carol C.

    Chad was a great instructor!

    April 14, 2014

  • A former member
    A former member

    I really liked it...I just wish there were less audience questions and more activities to do. But it was really fun!

    1 · April 14, 2014

  • Elizabeth F.

    Hi, My status on this meeting has been changed to Not Going twice. What gives? I wanna go!

    March 31, 2014

    • Elizabeth F.

      I'll tots pay- I just never got the email. Can you send again to my account? Thx!

      March 31, 2014

    • Elizabeth F.

      Nvrmind- got it- see you all there!

      2 · March 31, 2014

  • Christine

    Which Google Chrome or Firefox extensions need to be installed?

    March 25, 2014

    • Chad O.

      I'm figuring that out, still. :-) I'll send out a message to y'all letting you know within a week of the class.

      March 26, 2014

20 went

Your organizer's refund policy for Learning to Hack for Fun (How malicious hacking works & how to stay safe)

Refunds are not offered for this Meetup.

Our Sponsors

  • FIS

    FIS is a "Women in Tech Hero” and major supporter of GDI Philly.

  • inMotion Hosting

    55% off annual hosting plans for websites and WordPress blogs.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy