UBI COHORT 1.0 · ETHICAL HACKING TRACK
Internship Programme

A multi-stage ethical hacking internship — real scenarios, real deliverables, real citations. Each stage builds on the last: from SOC foundations and incident analysis through to advanced offensive techniques. Every report written for a non-technical decision-maker. Every claim tied to evidence.

VIEW STAGES ↓
STAGES
TrackProgress
00
✓ COMPLETE FOUNDATIONS SOC ANALYSIS INCIDENT RESPONSE ETHICS
Stage 0 — Foundations: Induction at the Gate
Sankofa Digital SOC breach scenario. Identified threat actor "The Griot" via decoded payloads, mapped a 9-alert dismissal pattern, cross-referenced a staff roster to confirm insider-assisted access, and delivered a 4-document report to a simulated Incident Committee. 10 desk tasks covering shell, hashing, encoding, log triage, and ethics.
VIEW STAGE ↓
Submitted Jun 1, 2026
01
✓ COMPLETE APPLIED CRYPTOGRAPHY JWT AUDITING CIPHER ANALYSIS CONTROLS DESIGN
Stage 1 — Applied Cryptography: Ciphers & Secrets
Cryptographic audit of a staging-server drop left behind by "The Griot". Decrypted an AES-CBC ciphertext, identified and broke a classical cipher, audited three session JWTs for signature/lifecycle/privilege flaws, peeled a three-layer encoded reconnaissance memo, and delivered a 6-document post-mortem and controls package to a simulated security board.
VIEW STAGE ↓
Submitted Jun 8, 2026
02
COMING SOON
Stage 2 — Not Yet Started
Details will be published when this stage is submitted and cleared for release.
LOCKED
03
COMING SOON
Stage 3 — Not Yet Started
Details will be published when this stage is submitted and cleared for release.
LOCKED
04
COMING SOON
Stage 4 — Not Yet Started
Details will be published when this stage is submitted and cleared for release.
LOCKED
2
Stages Completed
10
Documents Delivered
9
Alerts Mapped
16
Desk Tasks Done
STAGE 0
Foundations — Induction at the Gate
Sankofa Digital · SOC Incident Analysis · Submitted Jun 1, 2026
KEY FINDINGS
Threat Actor
The Griot
Named from decoded Base64 payload: "The Griot is already inside the walls."
Entry Point
185.220.101.9
External IP used to authenticate as o.adegoke while he was on annual leave Jun 3–7.
Dismissal Pattern
9 Alerts Closed
11 of 16 Q2 tickets closed by a single analyst — the same account that was flagged — with no peer review.
Post-Offboarding Account
a.eze Still Active
Account offboarded Apr 12 still appearing in auth logs Jun 3–5. Never purged.
DELIVERABLES
D1
Suspicious Login Evidence Table
10-row evidence table mapping every suspicious event to file, timestamp, source IP, and confidence rating. Each row cites ≥2 evidence sources. Covers initial login, repeat session, post-offboarding activity, and decoded threat actor name.
↓ DOWNLOAD
D2
Tier-1 Dismissal Pattern Analysis
Full analysis of how 9 alerts were closed across SD-40812 through SD-40866. Per-ticket breakdown of what was raised, what was missed, and the conflict of interest. Dual-signature policy recommended.
↓ DOWNLOAD
D3
Business Impact & Next Steps
Board-level headline finding, attacker profile with MITRE ATT&CK mapping, NDPA obligations, and three 72-hour action boxes with owners and deadlines. Full evidence appendix included.
↓ DOWNLOAD
D4
Judgment Essay
Ethics call under ISC2 Code of Ethics Canon I (Protect Society) and Canon II (Act Honorably), with exact escalation order. Open-ended SIEM alert scenario referencing D1 rows directly, including a handover note draft.
↓ DOWNLOAD
STAGE 1
Applied Cryptography — Ciphers & Secrets
Sankofa Digital · Cryptographic Audit & Controls Review · Submitted Jun 8, 2026
KEY FINDINGS
AES-CBC Ciphertext
Decrypted Target Name
Key and IV left in the same staging config as the ciphertext — recovered the plaintext naming the attacker's intended target.
Classical Cipher
ROT13 — "The Griot Is Already Inside"
Identified by alphabet-only structure and word-pattern frequency; decoded note shows the actor was aware of Tunde's investigation.
JWT Audit
3 for 3 — All Tokens Flawed
alg:none signature bypass, missing-exp indefinite sessions, and a privileged admin claim issued for an offboarded account.
Three-Layer Recon Memo
Next Targets Named
Base64 → ROT13 → Atbash peel revealed a staged reconnaissance plan against three internal systems, including a legacy app that should have been decommissioned in 2024.
DELIVERABLES
01
Decryption Walkthrough
AES-CBC ciphertext, key/IV, CyberChef recipe, recovered plaintext, and a two-sentence note on why ECB mode would have leaked structure that CBC did not.
↓ DOWNLOAD
02
Classical Cipher Analysis
Cipher identification reasoning (frequency analysis + structural cues), the decoded plaintext, and what its timing reveals about the actor's awareness of the investigation.
↓ DOWNLOAD
03
JWT Audit
Per-token breakdown of header, payload, and signature for three session tokens — one red flag per token, mapped to RFC 7519 and NIST SP 800-53.
↓ DOWNLOAD
04
Hash vs. Encryption Memo
300-word brief for a non-technical manager on when to hash and when to encrypt, illustrated with the attacker's own cryptographic mistakes.
↓ DOWNLOAD
05
Cryptographic Controls Proposal
Five concrete controls for a small team on a tight budget — each mapped to at least two observed failures, with one-line justifications, rough costs, and rollout order.
↓ DOWNLOAD
06
Three-Layer Encoding Analysis
Full peel of the Base64 → ROT13 → Atbash reconnaissance memo with every intermediate output shown, plus a MITRE ATT&CK mapping of the planned next-phase targets.
↓ DOWNLOAD