Since beginning my cybersecurity program, I've been looking for a good starter project to dip my toes into the field. To understand how to protect a computer system I figured I have to learn how to attack a system in the first place. The goal of this project was to learn how to go about exploiting a system in a natural non-contrived way. What I mean by natural and non-contrived is that the project is not prearranged with a specific path to take. School assignments, tutorials and similar exercises are examples of this. Although this approach is helpful for teaching skills and I of course leverage this type of learning (even within this project), I wanted to try something more open ended that I could take in any direction I wished, solve problems as they arose, and without training wheels so to speak.
Cybersecurity is a wide and deep field and finding a starter project was difficult in that there are so many places to start. So I decided to start with what seemed to be the simplest type of attack, distributed denial of service (DDoS). Is DDoS the simplest? In hindsight no, but being new to the field this seemed like an easy place to start since the concept is simple. The basic idea is to spam a target server with as many requests as possible to reduce its availability to respond to legitimate requests to 0.