Skip to main content

The Weekend 227 People in Ilorin Learned to Think Like Attackers

HacKwara Team

392 applied. 227 got in. Over three days at Ilorin Innovation Hub, our community cracked hashes, broke into a fake bank, and found out how much of the internet is hiding in plain sight. This is how it went.

Cover image for The Weekend 227 People in Ilorin Learned to Think Like Attackers

We thought a hundred people might apply.

Three hundred and ninety-two did.

That was the first sign that something was off — in a good way — about the state of cybersecurity in Kwara. Not off in the sense of broken, but off in the sense that there was a hunger here nobody had been feeding. Plenty of developers and students in Ilorin can tell you what SQL injection is. Almost none of them had ever done it. That gap — between knowing the word and doing the thing — was the whole reason this bootcamp existed.

Participants settling in as the bootcamp kicks off on Day 1

We couldn’t take everyone. Hands-on labs stop being hands-on when there are 400 people in the room, so we vetted the list and brought in 227 participants — computer science students, developers who wanted to write safer code, and a handful of people who already knew they wanted to break things for a living. On May 6th, at Ilorin Innovation Hub, with CcHub and IIH backing us on the venue, power, and logistics, we started.

Day One: learning to see

Mahmud opened by telling everyone what HacKwara actually is — not a course, a community. Michelle Uba welcomed the room on behalf of CcHub and IIH. And then Bello Ridwan Olayinka got up and started pulling the internet apart.

He walked the room through the fundamentals — threat landscapes, the Linux command line, the mental furniture you need before any of the fun stuff makes sense. Omolewa Samuel followed with networking: TCP/IP, DNS, HTTP versus HTTPS. Dry on paper. But the point wasn’t the acronyms — it was getting everyone to see the internet as a series of conversations that can be listened to, interrupted, and rewritten.

Then Ridwan did the thing that changed the temperature in the room.

He ran John the Ripper against a set of password hashes, live, and cracked them in front of everyone. You could feel the shift — the abstract idea that “weak passwords are bad” became a stopwatch and a screen full of plaintext. That’s the moment a lot of people in that room stopped being students of security and started being practitioners.

Bello Ridwan Olayinka running the live John the Ripper demo

Omolewa closed the day by handing everyone the keys to keep going on their own: Burp Suite, the OWASP Top 10, and PortSwigger’s free Web Security Academy — so nobody had to wait for us to keep learning.

Day Two: breaking things on purpose

After Olawore Hikmah recapped the ground already covered, Feranmi Adekunle took the group into the offensive stuff — SQL injection, cross-site scripting, and asset discovery with Nmap. Omolewa then set everyone loose on Vulnbank, a deliberately broken banking application, and let the room do what you can’t do on a real target: attack it, freely, and watch it fall over.

But the demo people kept talking about afterward was Salati Salis and Google Dorking.

He showed the room how a few carefully built search queries can surface sensitive files, exposed panels, and forgotten documents sitting wide open on the public internet — and then, crucially, how to report what you find so organisations can close the hole. One participant put it better than we could:

“It’s amazing how much information can be gathered online without knowing it’s there.”

That sentence is the entire bootcamp in one line.

Hands-on lab session in progress

Day Three: the mindset, and the map

The last day was about zooming out.

Feranmi opened with the Cyber Kill Chain and the uncomfortable near-future of AI in security — showing, live, how attackers now use AI to build phishing lures and deepfakes convincing enough to fool people you’d expect to know better. Then Abidakun Samuel delivered the talk that gave the day its spine: “Beyond the Tools: Developing the Attacker’s Mindset.” Because the tools change. The way of thinking doesn’t.

And then we did the thing too many bootcamps skip: we told people where to go next. Mahmud Muhammad laid out real career roadmaps — Red Team, Blue Team, GRC — so “cybersecurity” stopped being one vague job and became a set of doors. Bello Ridwan Olayinka showed everyone how to build a home lab with VirtualBox and Kali, so the learning didn’t have to end when they left the building. Muhydeen Abdulsalam broke down how to actually start in bug bounty — how to earn from this.

Did it stick?

Here’s the honest measure. It’s easy to fill a room for a free event on day one. Day three is the truth test.

64% of the people who showed up on Day 1 came back for Day 3. More than 60% completed all three days. For a free, intensive, multi-day technical bootcamp — where nobody would blame a tired student for not returning — that retention is the number we’re proudest of. People didn’t stay out of obligation. They stayed because the labs were working.

The feedback came back overwhelmingly 4 and 5 stars, and one line stuck with us:

“Instead of focusing only on theory, the facilitators explained core cybersecurity concepts with real-world demonstrations and hands-on examples.”

That was the assignment. That was the whole assignment.

What we’d do differently

We won’t pretend it was flawless. Three days was a lot of ground, and some of our absolute beginners told us — honestly — that it moved too fast for them in places. We heard it, and it’s shaping how we pace the next one. Carrying everyone along matters more to us than covering more slides.

The Day 3 group — participants and facilitators

This was day one of something longer

The bootcamp was never meant to be the event. It was meant to be the door.

Everyone who came through it has been invited into the HacKwara community, and we’re keeping the momentum with monthly virtual study groups built around TryHackMe and HackTheBox — so three intense days become an ongoing habit instead of a fading memory.

To Ilorin Innovation Hub and CcHub — thank you for making a real lab environment for over a hundred people possible. And to every facilitator who gave a weekend to teach for free — Bello Ridwan Olayinka, Omolewa Samuel, Olawore Hikmah, Feranmi Adekunle, Salati Salis, Abidakun Samuel, Mahmud Muhammad, and Muhydeen Abdulsalam — you’re the reason Kwara has 227 more people who can think like attackers, and defend like professionals.

We’re already planning the next one.

Want to partner with HacKwara, or join the community? Reach out — we’re just getting started.