Wednesday, December 3, 2014

Movie Night - 12/05/2014 Meeting

As everyone is racing to close out final projects and transition into study mode for finals, we’ll be keeping our meeting simple this week by doing a movie night. We’ll be watching the classic hacker movie Sneakers which I’m sure a few of you have seen.

Please note that it will also be our last meeting of the semester! So if you need a break from the end of the semester stress, come hang out one last time and watch a movie with us (:



WHERE: DCC 318
WHEN: 5pm Friday, December 5th

See you Friday!

Thursday, November 27, 2014

Thanksgiving Break - 11/28/2014 Meeting

No meeting this week because of Thanksgiving Break. Eat good food and enjoy the holidays!

Thursday, November 20, 2014

Mini-CTF hosted by Raytheon - 11/21/2014 Meeting

Raytheon will be hosting our weekly meeting this Friday by putting on their own small security CTF right here at RPI for anyone to participate in.

There will be plenty of food and refreshments with the CTF running from 5-10pm. Raytheon has a lot of cool work related to computer security and they're always looking for interns and fulltime employees. Be sure to stick around and chat with the engineers if you're looking to land something.



Some of our members have interned with Raytheon, so feel free to chat with any of us about them anytime before or after the meeting otherwise.

WHERE: DCC 318 
WHEN: 5pm Friday, November 21st

Bring your laptop & chargers!

Wednesday, November 19, 2014

CSAW CTF 2014 Finals Results

This past weekend a bunch of us RPISEC members headed down to New York City to participate in NYU Poly's cyber security awareness week (CSAW) conference and competitions. RPISEC placed among the best undergraduate CTF teams of hundreds in CSAW's September 2014 qualifying event, moving us on to the finalist CTF event onsite at NYU Poly's campus in Brooklyn.

Four of our members competed in the CTF, while a handful of others came along to attend THREADS, participate in the DHS Homeland Security Quiz competition, and network with people from industry.

Our four person CTF team ended up placing 3rd behind PPP1 and PPP2 putting us on the pedestal for the first time in a few years. We also took 1st and 2nd in the DHS Security Quiz competition which is always a competition our club loves to compete in. Annually CSAW is the event we strive to do our best in and we were more than happy with this year's results. It couldn't have worked out much better for us.











RPISEC - CTF Team - 3rd Place:
Patrick Biernat
Sophia D'Antoine
Markus Gaasedelen
Austin Ralls

RPISEC1 - DHS Quiz Team - 1st Place:
Alex Bulazel
Ben Kaiser
Kibo Schaffer

RPISEC2 - DHS Quiz Team - 2nd Place:
Patrick Biernat
Sophia D'Antoine
Markus Gaasedelen
Austin Ralls

We'll be looking forward to CSAW 2015!

Friday, November 7, 2014

ARM Exploitation with Matasano Security - 11/7/2014 Meeting


This week’s meeting we will be having an alumni from Matasano Security dropping by to lead a talk on ARM Exploitation, the CPU architecture found in devices such as our phones, tablets, and Raspberry Pi’s. Jay Smith graduated from RPI in 2010 and has been working at Matasano Security out in NYC for a few years now.



We’ve sent some interns their way over the past few summers and they serve as an awesome sponsor to our club. Last time Matasano came to visit they provided food and some swag for the meeting, but I offer zero guarantees for tomorrow night.

WHERE: DCC 318
WHEN: 5pm Friday, November 7th

If this sounds interesting check this out too: https://www.defcon.org/images/defcon-18/dc-18-presentations/Avraham/DEFCON-18-Avraham-Modern%20ARM-Exploitation.pdf

Friday, October 31, 2014

Intro to Modern Crypto - 10/31/2014 Meeting


This meeting will briefly cover classical ciphers before moving on to topics in modern crypto including symmetric and asymmetric encryption, block and stream ciphers, and hashes.

As usual, there will be hands-on challenges so bring your laptop and install Python 2.7 if you haven’t already!

WHERE: DCC 318
WHEN: 5pm Friday, October 31st

Drsc sc dro psbcd cdoz

d2VsbCBkb25l

R aqlxnv wijhgi cwo

Friday, October 24, 2014

2nd place in CyberSEED CTF

This past week a bunch of RPISEC members traveled down to UCONN to attend the CyberSEED 2014 Conference and compete in some of the competitions they had going on in parallel.






We registered one team for each of the two competitions that were going on at CyberSEED 2014. Both teams did an awesome job with the four person RPISEC team playing in the web/networking based CTF placing 2nd overall, and the four person team playing in the binary exploitation competition was the 2nd team to successfully complete all the challenges. Both teams won some cash in their respective competitions and walked away with Samsung Galaxy Tab 4's.

It was a blast to compete and touch base with a number of friends from different schools from all across the country. We're looking forward to competing again next year!


OpenBSD Talk - 10/24/2014 Meeting



This evening at 5PM in DCC 318, PhD student Brian Callahan will be talking to us about OpenBSD.


The skills learned at RPISEC, oriented towards active hacking, also have practical applications in defensive programming and security. This talk introduces OpenBSD, the proactively secure Unix-like operating system. We will explore OpenBSD's nearly two decades of rich history pioneering security mitigation techniques, providing proactive security programs for the entire computing ecosystem, and embracing its “hostile” environment aimed at finding and fixing bugs of all sizes as quickly and efficiently as possible: attributes that have culminated in OpenBSD being universally recognized as the security-conscious OS and pushing forward security in all operating systems. It will become clear that we all rely on—and directly use—OpenBSD code in all our devices everyday for security and safe programming. If you are looking for an environment to really make sure your code is written and run with security in mind, this is the talk for you!

There is a virtual machine set up with OpenBSD so you can follow along. The file is 2.7GB and is available for download here:

security.cs.rpi.edu/~whitej12/OpenBSDRPISEC.ova

Import this file into Virtual Box or VMWare. If you get an error while running it, disable USB 2.0 support. To do so, go to settings->ports->uncheck USB 2.0. The login:password to the virtual machine is rpisec:rpisec.

See you tonight!

Friday, October 17, 2014

Basic Binary Exploitation - 10/17/2014 Meeting



This meeting will cover the basics of memory corruption, stack smashing, and how this can be leveraged to take control of various applications and systems. Binary exploitation is the epitome of hacking at the most technical level, the material covered will serve as an intro to the world of pwning.


For this meeting we’ll be using an SSH client to connect into a server hosting the challenges. If you’re on windows I would suggest downloading PuTTY for an SSH client, if you’re using linux you most likely already have one.

WHERE: DCC 318
WHEN: 5pm Friday, October 17th

Bring your laptop & chargers!

Friday, October 10, 2014

File Carving & Digital Forensics - 10/10/2014 Meeting

Tonight’s meeting will revolve around digital forensics & file carving. The material we’ll be covering is similar to some challenges we’ve encountered in the misc categories of various CTFs.


The meeting will be a practical introduction to extracting hidden data from files. We’ll cover common tools used to discover and read information, basic scripting patterns for reading files, and how to go about solving a variety of practice problems from previous competitions.

WHERE: DCC 318
WHEN: 5pm Friday, October 10th


Bring your laptop & chargers!

Meeting notes & materials:
http://ark.rpis.ec/Meetings/10-10-2014_File_Carving_and_Digital_Forensics/

Friday, October 3, 2014

Building Security Resumes - 10/3/2014 Meeting

Its time to apply for internships & jobs!
Tonight will be an engaging talk by Jeremy White on building a solid security resume and an overview of the security job landscape. At the end of the talk we will do a question and answer from senior members about their experiences on internships, interviews, and more.

The meeting will be in the usual room and time, DCC 318 5PM-7PM.

Update:
For those that missed it, here's our presentation from tonight -
http://ark.rpis.ec/Meetings/10-03-2014_SecurityResumes/10-3-2013-KickassSecurityResumes.pptx

Friday, September 26, 2014

Web Hacking 101 - 9/26/2014 Meeting

This Friday our meeting will cover the basics of Web hacking so you get a good intro on the basic vulnerabilities typically found in websites, and how to leverage them to your advantage so you can do fun stuff ;)


Please register an account on https://www.hackthissite.org/ before the meeting as we’ll be using this wargame to get you guys rolling. I don’t know how long account verification emails may take some people, so we’re sending this out now so you have some time to make an account. Feel free to start playing before the meeting if you’re feeling eager!

We’ll be back in our normal place this week!

WHEN: 5pm Friday, September 26th
WHERE: DCC 318 

As usual, bring a laptop and your charger!

Thursday, September 18, 2014

CSAW CTF 2014! - 9/19/2014 Meeting


This weekend is the qualification round for CSAW CTF 2014 (https://ctf.isis.poly.edu/) This is arguably our most important competition of the year and is also our first so there isn’t a better time to come try out a real CTF. You’ll get to test yourself against hundreds of other teams from around the world.


WE WILL NOT BE MEETING IN DCC ON FRIDAY!!
PLEASE NOTE THE DIFFERENT TIME & LOCATION FOR THIS EVENT!

WHEN: 5:30PM, Friday September 19th
WHERE: Sage Labs 4101

We will be playing right here from campus as the entire CTF is online. It starts 6PM Friday and lasts for 48 hours, ending Sunday at 6PM. We will provide the team login credentials at the event.

There will be at least a few of us that will be hacking through most of our waking hours this weekend, so we’d suggest getting lots of sleep and getting your work done prior to Friday/Saturday/Sunday if you plan to invest a lot of time in playing.

Bring your laptop & charger at the very least!

Friday, September 12, 2014

Fairgame Solutions & CTFs - 09/12/2014 Meeting

It's been about two weeks since we launched Fairgame CTF (http://fairgame.rpis.ec), and at the meeting this Friday we’ll go over some of those challenges you couldn't quite crack. Go to this link and vote on what challenges you want us to go over this Friday:


Fairgame should have given you a good idea what to expect from a typical CTF, and we’ll be playing in our first major CTF (CSAW Quals) for the year NEXT weekend! CTFs are a big part of what this club does, and the more of you that come hang out and hack with us, the better it’ll be.

Top 15 players of 175+

The meeting this week will be at the same time and place as the past few weeks.

WHERE: DCC 318
WHEN: 5-7pm Friday, September 12th

Friday, September 5, 2014

Intro to Reverse Engineering - 09/05/2014 Meeting

This week's meeting is in DCC 318 from 5PM-7PM on Friday September 5th.

Reverse engineering is the gateway to many things security oriented, this is every hackers' starter class. We will learn the basics of tools like debuggers and disassemblers and how to use those tools to defeat crackmes or any sort of closed source software. In essence, we are learning the basics of software cracking.

1) Virtual Box 4.3.12 :
https://www.virtualbox.org/wiki/Download_Old_Builds_4_3

2) Malware Analyst Virtual Machine: 
http://ark.rpis.ec/Meetings/09-05-2014_ReverseEngineering/MalwareAnalyst_1.ova
md5:500333e97649228e92b0187a468f2cfc 

(VM Only accessible on campus)

The second file is 12GB Virtual Machine. Give yourself plenty of time to download it. You will not be able to download it during the class. After downloading it, open Virtual Box, and go to File->Import Appliance. Now you're ready to crack software.

This Virtual Machine contains all of the software and challenges necessary for the class and will serve as a basis for several future classes too.

If you cannot download the file in time. We will be in DCC 318 at 4PM with USB drives that contain the Virtual Machine. We have only a few USB drives, so try to download it before the class. The class will begin at 5PM.

Hacking is not a spectator sport. Bring your laptop fully charged and ready to go!

Saturday, August 30, 2014

Fairgame CTF 2014

Fairgame CTF is an internal recruiting competition RPISEC has used in past years to pick up new members and find more people at the school who enjoy working through an array of different computer security challenges. It emulates a real jeopardy styled hacking competition that we find ourselves competing in year after year, and it will give you a good idea of some of the challenges this club comes face to face with in real competitions.

It's more casual and targeted at newcomers so we welcome anyone to signup and play! It will last for about two weeks! So dive in and see if you can solve anything.




Please note that Fairgame CTF is only accessible on the RPI campus for obvious reasons.

If you have any questions, comments, or need hints - hop on our IRC server and join the discussion!

Friday, August 29, 2014

First Meeting - 08/29/2014 Meeting

We will be having the first RPISEC meeting of the 2014-2015 school year tonight!

WHERE: DCC 318
WHEN: 5pm – 7pm, Friday, August 29, 2014

During the meeting we will introduce the club leadership and give a primer on the ridiculously fun stuff this club does. Directly following that we will introduce and play a few challenges from Fairgame CTF, a mini competition that RPISEC will be running for the next two weeks specifically to give you a small taste of hacking/security work.



Make sure your laptops are charged! You’ll need them to hop on Fairgame. We’ll do our best to bring power strips and distribute them around the room, but DCC is a pain for power routing.

Monday, August 25, 2014

New School Year, New Website

Hello and welcome to the 2014-2015 school year! We have some big plans for the club this year and are excited to get things rolling. While last year had its merits, we had no idea how to run a club as it was a first for all of us. There's better organization, bigger ambitions, and even more passion to make things work this year.

To kick things off we're launching a brand new website for the club, laying to rest our old pathetic site. The website is still a work in progress and will be further developed as the year goes on. With that in mind, let me be the first to welcome you to the new site!




Last year was a learning experience, this year will be an adventure. Onwards, to 2014-2015!

Thursday, May 1, 2014

Officer Elections, Movie Night - 05/01/2014 Meeting

Tonight is our last meeting of the semester! We're going to do officer elections and watch the movie WarGames, a classic hacker-esque movie. We will also announce our hacking-over-summer competition to keep you guys moving during the lazy days of summer. There will be prizes much, like the competition we hosted over December break!


As usual, we'll be in Amos Eaton 216 at 6PM

Thursday, April 24, 2014

Krypton Wargame - 04/24/2014 Meeting

Tonight we will be covering classical cryptography and cryptanalysis through the wargame Krypton on OverTheWire.


Besides that, it was great to see a bunch of you come play in PlaidCTF the other week! We placed 31st overall of 860+ teams that were playing from all around the world, and 6th in the US behind some other skilled teams (:

The meeting will be at 6PM in AE 216 as usual. See you tonight!

Thursday, April 10, 2014

Heartbleed & Plaid CTF - 04/10/2014 Meeting

This week we'll be taking a look at the Heartbleed OpenSSL bug that dropped a few days ago. It's a very simple bug, with some very scary ramifications. We'll give you a simplified technical overview of what went wrong, and how it is being used out in the wild. If you don't think this affects you, think again. I guarantee there will be some nervous laughs with what we have to show you.



Lastly, Plaid CTF is happening this weekend! It's a well-established annual CTF put on by PPP, Carnegie Mellon's security club / team. We'll talk a bit about it at the meeting and send out an email on Tonight, or Friday morning with more details. It's online, so RPISEC will be playing remotely. We encourage you to come hang out and hack away with us if you've got nothing better to do.

As usual, the meeting is 6PM Tonight (4/10/14) in Amos Eaton 216.

Thursday, March 27, 2014

Cheating at 2048 - 03/27/2014 Meeting

Tonight's meeting isn't super technical, but should be pretty fun. We'll be taking a closer look at the as of recent wildly popular game called 2048 (http://gabrielecirulli.github.io/2048/) and looking at the different ways we can cheat in it.



We'll also look at the online / multiplayer version (http://emils.github.io/2048-multiplayer/) and show you how you can take your hax online to own some real people. Whether you've beat it or not, you'll probably enjoy our antics.

All you'll need is a laptop with a web browser (preferably Chrome!)


See ya at 6PM, Amos Eaton 216

The RPISEC Blog

It seems weird that we didn't have a blog before this, but now we do! RPISEC is the Computer Security club at Rensselaer Polytechnic Institute. We're a 100% student run club that focuses primarily on anything and everything security. We strive to teach modern subjects of security ranging from binary exploitation, reverse engineering, web application security / pentesting, digital forensics, and even physical security such as lockpicking to any students or individuals willing to hang out and hack.

This blog will be used to maintain a public record of our weekly meetings subjects, club events, CTF writeups, or anything club related we feel appropriate to talk or blog about (;