Friday, October 31, 2014

Intro to Modern Crypto - 10/31/2014 Meeting


This meeting will briefly cover classical ciphers before moving on to topics in modern crypto including symmetric and asymmetric encryption, block and stream ciphers, and hashes.

As usual, there will be hands-on challenges so bring your laptop and install Python 2.7 if you haven’t already!

WHERE: DCC 318
WHEN: 5pm Friday, October 31st

Drsc sc dro psbcd cdoz

d2VsbCBkb25l

R aqlxnv wijhgi cwo

Friday, October 24, 2014

2nd place in CyberSEED CTF

This past week a bunch of RPISEC members traveled down to UCONN to attend the CyberSEED 2014 Conference and compete in some of the competitions they had going on in parallel.






We registered one team for each of the two competitions that were going on at CyberSEED 2014. Both teams did an awesome job with the four person RPISEC team playing in the web/networking based CTF placing 2nd overall, and the four person team playing in the binary exploitation competition was the 2nd team to successfully complete all the challenges. Both teams won some cash in their respective competitions and walked away with Samsung Galaxy Tab 4's.

It was a blast to compete and touch base with a number of friends from different schools from all across the country. We're looking forward to competing again next year!


OpenBSD Talk - 10/24/2014 Meeting



This evening at 5PM in DCC 318, PhD student Brian Callahan will be talking to us about OpenBSD.


The skills learned at RPISEC, oriented towards active hacking, also have practical applications in defensive programming and security. This talk introduces OpenBSD, the proactively secure Unix-like operating system. We will explore OpenBSD's nearly two decades of rich history pioneering security mitigation techniques, providing proactive security programs for the entire computing ecosystem, and embracing its “hostile” environment aimed at finding and fixing bugs of all sizes as quickly and efficiently as possible: attributes that have culminated in OpenBSD being universally recognized as the security-conscious OS and pushing forward security in all operating systems. It will become clear that we all rely on—and directly use—OpenBSD code in all our devices everyday for security and safe programming. If you are looking for an environment to really make sure your code is written and run with security in mind, this is the talk for you!

There is a virtual machine set up with OpenBSD so you can follow along. The file is 2.7GB and is available for download here:

security.cs.rpi.edu/~whitej12/OpenBSDRPISEC.ova

Import this file into Virtual Box or VMWare. If you get an error while running it, disable USB 2.0 support. To do so, go to settings->ports->uncheck USB 2.0. The login:password to the virtual machine is rpisec:rpisec.

See you tonight!

Friday, October 17, 2014

Basic Binary Exploitation - 10/17/2014 Meeting



This meeting will cover the basics of memory corruption, stack smashing, and how this can be leveraged to take control of various applications and systems. Binary exploitation is the epitome of hacking at the most technical level, the material covered will serve as an intro to the world of pwning.


For this meeting we’ll be using an SSH client to connect into a server hosting the challenges. If you’re on windows I would suggest downloading PuTTY for an SSH client, if you’re using linux you most likely already have one.

WHERE: DCC 318
WHEN: 5pm Friday, October 17th

Bring your laptop & chargers!

Friday, October 10, 2014

File Carving & Digital Forensics - 10/10/2014 Meeting

Tonight’s meeting will revolve around digital forensics & file carving. The material we’ll be covering is similar to some challenges we’ve encountered in the misc categories of various CTFs.


The meeting will be a practical introduction to extracting hidden data from files. We’ll cover common tools used to discover and read information, basic scripting patterns for reading files, and how to go about solving a variety of practice problems from previous competitions.

WHERE: DCC 318
WHEN: 5pm Friday, October 10th


Bring your laptop & chargers!

Meeting notes & materials:
http://ark.rpis.ec/Meetings/10-10-2014_File_Carving_and_Digital_Forensics/

Friday, October 3, 2014

Building Security Resumes - 10/3/2014 Meeting

Its time to apply for internships & jobs!
Tonight will be an engaging talk by Jeremy White on building a solid security resume and an overview of the security job landscape. At the end of the talk we will do a question and answer from senior members about their experiences on internships, interviews, and more.

The meeting will be in the usual room and time, DCC 318 5PM-7PM.

Update:
For those that missed it, here's our presentation from tonight -
http://ark.rpis.ec/Meetings/10-03-2014_SecurityResumes/10-3-2013-KickassSecurityResumes.pptx