Saturday, October 31, 2015

Cyber Seed Results

RPISEC had a great showing at Cyber seed last weekend, with two of our teams placing at the competition.

One of the teams that placed was the CTF team. They took second place just behind Knightsec. They did a great job and won RPISEC $7,500 as well as Amazon echo's for themselves.

They were also the first time to hack into the ATM at the competition, so they won a basketball signed by some of the players from UConn and some of the top executives from Comcast.

As you can see, we were thrilled to win the ball.

Our next team to place was our Internet of Things team. The teams on the IoT challenge were given around a month to audit some device that connected to the internet. Our team decided to do an audit of the Piper Home Security camera. They were able to find a couple of bugs in API that would cause the system to use http instead of https.

We got 1st place! RPISEC won another $10,000 and each member of the team was given an Apple Watch.

That means that RPISEC came home with a total of $17,500!

We had a great time at UConn. We're very proud of our success and can't wait to see what the future holds for RPISEC. Here are some more pictures of the event.

Tuesday, October 27, 2015

Cyber Seed

RPISEC is heading to UConn this Thursday for CyberSEED! This competition is being hosted by Comcast and will include a CTF, Internet of Things Challenge, and a Social Engineering Challenge. There will be 30 other schools as well as over 300 participants, so competition is going to be fierce. But you know what is exciting? Each event has a top prize of $10,000! So wish our participants the best of luck and go RPISEC!

Wednesday, March 18, 2015

Movie Night - 03/20/2015 Meeting

As a lot of people have already left for break, we’ll be having a pretty low key movie night for our meeting this week!

Many of you probably saw the Matrix a long time ago and thought of it as an awesome action movie, but let’s be honest, it’s actually a hacker film. We’ll be back in the DCC as usual.

WHEN: Friday 5pm, March 20th

Otherwise, keep in mind there’s an interesting security talk ( happening right before our movie night (from 4pm-5pm) in the Library’s Fishbach room. If you walk past the front desk in the library and turn left, you’ll find the room somewhere down there.

Many of us will be there, and we encourage you to drop by if you have nothing else going on at the time!

Friday, March 13, 2015

BlueDrop: Intro to Microcontrollers and Hardware Hacking - 03/13/2015 Meeting

At tonight's meeting, Daniel Fitzgerald and John Drogo will give a talk on the basics of microcontrollers, teach you how to use them in your projects, talk about some cool hardware hacks, and most importantly teach you how to crack them! The meeting will be based around Fitz's BlueDrop project, a remote deployed bluetooth message drop system, inspired from the movie "Blackhat".

The Embedded Hardware Club will be providing some MSP430s for you to practice on. However, it is recommended that you download mspdebug and the naken_assmbler before you come so you can follow along.   (Available in apt-get, yum and MacPorts.)

For installing on Windows go to this website and follow the instructions for compiling MSDebug:

Important note: we're in Sage 3101 this week! See you there.

WHEN: Friday 5pm, March 13th
WHERE: Sage 3101 (Genericon is in the DCC)

Thursday, March 5, 2015

Guest Speaker: Jeff Foley - 03/06/2015 Meeting

Tonight's meeting will begin with a brief guest talk by Jeff Foley from Alion Science and Technology. He will be talking about the security team he is growing, and he is actively seeking interns and full-time employees. Before Alion Science and Technology, Jeff helped create and lead a security team at the defense contractor Northrop Grumman.

After our industry guest, Alex Bulazel will give an introduction to malware analysis. We'll look at common malware behavior and learn the basics of malware analysis. Learn how malware gets on your system, establishes itself there, evades analysis, and other things it can do. There will be some hands-on work, please come prepared with your WinXP VM.

WHEN: Friday 5pm, February 20th

Tuesday, March 3, 2015

ISTS12 Results

This past weekend, RPISEC sent one team of five members to compete in the 12th Information Security Talent Search as organized and hosted by Rochester Institute of Technology's Security Practices and Research Student Association.

The computer security competition is known for being an 'attack-defend' styled hacking competition. At the start, blue teams are each given a number of vulnerable servers that they must lock down and attempt to keep services up (such as HTTP, DNS, SMTP, SSH, etc) while being attacked throughout the competition by a dedicated red team or even other blue teams. Maintaing service uptime, attacking other teams, and completing various forensics, reverse engineering, and crypto challenges all factor in to the final score calculation.

The team RPISEC sent this year ultimately ended up taking 1st place in the competition playing as 'Team 8'. This year the team consisted of Branden Clark '16, Patrick Biernat '16, Austin Ralls '17, Sophia D'Antoine '15, and Markus Gaasedelen '15. RPISEC placed 1st both at ISTS12 and ISTS11 (last year), and a few other times in years previous.

The opening talk and keynote as given Friday night @ RIT.

Saturday morning, not too long before the the kickoff of ISTS12.

Saturday afternoon, in the heat of competition. Day one was carnage, but filled with fun.

Some of the over night challenges we took a peek at Saturday-Sunday included punchcards, and zipdrives. No pictures of the goofy zipdrives, sorry ):

The start of day two, Sunday morning. 

Day two RPISEC had to spin the wheel of 'misfortune' along with the rest of the teams competing. We were blessed with karaoke, and managed to string along the red team in a beautiful rendition of 'One Thousand Miles' by Vanessa Carlton. It was more than worth it (:

White team wrapping up sunday afternoon, after the scoring and competition had officially ended.

Last year there were scoring concerns and recounts after the competition, but this year RPISEC carved out a very clear result. 

In the final minutes, we even managed to squeak ahead by a few points on the defensive side of maintaining services. 

Ultimately RPISEC took first, with the team walking away with a nice new set of 24inch dell monitors. 

RPISEC competes almost exclusively in jeopardy style CTF's during the school year, with ISTS being the main attack / defend CTF we participate in. We don't bother to compete in competitions like CCDC because of the formalities and restrictions placed upon them. It's events like ISTS that we genuinely appreciate as they clamor for the same level of excitement we seek, allowing us to express our true creativity and passion for the world of security.

Props to RIT's SPARSA for putting together another fantastic competition, we'll see ya next year.

Thursday, February 19, 2015

Lockpicking - 02/20/2015 Meeting

At this Friday's meeting we'll be picking locks! This will be a break from the world of cyber security and a foray into the world of physical security. There will be a brief powerpoint intro on the basics, and then we'll have a bunch of locks to play with.

If you have any locks, picks, or tension wrenches please bring them!
- Don't bring locks you don't own.
- Don't bring locks you rely on for security.

WHEN: Friday 5pm, February 20th

Thursday, February 12, 2015

Guest Speaker: Brendan Dolan-Gavitt - 02/13/2015 Meeting

Brendan Dolan-Gavitt, a systems security researcher at Columbia University, will be a guest speaker at our meeting this week. Brendan is an expert in memory forensics and reverse engineering, so this will be a very interesting talk!

He will provide an introduction to PANDA, the Platform for Architecture-Neutral Dynamic Analysis. Built to make reverse engineering more efficient, PANDA includes support for LLVM analyses, deterministic record/replay, dynamic taint analysis, Android emulation, and a flexible plugin architecture. To demonstrate PANDA's capabilities, he will show how it can be used to break Spotify DRM and help build a key generator for Starcraft. Finally, he will discuss recent improvements to PANDA's taint system and introspection capabilities, and provide a look at the road ahead.

Hope to see you all tomorrow!

WHEN: Friday 5pm, February 12th

Friday, February 6, 2015

Bloomberg Security - 02/06/2015 Meeting

This week Bloomberg will be hosting our weekly meeting, with two of their security infrastructure engineers discussing Google's 'Beyondcorp' network security model, and how a company such as Bloomberg has adapted and molded the model to their needs.

Pizza and refreshments will be provided, courtesy of Bloomberg!

WHEN: Friday 5pm, February 6th

See you tonight!

Wednesday, January 28, 2015

XSS Game - 01/30/2015 Meeting

Welcome back! We hope you've all had a great break and are ready to keep on pwning in 2015. We've got some cool stuff planned for this semester, so get excited!

This week's meeting will focus on Cross Site Scripting (XSS), a common, relatively simple, and extremely powerful vulnerability that comes up all the time in Web applications. All you need to bring is a laptop with a browser installed. We recommend you use a browser that has "dev tools"/"inspect element" functionality (such as chrome) built in, as they will make your life easier, but don't worry if you're not familiar with them.

We will be using Google's XSS game that was released this summer -

Also, we want to encourage those of you who couldn't make it to many meetings last semester to come out! This first meeting will be a fun, easy transition back into what we're all about, so its a great time to get involved if you aren't already.

WHEN: Friday 5pm, January 30th

Thanks, and we hope to see you all on Friday!