Wednesday, March 18, 2015

Movie Night - 03/20/2015 Meeting

As a lot of people have already left for break, we’ll be having a pretty low key movie night for our meeting this week!

Many of you probably saw the Matrix a long time ago and thought of it as an awesome action movie, but let’s be honest, it’s actually a hacker film. We’ll be back in the DCC as usual.



WHEN: Friday 5pm, March 20th
WHERE: DCC 324

Otherwise, keep in mind there’s an interesting security talk (http://www.cs.rpi.edu/news/seminars/Mar20_2015.html) happening right before our movie night (from 4pm-5pm) in the Library’s Fishbach room. If you walk past the front desk in the library and turn left, you’ll find the room somewhere down there.

Many of us will be there, and we encourage you to drop by if you have nothing else going on at the time!

Friday, March 13, 2015

BlueDrop: Intro to Microcontrollers and Hardware Hacking - 03/13/2015 Meeting

At tonight's meeting, Daniel Fitzgerald and John Drogo will give a talk on the basics of microcontrollers, teach you how to use them in your projects, talk about some cool hardware hacks, and most importantly teach you how to crack them! The meeting will be based around Fitz's BlueDrop project, a remote deployed bluetooth message drop system, inspired from the movie "Blackhat".



The Embedded Hardware Club will be providing some MSP430s for you to practice on. However, it is recommended that you download mspdebug and the naken_assmbler before you come so you can follow along.

http://sourceforge.net/projects/mspdebug/   (Available in apt-get, yum and MacPorts.)
http://www.mikekohn.net/micro/naken_asm.php

For installing on Windows go to this website and follow the instructions for compiling MSDebug:
http://mspdebug.sourceforge.net/faq.html#compile_windows

Important note: we're in Sage 3101 this week! See you there.

WHEN: Friday 5pm, March 13th
WHERE: Sage 3101 (Genericon is in the DCC)

Thursday, March 5, 2015

Guest Speaker: Jeff Foley - 03/06/2015 Meeting

Tonight's meeting will begin with a brief guest talk by Jeff Foley from Alion Science and Technology. He will be talking about the security team he is growing, and he is actively seeking interns and full-time employees. Before Alion Science and Technology, Jeff helped create and lead a security team at the defense contractor Northrop Grumman.

After our industry guest, Alex Bulazel will give an introduction to malware analysis. We'll look at common malware behavior and learn the basics of malware analysis. Learn how malware gets on your system, establishes itself there, evades analysis, and other things it can do. There will be some hands-on work, please come prepared with your WinXP VM.

WHEN: Friday 5pm, February 20th
WHERE: DCC 324

Tuesday, March 3, 2015

ISTS12 Results

This past weekend, RPISEC sent one team of five members to compete in the 12th Information Security Talent Search as organized and hosted by Rochester Institute of Technology's Security Practices and Research Student Association.

The computer security competition is known for being an 'attack-defend' styled hacking competition. At the start, blue teams are each given a number of vulnerable servers that they must lock down and attempt to keep services up (such as HTTP, DNS, SMTP, SSH, etc) while being attacked throughout the competition by a dedicated red team or even other blue teams. Maintaing service uptime, attacking other teams, and completing various forensics, reverse engineering, and crypto challenges all factor in to the final score calculation.

The team RPISEC sent this year ultimately ended up taking 1st place in the competition playing as 'Team 8'. This year the team consisted of Branden Clark '16, Patrick Biernat '16, Austin Ralls '17, Sophia D'Antoine '15, and Markus Gaasedelen '15. RPISEC placed 1st both at ISTS12 and ISTS11 (last year), and a few other times in years previous.

The opening talk and keynote as given Friday night @ RIT.


Saturday morning, not too long before the the kickoff of ISTS12.


Saturday afternoon, in the heat of competition. Day one was carnage, but filled with fun.


Some of the over night challenges we took a peek at Saturday-Sunday included punchcards, and zipdrives. No pictures of the goofy zipdrives, sorry ):


The start of day two, Sunday morning. 


Day two RPISEC had to spin the wheel of 'misfortune' along with the rest of the teams competing. We were blessed with karaoke, and managed to string along the red team in a beautiful rendition of 'One Thousand Miles' by Vanessa Carlton. It was more than worth it (:


White team wrapping up sunday afternoon, after the scoring and competition had officially ended.


Last year there were scoring concerns and recounts after the competition, but this year RPISEC carved out a very clear result. 


In the final minutes, we even managed to squeak ahead by a few points on the defensive side of maintaining services. 


Ultimately RPISEC took first, with the team walking away with a nice new set of 24inch dell monitors. 


RPISEC competes almost exclusively in jeopardy style CTF's during the school year, with ISTS being the main attack / defend CTF we participate in. We don't bother to compete in competitions like CCDC because of the formalities and restrictions placed upon them. It's events like ISTS that we genuinely appreciate as they clamor for the same level of excitement we seek, allowing us to express our true creativity and passion for the world of security.

Props to RIT's SPARSA for putting together another fantastic competition, we'll see ya next year.