We are the hacking club at IT-University. We organise weekly meetings to learn about ethical hacking and security. Our aim is to learn to think like an attacker to construct more secure systems... and to have some fun together.
Everyone is welcome to participate: bring a laptop and your favourite drink, and we will find an appropriate challenge for you.
We are meeting every Wednesday, usually in room 3A01 at ITU, from 4:00pm onwards. If you want to join, please drop an email to Alessandro.
| Overthewire.org NATAS These weeks we are looking at
is a great place to start learning about the basics of web
security, and guides you up to more advanced stuff as well.
Speakers: Alessandro Bruni, Andreas Clausen
|Go to: http://overthewire.org/wargames/natas|
Kali Linux, the offensive security toolbox: https://www.kali.org/
CTF Time: https://ctftime.org/, lists the team ratings, past and upcoming CTF challenges
OverTheWire wargames: http://overthewire.org/wargames/, a set of challenges for learning different hacking techniques
Exploit exercises: https://exploit-exercises.com/, a variety of challenges to learn about computer security issues, neatly packed in virtual machines
|09.06.16|| Exploit Exercises Stack overflows
Speaker: Michael Denzel
| Overthewire.org NATAS
Speaker: Alessandro Bruni
|Moved: 14.10.16 kl 10:00 - 11:00, room 3A08|| Security Testing beyond Functional Tests
Security testing is omnipresent. But what is it? And what distinguishes it from functional testing? To answer these questions and shed light on the scope and reach of existing testing methods, we present a theory of security testing. Our theory is based on the basic distinction between system specifications and security requirements. Specifications describe a system's desired behavior over its interface. Security requirements, in contrast, specify desired properties of the world the system lives in. We propose the notion of a security rationale, which supports reductive security arguments for deriving a system specification and assumptions on the system's environment sufficient for fulfilling stated security requirements. These reductions give rise to two types of tests: those that test the system with respect to its specification and those that test the validity of the assumptions about the adversarial environment. It is the second type of tests that distinguishes security testing from functional testing and defies systematization and automation.
Speaker: David Basin, ETHZ
kl. 13:00 - Privacy through Pseudonymity in Mobile
kl. 15:30-17:00 - Tutorial: Secure Programming
on 3G network attacks
Tutorial on F*
|4.11.16 - kl 15:00||Hacking the WINVote voting machine using Kali Linux
The WINVote voting machine have been used in the US in several elections, but have proven to be too vulnerable to be used in secure elections. Because of this the Virginia Information Technology Agency was tasked with performing a security analysis of the machine. This analysis showed that several big security issues and vulnerabilities were present.
In our thesis, we verify the presence of vulnerabilities in WINVote machines, and produce a software application that automates the process of hacking the WINVote machine, without requiring any extended knowledge in security or hacking in general. In our presentation we will describe what we have been doing so far, and what result we have come up with. We will also answer any questions you might have, and end the presentation with suggestions from you.
Speakers: Andreas Nielsen and Florin Vasile
| Exploiting buffer overflows.
Learn how to turn a buffer overflow vulnerability into a security exploit, and excalate security privileges. This workshop is organised in two phases, with a brief presentation of the theory behind buffer overflow vulnerabilities, followed by a hands on session where you have a chance to learn the exploitation technique. Bring your own laptop so you can try it first hand!
Note: if you want to spend more time having fun and less doing configuration, come with Protostar Linux (linked to the right) already installed in a virtual machine, for example using VirtualBox.
Speaker: Peter Brottveit Bock
|08.12.16|| How to own a ghost, MitM and MitB attacks against
unaware targets Thanks to hardware and software hacking
tools, we will demonstrate and exercise on how to attack,
intercept and infiltrate the network traffic of PCs and
smartphones. These kind of attacks may be used to gather
informations, compromise remotely a device, silently snick on
users activities, etc.
Speaker: Matteo Brunati CyBrain.it
|Possibly using: Wifi Pineapple, Lan Turtle, MITMf, bettercap|