Hacking Club at ITU

We are the hacking club at IT-University. We organise weekly meetings to learn about ethical hacking and security. Our aim is to learn to think like an attacker to construct more secure systems... and to have some fun together.

Our meetings

Everyone is welcome to participate: bring a laptop and your favourite drink, and we will find an appropriate challenge for you.

We are meeting every Wednesday, usually in room 3A01 at ITU, from 4:00pm onwards. If you want to join, please drop an email to Alessandro.


Date Topic Materials
Room 3A01
Overthewire.org NATAS These weeks we are looking at web-based challenges. Natas is a great place to start learning about the basics of web security, and guides you up to more advanced stuff as well.
Speakers: Alessandro Bruni, Andreas Clausen
Go to: http://overthewire.org/wargames/natas

Useful links and challenges

Kali Linux, the offensive security toolbox: https://www.kali.org/

CTF Time: https://ctftime.org/, lists the team ratings, past and upcoming CTF challenges

OverTheWire wargames: http://overthewire.org/wargames/, a set of challenges for learning different hacking techniques

Exploit exercises: https://exploit-exercises.com/, a variety of challenges to learn about computer security issues, neatly packed in virtual machines


Alessandro Bruni

Carsten Schürmann

Past Events

Date Topic Materials
09.06.16 Exploit Exercises Stack overflows
Speaker: Michael Denzel
Overthewire.org NATAS
Speaker: Alessandro Bruni
Moved: 14.10.16 kl 10:00 - 11:00, room 3A08 Security Testing beyond Functional Tests
Security testing is omnipresent. But what is it? And what distinguishes it from functional testing? To answer these questions and shed light on the scope and reach of existing testing methods, we present a theory of security testing. Our theory is based on the basic distinction between system specifications and security requirements. Specifications describe a system's desired behavior over its interface. Security requirements, in contrast, specify desired properties of the world the system lives in. We propose the notion of a security rationale, which supports reductive security arguments for deriving a system specification and assumptions on the system's environment sufficient for fulfilling stated security requirements. These reductions give rise to two types of tests: those that test the system with respect to its specification and those that test the validity of the assumptions about the adversarial environment. It is the second type of tests that distinguishes security testing from functional testing and defies systematization and automation.
Speaker: David Basin, ETHZ
20.10.16 Holiday week

kl. 13:00 - Privacy through Pseudonymity in Mobile Telephony Systems
To protect mobile phone from tracking by third parties, mobile telephony systems rely on periodically changing pseudonyms. We experimentally and formally analyse the mechanism adopted to update these pseudonyms and point out design and implementation weaknesses that defeat its purpose by allowing the identification and/or tracking of mobile telephony users. In particular, the experiments show that the pseudonym changing mechanism as implemented by real networks does not achieve the intended privacy goals. Moreover, we found out that the standard is flawed and that it is possible to exploit the procedure used to assign a new pseudonym, the TMSI reallocation procedure, in order to track users. We propose countermeasures to tackle the exposed vulnerabilities and formally prove that the 3GPP standard should require the establishment of a fresh ciphering key before each execution of the TMSI reallocation procedure to provide unlinkability.
Speaker: Eike Ritter

kl. 15:30-17:00 - Tutorial: Secure Programming Using F*
We take a close look at F*, an extension of the F# language from Microsoft Research that helps to construct secure protocol implementations by reasoning about the code within the realms of the programming language itself. In the tutorial we will program a secure access control mechanism and a simple secure remote procedure call (RPC) protocol using cryptography and signatures.
Speaker: Alessandro Bruni

Paper on 3G network attacks
Tutorial on F*
4.11.16 - kl 15:00 Hacking the WINVote voting machine using Kali Linux

The WINVote voting machine have been used in the US in several elections, but have proven to be too vulnerable to be used in secure elections. Because of this the Virginia Information Technology Agency was tasked with performing a security analysis of the machine. This analysis showed that several big security issues and vulnerabilities were present.

In our thesis, we verify the presence of vulnerabilities in WINVote machines, and produce a software application that automates the process of hacking the WINVote machine, without requiring any extended knowledge in security or hacking in general. In our presentation we will describe what we have been doing so far, and what result we have come up with. We will also answer any questions you might have, and end the presentation with suggestions from you.

Speakers: Andreas Nielsen and Florin Vasile

Exploiting buffer overflows.

Learn how to turn a buffer overflow vulnerability into a security exploit, and excalate security privileges. This workshop is organised in two phases, with a brief presentation of the theory behind buffer overflow vulnerabilities, followed by a hands on session where you have a chance to learn the exploitation technique. Bring your own laptop so you can try it first hand!

Note: if you want to spend more time having fun and less doing configuration, come with Protostar Linux (linked to the right) already installed in a virtual machine, for example using VirtualBox.

Speaker: Peter Brottveit Bock

08.12.16 How to own a ghost, MitM and MitB attacks against unaware targets Thanks to hardware and software hacking tools, we will demonstrate and exercise on how to attack, intercept and infiltrate the network traffic of PCs and smartphones. These kind of attacks may be used to gather informations, compromise remotely a device, silently snick on users activities, etc.
Speaker: Matteo Brunati CyBrain.it
Possibly using: Wifi Pineapple, Lan Turtle, MITMf, bettercap