Hacking Club at ITU

We are the hacking club at IT-University. We organise weekly meetings to learn about ethical hacking and security. Our aim is to learn to think like an attacker to construct more secure systems... and to have some fun together.

Our meetings

Everyone is welcome to participate: bring a laptop and your favourite drink, and we will find an appropriate challenge for you.

We are meeting every Tuesday, usually in room 3A08 at ITU, from 4:00pm onwards. If you want to join, please drop an email to Alessandro.


Date Topic Materials
29.08.17 16:00 - 18:00, room 3A08 Security hacking club kickoff meeting

Here we discuss how to organise our activities for the semester, and present what we did in the past year. Come and join us!

5.09.17 16:00 - 18:00, room 3A08 Forensics on the WINVote voting machine

Let's try to dump the data from the WINVote voting machine, and then analyse it using Kali Linux tools. Other activities planned for the day are: introduction to NMap and network scanning tools, return-oriented programming.

Everybody is welcome to participate and learn something new :)

12.09.17 16:00 - 18:00, room 3A08 EKOPARTY + CSAW CTF preparations

This time we will prepare for the CTF that will happen next Saturday 16th. We will do exercises in exploitation from exploit-exercises.com.

16.09.17 16:00 - 18:00, room 3A08 EKOPARTY + CSAW CTF

Come to our first Capture the Flag contest for the semester! Put your exploitation skills at test with us (or just attend if you are curious and want to learn something new). Food and drinks will be provided during the event.

CSAW, EKOPARTY, more info will be provided at the venue for login information for ITUndeflow
19.09.17 16:00 - 18:00, room 3A08 Training session
26.09.17 16:00 - 18:00, room 3A08 Training session
03.10.17 16:00 - 18:00, room 3A08 Training session

Useful links and challenges

Kali Linux, the offensive security toolbox: https://www.kali.org/

CTF Time: https://ctftime.org/, lists the team ratings, past and upcoming CTF challenges

OverTheWire wargames: http://overthewire.org/wargames/, a set of challenges for learning different hacking techniques

Exploit exercises: https://exploit-exercises.com/, a variety of challenges to learn about computer security issues, neatly packed in virtual machines


Alessandro Bruni

Carsten Schürmann

Past Events

Date Topic Materials
22.04.17 9:00 AM - 9:00 PM, room 3A08 Join ITUnderflow's First Hacking Event

Do you like solving puzzles? Have a sweet spot for security and hacking?

Join the newly formed ITUnderflow security hacking team for the first hacking Capture the Flag event. We will participate to the Plaid CTF 2017 competition (http://plaidctf.com/) and solve the challenges together. We meet on Saturday the 22nd of April from 9am and spend the day playing the hacking challenges that will be revealed the night before.

If you are interested please send an email to brun@itu.dk to get registered in the team and join our facebook group!

Note: physical participation is not required, we will set up a chat and remote access for those who cannot attend, but still want to join the games.

PlaidCTF website
Room 3A01
Overthewire.org NATAS These weeks we are looking at web-based challenges. Natas is a great place to start learning about the basics of web security, and guides you up to more advanced stuff as well.
Speakers: Alessandro Bruni, Andreas Clausen
Go to: http://overthewire.org/wargames/natas
09.06.16 Exploit Exercises Stack overflows
Speaker: Michael Denzel
Overthewire.org NATAS
Speaker: Alessandro Bruni
Moved: 14.10.16 kl 10:00 - 11:00, room 3A08 Security Testing beyond Functional Tests
Security testing is omnipresent. But what is it? And what distinguishes it from functional testing? To answer these questions and shed light on the scope and reach of existing testing methods, we present a theory of security testing. Our theory is based on the basic distinction between system specifications and security requirements. Specifications describe a system's desired behavior over its interface. Security requirements, in contrast, specify desired properties of the world the system lives in. We propose the notion of a security rationale, which supports reductive security arguments for deriving a system specification and assumptions on the system's environment sufficient for fulfilling stated security requirements. These reductions give rise to two types of tests: those that test the system with respect to its specification and those that test the validity of the assumptions about the adversarial environment. It is the second type of tests that distinguishes security testing from functional testing and defies systematization and automation.
Speaker: David Basin, ETHZ
20.10.16 Holiday week

kl. 13:00 - Privacy through Pseudonymity in Mobile Telephony Systems
To protect mobile phone from tracking by third parties, mobile telephony systems rely on periodically changing pseudonyms. We experimentally and formally analyse the mechanism adopted to update these pseudonyms and point out design and implementation weaknesses that defeat its purpose by allowing the identification and/or tracking of mobile telephony users. In particular, the experiments show that the pseudonym changing mechanism as implemented by real networks does not achieve the intended privacy goals. Moreover, we found out that the standard is flawed and that it is possible to exploit the procedure used to assign a new pseudonym, the TMSI reallocation procedure, in order to track users. We propose countermeasures to tackle the exposed vulnerabilities and formally prove that the 3GPP standard should require the establishment of a fresh ciphering key before each execution of the TMSI reallocation procedure to provide unlinkability.
Speaker: Eike Ritter

kl. 15:30-17:00 - Tutorial: Secure Programming Using F*
We take a close look at F*, an extension of the F# language from Microsoft Research that helps to construct secure protocol implementations by reasoning about the code within the realms of the programming language itself. In the tutorial we will program a secure access control mechanism and a simple secure remote procedure call (RPC) protocol using cryptography and signatures.
Speaker: Alessandro Bruni

Paper on 3G network attacks
Tutorial on F*
4.11.16 - kl 15:00 Hacking the WINVote voting machine using Kali Linux

The WINVote voting machine have been used in the US in several elections, but have proven to be too vulnerable to be used in secure elections. Because of this the Virginia Information Technology Agency was tasked with performing a security analysis of the machine. This analysis showed that several big security issues and vulnerabilities were present.

In our thesis, we verify the presence of vulnerabilities in WINVote machines, and produce a software application that automates the process of hacking the WINVote machine, without requiring any extended knowledge in security or hacking in general. In our presentation we will describe what we have been doing so far, and what result we have come up with. We will also answer any questions you might have, and end the presentation with suggestions from you.

Speakers: Andreas Nielsen and Florin Vasile

Exploiting buffer overflows.

Learn how to turn a buffer overflow vulnerability into a security exploit, and excalate security privileges. This workshop is organised in two phases, with a brief presentation of the theory behind buffer overflow vulnerabilities, followed by a hands on session where you have a chance to learn the exploitation technique. Bring your own laptop so you can try it first hand!

Note: if you want to spend more time having fun and less doing configuration, come with Protostar Linux (linked to the right) already installed in a virtual machine, for example using VirtualBox.

Speaker: Peter Brottveit Bock

08.12.16 How to own a ghost, MitM and MitB attacks against unaware targets Thanks to hardware and software hacking tools, we will demonstrate and exercise on how to attack, intercept and infiltrate the network traffic of PCs and smartphones. These kind of attacks may be used to gather informations, compromise remotely a device, silently snick on users activities, etc.
Speaker: Matteo Brunati CyBrain.it
Possibly using: Wifi Pineapple, Lan Turtle, MITMf, bettercap