intro to cryptography

Last meeting we learned about classical cryptography!

»
on crypto

intro to hardware hacking

On 2/10, we learned about how exploitations could be based on flaws in the hardware of a device rather than the software which we normally talk about.

»
on hardware

intro to gdb

Last meeting we learned about how to use GDB, lecture here.

»
on rev

intro to reverse engineering

Last meeting Jason taught us about how to reverse engineer executables! Lecture here.

»
on rev

minecraft log4j

Last meeting we went over an overview of vulnerability research, the recent log4j vulnerability, and finally some more Linux stuff. Lecture here.

»
on linux

introduction to linux

After some teacher sponsor troubles, we finally got a meeting together last week, and we talked about Linux fundamentals.

»
on linux

web wrapup

Last meeting, we did a bunch of random small web topics, and there were challenges on type juggling, SSRF, and SSTI.

»
on web

sql injections

On 10/14, we focused on SQL injections which allow us to access data in databases that we wouldn’t be given otherwise!

»
on web

local file inclusion (lfi)

Last meeting, we talked about local file inclusion, which is a pretty dangerous vulnerability. We can read files we aren’t supposed to, and in certain cases even gain code execution on the server itself, which is impossible to do with XSS.

»
on web

xss 2: content security policy

Last meeting (9/30), we split into two groups. The main group learned about CSP and tackled the challenge I’m writing up now, and the beginner group went with Alexa to learn about CTFs and get used to the format.

»
on web