We are the hacking club at IT-University. We organise weekly meetings to learn about ethical hacking and security. Our aim is to learn to think like an attacker to construct more secure systems... and to have some fun together.
Everyone is welcome to participate: bring a laptop and your favourite drink, and we will find an appropriate challenge for you.
We are meeting every Tuesday, usually in room 3A08 at ITU, from 4:00pm onwards. If you want to join, please drop an email to Alessandro.
| Date | Topic | Materials |
| 29.08.17 16:00 - 18:00, room 3A08 | Security hacking club kickoff meeting
Here we discuss how to organise our activities for the semester, and present what we did in the past year. Come and join us! |
|
| 5.09.17 16:00 - 18:00, room 3A08 | Forensics on the WINVote voting machine
Let's try to dump the data from the WINVote voting machine, and then analyse it using Kali Linux tools. Other activities planned for the day are: introduction to NMap and network scanning tools, return-oriented programming. Everybody is welcome to participate and learn something new :) |
|
| 12.09.17 16:00 - 18:00, room 3A08 | EKOPARTY + CSAW CTF preparations
This time we will prepare for the CTF that will happen next Saturday 16th. We will do exercises in exploitation from exploit-exercises.com. |
|
| 16.09.17 16:00 - 18:00, room 3A08 | EKOPARTY + CSAW CTF
Come to our first Capture the Flag contest for the semester! Put your exploitation skills at test with us (or just attend if you are curious and want to learn something new). Food and drinks will be provided during the event. |
CSAW, EKOPARTY, more info will be provided at the venue for login information for ITUndeflow |
| 19.09.17 16:00 - 18:00, room 3A08 | Training session | |
| 26.09.17 16:00 - 18:00, room 3A08 | Training session | |
| 03.10.17 16:00 - 18:00, room 3A08 | Training session |
Kali Linux, the offensive security toolbox: https://www.kali.org/
CTF Time: https://ctftime.org/, lists the team ratings, past and upcoming CTF challenges
OverTheWire wargames: http://overthewire.org/wargames/, a set of challenges for learning different hacking techniques
Exploit exercises: https://exploit-exercises.com/, a variety of challenges to learn about computer security issues, neatly packed in virtual machines
| Date | Topic | Materials |
| 22.04.17 9:00 AM - 9:00 PM, room 3A08 |
Join ITUnderflow's First Hacking Event
Do you like solving puzzles? Have a sweet spot for security and hacking? Join the newly formed ITUnderflow security hacking team for the first hacking Capture the Flag event. We will participate to the Plaid CTF 2017 competition (http://plaidctf.com/) and solve the challenges together. We meet on Saturday the 22nd of April from 9am and spend the day playing the hacking challenges that will be revealed the night before. If you are interested please send an email to brun@itu.dk to get registered in the team and join our facebook group! Note: physical participation is not required, we will set up a chat and remote access for those who cannot attend, but still want to join the games. |
PlaidCTF website |
| 08.03.17 15.03.17 22.03.17 Room 3A01 |
Overthewire.org NATAS These weeks we are looking at
web-based
challenges. Natas
is a great place to start learning about the basics of web
security, and guides you up to more advanced stuff as well. Speakers: Alessandro Bruni, Andreas Clausen |
Go to: http://overthewire.org/wargames/natas |
| 09.06.16 | Exploit Exercises Stack overflows Speaker: Michael Denzel |
https://exploit-exercises.com/protostar/ Slides |
| 22.09.16 29.09.16 06.10.16 |
Overthewire.org NATAS Speaker: Alessandro Bruni |
http://overthewire.org/wargames/ |
| Moved: 14.10.16 kl 10:00 - 11:00, room 3A08 | Security Testing beyond Functional Tests Security testing is omnipresent. But what is it? And what distinguishes it from functional testing? To answer these questions and shed light on the scope and reach of existing testing methods, we present a theory of security testing. Our theory is based on the basic distinction between system specifications and security requirements. Specifications describe a system's desired behavior over its interface. Security requirements, in contrast, specify desired properties of the world the system lives in. We propose the notion of a security rationale, which supports reductive security arguments for deriving a system specification and assumptions on the system's environment sufficient for fulfilling stated security requirements. These reductions give rise to two types of tests: those that test the system with respect to its specification and those that test the validity of the assumptions about the adversarial environment. It is the second type of tests that distinguishes security testing from functional testing and defies systematization and automation. Speaker: David Basin, ETHZ |
paper |
| 20.10.16 | Holiday week | |
| 27.10.16 |
kl. 13:00 - Privacy through Pseudonymity in Mobile
Telephony Systems kl. 15:30-17:00 - Tutorial: Secure Programming
Using F* |
Paper
on 3G network attacks Tutorial on F* |
| 4.11.16 - kl 15:00 | Hacking the WINVote voting machine using Kali Linux
The WINVote voting machine have been used in the US in several elections, but have proven to be too vulnerable to be used in secure elections. Because of this the Virginia Information Technology Agency was tasked with performing a security analysis of the machine. This analysis showed that several big security issues and vulnerabilities were present. In our thesis, we verify the presence of vulnerabilities in WINVote machines, and produce a software application that automates the process of hacking the WINVote machine, without requiring any extended knowledge in security or hacking in general. In our presentation we will describe what we have been doing so far, and what result we have come up with. We will also answer any questions you might have, and end the presentation with suggestions from you. Speakers: Andreas Nielsen and Florin Vasile |
|
| 10.11.16 17.11.16 |
Exploiting buffer overflows.
Learn how to turn a buffer overflow vulnerability into a security exploit, and excalate security privileges. This workshop is organised in two phases, with a brief presentation of the theory behind buffer overflow vulnerabilities, followed by a hands on session where you have a chance to learn the exploitation technique. Bring your own laptop so you can try it first hand! Note: if you want to spend more time having fun and less doing configuration, come with Protostar Linux (linked to the right) already installed in a virtual machine, for example using VirtualBox. Speaker: Peter Brottveit Bock |
https://exploit-exercises.com/protostar/ |
| 08.12.16 | How to own a ghost, MitM and MitB attacks against
unaware targets Thanks to hardware and software hacking
tools, we will demonstrate and exercise on how to attack,
intercept and infiltrate the network traffic of PCs and
smartphones. These kind of attacks may be used to gather
informations, compromise remotely a device, silently snick on
users activities, etc.
Speaker: Matteo Brunati CyBrain.it |
Possibly using: Wifi Pineapple, Lan Turtle, MITMf, bettercap |