Date: 2024-03-15
Time: 6pm-8pm
Location: GH224
Host: Zack Sargent
I sent out the same information in an email and a Discord message on 2024-03-13:
# NKCyber Weekly Update | 2024-03-13
## Meetings
### Red Team @Red Team
Red Team will meet today, Wednesday, at 7pm in GH 240.
Last meeting from 2024-02-28 has been documented [on our wiki](https://wiki.nkcyber.org/en/Red-Team/Writeups/Meetings/2024-02-28), for reference.
### Cyber Security Training (CST) @CST
CST will meet this Friday from 6 to 8 P.M. in GH 224.
We will be discussing the cryptographic techniques used to make the internet secure, and continuing our activities on [CryptoHack](https://cryptohack.org/challenges/web/), using Python programming to learn cryptography.
Also, we documented our meeting from 2024-03-01 [on our wiki](https://wiki.nkcyber.org/en/Cyber-Security-Training/Writeups/Meetings/2024-03-01), in case you wanted to know what we're up to.
### Research & Development (R&D)
R&D will meet this Thursday at 6 P.M. in GH 224.
### EBoard
There's an EBoard meeting this Friday from 5 to 6 P.M. (right before the CST meeting).
It's open doors, so feel free to come by if you're interested in running the club!
## Event Hosting / Outreach
**CyberShield **-On March 23rd (in 9 days), NKCyber is hosting a cybersecurity competition in Griffin Hall for 8 teams of students from local high schools. This is a big event that EBoard has been organizing. Let us know if you'd like to participate and experience what it's like to run an event like this.
**CyberSword **- On March 27th (in 13 days), a few NKCyber members will be driving down to Lexington, Kentucky to host [CyberSword](https://github.com/nkcyber/cybersword) for Kentucky's Student Technology Leadership Program (STLP). There should be several thousand students at this event, so it's great to have a presence.
If you're looking for experience in running events, to build out your résumé, or just want to help out the club, feel free to let us know!
Thanks! Hope to see you around! \(^‿^)/
Looking at the CTFTime calendar, there aren't any accessible competitions happening during club time, so this meeting will take a little more prep work.
I considered setting up Vulnerable VMs for this meeting, but it would've taken more bandwidth than I have for this week.
From a pedagogical perspective, I think lessons are best when students are:
So, I'm considering:
We might need to alternate back and forth for a couple lessons. Every video builds on a lot of concepts. A good goal would be to get to the fifth video, but that's almost an hour of content on its own, without any time for examples and actions. I don't know how to cut this down without making the experience worse. I really like this idea; I just don't have the time this week to make it work.
Looking back at the poll I did,
| Timestamp | Linux Penetration Testing is a practice where cybersecurity experts simulate attacks on a Linux system to identify potential security vulnerabilities. Feel free to select multiple answers. | Windows Penetration Testing is a process where cybersecurity professionals simulate cyber attacks on a Windows operating system to identify and fix potential security vulnerabilities. This helps to strengthen the system’s defenses, ensuring it can effectively resist real-world threats. | Binary Decompilation is the process of converting binary code (the series of 0s and 1s that a computer can understand) back into human-readable source code. From there, you can read the source code to look for vulnerabilities. | Reverse Engineering is the process of analyzing a software system’s code to recover its design, requirements, functions, and attack vectors. | Cracking Password Hashes is a process where an attacker attempts to recover original passwords from their hashed (scrambled) forms. This is typically done by guessing many possible passwords, hashing each guess, and then comparing the result with the target hash until a match is found. | Cryptography is the process of converting ordinary data into an unreadable format, known as encrypted data, to protect data from theft or alteration and for user authentication. Cryptanalysis, on the other hand, is the process of analyzing these cryptographic systems to understand hidden aspects of the systems, and to breach these systems to gain access to the contents of encrypted messages, even without the cryptographic key. | Social Engineering, in the context of information security, is a method of manipulation that tricks people into revealing confidential information, such as passwords or credit card numbers. It exploits human psychology rather than technical hacking techniques to deceive the user, making it a highly effective strategy for cybercriminals. | Open Source Intelligence (OSINT) is the process of collecting, analyzing, and interpreting data from publicly available sources to produce actionable information. | Web Exploitation is the act of finding and exploiting vulnerabilities in websites & web applications. These vulnerabilities can be exploited to trick the application into disclosing confidential information, such as private keys, login credentials, or a list of employees, potentially leading to serious security breaches. | Injection Attacks are a type of cybersecurity threat where an attacker introduces or “injects” malicious code into a system, typically through user input fields in a web application. This untrusted data is then processed by the system, leading to unwanted behavior such as data theft, data loss, or system compromise. (e.g. SQL injections, XSS injections) | Python is a powerful and versatile programming language that is widely used by professionals to automate tasks, perform malware analysis, and conduct penetration testing. | I'm interested in something else (optional) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 9/23/2023 13:13:31 | Yes, I'm interested in Linux Penetration Testing by continuing with OverTheWire (like the previous two sessions), Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Binary Decompilation | Yes, I'm interested in Reverse Engineering | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Social Engineering | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | Yes, I'm interested in Python | Anything to help gain experience |
| 9/23/2023 13:22:03 | Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Reverse Engineering | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | ||||
| 9/23/2023 13:34:45 | Yes, I'm interested in Linux Penetration Testing by continuing with OverTheWire (like the previous two sessions) | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Binary Decompilation | Yes, I'm interested in Reverse Engineering | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Social Engineering | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | Yes, I'm interested in Python | |
| 9/23/2023 13:46:12 | Yes, I'm interested in Linux Penetration Testing by continuing with OverTheWire (like the previous two sessions), Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Binary Decompilation | Yes, I'm interested in Reverse Engineering | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Social Engineering | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | Yes, I'm interested in Python | I'm interested in all of them mainly python cause I'm slowly learning on my own. |
| 9/23/2023 13:51:22 | Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Binary Decompilation | Yes, I'm interested in Reverse Engineering | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Social Engineering | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | Yes, I'm interested in Python | |
| 9/23/2023 15:15:11 | Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Social Engineering | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | |||||
| 9/23/2023 15:36:24 | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Social Engineering | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | Yes, I'm interested in Python | |||||
| 9/23/2023 16:15:18 | Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Binary Decompilation | Yes, I'm interested in Reverse Engineering | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Social Engineering | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | Yes, I'm interested in Python | |
| 9/23/2023 18:39:52 | Yes, I'm interested in Linux Penetration Testing by continuing with OverTheWire (like the previous two sessions), Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Binary Decompilation | Yes, I'm interested in Reverse Engineering | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | |||
| 9/23/2023 19:28:46 | Yes, I'm interested in Linux Penetration Testing by continuing with OverTheWire (like the previous two sessions), Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Binary Decompilation | Yes, I'm interested in Reverse Engineering | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Social Engineering | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | Yes, I'm interested in Python | |
| 9/23/2023 20:52:21 | Yes, I'm interested in Linux Penetration Testing by continuing with OverTheWire (like the previous two sessions), Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Python | Thanks for this, Zack! | |||||
| 9/24/2023 7:11:15 | Yes, I'm interested in Binary Decompilation | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Social Engineering | Yes, I'm interested in Python | ||||||||
| 9/24/2023 14:35:51 | Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Binary Decompilation | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Python | |||||
| 9/25/2023 21:55:52 | Yes, I'm interested in Linux Penetration Testing by continuing with OverTheWire (like the previous two sessions), Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Reverse Engineering | Yes, I'm interested in Cracking Password Hashes | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Social Engineering | Yes, I'm interested in Open Source Intelligence (OSINT) | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks | Yes, I'm interested in Python | ||
| 9/27/2023 12:29:34 | Yes, I'm interested in Linux Penetration Testing by continuing with OverTheWire (like the previous two sessions), Yes, I'm interested in Linux Penetration Testing in general | Yes, I'm interested in Windows Penetration Testing | Yes, I'm interested in Reverse Engineering | Yes, I'm interested in Cryptography & Cryptanalysis | Yes, I'm interested in Social Engineering | Yes, I'm interested in Web Exploitation | Yes, I'm interested in Injection Attacks |
It looks like people were most interested in Windows, Linux, Cryptography, and Cracking Password Hashes. It would be really neat as well to create someting for cracking password hashes.
Doing something like https://cryptohack.org/challenges/web/ would be:
We initally attempted to participate in the KalmarCTF at KALMAR.CTF.
It turned out to be incredibly difficult, and we just gave up.
Team Link (6 members) | Place: 471/726
Note that, of the 726 teams, only 124 (17%) solved more than the welcome challenge.
Afterwards, we worked through the material documented in this SlideShow (and also on the Google Drive):
It was reviewed positively, compared to the CTF experience.
This meeting was attended by 10 people (8 NKU, 2 CCHS).