Happy Thanksgiving!

Hey SIT!

Thanks to everyone who came out to the Metasploitable meeting this week. It was a cool introduction to everyone’s favorite hacking assistance tool, Metasploit. I highly encourage everyone to explore and exploit the Metasploitable VM on their own time, it’s great practice! You’ll be working on a different set of skills than required in CTF challenges; its important to be a well-rounded hacker.

In other news, thanks to everyone who participated in the RC3 CTF this weekend! As of right now, we are placed 101 out of 646 participating teams. The CTF ends at 12pm Sunday, so maybe we can solve one more challenge for top 100! Congratulations to everyone who solved a challenge and learned a thing or two =)

There will not be a meeting this week due to Thanksgiving. Hope everyone has safe travels home and enjoys a nice break from school, full of food and family time!

See ya in a few weeks!

Read on →

Reverse Engineering | Thurs Nov 3 at 6:30pm in CSE 309

Happy belated Halloween SIT!

Hope everyone’s weekend was full of costumes and candy. While pumpkins and skeletons were fun, its time to start looking forward to Thanksgiving!!

This week, we’ll be taking a look at Reverse Engineering. This is the process of disassembling an executable file to understand its functions, processes, variables, etc. With this information known, it is possible to find a vulnerability which can be exploited with a malicious injection. In this way, an attacker can hijack execution control of a program to execute desired functions (getflag()) or even execute arbitrary code. We will also be taking a look at the most common tool for this, which is GDB, the GNU debugger. This is a hugely important topic for CTFs and cyber security in general, so I highly recommend to come out!

Also, this Friday, at 7pm, in CSE 312, we will be having a CTF event! Join us as we participate in the HackTheVote online CTF. We will be providing food!


Come on out for a fun night of hacking!

Read on →

Buffer Overflows v2 | Thurs Oct 13 at 6:30pm in CSE 309

Hey SIT!

Hopefully everyone had a nice, long weekend, safe from Hurricane Matthew. Best wishes to everyone who has friends and family in the thick of the storm.

Since our Buffer Overflow meeting was cancelled last week, we will be having it this week instead. This is an extremely important and fundamental technique for hackers, so I highly recommend coming out.

Stay tuned on our facebook and mailing list for a possible CTF this Friday!

Read on →

Guide to Buffer Overflows | Thurs Oct 6 at 6:30pm in CSE 309

Welcome to another week SIT! We have a lot of exciting events planned.

Firstly, congratulations to everyone who participated in the TUMCTF. It was a pretty challenging event overall, but we managed to come out ranked 89th out of 434 competing teams. Great job! It was a great time hanging out all night trying to crack challenges. #trackmania

This week’s meeting will feature Buffer Overflows. This is another fundamental weapon in a hacker’s arsenal, I definitely recommend coming out! We will be showing how to hijack the execution of a program using stack based overflows, letting you execute arbitrary code or run a program in unintended ways. We will be providing a hands-on exercise after the presentation for you to apply your newly-found powers to exploit some vulnerable programs.

Finally, there will NOT be a CTF event this Friday Oct. 5th. Instead, make sure to come out to our Ropes Course Social at Lake Wauburg on Saturday! It will be a ton of fun, so definitely come out! We will be providing free food!

Event link: Ropes Course Social

Read on →

SQL Injection 101 | Thurs Sept 29 at 6:30pm in CSE 309

Hey SIT!

Great job on our performance for the Hack1t CTF!! The CTF is still online until the end of this week, but we will be shifting focus to a new CTF this Friday. At one time during the CTF, we were 2nd place in the world! As of now, we are still hanging out in top 100 of the rankings. Awesome job everyone!

This week’s meeting will feature an Introduction to SQL Injection by our very own president, Terry Thibault. SQL Injection is an extremely important technique to know, as it is one of the most prevalent vulnerabilities year after year. People simply don’t care about sanitizing input! Find out how to exploit their laziness and pwn a system this Thursday as Terry walks us through the process, from SQL to Shell.

Also, don’t forget to sign up for our Ropes Course Social at Lake Wauburg on October 8th! Check out our Facebook event for details and carpooling.

Read on →