Newsletter

Hello Whitehatters,

Here’s what’s coming up. If you have any questions, use our Slack, or email wcscsecretary@whitehatters.org.

Exploitation Meeting - This week, WCSC Vice-president Kevin Dennis (@ktrio3) will go over web technologies and cross-site scripting (XSS). See #exploitation-meeting channel on Slack for a detailed agenda.

Exploitation Meeting

Date: Thursday, February 14, 2019

Location: Kopp Engineering Building - ENG 3

Time: 5:00 PM - 6:15 PM

_____________________________________

There will be no Friday Meeting this week. Insted, come join us at USF Engineering Expo! Sign up to volunteer here: https://goo.gl/forms/SkOZdmApIrpGVQgi1, or stop by our table and say hello. Volunteering at Expo is a great opportunity to practice your skills at articulating basic security principles to a non-technical audience, something you’ll need to do throughout your career. It’s also a great way to help the club, and a good way to be considered for our summer camps and other activities. Plus, you have the chance to introduce thousands of young students to the STEM field we love. See http://expo.eng.usf.edu for details on the event.

Join us at USF Engineering Expo

Date: Friday, February 15, & Saturday, February 16, 2019

Location: See event map (when published)

Time: 9:00 AM - 4:00 PM

_____________________________________

Blue Team Meeting - SECCDC is almost upon us. This will be the final meeting before the qualification competition on February 23. Blue Team Captain Jacob Kesler (@JK42) will be going over the roster and some last minute details for the competition. Got questions about Blue Team or SECCDC? Check out the #ccdc-blueteam channel on Slack.

Blue Team (network defense)

Date: Monday, February 18, 2019

Location: ENC 1000

Time: 6:00 - 7:30 PM


Christopher Greenland

WCSC Secretary

Hello Whitehatters,

Here’s what’s coming up. If you have any questions, use our Slack, or email wcscsecretary@whitehatters.org.

Exploitation Meeting - WCSC Vice-president Kevin Dennis (@ktrio3) will go over SQL and code injection attacks. See #exploitation-meeting channel on Slack for a detailed agenda.

Exploitation Meeting

Date: Thursday, February 7, 2019

Location: Engineering III Building - ENC 1000

Time: 5:00 PM

Regular Friday Meeting - WCSC Treasurer Alex Whitaker (@Whitaker) will discuss the current frameworks of international law, and how they allows for cyber attacks to be the ultimate option in warfare. Former WCSC President Farooq Shaikh (@bao) will also discuss a research opportunity with the club.


Friday Meeting

Date: Friday, February 8, 2019

Location: Kopp Engineering Building - ENG 003

Time: 5:00 PM

_____________________________________

Blue Team Meeting - The team will continue preparing for SECCDC. Room is tentatively ENC 1000, we’re waiting on confirmation. Keep an eye on Slack and the mailing list for updates. Got questions about Blue Team or SECCDC? Check out the #ccdc-blueteam channel on Slack.

Date: Monday, February 11, 2019

Location: ENC 1000 (tentative)

Time: 6:00 - 7:30 PM


Christopher Greenland

WCSC Secretary

Hello Whitehatters,

Here’s what’s coming up. If you have any questions, use our Slack, or email wcscsecretary@whitehatters.org

Exploitation Meeting - WCSC Vice-president Kevin Dennis (@ktrio3) will talk about buffer overflow attacks. Note the room change to ENC 1000 this week.

Date: Thursday, January 31, 2019

Location: Engineering III Building - ENC 1000

Time: 5:00 PM

_____________________________________

Regular Friday Meeting - WCSC President Truvis Thornton (@Truvis) will walk through several different applications, best practices, and first steps to help jump-start you on your hacking journey. We’ll cover how to use GitHub, along with other important everyday resources for hackers and developers.

Date: Friday, February 1, 2019

Location: Kopp Engineering Building - ENG 003

Time: 5:00 PM

_____________________________________

Blue Team Meeting - The team will work on installing and configuring services on AWS hosted VMs. Feel free to ask questions in the #ccdc-blueteam channel on Slack.

Date: Monday, February 4, 2019

Location: ENC 1000

Time: 6:00 - 7:30 PM

_____________________________________

CTFs - NeverLAN CTF runs from 3:00 AM on Thursday, 1/31 to 4:00 PM on Sunday, 2/3. We will be meeting at 1:30 PM on Saturday as usual in the C4 Lab (ENB 216) This is a Middle School focused CTF, but open to everyone, so it is an especially good opportunity for beginners to practice their CTF skills.


Christopher Greenland

WCSC Secretary

Hello Whitehatters,

Here’s what’s coming up. If you have any questions, use our Slack, or email wcscsecretary@whitehatters.org, do not reply to this email as it goes to everyone on the list.

Exploitation Meeting - The first Exploitation Meeting is this Thursday. Kevin Dennis (@ktrio) will begin with an introduction to what exploitation meetings are all about. We’ll be talking about the style of the these meetings, as well as introductory topics like C, assembly, and where to learn them. We will also vote on what topics will be discussed this semester. A laptop with a Linux VM is recommended.

Date: Thursday, January 24, 2019

Location: Kopp Engineering Building - ENG 004

Time: 5:00 PM

_____________________________________

Regular Friday Meeting - We have a special treat for you this Friday. As part of the Enhancing Cybersecurity in Public Transportation project, the Whitehatters meeting will be held in room CUT 202 (the upstairs classroom in the CUTR building) at the usual meeting time. Experts from Mission Secure and USF student researchers will allow students to interact with the CUTR traffic cabinet (used for controlling traffic lights, and their related systems). They will discuss the technologies inside the cabinet and demonstrate vulnerabilities in those technologies. Mission Secure is a cybersecurity firm specializing in developing solutions for cyber-physical systems.

Date: Friday, January 25, 2019

Location: Center for Urban Transportation Research (CUTR) - CUT 202

(CUTR is located between the Beard garage and ENB)

Time: 5:00 PM

_____________________________________

Blue Team (network defense) - For next week's Blue Team Meeting, make sure you have VirtualBox/VMware installed and ready to use. Feel free to ask questions in the #ccdc-blueteam channel on Slack.

Date: Monday, January 28, 2019

Location: ENC 1000

Time: 6:00 - 7:30 PM


Christopher Greenland

WCSC Secretary

Hi Whitehatters!

For this week’s exploitation meeting, Kevin (@kevin) will be hosting another series of challenges to test the skills that you’ve built up over this semester. These challenges will be up for a few months and if you can exploit them, the box is yours!

Date: Thursday, November 15, 2018

Location: ENB 337

Time: 5:00 PM

This Friday Christopher Greenland (@christopher) will be giving an introduction to TLS/SSL (the protocols behind secure internet communications) and discuss some attacks and mitigations.

Date: Friday, November 16, 2018

Location: Kopp Engineering Building - ENG003

Time: 5:00 PM

The end of the semester is almost here and along with that comes election time for the 2019 Officers. As you may have seen, there is an officer position interest application on the #wcsc slack channel. I have also linked the form here. If you are interested, don’t hesitate to fill out the form with the position(s) you are interested in. Candidates that are interested should also prepare a short speech on why they are the best fit for the position. The application will close on Thursday (11/15) at midnight.

After the elections and the talk, we will be having an end-of-the-year/farewell get together, the address for the location will be provided at the meeting. There will also be pizza!


Link to the 2019 Officer Interest Application: https://goo.gl/forms/DsHcTdK0qoCl2qAo2


Oshien Nellissery

WCSC Secretary

Hi Everyone,

For this week’s exploitation meeting, Kevin (@kevin) will be hosting a series of challenges to test the skills that you’ve built up over this semester. These challenges will be up for a few months and if you can exploit them, the box is yours!

Date: Thursday, November 8, 2018

Location: ENB 337

Time: 5:00 PM


This Friday Kevin Dennis (@ktrio3) will be giving a talk on the “Enhancing Cybersecurity in Public Transportation" project. Transportation technologies have become increasingly interconnected in recent years. For example, many transit agencies deploy mobile fare payment applications, allowing users to purchase tickets online. As part of the "Enhancing Cybersecurity in Public Transportation" project, the project team will talk about mobile security, and reversing techniques for Android devices. If you would like to follow along, be sure to download an Android emulator. More details on the project and suggested tools can be found at https://www.cutr.usf.edu/2018/07/enhancing-cybersecurity-in-public-transportation/

Date: Friday, November 9, 2018

Location: Kopp Engineering Building - ENG003

Time: 5:00 PM


If you haven’t heard already, we will be holding 2019 Officer Elections on November 16, 2018. If you are interested in running, please fill out this form with the positions you are interested in. https://goo.gl/forms/DsHcTdK0qoCl2qAo2


Oshien Nellissery

WCSC Secretary

Hi Whitehatters,

These are our plans for this week:

Thursday 11/01/18 at 5 PM in ENB 337, Exploitation meeting.

Kevin Orr (@kevin) will speak about symbolic and concolic execution and he will show a demo with angr (a concolic framework), which is also a useful tool for some CTF challenges.

Friday 11/02/18 at 5 PM in ENG 003, Weekly meeting.

Christopher Greenland (@christopher) will introduce TLS/SSL, the protocol behind secure internet communications, and discuss some attacks and mitigations.

We are happy to announce that WCSC's 2019 Officer Elections are scheduled for November 16th. If you are interested in running for a position, express so in here: https://goo.gl/forms/DsHcTdK0qoCl2qAo2

Patricia Wilthew

WCSC Treasurer

On October 11th, 2018, WCSC members participated in the Dual Challenge CTF at the Florida Cyber 2018 conference.

Kudos to Logan Lopez for obtaining second place in the Individual category!

Hi Whitehatters!

Here is the information about this week’s meetings.

Thursday 10/25/18 at 5 PM in ENB 337, Exploitation meeting.

Kevin Orr (@kevin), will show tools for Return-Oriented Programming (ROP) and show some ROP CTF challenges.

Friday 10/26/18 at 5 PM in ENG 003 (Kopp Engineering Building), Weekly meeting.

Truvis Thornton (@thattechkitten), will go over the basics of Powershell and how to weaponize it for exploits.


Patricia Wilthew

WCSC Treasurer

Hi all,

Thursday 10/18/18 at 5 PM in ENB 337: In this week's exploitation meeting, Kevin Orr (@kevin) will be going over the challenges looked at 2 weeks ago and introduce Return-Oriented Programming (ROP).

Friday 10/19/18 at 5 PM in ENG 003: Patricia Wilthew (@patrixia) will talk about the different flaws in traditional enterprise networks and will describe a superior network security model known as Zero Trust.

Since last week, our Friday meetings moved to ENG 003. This is the Kopp Engineering Building.

Looking forward to seeing you this week!

Patricia Wilthew

WCSC Treasurer

Hello Whitehatters,

Just a recap of last Fridays' meeting.

Reliaquest is collaborating with USF for a free training program in cybersecurity fundamentals. An information session and company tour are planned for this Friday 09/14. You need to RSVP Abigail Mauch to attend this event.

Also, if interested you can sign up for the APP testing research project with Dr.Fisk

https://doodle.com/poll/x8x3kivx38svk43z


Farooq Shaikh

WCSC President

Hey Whitehatters,

Here are the presentation slides for yesterdays meeting. It contains all the information you need to get started.

https://drive.google.com/open?id=125YnTONeAlOYI1cJe5g9bsX4n0PegbcY


Farooq Shaikh

WCSC President

Hey Whitehatters,

Welcome back from Summer! This Friday will be our first meeting of the semester. We will be giving 2 demos, getting new members on-board, and announcing our plans for this semester.

Date: Friday, August 24, 2018

Time: 5 - 7 p.m.

Place: EDU 252

Also, this weekend we will be playing NightHawk CTF from Saturday August 25 04:00 EDT - Sunday Aug 26 19:00 EDT. Make sure to join #openctf on Slack.


Farooq Shaikh

WCSC President

Hello Whitehatters,

Brandon Ward from Raytheon SI is hosting a cyber boot camp for members of the club. Although the day and times vary the group mostly meets on Thursdays at FAO, 168. Interested students can join the cyber-boot-camp channel on our slack to get more information.

Farooq Shaikh

WCSC President

Hello Whitehatters,

Blue Team Meeting

Date: April 19, 2018

Time: 5 - 7 pm

Location: ENB 313

Weekly Friday Meeting - @duck will be giving a presentation.

Date: April 20, 2018

Time: 5 - 6:30 pm

Location: EDU 252


Oshien Nellissery

WCSC Secretary

Hello Whitehatters,

Exploitation Meeting

Date: April 10, 2018

Time: 5 - 7 pm

Location: ENB 313

Blue Team Meeting

Date: April 12, 2018

Time: 5 - 7 pm

Location: ENB 337

Weekly Friday Meeting - Brad will be giving a presentation about Spectre/Meltdown.

Date: April 13, 2018

Time: 5 - 6:30 pm

Location: EDU 252


Oshien Nellissery

WCSC Secretary

Hey there Whitehatters,

This Friday we will be having a speaker, Z, coming to talk with us. Z is a senior software engineer at Novetta. He will be giving a talk on new technology and knowing when to use them vs. when not to use them in the workplace.

The meeting will be held on March 30 at 5pm in room EDU 252.

Hope to see you all there.

Oshien Nellissery

WCSC Secretary

Hello Whitehatters,

This week’s meeting times are as follows:


Exploitation Meeting

Date: March 27, 2018

Time: 5 - 7 pm

Location: ENB 313


Blue Team Meeting - This Thursday we will be looking into scripting for defense side competitions and other automated features.

Date: March 29, 2018

Time: 5 - 7 pm

Location: ENB 337

Weekly Friday Meeting - Speaker to be announced soon.

Date: March 30, 2018

Time: 5 - 6:30 pm

Location: EDU 252


Oshien Nellissery

WCSC Secretary

Hey there Whitehatters,

I have another announcement for this Friday, we will be playing/competing in the Volga CTF 2018 Quals. Our team name and link to the website is provided below:

Team Name: WCSC

https://quals.2018.volgactf.ru/

Hope to see you participate!

Oshien Nellissery

WCSC Secretary


Hello Whitehatters,

I hope everyone had a good spring break! This week’s meeting times are as follows:

Exploitation Meeting

Date: March 20, 2018

Time: 5 - 7 pm

Location: ENB 337


Blue Team Meeting - This Thursday we will be looking into wireless WEP and WPA2 security, along with an introduction to scripting for defense side competitions.

Date: March 22, 2018

Time: 5 - 7 pm

Location: ENB 313


Weekly Friday Meeting - This Friday we will be having lightning talks, this is a good opportunity for anyone who is interested in talking about a security related topic. The talks could be about anything from projects, events, or cool tools.

Date: March 23, 2018

Time: 5 - 6:30 pm

Location: EDU 252


Oshien Nellissery

WCSC Secretary

Hey Whitehatters,

I hope everyone’s semester and exams are going good. Last week before spring break!

Exploitation Meeting - Going over some more assembly to learn basic shellcoding. Talk about mitigations, how to circumvent those mitigations, and how to mitigate those circumventions. Not required but recommended to install nasm (sudo apt install nasm, or sudo dnf install nasm)

Date: March 6, 2018

Time: 5 -7 pm

Location: ENB 337

There will not be a Blue Team or Friday Meeting this week due to midterms.


Oshien Nellissery

WCSC Secretary


Hey there Whitehatters!

This week’s meeting times are as following:

Exploitation Meeting

Date: February 27, 2018

Time: 5 - 7 pm

Location: ENB 313


Blue Team Meeting - This Thursday the Blue Team will be discussing and reviewing what occured in the Southeast Regional Cyber Defense Qualification.

Date: March 1, 2018

Time: 5 - 6:30 pm

Location: ENB 313

Weekly Friday Meeting - Patricia Wilthew (@patrixia) will be going over the Linux Command line: commonly used commands, basic text manipulation, vim, users, permissions, processes, etc. Make sure to have any Linux distribution virtual machine.

Date: March 2, 2018

Time: 5 - 6:30 pm

Location: EDU 252


Oshien Nellissery

WCSC Secretary

Greeting Whitehatters,

This week’s meeting times are as following:


Exploitation Meeting

Date: February 20, 2018

Time: 5 - 6:30 pm

Location: ENB 313

Blue Team Meeting - This Thursday the Blue Team will be practicing for the upcoming Cyber Defense Competition. Feel free to join and shadow the process.

Date: February 22, 2018

Time: 5 - 7 pm

Location: ENB 313

Weekly Friday Meeting - Dr. Fisk will be giving a talk this Friday. We will also be playing NeverLAN CTF and have pizza as well.

Date: February 23, 2018

Time: 5 - 6:30 pm

Location: EDU 252


Oshien Nellissery

WCSC Secretary

Howdy Whitehatters,

I hope that everyone's semester is going good! I have a couple of announcements for this week’s meetings.

Exploitation Meeting

Date: February 13, 2018

Time: 5 - 7 pm

Location: ENB 313

Blue Team Meeting

Date: February 15, 2018

Time: 5 - 6:30 pm

Location: ENB 313

Friday - Jeremy Rasmussen (@triple-h) will be giving a talk about cloud computing and security.

Date: February 16, 2018

Time: 5 - 6:30 pm

Location:EDU 252

Oshien Nellissery

WCSC Secretary

Hey there Whitehatters,

Exploitation Meeting

“This Tuesday we will be reviewing buffer overflows, I'll talk about using pwntools and gdb to easily write exploits for buffer overflows, and I'll give a challenge to work on” – Kevin Orr

Date: Tuesday 6, 2018

Time: 5pm – 6:30pm

Location: ENB 313

Blue Team Meeting

Date: Thursday 8, 2018

Time: 5pm – 7pm

Location: ENB 313

Weekly Friday Meeting

This Friday @inferno will be giving a talk about Doxing, what it is and how it works along with a demonstration of Doxing.

Date: Friday 9, 2018

Time: 5pm – 7pm

Location: EDU 252

Oshien Nellissery

WCSC Secretary

Hello Whitehatters,

We have a date and location for the Blue Team meetings. We will be meeting every Thursday at 5 pm in FAO 168 unless otherwise noted.

The Exploitation meeting times and dates are still in the works so please be on the look out for that!

Our general meetings will always be on Fridays at 5:00 PM (in EDU 252). But always check your email to make sure a specific meeting was not canceled.

This Friday at 5 pm, our previous president, Brad Daniels, will be giving a talk.


Farooq Shaikh

WCSC President

Hey there Whitehatters,

This Friday at 5pm Elias Torres, CTO and Co-founder of Drift, a Boston-based startup and USF alum, will be visiting us. He will be talking about what the company does and the challenges he faces as a CTO. They are also expanding to the Tampa Bay area and are interested in hiring.

Exploitation meeting and Blue Team meeting times will not be affected.

Oshien Nellissery

WCSC Secretary

Exploitation Meeting

Date: January 30, 2018

Time: 5 pm – 7 pm

Location: ENB 337

Blue Team Meeting - This Thursday we will be introduced to the Windows Internet Information Services (IIS). Ensure you download Windows Server 2016 from https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016 and have the ISO installed and running before the meeting. The lecture will be led by Farooq (@bao).

Date: February 1, 2018

Time: 5 pm – 7pm

Location: ENB 337

Weekly Friday Meeting – This week Kevin Dennis (@ktrio) and Farooq (@bao) will be going over some of the challenges on pwnable.kr

Date: February 2, 2018

Time: 5 pm – 7 pm

Location: EDU 252


Oshien Nellissery

WCSC Secretary

Hello Whitehatters,

Blue Team: be every Thursday at 5 pm in FAO 168 unless otherwise noted.

This Friday (5 pm) in EDU252: we will be having Kevin Orr (Vice President) will be holding the Binary Exploitation Meeting.

“This week we will have our binary exploitation meeting. If you went to Brad's meeting last week, we learned about basic reverse engineering skills and got a taste of Binary Ninja. I will go over some of the other basic tools we use and start to explain how C code is compiled into machine code. Before we meet on Friday, please have a Linux VM ready. I've posted instructions in a github repo that we will be using ( https://github.com/KevOrr/ctf-training/blob/master/2018-01-26/pre-meeting.org ). If you have any questions, shoot me a message on slack @kevin or drop a message in #general” - Kevin Orr


Oshien Nellissery

WCSC Secretary

Hello Whitehatters,

We have a date and location for the Blue Team meetings. We will be meeting every Thursday at 5 pm in FAO 168 unless otherwise noted.

The Exploitation meeting times and dates are still in the works so please be on the look out for that!

Our general meetings will always be on Fridays at 5:00 PM (in EDU 252). But always check your email to make sure a specific meeting was not canceled.

This Friday at 5 pm, our previous president, Brad Daniels, will be giving a talk.


Farooq Shaikh

WCSC President

Hi Everyone,

The Whitehatters Computer Security Club will be having its first official meeting of the spring semester.

Date: Friday 12th, 2018

Location: EDU252

Time: 5:00 PM


We will be talking about the club and its activities along with multiple hacking demos by club members.

Our website has all the information you need to get started including a beginner friendly guide. https://www.wcsc.usf.edu/

Two important communication channels are:

- Mailing List [http://lists.acomp.usf.edu/mailman/listinfo/wcsc]

-Slack [send an email to president@whitehatters.org or wcscsecretary@whitehatters.org to get added to slack]

Hope to meet you all this Friday and have an amazing semester.

Oshien Nellissery

WCSC Secretary

We are not having a meeting this Friday as USF will be closed.

(6:30 PM) Tuesday: Blue Team's (defense) meeting.

Location: EDU252 is the place of our two weekly meetings.


Patricia Wilthew

WCSC Secretary

We are not having a meeting this Friday as we will be attending the Florida Center for Cybersecurity Conference!

(6:30 PM) Tuesday: Blue Team's (defense) meeting.

Location: EDU252 is the place of our two weekly meetings.


Patricia Wilthew

WCSC Secretary

Hello Whitehatters!

(5:00 PM) This Friday: We’ll be playing Pwn2Win CTF (https://ctftime.org/event/427). Come and join for this unusual and interesting CTF (and food)!

(6:30 PM) Tuesday: Blue Team's (defense) meeting.

Location: EDU252 is the place of our two weekly meetings.


Patricia Wilthew

WCSC Secretary

Thank you to everyone who came out for the CSAW Quals! (two weeks ago).

Writeups for the challenges we solved will be going up on our GitHub repo over the next few days: https://github.com/WCSC/writeups

If you have a write-up to contribute please let me know and I'll give you write permissions on GitHub.

(5:00 PM) This Friday: We’ll be going reviewing some of the challenges we solved from CSAW Quals. This is great opportunity for everybody to learn what CTFs are about and why they are a great way to develop new skills and learn interesting cyber-stuff!

(6:30 PM) Tuesday: Blue Team's (defense) meeting.

Location: EDU252 is the place of our two weekly meetings.


Patricia Wilthew

WCSC Secretary

(5:00 PM) This Friday: From the perspective of the security consulting industry, we invite Jonathan Singer, a Senior Security Consultant working with companies to find gaps in their enterprise. He will discuss how he broke into the security industry and what his day-to-day tasks include, at least what he can share with us sans NDA.

(6:30 PM) On Tuesday: Blue Team's (defense) meeting.

Location: EDU252 is the place of our two weekly meetings.


Patricia Wilthew

WCSC Secretary

(5:00 PM) This Friday: We will have Alan Gay from LGS Innovations as a guest. He is an Embedded Software Engineer and he wants to share with us what his company does as U.S. Department of Defense contractor. He is looking forward to meeting Whitehatters who are interested in Summer internships.

(6:30 PM) On Tuesday: Blue Team's (defense) meeting.

Location: EDU252 is the place of our two weekly meetings.

Hope to see you there!


Patricia Wilthew

WCSC Secretary

(6:30 PM) Today: Blue Team's (defense) meeting!

(5:00 PM) This Friday: We have duck coming in from out of town to give us a guest lecture on x86 architecture! This talk will be useful to anyone wanting to get into binary exploitation and reverse engineering. We highly recommend you attend.

Howdy everyone, I'm Sean (duck on Slack). I graduated a couple years back, but I like to still visit and give back to the club. I will start with presenting on some x86 basics including the stack. This will be helpful for those of you working on getting your feet wet with exploitation and reverse engineering. After that, I'll go somewhat in depth with a proof-of-concept and exploration of some Intel processor misbehavior. Get ready for `mmap`ing to address 0, shellcode, and C programs with inline assembly.

Location: EDU252 is the place of our two weekly meetings.


Patricia Wilthew

WCSC Secretary

Hello, Whitehatters!

As campus reopens on Thursday, we will have our regular meeting this Friday.

(5:00 PM) This Friday we will play CSAW Qualifications CTF (https://csaw.engineering.nyu.edu/ctf)! And we will order pizzas.

(6:30 PM) On Tuesday: Blue Team's (defense) meeting.

Location: EDU252 is the place of our two weekly meetings.

Hope to see you there!


Patricia Wilthew

WCSC Secretary

We are not having a meeting this Friday. USF will be closed.

Hi, Whitehatters!

Good news! We have a date and location for our Blue Team meetings. We will meet every Tuesday at 6:30 PM at EDU 252 unless otherwise noted.

Our general meetings will always be on Fridays at 5:00 PM (also in EDU 252). But always check your email to make sure a specific meeting was not canceled.

This Friday at 5:00 PM, I will go over Linux and the CLI; hopefully we have some time left to write some Bash scripts. Please make sure you have any form of Linux available. Get yourself a nice virtualizer (VirtualBox, VMware) and create a virtual machine of any Linux distribution you like!

We are looking forward to seeing you!


Patricia Wilthew

WCSC Secretary

Here are my slides from last Friday's talk.

WCSC Intro Talk Fall 2017

Thanks everyone for coming out!


Brad Daniels

WCSC President

Welcome, everyone!

Whitehatters will have the first official meeting of the new Fall semester this Friday at 5 PM in EDU252.

We will show some demos, and we will introduce former members to the club. If you have not already noticed, the Whitehatters calendar has been updated, and if you haven't subscribed to the mailing list, now it is a great time to do so. Slack is our primary chat room. To be added to our Slack team, please send an email to wcscsecretary@whitehatters.org

This semester, we will hold our general meetings at 5 PM on Fridays at EDU252 (4202 E Fowler Ave, Tampa, FL 33620).

We also plan on having CTF workshops most Saturdays at 1 PM, but each one will be announced beforehand.

During Fall, our CTF Team will participate in at least 5 CTFs... We need you! So now it is the best time to sudo apt-get good. To learn more about CTFs and their importance, read this.

Additionally, by the end of Fall, we will hopefully have selected the students that will make up the Blue Team to represent WCSC in SECCDC.

Looking forward to a busy and awesome Fall semester. See you all on Friday.


Patricia Wilthew

WCSC Secretary

Hi Whitehatters,

We've made a new CTF practice board running on CTFd!

We aim for it to be a repository for all Whitehatter created CTF challenges. There are a number of beginner friendly challenges, so if you're new it's a great way to build up your CTF skills if you're new.

If you have any challenges you've created as a Whitehatter please feel free to send them to me and I'll put them up.

We're also accepting challenge submissions from Whitehatters to be included in the CTF we're putting on for the Florida Center for Cybersecurity Conference in October. More details about the CTF are coming soon.

Thanks,

Brad Daniels

WCSC President

Hey, all!

This summer, Whitehatters contributed to the CyberCamp 2017. This camp was designed to introduce high school kids to the field of cybersecurity, giving them some experience with technical skills, and providing opportunities to talk with cybersecurity students and professionals over the course of 5 days. We had a lot of fun teaching them about Raspberry pi, the Linux CLI, basic Python scripting, networking, and more.

Additionally, Whitehatters who participated in this summer camp were able to attend DEFCON25 in Las Vegas, NV!

Thanks to all of you who participated in the CyberCamp. Hopefully, we will have more opportunities like this one in 2018.


Patricia Wilthew

WCSC Secretary

Hi Whitehatters,

Hopefully, you are all having a great summer.

On Friday @5:00 P.M., we will be joining Jonathan Singer at ISA 5021.

Jonathan started as a member of WCSC who later founded HackUCF. He is a Senior Cybersecurity Engineer at GuidePoint Security and a master's student of Information Assurance.

Introduction to Practical Security in Application Development.

Maybe you have heard of the OWASP Top 10, and maybe you have not. For those that have, the importance is widely understood for all application developers from a security standpoint. And for those have not, be prepared for an introduction to practical security in application development. This information will apply to all facets of applications including web and enterprise software.

During this talk, we will discuss each of the Top 10 application security risks in depth, provide some examples and solutions, and even companies that have been affected by these vulnerabilities in the real world. Expect to walk away with a better understanding of what application developers face from a security risk point of view.


Patricia Wilthew

WCSC Secretary

Hi Whitehatters,

Congratulations to our sophomore WCSC members who won 2nd place in the Raymond James CTF this past Saturday!

As a reminder, we will not have more meetings this semester.

See you next Fall, 2017


Patricia Wilthew

WCSC Secretary

Hey Whitehatters,

For this week,

Thursday at 6:30 PM: ReliaQuest, the sponsor of our club, will host a Cybersecurity talk in our meeting room (ISA 5021). "Through a focus on training and development of highly motivated individuals who deliver customized security services, ReliaQuest enables rapid maturity of its customers' security programs. ReliaQuest is a force-multiplier, helping organizations remain secure and compliant as the world of IT security rapidly changes".

Last meeting of the semester, Friday at 5:00 PM: Presentation on Filesystems [Definition, Uses, Types, and Examples] by @patrixia in ISA 5021. I will also share a script I wrote to solve the problem of having inaccurate available-space numbers in an all-flash array storage such as XtremeIO (Content Aware Storage) caused by the way Linux's filesystems work.

We will get food and beers afterward! We hope to see you all.


Patricia Wilthew

WCSC Secretary

Hello WCSC folks!

Wednesday at 6:30 PM: We'll go over some Hacking challenges!

Thursday at 6:30 PM: As always, practical CTF meeting with @nullp0inter.

Friday at 5:00 PM: "Python: Tips, Tricks, and Aberrations" by our special guest @duck

Meeting place: ISA 5021.


Patricia Wilthew

WCSC Secretary

Hello all,

For this week,

Wednesday at 6:30 PM: Application Program Interface (API) and Security with @kclonts.

Thursday at 6:30 PM: Practical CTF meeting with @nullp0inter.

Friday at 5:00 PM: We will have our general club meeting and will get dinner and drinks afterward.

Meeting place: ISA 5021.

Patricia Wilthew

WCSC Secretary

Hi, Whitehatters!

For this week,

Wednesday: We will have a speaker in ISA 5021 at 6:30 pm.

Richard Rauscher, PhD – Richard Rauscher has been working with and supporting Internet technologies for 30 years. He has been responsible for cybersecurity for several organizations including the USF College of Engineering. He was the first information security officer for Moffitt Cancer Center. Most of his career has been spent as an IT leader at various academic health care organizations. He is currently the Executive Vice President of Miva, Inc., an e-commerce (PaaS) company.

He will present a short talk on historical perspectives of cybersecurity based on his own experiences (1987-2016). He will also discuss the current state of cybersecurity, focusing on health care.

Thursday: Practical CTF meeting with @nullp0inter in ISA 5021 at 6:30 pm.

Friday: We will have a speaker In ISA 5021 at 5:00 pm.

From the perspective of the security consulting industry, we invite Jonathan Singer, a Senior Security Consultant working with companies to find gaps in their enterprise. He will discuss how he broke into the security industry and what his day-to-day tasks include, at least what he can share with us sans NDA.


Patricia Wilthew

WCSC Secretary

Just a reminder that we're playing in 0CTF this weekend starting at 8pm tonight. It runs for 48 hours and will end at 8pm on Sunday.

To play for with our team please join us on #openctf on Slack.


Brad Daniels

WCSC President

Hi there,

For this week:

Wednesday at 6:30 PM: @bao will make a presentation about Access Control Lists (ACL).

Thursday: Canceled.

Friday at 5:00 PM: We will have our general club meeting and will head to Dbaks for dinner and drinks afterwards!

We will not have meetings in Spring Break.


Patricia Wilthew

WCSC Secretary

Because of midterms, Wednesday and Friday meetings are canceled.

Thursday: Practical CTF meeting with @nullp0inter in ISA 5021.

Friday @ noon, iCTF:

This weekend we will be playing the iCTF starting at Friday noon. It's an attack-defense CTF and people who are playing will need to find vulnerabilities and be in the same room.

We will decide the meeting place (ISA 5021 or our hackerspace) after we have a headcount of the people playing. If you want to join us (which you should), message me @patrixia in Slack or @brad_d and we will add you to a private channel.


Brad Daniels

WCSC President

This Friday the Whitehatters will be exhibiting at the engineering expo: http://expo.eng.usf.edu/

Wednesday meeting is canceled

Thursday: Ian (@nullpointer) will hold the practical reverse engineering session/workshop.

Friday meeting is canceled.

Meeting place: ISA 5021.

Meetings during Spring 17:

  • Wednesdays @ 18:30;
  • Thursdays @ 18:30;
  • Fridays @ 17:00.


Patricia Wilthew

WCSC Secretary

Hey Whitehatters,

Tomorrow we will be at the Involvement Invasion from 11:00 to 13:00 in the MLK West Lawn.

Our first meeting of the semester will be held this Friday, January 13th @ 17:00 in ISA 5021. Our new club President, Brad Daniels, will introduce the club to new members and talk about our plans for the semester.

Wednesday and Thursday meetings will commence next week (January 18th and 19th).

Meetings: During the Spring semester, we will still meet three times a week:

  • Wednesdays @ 18:30;
  • Thursdays @ 18:30;
  • Fridays @ 17:00.

New Officers: The club elected new officers for 2017.

  • President: Brad (@brad_d);
  • Vice President: Farooq (@bao);
  • Secretary: Patricia (@patrixia);
  • Treasurer: Kyler (@kclonts).


Patricia W.

WCSC Secretary

Hi Whitehatters,

https://i.redd.it/e5uylwsqzizx.jpg

We'll be holding all three regular meetings this week before the month-long winter break. During the break we'll still be active on Slack and IRC if you wanna hack stuff. We might plan some informal meetups over the break as well so stay tuned on Slack.

Wednesday: 6:00 PM in ISA 5021 we'll be holding our regular practical security meeting.

Thursday: 6:30 PM in ISA 5021 I will show you how to exploit a CTF challenge and get a shell via a ret-to-libc exploit. I'll talk about ASLR, leaking memory, and tools and techniques for exploiting vulnerable services.

Friday: 5:00 PM in ISA 5021, @nullp0inter will wrap up the semester for us by giving an intro to return-oriented programming.


Thanks,

Brad Daniels

WCSC Secretary

Due to the holiday we will not be having any Whitehatter's meetings this week. We'll still be hanging out on Slack and IRC if you get bored though!

Thanks,

Brad Daniels

WCSC Secretary

Thank you to everyone who came out last weekend for the CSAW Quals! The competition is over, but the challenge board is still available if you want to practice or follow along with some writeups: https://ctf.csaw.io/

Writeups for the challenges we solved will be going up on our GitHub repo over the next few days: https://github.com/WCSC/writeups

If you have a writeup to contribute please let me know and I'll give you write permissions on GitHub.

Wednesday: Wednesday at 6PM we'll be covering more Windows material. Make sure you're running the Windows 10 VM that was posted in the #ccdc channel. If you have any trouble setting it up please let us know on #ccdc.

Thursday: 6:30 PM in ISA 5021 we'll be reviewing some of the more difficult challenges from CSAW Quals.

Friday: 5:00 PM in ISA 5021 we'll be going over some of the more beginner-friendly challenges that we solved at CSAW last weekend. Afterwards we'll be heading to Dunderbaks for food and drinks.

TUM CTF: Next Friday 9/30 at 12 noon TUM CTF kicks off. We encourage everyone to play. If you don't have much CTF experience go ahead and ask on Slack and we can provide you with plenty of good CTF training resources.


Brad Daniels,

WCSC Secretary

Wednesday: At 6PM in ISA 5021 we'll be diving into Windows. Please bring a laptop with a Windows 10 Professional VM installed and ready to go.

Thursday: 6:30 PM in ISA 5021, we'll be going over some CTF challenges. If you want to get some practice in before CSAW Quals this is a good chance.

Friday: 5 PM in ISA 5021 we'll be competing in the NYU CSAW CTF Qualification round. The competition begins at Friday 6 PM and ends at 6 PM Sunday 9/18. We'll be in the lab all weekend playing.

To play in the CTF make sure you're in the private #ctf channel on Slack (message me or another officer for access).

We encourage people of all experience levels you to come out and play. This is a collaborative effort so the more heads we have tackling challenges the better we'll do. Come out even if you just want to shoulder-surf.


Brad Daniels

WCSC Secretary

Thank you to everyone who still participated in the Thursday and Friday meetings online last week even though the campus was closed.

Wednesday: 6 PM in ISA 5021, we'll be covering the basics of networking. No matter what topics you're interested, this will be an important meeting. Networking basics are essential to being able to administer any kind of system. Bring a laptop.

Thursday: 6:30 PM in ISA 5021. We're going to have our first in-person meeting of the 0x28 CTF team in this room. Xan will be around this week so he'll be leading us though some past CTF challenges to see what we can learn from them.

Friday: 5:00 PM in ISA 5021. I'll be giving a presentation on getting around firewalls with DNS tunnels. I'll go over some of the common security measures that are put in place in organizations to stop data exfiltration and the circumvention of security policies. Afterwards the crew will be heading out for drinks at Dunderbaks.

CSAW Quals: CSAW Quals start September 16th. If you've never played a CTF before you're welcome to join. It's a good idea to review some of last years CSAW Quals writeups here: https://github.com/ctfs/write-ups-2015/tree/master/csaw-ctf-2015. There are plenty more CSAW write-ups from other years available as well.


Brad Daniels

WCSC Secretary

Hi Whitehatters,

Thank you to everyone who showed up to our Intro meeting last Friday. There were at least 80 of you in attendance which is more than I've ever seen at a Whitehatter's meeting.

If you liked what you heard and want to know how to get more involved check out our New Members guide here: http://www.wcsc.usf.edu/noobs

If you're new run through OverTheWire.org's Bandit challenge. It'll teach you a lot of the basic UNIX CLI tools you'll need to play in CTF competitions. http://overthewire.org/wargames/bandit/

Xan's slides from Friday are available here: https://drive.google.com/open?id=10cP7pK9eKjivz2W6xTzjFlYGWwoiu_hAXR2FM7DN_r8

Wednesday: At 6:00 PM in ISA 5021 we'll be having our first Practical Security meeting of the semester. Wednesdays will feature hands-on guidance in securing and administering Windows and Linux systems with several Whitehatter veterans and alumni standing by to offer support. If you want to learn real world skills in network security that you can add to your resume, come out to Wednesday and get involved.

Thursday: 6:30 PM in ISA 5021 will be our first ever CTF training meeting. This meeting is designed to strengthen our CTF skills by solving CTF challenges together as a team. This will not be as beginner friendly as Wednesday and Friday, but anyone is welcome to come out and participate. Bring some Linux. @nullp0inter just compiled an Ubuntu 14.04 ISO with a lot of hacking tools pre-installed. If something is broken be sure to pester him on Slack. Download here and check it out: https://drive.google.com/file/d/0B-r6ID_je1xmZU1wYk02Rk1HV0U/view

Friday: This Friday at 5:00 PM in ISA 5021 @nullp0inter will be giving a talk on basic buffer overflows. If you're new to CTFs it will be a great talk that will provide you with a good starting point in binary exploitation. Bring some Linux or at least a C compiler to follow along. Afterwards we'll be heading out for drinks, which is a great way to get to know everyone in the club.

IceCTF: The competition is over, but the challenges are still up if you want to practice. It's a great CTF with challenges for all skill levels. If you get really stuck, check out our write-ups on GitHub, but please, try your best to do it on your own, you'll learn a lot more.

IceCTF: https://play.icec.tf/challenges/

Writeups: https://github.com/WCSC/writeups/tree/master/icectf-2016


Brad Daniels

WCSC Secretary

Thanks for everyone who attended our first meeting. We had such a great turnout with over 70 people. For our new members we hope you found it interesting and we will see you next week! Don;t forget to subscribe to the calendar and to our mailing list.

Here are the slides from yesterday.

https://drive.google.com/open?id=10cP7pK9eKjivz2W6xTzjFlYGWwoiu_hAXR2FM7DN_r8

Also if your interested the ICEctf still has its challenges up and write-ups are out. This is a good intro ctf and if you have time you should take a look at it.

https://icec.tf/

Xan

WCSC President

It's been an exciting summer for the Whitehatters. The two summer camp programs we put on with FC2, GenCyber and PreCollege Cyber Defense Boot Camp, went very well. It's looking good that both of those programs will be happening again next year. The camps provided us with the means to cover airfare, hotel, and registration for Whitehatters to attend DEF CON 24 in Las Vegas. Thank you to all those who helped out.

Meetings: Our first meeting of the semester will be held this Friday August 26th at 5 PM in ISA 5021. Club President Kris (Xan) will introduce the club to new members, and talk about our plans for the semester.

Wednesday and Thursday meetings will commence next week.

IceCTF: Several of our members have been playing the IceCTF lately. It's a really fun CTF with tons of challenges for all skill-levels. It ends Friday at noon. You can get started at https://play.icec.tf/, but be sure to check out #ctf on Slack to play with the rest of the Whitehatters.


Brad Daniels

WCSC Secretary

Thanks to all of you who helped out with GenCyber and Precollege and got your free trip to DEFCON. Everyone was really impressed with how it turned out.

Since we're all recovering from DEFCON and getting ready to start the semester, we are not having any meetings this week. Stay tuned to the mailing list and Slack for updates on when the next meeting will be.


Brad Daniels

WCSC Secretary

Due to our involvement in GenCyber and PreCollege, and the subsequent trip to DEFCON in Las Vegas, we will not be holding any meetings until August 10th.

Enjoy the rest of your summer break!


Brad Daniels

WCSC Secretary

CTF: Boston Key Party is coming up March 4th through 6th. https://ctftime.org/event/252

Wednesday Meeting: Tomorrow at 6PM we will be meeting in ISA 5021 to go over Wi-Fi security. Please bring a Kali install and a Wi-Fi card that supports monitor mode to join in on the fun.

Friday Meeting: Our flagship meeting is at 5PM every Friday in ISA 5021.

Below is our tentative presentation schedule:

2/26: brad_d, Windows authentication

3/4: nullp0inter, buffer overflow

3/11: ReliaQuest, Cybercrime and Blackhat hackers

If you want to present at Whitehatter's please send me an email with your topic idea and any date restrictions.

You don't have to be a hacking prodigy to present. If you're working on something cool, or want to learn something new, preparing a presentation is a great way to sharpen your understanding on a topic. You can review past presentations on our GitHub.

Brad Daniels

WCSC Secretary

Blue Team Wednesday: Today at 6PM in ISA5021, we're going to be reviewing our performance at SECCDC Quals. We'll be going over what we could have done better during the competition, and the future direction of the Wednesday meetings. We'll be discussing the summer pre-college program, and opportunities for an expenses-paid trip to DEFCON 2016.

0x28 Council: WCSC is restarting the 0x28 Council. The council is a group of club members who play a more active role in the club. Council members will be expected to contribute more to the club, but in return, have a greater voice in club decisions, and greater involvement in special projects and work opportunities. More details on the 0x28 council will be discussed today at the Wednesday meeting, and again at the Friday meeting.

Expo: Tomorrow at 5PM we will be meeting up in the ISA5021 lab to go over our plans for the USF Engineering Expo. This is a great opportunity to get more active in Whitehatters. To get involved, please message nullp0inter on Slack or IRC, or email him at ian@whitehatters.org.

Friday Meeting: This Friday at 5PM in ISA 5021, we will hold our regular Friday meeting. Xan will be giving a talk on Malware Analysis that you should not miss. Afterwards, we'll head to Dunderbaks for drinks and food.

Keeping in Touch: Our main IRC channel is #wcsc on irc.hackint.org:9999. Please use SSL. Much of the chatting has moved to Slack now. If you haven't been added to the WCSC Slack please email Xan at kris@whitehatters.org.


Brad Daniels

WCSC Secretary

Watch this 2010 short doc about the Whitehatters! https://www.youtube.com/watch?v=TvmaCNJnSZ8

Wednesday Blue Team: Tomorrow night at 6 PM in CIS 1035 we will be having our next Blue Team meeting. If you want to get practical hands on experience administering and securing Linux and Windows systems, come join us! It's never too late to get involved.

Friday Meeting: This Friday, Dec. 4th at 5 PM in CUTr 202 we will be having our last regular WCSC meeting of the semester. Cybersecurity professional Brandon Ward of Raytheon SI will be giving a talk on using emulators to find bugs.

Bull Market: nullp0inter, GH0S1 and others will be out in front of the Marshall Center tomorrow for Bull Market. Come by and check out our table tomorrow between 8:30 and 3.

Good luck on finals everyone!


Brad Daniels

WCSC Secretary

Blue Team: Tonight at 6pm in CIS 1035, we're having our weekly Blue Team meeting. It's not too late to get involved! If you want to join the Linux team please bring Ubuntu 14.04 and CentOS 7 VMs. If you wanna join the Windows team bring a Windows Server 2012 R2 VM, which you can get through Dreamspark.

For Linux command line practice, OverTheWire.org has a great wargame for learning the basics at http://overthewire.org/wargames/bandit/

Don't sell yourself short and look up the solutions! Use the man command for help!

CigarCitySec: After the Blue Team meeting, we'll be heading over to CigarCitySec for beers. CigarCitySec is a monthly informal gathering of Tampa Bay computer security professionals. More information can be found at http://cigarcitysec.com/.

If you need a ride, let us know on IRC or Slack.

Friday Meeting: 5pm this Friday in Cutr 202, former WCSC president rastii will be giving a talk on SQL Injection! He has challenges ready for all experience levels after the presentation. It should be a fun evening. Afterwards, we'll be hitting up Dunderbaks, as usual.

Keeping in Touch: Our main IRC channel is #wcsc on irc.hackint.org:9999. Please use SSL. If you haven't been added to the WCSC Slack please email Xan at kris@whitehatters.org.

Brad Daniels

WCSC Secretary

A couple of us from WCSC made it out to the third meeting of CigarCitySec last night. Hopefully it will continue to keep growing. It's a really awesome time to meet people in the Tampa security community. If you haven’t been yet come join us next month. Meeting dates are on the WCSC calendar.

http://cigarcitysec.com

https://twitter.com/cigarcitysec


Welcome Everyone!

This Friday (January 23) in MSC 2703 at 5pm Whitehatters will start the first official meeting of the new Spring semester. I wanted to take some time to welcome new and past members who will be joining us.

If you have not already noticed the Whitehatters calendar has been updated and if you haven't subscribed now is a great time to do so. Whitehatters Calendar

Last week, Whitehatters competed in Ghosts In The Shellcode accomplishing some great work for our first CTF of the new year. Hopefully, we will have write-ups of some of the challenges up soon.

This semester we have some great events planned out. USF Engineering Expo is coming up on February 13th and 14th and Whitehatters will be there once again. It will be exciting to show off our new demo this year related to cyber security. Of course, CTFs are important to the club and Whitehatters will be out in full force this semester competing in Boston Key Party, PlaidCTF, SECCDC, and several others before finishing out the semester with DEFCON 23 Quals.

If you haven't already, you should join the discussion with our several communication outlets including our...

Mailing List

IRC: irc.hackint.org/9999 #WCSC

Twitter

Bullsync


Looking forward to a busy and awesome Spring semester.

See you all on Friday!


Xan

WCSC President