Meeting 1 Spring 2024

 Posted on January 29, 2024  |  1 minutes  |  184 words  |  Andrew Bernal

Meeting 1: BeEF Welcome to the UML Cyber Security Club meeting 1. We have the great Felix Installation sudo apt install beef-xss ip a or ifconfig to get your ip address sudo beef-xss Web UI username is beef, the password is whatever you set Send your friends a link to http://<your IP>:3000/demos/butcher/index.html Stop the program with sudo beef-xss-stop [Read More]

Meeting_6

 Posted on October 18, 2023  |  1 minutes  |  61 words  |  Andrew Bernal

Meeting 6

https://play.picoctf.org/

Possible Challenges

Stego:

  • “So Meta”
  • “WhitePages”
  • “l33t haxor” Reverse Engineering:
  • “Vault Door Training”
  • “Vault Door 3”
  • “Time’s Up” Web:
  • “dont-use-client-side”
  • “Client-side-again”
  • “Open-to-admins”
  • “Empire1” SQLi:
  • “logon”
  • “Irish-Name-Repo”
  • “Irish-Name-Repo 2” Cryptography:
  • “Caesar”
  • “la cifra de”
  • “Syruptitious Lizard” Binary Exploitation:
  • “handy-shellcode”
  • “leap-frog”
  • “OverFlow 1” Forensics:
  • “Strings it”
  • “unzip”
  • “So many files” Networking:
  • “Shark on wire 1”
  • “Shark on wire 2”
  • “Insp3ct0r”

Meeting_5

 Posted on October 11, 2023  |  7 minutes  |  1447 words  |  UML Cyber Security Club

Meeting 5: Buffer Overflows View the files on github at: https://github.com/UML-Cyber-Security/Fall_2023/blob/main/Meeting_5_Buffer_Overflows/lab_5.md Table of Contents phase1.c phase2.c phase3.c Step 1: Identify the Vulnerability Step 2: Leak the Canary Step 3: Locate Relevant Gadgets for ROP Step 4: Craft the Exploit Step 5: Execute the Exploit Defenses Against Buffer Overflows Stack Canaries (Stack Guard) Address Space Layout Randomization (ASLR) Non-Executable Stack (NX Bit) Bounds Checking Safe Libraries Code Reviews and Static Analysis Runtime Protection Control-Flow Integrity (CFI) Relocation Read-Only (RELRO) Further Reading Exploring Buffer Overflows with phase1. [Read More]

Meeting_4

 Posted on October 4, 2023  |  3 minutes  |  507 words  |  UML Cyber Security Club

For better access to the files, go to the github: https://github.com/UML-Cyber-Security/Fall_2023/blob/main/Meeting_4_Bad_Encryption/lab_4.md Meeting 4 I encrypted my plan to take over the world. To stop me, you must decrypt my plan. The plan is stored in text files, for example phase1.txt. Each section links to its relevant phase.txt file. Table of Contents 1: Caesar Cipher 2: Substitution Cipher 3: Vigenère Cipher 4: Playfair Cipher 5: RSA Cipher 1: Caesar Cipher I suggest you use brute force to crack the Encrypted file [Read More]

Meeting_3

 Posted on September 27, 2023  |  4 minutes  |  717 words  |  UML Cyber Security Club

Meeting 3: Physical Security Table of Contents Lockpicking Introduction to Lockpicking Common Tools and Their Uses Lockpicking Techniques Ethical Considerations Devices Rubber Duckies Ducky Script Creative Devices Defending Yourself from USB Attacks Lockpicking https://simmer.io/@Xill/lockpick-simulator Move the tool with Q, E, WASD, and use the slider on the bottom to increase tension. Introduction to Lockpicking Lockpicking is the art of manipulating the components of a mechanical lock without the original key to open it. [Read More]

Meeting_2

 Posted on September 20, 2023  |  13 minutes  |  2678 words  |  Andrew Bernal

Meeting 2: Metasploit Goals: We have 4-5 vulnerable machines set up Table of Contents [Setting up Vulnerable VM](#Setting-up-Vulnerable-VM] Connecting to a database Scanning Exploitation Choosing an exploit Searching Online Vuln Database scanning Using a payload Types of payloads Post-Exploitation What is Meterpreter? Further Reading Metasploit Metasploit is a widely used penetration testing framework that helps find, exploit, and validate vulnerabilities in systems. To open Metasploit, type msfconsole in the terminal. [Read More]

Meeting 1

 Posted on September 13, 2023  |  6 minutes  |  1175 words  |  Andrew Bernal

Making a Phishing Payload The content shared and discussed in this club meeting is for educational purposes only I have made a harmless program at https://umlcyber.club/open_notepad.exe for you to download and run as part of your macros. It is totally safe and only opens notepad. These directions can be downloaded at: meeting_1.md You can also view them on github: https://github.com/UML-Cyber-Security/Fall_2023/blob/main/Meeting_1_Phishing_Payloads/lab_1.md For further reading, take a look at: https://github.com/UML-Cyber-Security/Fall_2023/blob/main/Meeting_1_Phishing_Payloads/further_notes.md Table of Contents Social Phish Macros Windows Word Excel Linux RTLO Character Explanation LNK files Using the . [Read More]

Watcher_1

 Posted on September 11, 2023  |  1 minutes  |  112 words  |  Andrew Bernal

You can download the watcher from the /watcher_1.scr or /watcher_2.scr directories. The goal is to have a piece of harmless malware for people to run in the cyber security club meeting. It is also my attempt to learn how processes can persist, and restart each other. When the program runs, it adds itself to the registry to run on startup. Then it downloads its friend program. Then the two of them check to see if notepad is open. [Read More]