EVENTS

We hold events every Tuesday starting at 6.00pm in 78-217 (but online during Covid)

0x00 - WELCOME!

~$

This is the intro event for UQ Cyber Squad - we'll have a meet and greet, a vote for our 2020 exec team, and a short presentation about what you have to look forward to this year.

0x01 - INTRO TO LINUX

~$

This talk will be given by Oliver Collins, founder of QUT WhiteHats. He'll introduce Linux as an OS for ethical hacking, going over the choices you have, some useful commands to know, and the popular pentesting tools to have.

0x02 - GET /NETWORKING HTTP/1.1

~$

No, not that kind of networking. Our very own Haoxi (h4sh) will be taking you through the basics of how computers interact and communicate with each other over the Internet, and how the specifications can be exploited in various ways. Notable topics include an introduction to network layers, the use of Wireshark for monitoring and analysing packets, and how to identify open ports on a system.

0x03 - CRUSTACEANS SHELLS

~$

Heard of shells before? Those small, cone-shaped, deserted bone homes you pick up on the beach? Yeah, this talk has nothing to do with those. This week Tom will walk through (some) of the various ways to 'pop' a shell on a target machine, the use cases for each, and where they fit into the privelege escalation scene. He'll explain how they work, why you want them, and give you some extra tips and tricks too.

0x04 - PRELIMINARY PENTESTING

~$

What's in the box??? Well we can promise it won't be a head... Probably. Richard will explore the basics of identifying and exploiting vulnerabilities on a target machine, with emphasis on the process and execution. While talking about the various ways to attack a machine with the ultimate goal of becoming root, this will also serve as an introduction to the HackTheBox (HTB) platform, an amazingly useful environment to practice in.

0x05 - CRYPTO[TENCUL]

~$

Hiding things hasn't been this exciting since backyard games of hide and seek when you were a kid. Except the stakes here are a tiny bit bigger, and you can't pretend the user can't see your secret just because your secret can't see them... This week Tim and Chris will introduce the concept of Cryptography, it's various implementations (including strengths and weaknesses), and talk about how such a mysterious field has such great significance to the security of our modern-day digital lives.

0x06 - WEB SLINGING

~$

It's your friendly neighbourhood hackerman! And he's here to teach you how to exploit the web! This metaphor probably won't swing much further... Join us as Aidan explains how websites aren't nearly as secure as you once may have thought by exploring some of the common vulnerabilities you may find in a web service (XSS, directory traversal, etc), why they arise in production code, and what you can do to make sure you're not a developer who configures your services to be (too) vulnerable!

0x07 - BIN CHICKENS

~$

Haoxi returns with another exciting talk - this week we move away from the internet a bit, and start to look at binaries compiled for *nix based systems. The world of reverse engineering is vast, and so we'll begin by investigating how code actually runs on a system, how you can manipulate its runtime behaviour, and some general debugging practices. A couple RE challenges from picoCTF will be used to demonstrate how programs can be reversed using various tools, and help show why programming isn't just for developers!

0x08 - SATELLITE HACKING 101

~$

This isn't your typical security talk... With the Hackasat qualifiers coming up, we decided to switch our schedule up to instead provide some topical talks on how satellites work, and how we can exploit them. This is the first of said talks, and will serve as an introduction to the many topics to be covered over the next few weeks, in the lead up to the qualifiers.

0x09 - SATELLITE COMMUNICATIONS

~$

Our resident RE expert Henry also happens to be an RF guru too! And he's here to impart his knowledge to all of us in preparation for Hackasat - after all, satellites have to talk somehow. This week we'll be looking at exactly that, how satellites communicate with ground stations, and with each other via radio, what kind of encodings they use to ensure reliable and comprehendible messages.

0x0A - INTRODUCTORY ASTROPHYSICS

~$

It's everyone's favourite topic - physics! Seriously though, it's awesome. And what's better than an hour long talk on orbital mechanics and the physics behind our universe? An hour long talk on orbital mechanics and the physics behind our universe given by someone who's lived and breathed the space sector at both NASA and SpaceX over the past 30 years! We're incredibly fortunate to be having Mr. Mike Lutomski join us to give an introduction to some of the topics we can expect to be relevant in our research for the upcoming Hackasat competition.

0x0B - WINDOWS AD

~$

Back after a short break (covid related of course), this week's talk is an intro to security for one of the most vulnerable things in existence, Windows Active Directory.

0x0C - MOBILE HACKING

~$

Our very own mobile expert (and not just because he's constantly moving around!) Falzar has prepared a talk on, well, mobiles! More specifically on how to break into mobiles! He'll talk about how the operating system of phones separate themselves from the ones you're used to seeing on laptops and desktops, and how you can go about setting up a debugging environment to search for exploits...

0x0D - VIRTUALISATION

~$

This week Deluqs will give a talk all our Operating Systems students will very much appreciate! The process to setting up a virtual machine using VirtualBox will be detailed, including a live demonstration with Kali. Network configuration, shared file systems and some of the little tips and tricks that vastly improve your virtualisation experience will be shown as well!

0x0E - ANDROID SECURITY WORKSHOP

~$

Behnaz Hassanshahi from Oracle Labs has kindly donated her time and resources to provide us with a workshop this week! This also acts as a follow on from Falzar's Android mobile security talk from Event-0x0C, and is an interactive session! The tools and process to discover and exploit W2AI (Web To App Injection) vulnerabilities were covered, with an example vulnerable app.