Finding A Good Recruiter - 2017-12-22 11:55:50

Written by Shirin Fahri I hear horror stories from candidates and clients about recruiters far too frequently and after getting on my soap box about ethics in the recruitment industry one lunch, I was talked into standing in front of a group of security professionals to offer my advice on how to find a good recruiter. So here’s some excerpts from my brief talk, hopefully you’ll find them useful:

Winning At Interviews - 2017-12-20 20:23:10

Written by antfie After giving some interview advice in the MGH slack channel it was suggested that I might like to deliver a lightening talk on the subject. Sure why not I thought and agreed to share my experience. I set about putting together a 10 minute presentation which turned out to be 15 minutes when I delivered it but it was well received by the group, even though we didn’t have time for questions.

Blogging With MGH - 2017-12-17 17:09:50

Written by Jay Manchester Grey Hats is about bringing the community together and because of that, we wanted to create a blogging platform for anyone wanting to use it. Blogging with MGH is not like blogging with some of the other platforms. It might seem quite complicated and roundabout to start with but it gives us a few benefits: Security. We are using static files so we have a smaller attack surface.

OSINT - Finding Secrets Online - 2017-10-25 18:13:01

Presented by: Brett Every day, every hour, minute, second we spend online posting about what we’ve eaten and where we’ve been we’re creating a massive footprint about ourselves and others that can be scarily easily used against us; of course this can also be used in our favour as well! In this workshop I’ll be giving you a really high-level overview of the capabilities of OSINT and what we can all do with it - from building ideas about our own habits, to criminal organisations, to the spread of ideas around the world.

ASIS CTF 2017 Finals Write Up - 2017-10-09 00:00:00

Written by Rob The ASIS CTF 2017 finals were our first CTF as a team (on short notice too!). We managed to complete five of the challenges in total, which ranked us in 98th place out of 590 teams overall, and the highest ranked team in the UK. Challenge: V.I.R Description Rules are always broken, but not this time! Categories Warm-up Solver(s) @Odin_The_Mighty Solution The flag for this challenge was simply a case of heading over to the rules page, and finding it.

When USB Devices Attack - 2017-09-29 18:13:01

Presented by: Tim USB devices have been with us now for over 20 years. They have posed a security risk to organisations, which is not always as understood as well as it could be. This workshop will look at USB devices and how they work, including practical exercises in making your own USB keyboard perform tasks on your behalf. The workshop doesn’t assume any prior knowledge of programming, but a background in C and/or powershell would be useful.

STEM CTF Cyber Challenge 2017 Write Up - 2017-09-16 00:00:00

Written by Rob Challenge: Trust Description I’d like to file a complaint about your website, it doesn’t work correctly. Categories Web Points 50 Solution Viewing the page showed a message which seemingly contained the flag: Most doggos have 4 legs Many doggos have collars with their name or ID number on a tag. The most common tag number is, MCA{C0PYING_1z_d@ng3r0us}. no one really knows why this is such a popular number Doggos make good friends

Web Application Hacking Workshop - 2017-08-23 18:13:01

Presented by: Jay In this workshop, we’ll look at the common vulnerabilities found in web applications such as XSS, SQL Injection, CSRF etc and learn how to discover and exploit them. To join in with the exercises, you’ll need a laptop with a web browser, ZAP or burpsuite and Hackazon running inside a VM. This workshop is aimed at beginners so if you’re already familiar with web app security, you may not get a huge amount from this (although we’d love for you to come along anyway!

Man in the Middle attacks - 2017-07-26 18:13:01

Presented by: Tim An introductory look at the the various tools and techniques for performing man in the middle attacks, as well as the techniques and tips to defend against them. The presentation will include a few demos of the tools and a show and tell of devices which can be used to make the attacks easier. For those new to MitM attacks, this is a very powerful technique used to intercept and modify network traffic (which is why encryption is so important!

From Z3r0 to n00bie - 2017-03-29 18:13:01

Presented by: Tom A talk by one of our members on the common tools and techniques used to break into a server, starting from enumeration and going to full exploitation. For anyone wanting to play along, please bring a laptop with Kali installed (a virtual machine is okay - make sure you have the latest version of wpscan by running the command “wpscan –update”) as well as a copy of this vm