Written by Rob
The ASIS CTF 2017 finals were our first CTF as a team (on short notice too!). We managed to complete five of the challenges in total, which ranked us in 98th place out of 590 teams overall, and the highest ranked team in the UK.
Challenge: V.I.R Description Rules are always broken, but not this time!
Categories Warm-up
Solver(s) @Odin_The_Mighty
Solution The flag for this challenge was simply a case of heading over to the rules page, and finding it.
Presented by: Tim
USB devices have been with us now for over 20 years. They have posed a security risk to organisations, which is not always as understood as well as it could be. This workshop will look at USB devices and how they work, including practical exercises in making your own USB keyboard perform tasks on your behalf.
The workshop doesn’t assume any prior knowledge of programming, but a background in C and/or powershell would be useful.
Written by Rob
Challenge: Trust Description I’d like to file a complaint about your website, it doesn’t work correctly.
Categories Web
Points 50
Solution Viewing the page showed a message which seemingly contained the flag:
Most doggos have 4 legs Many doggos have collars with their name or ID number on a tag. The most common tag number is, MCA{C0PYING_1z_d@ng3r0us}. no one really knows why this is such a popular number Doggos make good friends
Presented by: Jay
In this workshop, we’ll look at the common vulnerabilities found in web applications such as XSS, SQL Injection, CSRF etc and learn how to discover and exploit them.
To join in with the exercises, you’ll need a laptop with a web browser, ZAP or burpsuite and Hackazon running inside a VM.
This workshop is aimed at beginners so if you’re already familiar with web app security, you may not get a huge amount from this (although we’d love for you to come along anyway!
Presented by: Tim
An introductory look at the the various tools and techniques for performing man in the middle attacks, as well as the techniques and tips to defend against them.
The presentation will include a few demos of the tools and a show and tell of devices which can be used to make the attacks easier.
For those new to MitM attacks, this is a very powerful technique used to intercept and modify network traffic (which is why encryption is so important!
Presented by: Tom
A talk by one of our members on the common tools and techniques used to break into a server, starting from enumeration and going to full exploitation.
For anyone wanting to play along, please bring a laptop with Kali installed (a virtual machine is okay - make sure you have the latest version of wpscan by running the command “wpscan –update”) as well as a copy of this vm
Presented by: Jay
Software Defined Radio (SDR) is a cheap and easy way to listen to and interact with radio devices. In this workshop, we’ll look at the capabilities of SDR, discuss common weaknesses in radio systems (such as wireless keyfobs and wireless keyboard) and look into ways these can be exploited with cheap and readily available hardware.
For this workshop, you will need a laptop with gnuradio companion, SDR# or qqrx and capable of running SDR drivers (these should all be available in Kali Linux).
Written by Jay
As a Software Guy ™ I tend to be way more comfortable reversing a binary than following the tracks on a chip and it’s for that very reason that I decided to document the process of hacking home routers the hardware way. The end goal, as always, is and see what kind of access can be gained and ideally get access to some kind of shell with root privileges.
Written by Jay
I wanted to be notified of reddit PMs when all computers were off. Unfortuantly I don’t have a phone which can subscribe to RSS feeds so the solution was to create a couple of (quick and dirty) shell scripts which will blink a LED on a modified Buffalo WHR-G125 router running Tomato firmware.
Soldering is required to attach an LED to an unused output pin. If hardware hacking isn’t your strong point (god knows it’s not mine) you should be able to hijack one of the existing LEDs, such as DIAG or ROUTER.
Antfie - 0001-01-01 00:00:00