Cyber Buffet Description

Summer 2022

Workshop Description

We will cover five classes worth of material in a week: Creating attack tools with Python, Cryptography and Cryptocurrency, Threat Intelligence & Incident Response, Exploit Development, and hacking spacecraft and satellites. There are many hands-on projects for each topic, ready to be inserted into your classes.

This workshop is structured as a Capture-The-Flag competition, so each participant can proceed at their own pace. The techniques will be briefly demonstrated, and we will provide tips and help as needed to make sure everyone is able to solve at least some of the challenges.

The participants will not all learn the same thing, but will each learn something new and useful.

All the software used is freely available, and all the projects are copyright-free and available freely on the Web. No textbooks are required. Participants should understand networking and security at the Net+ and Security+ level. No programming experience is required.


Mon: Violent Python 3

Level: Beginner

Even if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. We build tools that perform port scanning, brute-force attacks, crack password hashes, and XOR encryption. Python is among the top three programming languages in the world, for good reason: it's the easiest language to use for general purposes.

Participants need only a computer and a Web browser. No previous programming experience is required.

Tue: Cryptography and Cryptocurrency

Level: Beginner

Learn how blockchains, cryptocurrency, coin offerings, and smart contracts work in a series of challenges. We will also cover the underlying cryptography: hashes, symmetric encryption, and asymmetric encryption. We will configure wallets, servers, and vulnerable smart contracts, and exploit them.

We will configure systems using Bitcoin, Ethereum, Hyperledger, Multichain, Stellar, and more. We will perform exploits including double-spend, reentrancy, integer underflow, and logic flaws.

No previous experience with coding or blockchains is required.

Wed: Threat Intelligence & Incident Response

Level: Beginner

Learn how to gather threat intelligence from public feeds using STIX and TAXII and use them to protect users from attacks with a proxy server.

To handle attacks that do get through, learn how to use these tools for incident response:

No previous experience with these tools is required. A Network+ and Security+ level of networking and security knowledge is recommended.

Thu: Introduction to Exploit Development

Level: Intermediate

Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits incuding buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.

After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data.

We will exploit 32-bit and 64-bit Intel systems, and also ARM-based systems. We will examine modern Windows defenses in detail and how to defeat them, including ASLR, DEP, stack cookies, and SEHOP.

Previous experience with C and assembly language is helpful but not required.

Fri: In Space, No One Can Hear You Hack

Level: Beginner

Learn how satellites move and how they communicate. We will collect data from satellites, decode it, and generate visible images. We will cover these topics:

Posted 1-28-22