Infosec SIG
Contents
Purpose
Learn information security via hands on infosec labs and CTF challenges.
Classes / Workshops / Events
Hardware Hacking
TBA
Skill level: Varies <Master|Grand Bastard|Neo> Event Schedule:
- TBA
Locksmith Class 101
Come out and learn hands on how locks, tumblers, and picks work.
All skill welcome, none required. A set of tools and locks will be provided to share but feel free to bring your own.
Free copy of the MIT Guide to Lock Picking will be available after class and patreon supporters/Committee donors will get a Yoopik Lock Set w/Clear Lock.
Skill level: Varies <Neophyte|Initiate>
Event Schedule:
- Presentation on basics of locksport
- Hands on lab
Capture The Flag (CTF)
The Hackerspace Committee will be hosting infosec training sessions and a Capture The Flag (CTF).
C'mon down to the makerspace for some late night hacking. Do some networking with other security professionals, get your laptop setup for security.
Each CTF grants 1 CPE credit hour for either EC-Council or ISC2 infosec certifications.
Skill level: Varies <Neophyte|Initiate|Master|Grand Bastard|Neo> (typically Neophyte or Initiate with invites to higher levels)
Event Schedule:
- Keysigning (sharing gpg keys via keybase.io and linkedin profiles) [optional for attendees]
- Presentations held by volunteers and members on Steganography, Cryptography, Infosec, Security, DevOps
- Introductory lecture on the core subject for the Capture the Flag event
- Capture The Flag
- Installfest
The Capture The Flag is geared towards beginner/intermediate participants. But advance participants are welcome and attendees with higher levels of skill would be invited to the more challenging events.
Doing the installfest one will have a chance to bring their laptop and have get some help with setting up the following:
- Keysigning
- Docker/VMWare/Virtualbox
- Tails and Kali Linux
- Adding security tools to your Linux host
- Virtual machine swaps (bring external hard drives)
- Building your own hacklab
- Getting published in 2600, BinRev, and/or Phrack.
CTF Curriculum
Reverse Engineering – The point of reverse engineering is collecting new information and understanding of a technology through disassembling it to its base parts. At the beginning, to RE it was only used on hardware, but currently, it has evolved into being applicable in software, databases and even DNA analysis.
PWN (Binary) – The objective of PWN challenges is for the player to acquire access to a target system without the system administrator’s permission. The targets can be personal computers, servers, websites, networking devices or applications.
Web – Web challenges include a wide range of things but the essence is analyzing a website to gain information. You can analyze the web site’s source code, the hierarchy of the directories and all the functioning ports.
Crypto – Cryptographic challenges are mostly defined by giving the players a sample of encrypted information. The player has to decrypt it in order to acquire a flag or a clue to the next step of the competition.
Stegano – Steganography is the art of hiding a secret string of text, image, video or audio file in a different file of the same like. Stegano challenges usually consist of an image that contains nothing interesting at first sight. The image factually contains the flag of the challenge, but to acquire it the player has to run the image through filters and algorithms. There have even been steganographic challenges that feature a 3D model the player has to add a light source over to be able to see the flag.