Hashdump will meet once more as the semester draws to a close.
We'll play the Krypton wargame from OverTheWire, which will task us with decrypting various ciphers to solve a series of challenges. Additionally, guest speaker Evan Anspach will give a short presentation on the Department of Defense Cyber Service Academy scholarship.
OverTheWire: KryptonGuest speaker Griffin Opp is a security engineer at Workiva and is responsible for conducting their technical interviews and reviewing resumes this year. He will be going over the interview process and do some resume workshopping! He is also planning to bring in some DEF CON stickers for those who are interested!
Caleb will highlight some of the purposes of VPNs, why we use them, what they are good for, and what they aren't good for. Additionally, they'll take a look at some commercial VPN providers and where their claims fall short.
PresentationEli will give a presentation on the XZ Utils backdoor, which was discovered in multiple Linux distributions this March and allowed remote attackers to control servers running OpenSSH.
Join Hashdump as we play the Bandit wargame by OverTheWire. We'll practice command-line skills in Linux and work to obtain hidden passwords from a remote server.
BanditCaleb will discuss the core mechanisms of two-factor authentication, such as HOTP, TOTP, and FIDO (WebAuthn). In addition, they'll share some of its shortcomings and how it can be improved.
PresentationHashdump returns for our first meeting of the school year! Everett will discuss common exploits affecting large language models (LLMs) like ChatGPT and Bing Chat. Afterward, we will try to extract hidden information from an LLM in the online Gandalf activity.
PresentationOur glorious emperor Dr. Gersch will be giving a talk. About what? No one knows! Show up and find out!
This week we'll take a break and have a game night! Feel free to bring any games you want to play.
Enzo will demonstrate how to reconstruct phone calls from captured packets in Wireshark.
Guest speaker Jeff Dean will return to a presentation on how to become a software engineer!
For this meeting, we will revisit the Bandit wargames from the first meeting and practice some more ssh-based attacking!
For this meeting Eric will demonstrate rubber duckies!
This week we'll take a break and have a game night! Feel free to bring any games you want to play.
We will have a presentation on the basics of quantum computing and Shor's Algorithm.
For this meeting Enzo will lead us through coding the attiny85 microchip to execute malicious code.
For this meeting, we will be playing the Bandit wargame. Woohoo!
The one and only slightly terrifying Dr. Gersch will be presenting on the security benefits of using the Rust programming language.
We will use tools like nmap and dirbuster to scan for vulnerabilities in a server, in the process extracting information about a hidden file.
For this meeting we'll watch a compilation of NetworkChuck videos focusing on the dark web ... as it is illegal to run that meeting ourselves.
For this meeting we'll have a guest speaker tell us all about pentesting, with tips for how to get into the industry!
Enzo will present on fun, useful, and occasionally quite strange Linux commands!
For this meeting we'll have a guest speaker presenting on malware analysis!
Take a break from studying with a game night and pizza!
Building on the previous meeting, we will present an interactive phishing activity where we try to phish one another.
Revered treasurer Eric Martin will give a presentation about phishing strategies!
Welcome back to a new year! For our first meeting we'll do a general introduction to the club and play around with a CTF.
Become a officer in Hashdump! Come participate in our officer elections! We will conclude with a guest presentation from well known cyber security specialist Sangameswaran Iyer Manikkayam.
Workforce and Early Career Workshop ... you're gonna learn how to career!! Hope to see you there!
We will have a wonderful time watching a documentary about Bill Gates doing stuff, including mowing his lawn in a threatening manner! - Chloe Hesskamp
Dr. Gersch and Dr. Haefner will give a presentation on how to use ChatGPT to target victims and speed up your hacking.
In this presentation, Vice President Chloe Hesskamp gave a talk on Post Quantum Cryptography, which is the super interesting math behind cryptography algorithms and how they are affected by quantum computing.
Join us in this joint meeting with ACM and ACM-W for a panel of professors answering CS-type questions - all while eating increasingly hotter wings.
Guest speaker Chris Ellis from Raytheon gives a talk about networking, protocol reversing, and Wireshark!
In this meeting our great friends at Women in Cyber Security take professional headshots. All are welcome!
Treasurer Eric Martin demos the 'Rubby Ducky', a USB stick that acts like a keyboard.
Hashdump officer Britta will be introducing CTFs, or Capture the Flag Challenges!
Welcome to the Spring semester! We will be hosting a game night in CSB 130!
We will be exploring the math behind cryptography and cybersecurity with Hashdump vice president Chloe.
Dr. Gersch will be giving a presentation about Blockchain, don't miss it!
Join us for Hashdump game night to play a variety of board, card, and other weird games!
A representative from Ratheon will be holding a presentation behind the security and defense of their technology and instrastructure.
HP will be giving a presentation and holding a panel for all things general technology and security focused topics!
Multi factor authentication is becomming more commonplace for online accounts and has been established internally at almost every company that prioritizes security. How does it work and how can it be effectively implemented?
Plante Moran is an auditing, tax, and business management firm, and their security professionals are here to show how they keep that all secure!
We will be exploring several examples of tamper evident devices and their use in and out of cybersecurity.
PricewaterhouseCoopers, or PwC is the second largest provider of professional services in the world! They manage and provide services such as auditing, accounting and human resources for various industries such as insurance or aerospace. Join us for their presentation of how they manage all of this from a cybersecurity standpoint!
This week Hashdump president Enzo Barrett will be showing useful Unix commands, a subject not usually taught in school but defintely useful!
Join us for Hashdump's first meeting of the 2022 Fall semester! We will discuss what activities you can look forward to in the coming weeks as well as demoing CTF challenges!
See you next week for a game night and officer elections!
This week we will be doing a brief introduction of officer duties in preparation for the coming election followed by a talk on hacking ATMS. There will be free pizza!.
This week Jack will be doing a live malware demo! Whether the malware will escape and take over the entire university remains to be seen.
This week we will be discussing some of the math involved in common cryptography, including some quantum-resistant algorithms!
Hashdump is joining with ACM-W to interview professors while they attempt to eat progessively hotter wings! There will be free pizza and drinks provided.
The fantastic Dr. Gersch will be giving a presentation on the basics of quantum computing.
We will be engaging in a standard Hashdump midterm game night. There will be free pizza!
For this meeting, we'll be doing an online CTF competition! After going through several challenges together, we will split into teams to compete for a very high-quality and not-cheap prize.
Over the Wire: NatasWe will be watching a documentary about Cicada 3301, an alleged organization that published 3 cybersecurity puzzles several years ago. There will be free pizza / soda!
Hashdump president Jack will be going over several features of Kali Linux, including the (usually legal) nmap, metasploit, and hydra tools.
Welcome back! For our first meeting of the new semester, we'll do a brief club introduction before trying out some simple CTF challenges.
For our last meeting of the semester, we will be having a pizza / game night!
Guest speaker Jeff Dean will be returning to give a workshop on Kubernetes!
The one and only Dr. Gersch will be giving a presentation on using DNS to write secure code.
The regular Hashdump meeting has been cancelled for this week to allow for the CyberForce competition team to prepare.
Hashdump Officer Enzo will be running a demo on how to secure Linux servers! There will be DigitalOcean Debian servers set up for attendees to secure.
In an effort to promote everyone surviving their midterms, we will be hosting a pizza / game night!
Guest speaker Jeff Dean from Upslope.io will be joining us to talk about adding security to your CI/CD pipeline, kubernetes hardening, and other OWASP development security concerns.
As a special presentation for Cybersecurity Awareness Month, Hashdump President Jack will be giving a presentation on social engineering! There will be pizza and a competition to (ethically) phish other participants.
For this meeting, we will make accounts for TryHackMe and run through several of their challenges!
Hashdump Officer Enzo will give a presentation on virtual machines and lead attendees in downloading / using their own.
Virtual BoxFor this meeting, we will assign participants roles in a fictional company and play out various responses to 6 different cyberthreats.
For this meeting, we will watch a DEF CON video on tamper evident devices!
For our first meeting this semester, we will discuss what the club will look like this year and demonstrate a few CTF challenges!
For this meeting, we will be playing Family Feud, featuring topics surrounding cybersecurity.
For this meeting, we will be playing the Natas Wargame, from the same creators as SSH Bandit, this wargame focuses on serverside web-security.
Over the Wire: Natas The National Archives (UK), CC BY 3.0
For this meeting, we will be playing Jeopardy and Scribbl.io, featuring topics surrounding cybersecurity.
For this meeting, We will be playing the 24/7 CTF.
Virtual BoxFor this meeting, Hashdump Secretary Jack Soveriegn will be giving a presentation on AI in the context of cybersecurity.
mikemacmarketing, CC BY 2.0
For this meeting, Hashdump President Pierce Smith will be demonstrating exploits against the Damn Vulnerable Web Application (DVWA)
Welcome back! For this meeting we will go through introductory slides, followed by a DEF CON talk on airplane/drone cybersecurity.
For this meeting we will have a guest speaker from GitHub, Software Engineer Robert Reichel, talking about Threat Modeling.
As the semester winds down so will we, for this meeting we will simply be playing Jackbox party games
Hashdump President Pierce Smith will be demonstrating methods for recovering deleted data from disk images
Hashdump Treasurer Enzo Barret will be giving a presentation on Google's Kubernetes software and Docker security
This meeting took place on 2020/11/12
Enzo gave us a crash course on Kubernetes and Dockers. We started with the basics, building our way up from single docker images into clusters. Through live demonstrations, we learned what a docker image really is and how it works. After understanding the fundamentals, we went into some of the processes involved in securing dockers, as well as some applications that will streamline the security process. These applications are used by large companies, so it was very applicable to real situations.
For this meeting we will be using Wireshark to find pumpkins hidden within a pcap file
This meeting took place on 2020/10/29
This week we talked about social engineering! In this meeting we went over the basic principles of social engineering, as well as the 10 most common examples of social engineering attacks. We focused on phishing attacks, and after learning about what they are we constructed our own phishing e-mails and sent them out to the other members of the club. This allowed us to get in the mind of these attackers, and learn what to look out for when we receive suspicious e-mails
AntanO, CC BY-SA 4.0
We will be watching the Youtube channel Great Big Story's documentary on the organization 3301's Cicada challenge.
This meeting took place on 2020/10/15
Hashdump president Pierce went into detail about password security. In this presentation, we covered a few sub topics of password security. We covered how websites stores passwords using techniques like hashing and salting, we talked about good and bad password habits and why those specific habits make a good or a bad password. We talked about the most effective passwords, and how using a password manager to balance convenience and security can save your information. Finally, we touched on the significance of multi factor authentication.
This meeting took place on 2020/10/08
Britta showcased a simulation created by IBM to understand the processes that happen once a cybersecurity breach has occurred. The simulation is a gamified version of a simulation used to train IBM employees how to react to certain situations if they were to happen on the job. If you’d like to check it out yourself, visit https://www.ibm.com/security/digital-assets/cybersecurity-ops/terminal/. We also briefly talked about the Rocky Mountain Collegiate College Competition (RMCCDC). If you are interested in participating, reach out to the club for more information! Message @Jacc
Viscovery, IBM, Amazon / Public domain
This meeting took place on 2020/10/01
Pierce showcased a variety of malware, and its effects on computers. We mostly looked at older malware since the effects are a little easier to see. We went over some network worms (Klez, Nimda, Sality, Swen) that disguise themself and spread over e-mail or a networks shared files, and some ransomware (Petya and WannaCry) that encrypts your entire computer! All you needed to get your files back was a measly $300 in bitcoin. The meeting was educational and it was quite entertaining to see malware in action. See you next week!
EFF-Graphics / CC BY 3.0 US (https://creativecommons.org/licenses/by/3.0/us/deed.en)
Join us for a discussion about deepfakes - what they are, their ethical implications, and how we can use technology to both create and possibly detect them. Later in the meeting, we will be holding officer elections, so if you'd like to help take the reins of the club and steer its future, please apply! (More detailed information on this soon)
Neural net filters image by Cecbur / CC BY-SA (https://creativecommons.org/licenses/by-sa/4.0)
Virtual machines are common and useful tools in all areas of comptuer science - but especially cybersecurity, since they aid greatly in everything from analysis to research to experimentation. At this meeting we will walk through how to set up your very own security-focused virutal machine, running either Kali or Parrot Linux (whic you may even use in future meetings!) Be sure to follow the links below to download the setup files for Parrot or Kali Linux before the meeting.
Parrot ISO Direct DownloadHashdump is back! Join us for a quick re-introductory meeting, where we briefly discuss the club and go over a few simple hack the box challenges... as well as try some ourselves!
Kali Linux is loved by pentesters, CTF participants, and general security enthusiasts alike for its diverse and powerful range of tools. But there are so many of them! What are they for? How can we use them? Will any of them help me make the perfect mac-n-cheese? We will attempt to answer at least two of those questions in this meeting! Come on by our Discord server to participate.
Hashdump Officers Addie and Griffin will be demonstrating some CTF puzzles they recently tackled with Vitamin G. Come join us on our shiny new Discord server for the presentation. Hope to see you there!
For our glorius return to meetings, Hashdump Officer Casey will be introducing us to an exciting new family of malware that takes advantage of exploits in the HTTP/2 protocol. Remember not to show up to the CSB! Join us on Slack instead to hang out with us and see his video presentation at a CDC-approved distance.
In this meeting, fellow CSU cybersecurity enthusiasts Kryptsec will be stopping by to give a guest presentation! This one will be all about wireshark; how to use it effectively and all of the wonderful/terrifying things it is capable of. Drop by and learn how to hone your digital forensic skills!
Do you feel safe driving down the road in your sixteen-wheeler semi? Well you shouldn't! CSU's own Dr. Jeremy Daily will by stopping by the Hashdump meeting room to introduce the physical and cyber aspects of securing heavy vehicles from theft and vandalism. Never again will your dense slab not be on lockdown. Pizza will be provided!
Want to get involved with Capture the Flag? Vitamin G, a CTF team here at CSU, will be dropping by to give a presentation on what CTFs are and some simple-to-difficult puzzles they've faced in actual CTFs - as well as extending their memebership to those who'd like to join in the quest to defeat these cybersecurity challenges.
Presentation SlidesThe best way to achieve security online is to unplug your computer from the Internet. But what if you don't want to do that? Hashdump Officer Gus will be showing us some generally-applicable tips to stay safe while surfing the net without needing to toss your laptop and/or desktop machine into a dumpster fire.
Ever wanted your own vulnerable web server to practice techniques like SQL injection and XSS? No? Too bad! Hashdump Officer Griffin will be showing us how to set up this intentionally poorly-designed web application and walking us through some simple exploits you can use to pwn it. For real this time, we promise.
Phishing is one of the most common and notorious examples of social engineering. In this presentation, Hashdump Officers Addie and Pierce will be showing off the techniques, both sophisticated and crude, that these cyber-anglers use to reel in their targets. Was that password reset email really from your bank? Are you really on the Hashdump website right now?
Image was edited together from Douthat Fishing by vastateparksstaff [CC BY (https://creativecommons.org/licenses/by/2.0)] (link) and Example of Domain Slamming phishing email by Noloader [CC BY-SA (https://creativecommons.org/licenses/by-sa/3.0)] (link)
We're back! Join us for a quick officer re-introduction and another go at Google's wonderful Beginner's Quest CTF. Don't forget your computer (hacking is difficult on a phone)!
Google CTFIt's the end of the year, so you know what that means - cyber party! Eat pizza, play SNES games, and just generally do nothing important for the next hour or so.
RFID is everywhere, from your credit cards to your passports and even your pets. This meeting will show firsthand what security concerns our use of RFID creates, and whether or not you want to gather all of your RFID-enabled items and throw them into Mount Doom (spoiler: you probably don't).
Raspberry Pi RFID Reader TutorialImage © Raimond Spekking / CC BY-SA 4.0 (via Wikimedia Commons) (link)
Enjoy complimentary pizza while you listen to our Jordan Peterson rant about passwords, from best practices for users to the cracking tehcniques you can use to break them!
Presentation SlidesBe careful! This innocuous flash-drive-looking thing is actually a keystroke injection tool that can do a whole number of malicious things to any unsuspecting machine. How does it work? What can you use it for? Does it even work? We'll find out together in this workshop.
Hackernoon InstructionsImage by gaetanlee [CC BY 2.0 (https://creativecommons.org/licenses/by/2.0)] (link)
The fantastic Dr. Gersch will be enlightening us all on the wonders and dangers of a fast-approaching technological breakthrough - quantum computing. Learn about what it is and how it threatens to change our perception of cybersecurity while you enjoy some complimentary free pizza!
Presentation SlidesThis meeting took place on 2019/11/05
Dr. Gersch gave a very informative presentation this week on quantum computing. Quantum physics, superposition, qbits, encryption algorithms and more were presented in an easy to follow exploration of the topics and what they mean in relation to cybersecurity. We were lucky enough to have him provide a copy of his slide deck for us. Be sure to check out the links he left on slide 18 for further information!
Photograph of the D-Wave TwoX 1000 Qbit quantum annealing processor chip. Mwjohnson0 [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)] (link)
Kali Linux is a household name in the world of cybersecurity, and for good reason. Bring your laptops and you'll have a chance to try this ethical hacking and pentesting-focused Linux distro on your own computer via a Live USB provided by us! Or at least bring an appetite for free pizza, since we've got that too!
InstructionsThis meeting took place on 2019/10/22
Not only was the pizza delicious but the free flash drives were the icing on the cake! Jared gave us a demonstration on creating a bootable flash drive with the Kali Linux OS on it. Not only that, he showed us how to create a persistent encrypted partition on the flash drive. This enabled us to save files privately in a way that they are always accessible when Kali is booted up. Great meeting, hope to see you all at the next one!
Think you can Hack this Box? Hashdump Officer Addie will be letting us loose on a series of a pentesting challenges hosted by Hack the Box, which will test your skills and expand your cyber-defense knowledge. Bring your favorite laptop and/or computer-equipped buddy!
HTB Landing PageThis meeting took place on 2019/10/08
Our first ever game night was a great success! After scarfing the pizza down we had fun playing classic video game emulators and hacking themed board and card games. Over the sounds of an intense game of Street Fighter 2 on Super Nintendo one could hear the wheelings and dealings in the distant land of Catan. I'll trade you two wheat for a sheep!
Image was edited from original by Tobias Grothmann - Generalprobe No Input Ensemble & 2xC, CC BY 2.5, https://commons.wikimedia.org/w/index.php?curid=36644104
Hashdump Officer Addie will be demonstrating some uses of Wireshark, a very powerful, widely-used network analysis tool. Be sure to bring a computer, as you'll have the opportunity to experiment with this software firsthand!
This meeting took place on 2019/10/01
Addie hosted a great meeting this week! It turns out that even those who did not have wireshark installed on their machines were able to follow along with her halloween themed packet capture demonstration with Cloudshark. There was spooky jack-o-lantern ASCII art and clips from the Charlie Brown Halloween special to be found, among other things. Not only was this meeting educational, it got everyone ready for the upcoming season!
Hashdump Officer Griffin will be intoducing us to and letting us play with the Damn Vulnerable Web App, an intentionally vulnerable PHP/MySQL web application made for safe penetration testing! We'll have pizza for you to enjoy as you test and grow your (ethical) hacker skills.
Hashdump Officer Pierce will be giving a short presentation on some basics of encryption, cryptography, and steganography. There will be activities, so be sure to bring a laptop!
Online AES encryptor/decryptorThis meeting took place on 2019/09/17
Caesar and substitution and block oh my! This meeting started in Kansas with some basic ciphers and the next thing we knew, Pierce the tornado had transported us to munchkin-land. There were advanced encryption standards, RC4 streams, secret steganography images and more. By the end of the meeting we were clicking our ruby MD5 hashes together getting ready to go home. Ugh, are you tired of this pun yet? In short, it was a great meeting headed up with a stellar presentation by Pierce Smith. Come check out our next meeting, it will be better than our tired puns we promise!
Join us to learn about one of the Internet's greatest unsolved mysteries, Cicada 3301. Pizza will be provided!
This meeting took place on 2019/09/10
Another great meeting this week! We started by discussing a variety of security events in the news. Pizza was then provided and we enjoyed watching the first two parts (of four) of the Cicada 3301 documentary on YouTube, which talked about what Cicada 3301 is, the context behind it, the people involved in it, and some of the puzzles it contains.
Join us for the first Hashdump meeting of the semester! We'll kick things off with short officer introductions, and then play a game of Google's Beginner Quest CTF to give you a taste of what the club is all about. Bring a computer (or a friend with one!), and take note of the links below so you can follow along during the meeting.
Google CTFThis meeting took place on 2019/09/03
What a great first meeting! We started off by introducing our new officers for the 19-20 academic year. There was also a brief discussion about future meeting topics. We then enjoyed a presentation by our own Jared Crouse who walked us through the Google Beginners Quest CTF. He showed how to use some simple techniques to work through the first two quests.
Join us for our end of the year party! We'll have food, fun, and jeopardy.
Join us as we walk through the Google Beginners Quest CTF. We will also be watching some Def Con talks and having officer elections.
Google CTFJoin us for our second workshop where we will be programming Rubber Duckies that you get to take home with you.
Hackernoon InstructionsVice president of Engineering at Secure 64, Amanda Constant, will be giving a talk about how Secure64 protects its clients.
CSU is pushing cyber. Come listen to Jarret Flack talk about some of the security classes currently offered and some of the opportunities coming in the near future.
Hashdump Officer Sus will be showing us how to secure a website.
Did you know you can hide data in pictures? Hashdump Officer Addie will be leading us through a steganography challenge.
InstructionsJoin us for our first workshop! We will be building Kali Live USBs so that you can carry all of the security tools you need on your keychain.
InstructionsHashdump Officer Addie will be giving a presentation on Wireshark. We will be meeting in the fish lab. CSB 325
Hashdump Officer Bruce will be giving a presentation on SQL injections and buffer overflows. Bring your laptops!
Day three of the RMCCDC practice. The Red and Blue team get to put what they learned into action.
RMCCDCWe asked a fair amount of students… name a better way to spend Halloween Eve than playing Cyber Feud! Teams will compete to find out how fellow CSU students answered questions about cybersecurity. There will also be a cybersecurity costume contest – low effort is encouraged!
Noah Cain will be giving a demonstration on how to exploit and gain root access to a virtual machine!
Here comes the ever popular lock picking session, but this time we will get into lock impressioning and general key cutting with Ben Say. (Bring tubular lock picks you have any)
Hashdump officer Adam Smith will be giving a presentation on the exploits, security best practices, and pros/cons of virtual machines and containers.
.jpg){kind=link}
