Hashdump Security

Digital Forensics Demo

6:30 PM on November 17th, 2020

Hashdump President Pierce Smith will be demonstrating methods for recovering deleted data from disk images

Kubernetes and Docker Security presentation

6:30 PM on November 12th, 2020

Hashdump Treasurer Enzo Barret will be giving a presentation on Google's Kubernetes software and Docker security

notes

Kubernetes and Docker Security presentation

This meeting took place on 2020/11/12


Enzo gave us a crash course on Kubernetes and Dockers. We started with the basics, building our way up from single docker images into clusters. Through live demonstrations, we learned what a docker image really is and how it works. After understanding the fundamentals, we went into some of the processes involved in securing dockers, as well as some applications that will streamline the security process. These applications are used by large companies, so it was very applicable to real situations.

Wireshark Pumpkin Challenge

6:30 PM on November 5th, 2020

For this meeting we will be using Wireshark to find pumpkins hidden within a pcap file

Phishing Trip

6:30 PM on October 29th, 2020

Hashdump Secretary Jack will be giving a presentation on social engineering attacks with a focus on phishing, followed by an activity where we will try to phish other members.

notes
image

Phishing Trip

This meeting took place on 2020/10/29


This week we talked about social engineering! In this meeting we went over the basic principles of social engineering, as well as the 10 most common examples of social engineering attacks. We focused on phishing attacks, and after learning about what they are we constructed our own phishing e-mails and sent them out to the other members of the club. This allowed us to get in the mind of these attackers, and learn what to look out for when we receive suspicious e-mails

Image attribution


AntanO, CC BY-SA 4.0 , via Wikimedia Commons

Cicada 3301 Documentary

6:30 PM on October 22nd, 2020

We will be watching the Youtube channel Great Big Story's documentary on the organization 3301's Cicada challenge.

Cybersec Awareness Month: "Pass the Hash" presentation.

6:30 PM on October 15th, 2020

We will be giving a presentation for Cybersecurity Awareness Month titled, "Pass the Hash: A Discerning Guide to How (and How Not) to Use Passwords" over Zoom

Zoom Link
notes

Cybersec Awareness Month: "Pass the Hash" presentation.

This meeting took place on 2020/10/15


Hashdump president Pierce went into detail about password security. In this presentation, we covered a few sub topics of password security. We covered how websites stores passwords using techniques like hashing and salting, we talked about good and bad password habits and why those specific habits make a good or a bad password. We talked about the most effective passwords, and how using a password manager to balance convenience and security can save your information. Finally, we touched on the significance of multi factor authentication.

IBM Cybersecurity Ops: Terminal

6:30 PM on October 8th, 2020

Hashdump System Admin Britta will be running through IBM's cyber breach simulation game, Cybersecurity Ops: Terminal

notes
image

IBM Cybersecurity Ops: Terminal

This meeting took place on 2020/10/08


Britta showcased a simulation created by IBM to understand the processes that happen once a cybersecurity breach has occurred. The simulation is a gamified version of a simulation used to train IBM employees how to react to certain situations if they were to happen on the job. If you’d like to check it out yourself, visit https://www.ibm.com/security/digital-assets/cybersecurity-ops/terminal/. We also briefly talked about the Rocky Mountain Collegiate College Competition (RMCCDC). If you are interested in participating, reach out to the club for more information! Message @Jacc

Image attribution


Viscovery, IBM, Amazon / Public domain

Malware Demonstration

6:30 PM on October 1st, 2020

Hashdump President Pierce Smith will be running a demonstration of how varieties of malware affect computers.

notes
image

Malware Demonstration

This meeting took place on 2020/10/01


Pierce showcased a variety of malware, and its effects on computers. We mostly looked at older malware since the effects are a little easier to see. We went over some network worms (Klez, Nimda, Sality, Swen) that disguise themself and spread over e-mail or a networks shared files, and some ransomware (Petya and WannaCry) that encrypts your entire computer! All you needed to get your files back was a measly $300 in bitcoin. The meeting was educational and it was quite entertaining to see malware in action. See you next week!

Image attribution


EFF-Graphics / CC BY 3.0 US (https://creativecommons.org/licenses/by/3.0/us/deed.en)

Deepfakes and Officer Elections

6:30 PM on September 17th, 2020

Join us for a discussion about deepfakes - what they are, their ethical implications, and how we can use technology to both create and possibly detect them. Later in the meeting, we will be holding officer elections, so if you'd like to help take the reins of the club and steer its future, please apply! (More detailed information on this soon)

image

Image attribution


Neural net filters image by Cecbur / CC BY-SA (https://creativecommons.org/licenses/by-sa/4.0)

Setting up Virtual Machines

6:30 PM on September 10th, 2020

Virtual machines are common and useful tools in all areas of comptuer science - but especially cybersecurity, since they aid greatly in everything from analysis to research to experimentation. At this meeting we will walk through how to set up your very own security-focused virutal machine, running either Kali or Parrot Linux (whic you may even use in future meetings!) Be sure to follow the links below to download the setup files for Parrot or Kali Linux before the meeting.

Parrot ISO Direct Download
Kali ISO Direct Download

Welcome back!

6:30 PM on September 3rd, 2020

Hashdump is back! Join us for a quick re-introductory meeting, where we briefly discuss the club and go over a few simple hack the box challenges... as well as try some ourselves!

Select Kail Tools Demo

6:30 PM on April 14th, 2020

Kali Linux is loved by pentesters, CTF participants, and general security enthusiasts alike for its diverse and powerful range of tools. But there are so many of them! What are they for? How can we use them? Will any of them help me make the perfect mac-n-cheese? We will attempt to answer at least two of those questions in this meeting! Come on by our Discord server to participate.

Vitamin G CTF Recap

6:30 PM on April 7th, 2020

Hashdump Officers Addie and Griffin will be demonstrating some CTF puzzles they recently tackled with Vitamin G. Come join us on our shiny new Discord server for the presentation. Hope to see you there!

Merlin Malware Demo

6:30 PM on March 31st, 2020

For our glorius return to meetings, Hashdump Officer Casey will be introducing us to an exciting new family of malware that takes advantage of exploits in the HTTP/2 protocol. Remember not to show up to the CSB! Join us on Slack instead to hang out with us and see his video presentation at a CDC-approved distance.

Kryptsec Guest Presenation

6:30 PM on March 10th, 2020

In this meeting, fellow CSU cybersecurity enthusiasts Kryptsec will be stopping by to give a guest presentation! This one will be all about wireshark; how to use it effectively and all of the wonderful/terrifying things it is capable of. Drop by and learn how to hone your digital forensic skills!

Heavy Vehicle Security

6:30 PM on March 3rd, 2020

Do you feel safe driving down the road in your sixteen-wheeler semi? Well you shouldn't! CSU's own Dr. Jeremy Daily will by stopping by the Hashdump meeting room to introduce the physical and cyber aspects of securing heavy vehicles from theft and vandalism. Never again will your dense slab not be on lockdown. Pizza will be provided!

image

Image attribution


Image by Ildar Sagdejev (Specious) / CC BY-SA (license) (image)

The Vitamin G CTF Team

6:30 PM on February 25th, 2020

Want to get involved with Capture the Flag? Vitamin G, a CTF team here at CSU, will be dropping by to give a presentation on what CTFs are and some simple-to-difficult puzzles they've faced in actual CTFs - as well as extending their memebership to those who'd like to join in the quest to defeat these cybersecurity challenges.

Presentation Slides

General Internet Security Tips

6:30 PM on February 18th, 2020

The best way to achieve security online is to unplug your computer from the Internet. But what if you don't want to do that? Hashdump Officer Gus will be showing us some generally-applicable tips to stay safe while surfing the net without needing to toss your laptop and/or desktop machine into a dumpster fire.

Damn Vulnerable Web App Redemption

6:30 PM on February 11th, 2020

Ever wanted your own vulnerable web server to practice techniques like SQL injection and XSS? No? Too bad! Hashdump Officer Griffin will be showing us how to set up this intentionally poorly-designed web application and walking us through some simple exploits you can use to pwn it. For real this time, we promise.

Gone Phishing

6:30 PM on February 4th, 2020

Phishing is one of the most common and notorious examples of social engineering. In this presentation, Hashdump Officers Addie and Pierce will be showing off the techniques, both sophisticated and crude, that these cyber-anglers use to reel in their targets. Was that password reset email really from your bank? Are you really on the Hashdump website right now?

image

Image attribution


Image was edited together from Douthat Fishing by vastateparksstaff [CC BY (https://creativecommons.org/licenses/by/2.0)] (link) and Example of Domain Slamming phishing email by Noloader [CC BY-SA (https://creativecommons.org/licenses/by-sa/3.0)] (link)

Welcome to Hashdump (Spring Edition)

6:30 PM on January 28th, 2020

We're back! Join us for a quick officer re-introduction and another go at Google's wonderful Beginner's Quest CTF. Don't forget your computer (hacking is difficult on a phone)!

Google CTF

2019 End of Year Party!

6:30 PM on December 10th, 2019

It's the end of the year, so you know what that means - cyber party! Eat pizza, play SNES games, and just generally do nothing important for the next hour or so.

RFID Scanner Workshop

6:30 PM on December 3rd, 2019

RFID is everywhere, from your credit cards to your passports and even your pets. This meeting will show firsthand what security concerns our use of RFID creates, and whether or not you want to gather all of your RFID-enabled items and throw them into Mount Doom (spoiler: you probably don't).

Raspberry Pi RFID Reader Tutorial
Presentation Slides
image

Image attribution


Image © Raimond Spekking / CC BY-SA 4.0 (via Wikimedia Commons) (link)

Password Security Talk

6:30 PM on November 19th, 2019

Enjoy complimentary pizza while you listen to our Jordan Peterson rant about passwords, from best practices for users to the cracking tehcniques you can use to break them!

Presentation Slides

USB Rubber Ducky Demo

6:30 PM on November 12th, 2019

Be careful! This innocuous flash-drive-looking thing is actually a keystroke injection tool that can do a whole number of malicious things to any unsuspecting machine. How does it work? What can you use it for? Does it even work? We'll find out together in this workshop.

Hackernoon Instructions
Linux Video Tutorial
Linux Troubleshooting Info
Micronucleus Bootloader Upgrade
image

Image attribution


Image by gaetanlee [CC BY 2.0 (https://creativecommons.org/licenses/by/2.0)] (link)

Quantum Computing

6:30 PM on November 5th, 2019

The fantastic Dr. Gersch will be enlightening us all on the wonders and dangers of a fast-approaching technological breakthrough - quantum computing. Learn about what it is and how it threatens to change our perception of cybersecurity while you enjoy some complimentary free pizza!

Presentation Slides
notes
image

Quantum Computing

This meeting took place on 2019/11/05


Dr. Gersch gave a very informative presentation this week on quantum computing. Quantum physics, superposition, qbits, encryption algorithms and more were presented in an easy to follow exploration of the topics and what they mean in relation to cybersecurity. We were lucky enough to have him provide a copy of his slide deck for us. Be sure to check out the links he left on slide 18 for further information!

Image attribution


Photograph of the D-Wave TwoX 1000 Qbit quantum annealing processor chip. Mwjohnson0 [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)] (link)

Playing with Kali Linux

6:30 PM on October 22nd, 2019

Kali Linux is a household name in the world of cybersecurity, and for good reason. Bring your laptops and you'll have a chance to try this ethical hacking and pentesting-focused Linux distro on your own computer via a Live USB provided by us! Or at least bring an appetite for free pizza, since we've got that too!

Instructions
notes

Playing with Kali Linux

This meeting took place on 2019/10/22


Not only was the pizza delicious but the free flash drives were the icing on the cake! Jared gave us a demonstration on creating a bootable flash drive with the Kali Linux OS on it. Not only that, he showed us how to create a persistent encrypted partition on the flash drive. This enabled us to save files privately in a way that they are always accessible when Kali is booted up. Great meeting, hope to see you all at the next one!

Hack the Box!

6:30 PM on October 15th, 2019

Think you can Hack this Box? Hashdump Officer Addie will be letting us loose on a series of a pentesting challenges hosted by Hack the Box, which will test your skills and expand your cyber-defense knowledge. Bring your favorite laptop and/or computer-equipped buddy!

HTB Landing Page

Hashdump Game Night

6:30 PM on October 8th, 2019

Join us for an hour of hacker-themed board games, classic Nintendo emulators, and stuffing free pizza into your face! Batteries not included.

notes
image

Hashdump Game Night

This meeting took place on 2019/10/08


Our first ever game night was a great success! After scarfing the pizza down we had fun playing classic video game emulators and hacking themed board and card games. Over the sounds of an intense game of Street Fighter 2 on Super Nintendo one could hear the wheelings and dealings in the distant land of Catan. I'll trade you two wheat for a sheep!

Image attribution


Image was edited from original by Tobias Grothmann - Generalprobe No Input Ensemble & 2xC, CC BY 2.5, https://commons.wikimedia.org/w/index.php?curid=36644104

Return of the Wireshark Demo

6:30 PM on October 1st, 2019

Hashdump Officer Addie will be demonstrating some uses of Wireshark, a very powerful, widely-used network analysis tool. Be sure to bring a computer, as you'll have the opportunity to experiment with this software firsthand!

notes

Return of the Wireshark Demo

This meeting took place on 2019/10/01


Addie hosted a great meeting this week! It turns out that even those who did not have wireshark installed on their machines were able to follow along with her halloween themed packet capture demonstration with Cloudshark. There was spooky jack-o-lantern ASCII art and clips from the Charlie Brown Halloween special to be found, among other things. Not only was this meeting educational, it got everyone ready for the upcoming season!

Damn Vulnerable Web App Demonstration

6:30 PM on September 24th, 2019

Hashdump Officer Griffin will be intoducing us to and letting us play with the Damn Vulnerable Web App, an intentionally vulnerable PHP/MySQL web application made for safe penetration testing! We'll have pizza for you to enjoy as you test and grow your (ethical) hacker skills.

A Brief Introduction to Hiding Things

6:30 PM on September 17th, 2019

Hashdump Officer Pierce will be giving a short presentation on some basics of encryption, cryptography, and steganography. There will be activities, so be sure to bring a laptop!

Online AES encryptor/decryptor
Online RC4 encryptor/decryptor
LSB Steganography Slide
Nostradamus MD5 Attack
notes

A Brief Introduction to Hiding Things

This meeting took place on 2019/09/17


Caesar and substitution and block oh my! This meeting started in Kansas with some basic ciphers and the next thing we knew, Pierce the tornado had transported us to munchkin-land. There were advanced encryption standards, RC4 streams, secret steganography images and more. By the end of the meeting we were clicking our ruby MD5 hashes together getting ready to go home. Ugh, are you tired of this pun yet? In short, it was a great meeting headed up with a stellar presentation by Pierce Smith. Come check out our next meeting, it will be better than our tired puns we promise!

Cicada 3301 Documentary

6:30 PM on September 10th, 2019

Join us to learn about one of the Internet's greatest unsolved mysteries, Cicada 3301. Pizza will be provided!

notes

Cicada 3301 Documentary

This meeting took place on 2019/09/10


Another great meeting this week! We started by discussing a variety of security events in the news. Pizza was then provided and we enjoyed watching the first two parts (of four) of the Cicada 3301 documentary on YouTube, which talked about what Cicada 3301 is, the context behind it, the people involved in it, and some of the puzzles it contains.

Introduction and Capture the Flag

6:30 PM on September 3rd, 2019

Join us for the first Hashdump meeting of the semester! We'll kick things off with short officer introductions, and then play a game of Google's Beginner Quest CTF to give you a taste of what the club is all about. Bring a computer (or a friend with one!), and take note of the links below so you can follow along during the meeting.

Google CTF
Wireshark Download
String Encoder/Decoder
notes

Introduction and Capture the Flag

This meeting took place on 2019/09/03


What a great first meeting! We started off by introducing our new officers for the 19-20 academic year. There was also a brief discussion about future meeting topics. We then enjoyed a presentation by our own Jared Crouse who walked us through the Google Beginners Quest CTF. He showed how to use some simple techniques to work through the first two quests.

End Of The Year Party

6:30 PM on May 7th, 2019

Join us for our end of the year party! We'll have food, fun, and jeopardy.

Google CTF - Beginners Quest

6:30 PM on April 30th, 2019

Join us as we walk through the Google Beginners Quest CTF. We will also be watching some Def Con talks and having officer elections.

Google CTF
GynvaelEN Livestream

Rubber Ducky Workshop

6:30 PM on April 23rd, 2019

Join us for our second workshop where we will be programming Rubber Duckies that you get to take home with you.

Hackernoon Instructions

Secure 64

6:30 PM on April 16th, 2019

Vice president of Engineering at Secure 64, Amanda Constant, will be giving a talk about how Secure64 protects its clients.

New Security Classes?

6:30 PM on April 9th, 2019

CSU is pushing cyber. Come listen to Jarret Flack talk about some of the security classes currently offered and some of the opportunities coming in the near future.

Website Security

6:30 PM on April 2nd, 2019

Hashdump Officer Sus will be showing us how to secure a website.

Presidents Challenge

6:30 PM on March 26th, 2019

Did you know you can hide data in pictures? Hashdump Officer Addie will be leading us through a steganography challenge.

Instructions

Kali Live USB Workshop

6:30 PM on March 12th, 2019

Join us for our first workshop! We will be building Kali Live USBs so that you can carry all of the security tools you need on your keychain.

Instructions

Wireshark Demo

6:30 PM on March 5th, 2019

Hashdump Officer Addie will be giving a presentation on Wireshark. We will be meeting in the fish lab. CSB 325

SQL Injection/Buffer Overflow Demo

6:30 PM on Febuary 26th, 2019

Hashdump Officer Bruce will be giving a presentation on SQL injections and buffer overflows. Bring your laptops!

Third RMCCDC Meeting

6:30 PM on Febuary 19th, 2019

Day three of the RMCCDC practice. The Red and Blue team get to put what they learned into action.

RMCCDC

Introduction to Network Forensics

6:30 PM on Febuary 12th, 2019

  • Jordan presents on Network Forensics, a.k.a. the digital conversations between machines
  • Want to know when did it happen, where did it come from, the scope of the attack and how it happened
  • Used Wireshark to view collected packets and filter through them to see the communications we care about
  • Went to http://forensicscontest.com and completed Puzzle #1 Ann’s Bad Aim
  • Used https://hexed.it to look at the bytes of raw data from Wireshark
  • Google Chrome offers an extension to see if email and password combinations are secure
    70% of all Microsoft security bugs are from memory issues due to coding in C and C++
    VFEmail mail infrastructure was completely destroyed
    Chinese company Tencent buys Reddit stock

    Second RMCCDC Meeting

    6:30 PM on Febuary 5th, 2019

  • Day two of the RMCCDC practice
  • The Blue and Red team went to different class rooms and tried out their skills
  • Red team hacked into the images while blue team protected them
  • After the competition, Noah Cain went through a debrief and explained what the red and blue teams did successfully
  • Breach of Credentials
    Have I Been Pwned

    First RMCCDC Meeting

    6:30 PM on January 29th, 2019

  • Start of RMCCDC Practice
  • Stephen Hayne introduced the exercise and what images the red and blue team will be working on
  • Hayne also discussed several things each team will have to Harden/look into vulnerabilities about like SQL and ASP
  • After his introduction, the club split into teams and each team worked out logistics
  • Professor Joe Gersch brought up a interesting opportunity about the electrical and gas generators that have consoles that Hash Dump might be able to try to hack into. Will get more information at a later meeting
  • RMCCDC
    Apple FaceTime Listening Bug
    US accuses China of infiltrating tech
    Greg Myre visits CSU

    Cyber Feud/Costume Party

    6:30 PM on October 30th, 2018

    We asked a fair amount of students… name a better way to spend Halloween Eve than playing Cyber Feud! Teams will compete to find out how fellow CSU students answered questions about cybersecurity. There will also be a cybersecurity costume contest – low effort is encouraged!

    VM Exploitation

    6:30 PM on October 23rd, 2018

    Noah Cain will be giving a demonstration on how to exploit and gain root access to a virtual machine!

    More Than Lockpicking

    6:30 PM on October 16th, 2018

    Here comes the ever popular lock picking session, but this time we will get into lock impressioning and general key cutting with Ben Say. (Bring tubular lock picks you have any)

    VM/Container Security

    6:30 PM on October 9th, 2018

    Hashdump officer Adam Smith will be giving a presentation on the exploits, security best practices, and pros/cons of virtual machines and containers.