Grey Hat Group

Update

The people responsible for posting updates have been sacked.

The people responsible for the sackings have been sacked.

Moving forward, new leadership and more consistent updates are to be expected.

Meeting Summary for 4/13/15:

On 4/13/15, we just covered some basic stuff on linux.

On a side note, officer elections are next Monday, April 20th! So if you wish to be an officer make sure you show up!

The positions open are:

  • President (Leads mtgs, most leadership responsibilities)
  • Vice President (Leads mtgs when the president isn’t around, other leadership things)
  • Chief Technical Officer (Runs servers and technical stuff)
  • Industry Liason (Finds cool people to talk about cool things)
  • Secretary (Keeps track of mtg minutes and updates website)

Meeting-summary

So this week we got to actually write out some basic buffer overfows! Fun!

Next week’s plan is to look into wireless sniffing via wireshark.

Meeting Summary: First Meeting of the Quarter

This past monday (3/30/15) we all sat and discussed what topics we wanted to cover this quarter.

The current topics we plan to cover will go as follows (kinda):

* Stack Basics in Prep for Buffer Overflows
* Buffer Overflows
* ARP Poisoning and DNS Spoofing
* "Wifi" 
* Reversing (2-3 Weeks)
* And potentially more stuff to come!

We also covered some basics of how the stack works in C function calls. Basic info on stacks can be found here.

Some basic info about buffer overflow attacks can be found here (read through “Stack Attacks for the general concept).

Next week we’ll actully get the opportunity to write some basic buffer overflows!

The Manifesto

So you have joined the Grey Hat Group. You have signed a Code of Conduct. You logged into the super secret website. You have a signed PGP key. You have been poking around the IRC channel. So now what?

There is quite a lot to do in the Grey Hat Group actually. We compete in competitions. We teach each other new skills and tools. We talk about current events. We do a lot.

So, where do you fit in? Here’s the trick. Do whatever you want. The Grey Hat Group is about cybersecurity, true. But more than than, it’s about being a hacker, and a hacker scratches his own itch.

Want to play around with RF? Awesome. Do it. Teach us about what you learn.

Want to run your own web server? Great. Find people who know what they’re doing and pick their brains.

Want to learn how an encryption algorithm really works? Go for it. I know there is at least one other member who cares too.

Want to crack passwords? Why not? Just don’t touch my stuff.

The point is that now that you’ve joined the club and we’ve walked you through what it takes to be a member, it’s up to you to decide where you go with it.

Here are some of the things we like to do together.

Talks

We like to learn things in the Grey Hat Group. Cybersecurity involves a lot of tools, protocols, techniques, and competencies and the truth is that none of us are even close to understanding it all.

So when you spend a weekend learning Metasploit or some other thing inside and out, come back and tell us about it! If you think it’s cool, odds are that a lot of us will think it’s cool too.

That’s why we schedule talks. So you can brag and we can learn. It turns out that there are a lot of smart people in the Grey Hat Group. The problem is that we’re all intimidated by each other. Like it or not, most of us are nerds, and we nerds need to work on our social skills. So put together a talk. Get out of your shell and share what you know.

Talk to an officer if you have something in mind.

Speakers

So the secret is out. We don’t know everything. So what do we do about it? We find people who do. We hunt down faculty, alumni, and industry folk to pour their knowledge into our poor n00b heads. So, if you have a connection to some hacker wizard in Bellevue, get him to talk to us. If you know some networking guru in Portland, bring her in!

We like college. We really do. But we would like to get jobs eventually. So we bring in people who have actually seen the outside of a classroom. We can even get money to bring someone in.

Talk to the Industry Liaison about bringing in an outside speaker.

Competitions

Do you know what a CTF is? Who cares, do one anyway. Grey Hat Group members participate in all kinds of Capture the Flag events. We look for events that let all different skill levels learn and have fun. Here are some events worth looking into.

You’re probably saying “I have no idea what I’m doing. How could I compete in a CTF?” To that I say nobody knows what they’re doing, especially before they start. Get your hands dirty and have some fun.

If you find cool opportunities to compete, bring them to a Grey Hat Group meeting and get a team together. In the meantime check out exercises on Hack This Site and Exploit Exercises.

(Fun Fact: Your NetID will get you into Seattle’s CTF wiki.)

Field Trips

Who said we had to stop going on field trips in college? Forget that. It turns out that there is a lot of cool stuff that isn’t happening inside the networking lab. So we go there.

I encourage you to check out whatever catches your fancy. In the Puget Sound area alone you can find ISSA Rainier, Batman’s Kitchen, LinuxFest Northwest, and Agora (if you can find Agora). Get a group together and go check stuff out.

And of course, we go to DEF CON. It’s kind of a big deal.

Projects

Do you have an idea for a project? Do you want help writing software. Do you want to build an IRC bot that plays Pandora in the IAN lab and yells curse words in demand? Bring it to the Grey Hat Group. (Actually, we already did the Pandora one.) Nowhere on campus will you find so many people who are into what you are into (except maybe IEEE or WICS). This is the place to recruit. Check out our GitHub and talk to our CTO about hosting your project there.


Like I said, there is a lot to do in the Grey Hat Group. Please get involved. Signing in every week and sitting in your chair counts for something, but you’re selling yourself short if you leave it at that. Find a project, join a team, learn a skill, give a talk, do something. And don’t be afraid of messing up. The only way to learn most of this stuff is to do it wrong a hundred times. This isn’t one of your classes; the only way to fail is to quit.

thetic

Introduction to PGP

Topics covered:

  • Code of Conduct
  • Shellshock
  • National Cyber League
  • PGP using Thunderbird and Enigmail

Minutes are posted.

Next week:

  • Key signing
  • Getting a Free, Persistent, Remote IRC Client.

HTTP Error 418

First meeting of Spring quarter. Topics covered:

  • Paperwork update
  • Greyhat website
  • Tesla security flaws
  • CCDC recap
  • HTTP Error code 418: I am a teapot

Next week’s topic will be SSH vulnerabilities.

New Website

Please be patient while we update the website.