Post

UVT-CTF 2024 meetups

UVT CYBER TEAM 4

Introduction to Linux - Part 1: Theoretical Introduction

Image

Speaker: Iulian Rotaru

In this first installment of the ‘Introduction to Linux’ trilogy, we will explore what makes Linux so special and how to get started with using it.

You can watch it here:

Introduction to Linux - Part 2: Running Linux and Windows software

Image

Speaker: Iulian Rotaru

In this second installment of the “Introduction to Linux” trilogy, we’ll get familiar with some of the apps bundled in the KDE desktop environment, install some apps on our own, and even learn how to get Windows software running on Linux.

You can watch it here:

Introduction to Linux - Part 3: The Terminal

Image

Speaker: Iulian Rotaru

In the final installment of the “Introduction to Linux” trilogy, we’ll finally enter the world of the terminal, where we’ll learn to manage files, text and packages all without a graphical interface.

You can watch it here:

Introduction to Binary Exploitation

Image

Speaker: Nicola Vella - fibonhack

This lesson introduces the underlying principles and techniques of binary exploitation, with an emphasis on the most common bugs in C programming language that result in memory corruption. We will delve into how these vulnerabilities can be exploited on Linux x86-64 systems by examining memory structures. Additionally, we will discuss the most widely used mitigation strategies to prevent such exploitations.

You can watch it here:

Onramp to blockchain security

Image

Speaker: Qi Su - FuzzLand, StrawHat

This presentation will introduce blockchain (on-chain) security. We’ll talk about how smart contract works, identify some easy-to-understand bugs and look into some real-world hacks affecting millions of dollars.

Web Serverside attacks

Image

Speaker: Dragos Albastroiu - WreckTheLine / ETH Zurich / Web

This presentation will explore typical server-side vulnerabilities and how attackers exploit them, focusing on techniques relevant to CTF challenges.

You can watch it here:

Intro to kernel exploitation

Image

Speaker: Pedro Guerra - ELT

The bread and butter of kernel pwn: Talking to ioctls and ROPing in kernel space.

You can watch it here:

Pwning in the “Hardening” era

Image

Speaker: James Wang - Balsn

Binary exploitation dates back to the 1980s. Throughout the ~40 years, it has evolved from an arcane field of study to common knowledge know by most security researchers. Considerable effort has also been put into this field to eliminate entire bug classes (e.g. memory corruption) or hardening targets to make it hard to exploit, but it isn’t until relatively recent do we see real adoption of such mitigations. In this session, we’ll explore some common questions related to real world binary exploitation in face of those new challenges, and navigate the landscape of modern pwning through 3 case studies.

You can watch it here:

Reversing Modern Binaries

Image

Speaker: Aleksandre Khokhiashvili - WaterPaddler / OtterSec

As modern real-world programs become increasingly complex, the task of reversing binaries is becoming more challenging. This seminar will cover effective strategies for handling large reversing projects and discuss how to approach some of the common challenges, such as dealing with ever growing number of imported libraries and modern programming languages. We’ll see some of the recent tools that automate the importing of symbols and types from open source libraries, simplifying the reversing process. Additionally, we’ll provide hands-on examples from binaries written in C and Rust, highlighting differences in output from various compilers, and illustrate how these differences can impact reverse engineering efforts. By the end of this session, you will know how to avoid feeling overwhelmed when facing a complex binary and have a few new tricks up your sleeve to help you get started.

You can watch it here:

Real world Web Security: Turning Knowledge into Action

Image

Speaker: Mohan Sri Rama Krishna Pedhapati - Cure53

Join us for an engaging talk on transforming your knowledge into real-world applications, specifically within the realm of web app sec through bug bounties and vulnerability research. The speaker will share their personal journey, starting with how they leveraged CTF (Capture The Flag) knowledge to perform security research. They will highlight some interesting bugs they discovered along the way, such as prototype pollution and Electron application vulnerabilities. Learn how they used this experience and profile as leverage to secure a position at their dream company.

You can watch it here:

Introduction to ZKP Security with CTF examples

Image

Speaker: Gyumin Roh - SuperGuesser

ZKP, or zero knowledge proof, is part of cryptography that is gather ing attention for its usage in efficient cryptographic validation of computational integrity in many systems such as blockchain. In this talk, the speaker will explain the basic fundamentals of zero knowledge proof, how an audit of ZKP projects work, and how working on ZKP security is similar to competition environments such as CTFs and competitive programming with some examples.