Meetup Recap

Hello fellow club members!

Last March 11th, Syracuse University had two teams compete in the NCAE Cybergames Northeastern Regionals, a graduate team consisting of Jay, Khalid, Aniket, Karthik, Rahul, Saket, Chandan, and Priyansh, and an undergraduate team consisting of Jackson, Anthony, Fenya, Cameron, and myself. The undergraduate team managed to secure first place, and are invited to the national competition in Florida, expenses paid by NCAE. The graduate team scored third place, and were the only team to have a correctly-configured and scoring DNS server for a long period of the competition. Don’t forget to congratulate both teams for the amazing work they’ve done!

Last meeting, Tim Van Waes did his presentation on the recent LastPass data breaches. LastPass was hacked twice last year, once in August and the other time in November. During the second hack, hackers managed to get access to a backup of some customers’ vaults. Even if this reflects very poorly on LastPass, customers should theoretically be safe since the vaults are encrypted.

However, LastPass had some bad security practices, including keeping some vault info in the clear, keeping old accounts on a low number of PBKDF2 rounds, and not mandating old accounts follow their new password-strength requirements. Because of these bad practices, people with LastPass accounts are advised to change passwords they had stored in their account.

Tim also showed off a tool that converts the LastPass vault XML into a nice and easy-to-understand CSV file. The tool was almost completely made by ChatGPT! This goes to show that now more than ever, companies need to make sure to follow the best security practices available, as the barrier to entry for hacking is as low as ever.

Tim has given us a copy of his presentation, which we’ve added to our website’s Resources page.

For giving the presentation, Tim gets the Ted Talk Badge, available on our Community page:

 

 

Hello fellow club members!

Today, we brought down a switch and physically connected many Raspberry Pis to it. After booting into RaspberryPi OS, or Kali Linux in one case, we edited the file /etc/network/interfaces and gave the Pis static IP addresses. Now that the IP addresses are configured, we’ll need to configure SSH with the correct settings to be used securely. To get practice doing so, I would suggest you take the opportunity to go to the lab.

[su_image_carousel source=”media: 1182,1180″ captions=”yes” max_width=”100%” align=”center” crop=”16:9″]

Hello fellow club members!

This past meeting, we encouraged everyone to go to TryHackMe and practice the different modules. By getting practice in, you can heighten your chances at doing better on future competitions.

With that in mind, all upcoming competitions are now listed on the club website! There’s a lot to choose from, all with different levels of difficulty. It’s up to your discretion to do what ever competition you’d like. Just make sure to fill out the interest forms on the page so that we can know.

Also, we have a new page on the website where interesting information security articles will be shared. If you happen to find an information security article and would like to share it with the club, the page has a “Suggest Content” button that allows you to do so. Don’t hesitate to try it out! This page comes courtesy of a plugin made by Optimal Access, who were kind enough to give the club a life-time API. Many thanks to Optimal Access for the great tool and for supporting the club!

[su_image_carousel source=”media: 1166,1167,1168,1169″ captions=”yes”]

Hello, fellow club members! Last meeting, we kicked off our practice for the NCAE Cybergames. The NCAE Cybergames provides a sandbox in which one can practice their skills in different information security categories. We encourage everyone to sign up for a free account and have a hand at the different challenges available. We started off with World of Bills, so that would be a good starting point.

The real NCAE Cybergames will be happening on 2 days: Saturday, February 18th and Saturday, March 11th. Yesterday, we started building teams that will participate, so if you are interested then go to the #announcements channel in Discord and react to the message. This way, we can have a roster of people participating and build out the teams.

Also, the first draft of the badges list is up on the Community page. Check it out!

Hello, fellow information security enthusiasts! Yesterday, we kicked off with our first meeting of the spring 2023 semester. During the meeting, members got a lock picking kit and were able to practice their lock picking skills on clear locks, door knobs (which we provided), bike locks, and everyday Master brand locks. We used this opportunity to debut the new badge system.

Essentially, members can do various tasks to earn badges, cementing their participation and contributions to the club. If you are in our Discord server, you’ll notice the new #badges channel, which shows when members get badges for performing a specific task. As of yesterday, we’ve awarded badges for successfully picking clear locks and for successfully picking non-clear locks. Eventually, we’ll have a page on the website showcasing what tasks you can perform to earn badges, and what badges members have earned, so keep an eye out for that.

Also, we’re introducing an e-board shadowing system. If you would like to learn more about being on the Information Security club e-board or would like to be part of it in the future, then please contact us on Discord or through methods listed on our e-board page. Thank you!

The second-to-last InfoSec club meeting has come and gone! It was full of drama ?, spectacle ✨, and action ?! During this last meeting, all members ascended to the lab and got comfortable with all of our servers. After an introduction of them all, we gave an explanation of our network topology, and logged in to our Palo Alto firewall to look at its current firewall rules and configuration.

Our next meeting will be the last of the semester, so be sure to come. We’ll be having food and playing games to mark off the beginning of the winter break!

Last Saturday, our team attended Lockdown and gave it their all! Congratulations to them for getting up early, making the trip, and applying the heck out of their blue teaming skills! During the past meeting, they gave insight into what attacks they saw during the competition and their strategy for managing defense and injects. Hint, hint: two people were dedicated to injects at all times so everyone else can focus on defense! The team is on the club Discord, so if you’re curious about how exactly the competition went, feel free to ask on there.

Here is the scoreboard for the competition (we are Team 5):

With Lockdown out of the way, the next events are NCL Individual and Team Games and CNY Hackathon. We’ve added new resources for both those events on the resource page, so get together with your teams, and practice as much as possible in the coming weeks!

 

During the last meeting, we introduced an upcoming speaker event on campus, Leading through Change: Our Nation’s Approach to Cyber​, where Gen. Keith Alexander will speak. We encourage everyone to go, as Gen. Keith Alexander has lots of insider knowledge on cybersecurity at the public level. We also reminded everyone to attend the CyberStart Kickoff meeting held this Friday, October 14th. Again, we encourage everyone to attend so that they can put a foot-in-the-door professionally by talking to security professionals, but also practically by participating in competitions that will serve as practice for future competitions and for the workforce.

We spent the rest of the time practicing in the NCL Gymnasium for the NCL individual game, which is coming up in less than two weeks! If you got a voucher, please put it to good use and do as much practicing as possible. Don’t forget to start forming teams for the NCL team game portion, as well.

If you didn’t get a voucher, we’re working on hopefully getting more. In the meantime, feel free to make an account at PicoCTF. It is free and provides a similar Capture-the-Flag game as NCL.

Both Lockdown and Hivestorm are this Saturday, October 15th. Wish all of our participants luck. Go orange! ?

Lots of thanks to today’s amazing guest speakers: James Rice and Mike Lisi! Mike has graciously decided to sponsor the club, so lots of thanks to him for providing us that. Let’s do great on the competitions to show our gratitude! Especially after both he and James Rice provided us great insight into CNY Hackathon and NCAE Cybergames, both of which are beginner-friendly blue team competitions, so if you are interested in going please fill out the interest form in the QR code or the link below.

Microsoft Forms Link

Also, don’t forget to check the events page, because we have many events coming up, namely ITS’s own CyberStart, Lockdown, Hivestorm, and both NCL individual and team games. Each event page has information and resources, so don’t forget to take advantage of those.

Today’s photos:

[su_image_carousel source=”media: 970,972,971,973,976,975,974″ captions=”yes”]

It was great seeing you all! If you have not already, you only have three more days to either make or join an NCL team for the Team Game this weekend. This is a great opportunity for beginners and more seasoned players alike. The competition will be open from Friday at 1pm to Sunday at 9pm. Good luck to all the teams!

If you are interested in presenting a debrief of one of the problems, look out for the form that will be posted later this week. If you present, you will have the chance to win a Razer gaming keyboard or headphone set.