Events

Cybersecurity workshops for everyone in the Stanford community

Applied Cyber hosts workshops every quarter on computer security topics. Workshops provide a broad, general introduction to cybersecurity. We cover a wide range of material, going into both technical subjects and their impact on the real world.

Workshop formats include:

  • Guest Speakers
        ex.) Discussing the ramifications of a government leak on national policy
  • Live Demos
        ex.) Learn how to use Kali Linux, a common platform for penetration testing
  • Hands-on Walkthroughs
        ex.) Learn web exploits and perform them against a demonstration server

Applied Cyber thinks of workshops as a way to connect with everyone in the Stanford community who is interested in computer security, a way to share thoughts with experienced veterans and new members alike. To this end, we aim to be as inclusive and accommodating to our diverse community as possible, and we always welcome feedback on how we can improve.

No matter what your background or depth of technical knowledge, we have a workshop developed for you. Our events are open to students, staff, faculty, and community members alike! Join us!

For slides and recordings of these events, please consult the Resources page. To hear about upcoming events, check this Events page for updates or join our mailing list.

Jackson Henry, Bug Hunter from Down Under

  • When Feb 12, 2021 from 04:00 PM to 05:00 PM (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Applied Cyber Welcomes Jackson Henry, Bug Hunter from Down Under

Friday 2/12, 4PM PST

Jackson Henry is an accomplished security researcher and bug bounty hunter hailing from Sydney, Australia - notably talented even before you consider his 15 years of age. Specializing in OSINT and web application penetration testing, Jackson continues to rack up CVEs and notoriety for his ethical hacking expertise, including recent recognition from the United Nations for discovering and reporting (along with colleagues John Jackson, Aubrey Cottle, and Nick Sahler) a misconfiguration exposing 100,000 UN staff records. Join us to hear about his infosec journey, current projects, and a demo of his favorite techniques.

 

 

   

 
 

Womxn in Applied Cybersecurity - Panel Discussion

  • When Feb 05, 2021 from 05:00 PM to 06:00 PM (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Join Stanford's Womxn in Applied Cybersecurity (WAC) this Friday at 5pm PST for an informal Q&A with Stanford alumni Kate Stowel and Esther Goldstein and industry speaker Savanah Frisk! 


 
 

Stanford Cybersecurity & Privacy Festival

  • When Oct 19, 2020 01:00 PM to Oct 23, 2020 03:00 PM (America/Los_Angeles / UTC-700)
  • Where Virtual
  • Web Visit external website
  • Add event to calendar iCal

Hosted by Stanford’s Information Security and Privacy Offices, the festival aims to raise awareness and understanding about how to ensure our online lives are safe and secure. The event includes a variety of talks and workshops from different speakers and security leaders, with an overarching focus on online safety and end user protection based on security best practices.

The festival will provide value for students, faculty, and staff alike, including:

  • Deepen your knowledge about the importance of cybersecurity and privacy to ensure that Stanford community have the resources to be more secure online
  • Attend talks by subject matter experts and industry leaders
  • Engage with team members from Stanford’s Information Security Office, University Privacy Office as well as security professionals from around the campus
  • Win prizes and raffles drawings
 

#Forgottenmemories // Forensics & Photography with Gillis Jones

  • When May 27, 2020 from 04:00 PM to 05:00 PM (America/Los_Angeles / UTC-700)
  • Where Zoom link in Slack #general
  • Add event to calendar iCal

 

Join Stanford Applied Cyber for a talk by hacker and photojournalist Gillis Jones who will introduce his #ForgottenMemories project which is a forensic journey through the banal, the profound, and the profoundly disturbing world of images from people's everyday lives meticulously recovered from "Formatted" SD cards available for sale in third party markets around the world.

A fascinating endeavor at the intersection of technology, photography, and ethnography, Gillis will brief us on the inception of this project, delve into forensic recovery techniques, and showcase some of his favorite images.

https://gillis.media/forgotten-memories
https://twitter.com/Gillis57 

Wednesday 5/27, 4-5PM (Pacific time)

Zoom Link will be posted to Applied Cyber Slack #general

Applied Cyber Movie Night

  • When Feb 07, 2020 from 08:00 PM to 11:00 PM (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Come relax and socialize at the Applied Cyber movie night!

Friday 2/7, 8-11PM
Fairclough Lounge (Rains)

Intro to Metasploit Workshop

  • When Feb 04, 2020 from 04:30 PM to 05:30 PM (America/Los_Angeles / UTC-800)
  • Where Y2E2 382
  • Add event to calendar iCal

Join us for an introduction to Metasploit with Anna Zeng and Michael Hayashi. Come learn the basics of a popular offensive framework and test your new skills on a live cyber range!

Tuesday, 2/4, 4:30-5:30PM
Y2E2, Room 382

 

End-of-Quarter Applied Cyber Social

  • When Dec 07, 2019 from 06:00 PM to 09:00 PM (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

End-of-quarter Applied Cyber Social!

Saturday 12/7,  6-9PM
Jerry Lounge

We'll have pizza/snacks/drinks, and a variety of board games, movies, etc.

RSVP here for food: https://forms.gle/jPXtf42JXHS16bit6

Math, Motion, and Machine Learning: Implicit Authentication in the Real World

  • When Dec 03, 2019 from 06:00 PM to 07:00 PM (America/Los_Angeles / UTC-800)
  • Where Gates Building, Room 174
  • Add event to calendar iCal

Math, Motion, and Machine Learning: Implicit Authentication in the Real World - John Whaley, CEO and Founder of UnifyID, Stanford CS Alum 

Tuesday 12/3, 6-7PM
Gates Building, Room 174
 

How do you identify people? What is it that makes you, you? Certain aspects of human behavior can be as unique and as hard to spoof as a fingerprint. The way you walk, the way you move, the places you go, and your little idiosyncrasies have the promise of being more convenient and more secure than other forms of authentication like passwords or biometrics. But there are significant practical challenges in building a system that can authenticate you to >99% accuracy with just a few seconds of passive sensor readings while still maintaining user privacy. It requires lots of advanced math, signal processing, machine learning, tricky engineering, and re-thinking existing security paradigms.

Come hear about our experience in building such a platform and a glimpse into the future of authentication.

About UnifyID:

UnifyID, a rapidly growing startup located in Downtown Redwood City, that uses human behavioral data (like gait) to build authentication software. UnifyID has raised $23.4 million from top firms like NEA and Andreessen Horowitz.

 

Dinner will be served for the first 15 to RSVP and guarantee attendance! 

RSVP: https://forms.gle/9EA3HTkCvMH44HpP7

A Thousand Ways To Track You on The Web, And How To Start To Protect Yourself

  • When Nov 21, 2019 from 06:00 PM to 07:00 PM (America/Los_Angeles / UTC-800)
  • Where Gates Building, Room 174
  • Add event to calendar iCal
A Thousand Ways To Track You on The Web, And How To Start To Protect Yourself -- Pete Snyder, Brave

Thursday 11/21, 6-7PM
Gates Building, Room 174
 
Join Stanford Applied Cybersecurity for a hands-on workshop with Pete Snyder, privacy researcher at Brave Software (https://brave.com)! Dinner will be served!

Please RSVP: https://forms.gle/awDL4emhEUgKcLFAA

Description:
Without protection, users on the web are tracked on nearly every site they visit, by parties familiar and unknown alike. This talk will give some background to how tracking became so rampant on the web, along with why it should be a cause for concern to everyone. The majority of the talk will then discuss how web users are tracked, using methods ranging from dead simple too sophisticated and complex. We’ll spend some time thinking through counter measures, both deployed and theoretical, including a comparison of existing popular blocking tools. Finally, we’ll discuss some possible, planned future defenses.By the end of the talk, attendees should have a much better understanding of the scale of the tracking problem, along with which tracking methods we have solutions to, and which the privacy community still needs to address.This will be an informal presentation, with an emphasis on discussion and working through problems together.

Nmap Host and Service Enumeration like a FOSS*

  • When Oct 23, 2019 from 04:00 PM to 05:30 PM (America/Los_Angeles / UTC-700)
  • Where Spilker Building (Science & Engineering Quad), Room 143
  • Add event to calendar iCal

Learn to use one of the most versatile tools in the security domain! Bring your laptop for a hands-on Nmap workshop where you will perform host and service enumeration on live targets. We will start with the basics on how to install Nmap, run your first scan, and progress through more sophisticated techniques like OS and service detection.

Download Nmap here to prepare for the workshop: https://nmap.org/download.html

Ellie Dunn & Alex Keller
Wednesday 10/23/2019, 4-5:30PM
Spilker Building (Science & Engineering Quad), Room 143

* FOSS = free and open source software

Collegiate Penetration Testing Competition (CPTC) Western Regional

  • When Oct 12, 2019 08:00 AM to Oct 13, 2019 01:00 PM (America/Los_Angeles / UTC-700)
  • Where Stanford Science & Engineering Quad
  • Contact Name
  • Add event to calendar iCal

CPTC Western Regional website:
https://cptc-west.stanford.edu

The Collegiate Penetration Testing Competition (CPTC) provides a venue for top cybersecurity student teams to discover, triage, and mitigate critical security vulnerabilities. This competition focuses on improving the security posture of a fictitious organization and reporting on risks in a manner that is similar to a real professional engagement. 

The top teams from the Western/Central/North-East/South-East Regional Competitions will advance to the CPTC National Finals hosted at the Rochester Institute of Technology, November 22-24, 2019.

Cardinal Cybersecurity & Privacy Festival

  • When Oct 09, 2019 from 10:00 AM to 02:00 PM (America/Los_Angeles / UTC-700)
  • Where Arrillaga Alumni Center
  • Contact Name
  • Add event to calendar iCal
 
Students, faculty and staff are encouraged to save the date for the Cardinal Cybersecurity and Privacy Festival this October. Co-sponsored by Stanford’s Information Security and Privacy Offices, the festival aims to raise awareness and understanding about how to ensure our online lives are safe and secure.

The festival, themed “Defending the Human,” will include a variety of breakout sessions and workshops from different speakers and security leaders, with an overarching focus on online safety and end user protection based on security best practices.

Festival collaborators include the University Privacy Office, University IT, Residential and Dining Enterprises, Stanford University Libraries, and the Applied Cyber Security Group.

The festival will be offered in two locations on two different dates with similar information. The open-house style festival will allow you to move around as you please between exploring the expo area and listening to presentations.

  • October 9 from 10 a.m. to 2 p.m. on the historic campus in Arrillaga Alumni Center
  • October 31 from 10 a.m. to 2 p.m. at the Stanford Redwood City (SRWC) campus in Cardinal Hall, Rooms 104 and 105

Please note, the presentations will differ in each location depending on speaker availability, and there will not be a student-focused area at the SRWC event.

Applied Cyber Welcome Bash-1.0$

  • When Sep 30, 2019 from 07:00 PM to 09:00 PM (America/Los_Angeles / UTC-700)
  • Where Building 320, Room 109
  • Add event to calendar iCal

Applied Cyber Welcome Bash-1.0$ is Monday 9/30/2019 from 7-9PM in Building 320 Room 109. Looking forward to seeing you all there! Reminder: Come early to get boba!!

 

 

Applied Defense at Google

  • When May 22, 2019 from 03:00 PM to 04:30 PM (America/Los_Angeles / UTC-700)
  • Where Y2E2 382
  • Add event to calendar iCal

Real-world Cybersecurity Issues at Scale with John Asante, Head of Cybersecurity & Privacy Response at Google

Learn about real-life cybersecurity issues at scale and how approaches may differ between internet-based tech companies and other industries like intelligence and finance.

Wednesday, May 22nd
3:00-4:00PM
Y2E2 382

Please RSVP here:
https://forms.gle/b8FLu1yWBoVxxcuU9

John Asante is the Head of Cybersecurity & Privacy Response at Google. John leads the global teams that help to defend Google and Alphabet from cybersecurity and privacy incidents. Prior to Google, he was the Vice President and Head of Cyber Defense at Visa, and has served in similar leadership and engineering roles at Microsoft, Nike, and the Department of Defense.

Pursuing Novel Discoveries in APT Research

  • When May 01, 2019 from 03:00 PM to 04:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram SB35 (sub-basement) and Zoom (https://stanford.zoom.us/j/167750053)
  • Add event to calendar iCal

File similarity technologies applied across petabytes of malware sets generate novel discoveries within APT research, expanding possibilities for clustering and attribution. Let's examine an overview of clustering, attribution challenges, and examples of such discoveries as supported by our own similarity engine, YARA.

Speaker Bio: Kurt Baumgartner is a Principal Security Researcher on the Global Research and Analysis Team (GReAT) at Kaspersky Lab. He`s worked out of Boulder, Colorado, focused on targeted attacks since 2010. He supports research efforts with reversing and analysis, and authors private APT intelligence reports and external publications.

RSVP Please: https://forms.gle/3KURu4bqsAsmV9GR6

Attend Remotely via Zoom: https://stanford.zoom.us/j/167750053

Leveraging Apple’s Game Engine to Heuristically Detect macOS Threats

  • When Mar 07, 2019 from 03:00 PM to 04:00 PM (America/Los_Angeles / UTC-800)
  • Where Spilker 317
  • Add event to calendar iCal

PLEASE RSVP: https://goo.gl/vgUqvZ

By examining recent exploits and malware attacks, we'll illustrate that macOS is a rather vulnerable and an ever more targeted OS. And unfortunately for Mac users, traditional signature-based approaches often fail to detect such threats. Instead a heuristic-based, behavioral approach is clearly needed. In this talk, we will discuss a new open-source monitoring framework which passively collects a myriad of system events. Building on top of this, we will then detail a predicate-based system that leverages Apple’s game (logic) engine to quickly and efficiently apply rules against these events. End result? A comprehensive detection, response and threat hunting platform.

Patrick Wardle is the Chief Research Officer at Digital Security and founder of Objective-See.

Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

 

Blue Team, Best Team: The joys, pains, and pride of building and running a defensive security organization.

  • When Feb 27, 2019 from 05:00 PM to 06:00 PM (America/Los_Angeles / UTC-800)
  • Where Shriram 262
  • Add event to calendar iCal

The information security community glorifies offensive research, stunt hacks, and red teaming. For many years, defensive work was not viewed as particularly enticing or interesting -- but this is starting to change. There has been a catalyst in the defensive world which has pushed detection engineering, response tradecraft, and intelligent engineering back into focus for the industry. As many are starting to realize, defensive work is challenging, rewarding, and can be immensely impactful.

This talk will be an informal and candid exploration of the realities of building and running a blue team for a modern Tech company. Topics covered will include organizational theory, operational challenges, detection engineering philosophy, telemetry and orchestration, and automation. Chris and Dane will also host a short defense-oriented ask-me-anything (AMA) at the end of the talk.


Dane Stuckey (@cryps1s) is the CISO / Cyber Janitor for Palantir. Dane has 8 years of information security experience and has specialized in incident detection/response, Windows platform security, and security program development. Prior to joining Palantir full-time, Dane worked in the U.S. Intelligence and Law Enforcement community. Dane graduated with a Bachelors in Information Security with an emphasis in Digital Forensics from the University of Texas, San Antonio."

Chris Long (@centurion) is a Detection and Response (CIRT) Engineer at Palantir. Chris has 8 years of information security experience and has specialized in incident detection/response, MacOS platform security, and is a strong advocate for the osquery platform. Prior to joining Palantir full-time, Chris worked on the Incident Detection and Response Teams for Facebook and Uber.

ForAllSecure Tech Talk

  • When Jan 31, 2019 from 03:00 PM to 04:30 PM (America/Los_Angeles / UTC-800)
  • Where Shriram 143
  • Add event to calendar iCal

Thursday, January 31st, 2019

3:00-4:30PM
Spilker 143

Interested in learning how to tackle challenging CTF problems from some of the best in the field? Want to learn more about symbolic execution and SMT solvers in practice? Join Applied Cybersecurity and ForAllSecure for a talk on tools and techniques for CTFs!

RSVP here: https://goo.gl/forms/AMzHT57Nqrh2FKTt1

ForAllSecure combines autonomous machine-based cybersecurity tools with the creativity of humans. The company crafted a fully autonomous cybersecurity system,
taking first place at the DARPA Cyber Grand Challenge.

They will talk about using SMT solvers in reversing and CTFs, symbolic execution for CTFs, and real world applications.

PlaidCTF: Call for Competitors!

  • When May 05, 2018 09:00 AM to May 06, 2018 09:00 PM (America/Los_Angeles / UTC-700)
  • Where TBD: Join Slack (https://appliedcybersecurity.slack.com) #ctf channel
  • Add event to calendar iCal

Join us for the exciting upcoming PlaidCTF!

CTFs are hacking competitions where you earn points by exploiting, reversing, pwning, or breaking various challenges to get flags. CTF games often touch on many aspects of information security: cryptography, stenography, binary analysis, reverse engineering, application security and others so it is a great way to learn to analyse and exploit vulnerable applications, understand practical security concepts, and have a ton of fun in the process.

This CTF is particularly tailored to people of all levels so you are encouraged to participate if you are new to this!

Event: PlaidCTF May 5-6th (Saturday / Sunday)!

MEETUP: Saturday, May 5th, 1-4PM, in Huang 306.

MEETUP: Saturday, May 5th, 1-4PM, in Huang 306.

Online Communication: https://appliedcybersecurity.slack.com #ctf channel (invites will be sent out)

Meetups: We are planning on hosting a physical space where people can collaborate and compete! More info to come!

SIGNUP FORM: https://goo.gl/forms/KLIH556a1DbhB7Yz2

PlaidCTF Website: http://plaidctf.com

Wireshark Workshop

  • When Apr 27, 2018 from 04:00 PM to 05:30 PM (America/Los_Angeles / UTC-700)
  • Add event to calendar iCal

Wireshark Workshop

Friday, April 27th, 2018
4:00-5:30PM
Spilker 143

Join Applied Cyber for a workshop exploring the awesome capabilities of Wireshark, the world’s most popular open source packet sniffer. No experience necessary, come follow along as CS staff member Andrej Krevl guides us through packet captures, filtering, and protocol dissection. Attendees are encouraged to bring their laptops with Wireshark installed (https://www.wireshark.org/#download).

This event is open to all Stanford students, faculty, and staff. 

RSVP @ https://goo.gl/forms/Dh8uSS8K1IMAFzzG2

 

Embedded Device Pwning

  • When Apr 05, 2018 from 04:30 PM to 05:30 PM (America/Los_Angeles / UTC-700)
  • Add event to calendar iCal

Embedded Device Pwning

Thursday, April 5th, 2018
4:30-5:30PM
Huang 305

You get your hands on an embedded device - what now? Join us as we learn about basic hardware analysis, reversing extracted firmware, and how to tailor a payload to gain persistence on a device.

Embedded devices are found everywhere. These devices are much more resource constrained than the average computer and tend to be rushed to market. This talk will focus on reverse engineering techniques, ranging from hardware tear-downs to reversing the firmware on the device.

We will scope the talk so that no prior experience will be necessary, and those who focus on software security can hopefully learn about a new class of targets to analyze.

This event is open to all Stanford students, faculty, and staff. 

About Leviathan:

Leviathan (https://www.leviathansecurity.com) is a security consulting firm based out of Seattle. They work for a mixture of large and small clients, performing assessments for everything from web applications to analyzing unreleased hardware.

Applied Cyber Hackathon

Discover and fix vulnerabilities in open source projects - join us for a day of hands-on learning and security hacking!
  • When Feb 24, 2018 from 09:00 AM to 06:00 PM (America/Los_Angeles / UTC-800)
  • Where Huang Basement
  • Add event to calendar iCal

Applied Cyber and security engineers from Redpoint Ventures <http://www.redpoint.com/> are hosting a computer security hackathon on Saturday, February 24th.

Participants, in teams of any size, are tasked with running static analysis on open-source *nix libraries, from OpenVPN to Darknet, SciPy to memcached.  From there, they can take on any combination of these three challenges:

  1. Discover a vulnerability: demonstrate a code exploit, and maybe even walk away from the hackathon with a CVE <https://cve.mitre.org/> to your name.  The more impactful your discovery, the better.
  2. Build a defense: implement fixes for everything from memory mismanagement to brand-new vulnerabilities.  Reduce attack surface, contribute to a live code base, and prevent future exploits from ever happening.
  3. Experiment with tools: Redpoint Ventures has built its own static analysis tool based on Clang scan-build. This tool will be provided to all participants at the start of the competition; particularly creative use of this tool will be noted.

Whether you have years of experience or are just getting started, there is an open source project that can use your help.  While we have a list of selected projects that can work with Redpoint Venture's tool immediately, participants should feel free to work on any open source project that interests them.

Join us for a day of hands-on learning and security hacking with prizes!

This event is open to current Stanford affiliates only. RSVP here. <https://goo.gl/forms/i6R5KgjH3dgoIG1u2>

Introduction to Hacking: Exploiting Web, Binary, and Crypto Vulnerabilities

  • When Oct 27, 2017 from 05:00 PM to 07:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 366
  • Add event to calendar iCal

Are you interested in cybersecurity? Have you wanted to learn offensive cyber techniques but don't know where to get started?. The Applied Cybersecurity team is hosting an introductory workshop to get people going with practicing exploitation and offensive cyber techniques in an ethical setting.

Applied Cyber is excited to present the first in a series of workshops aimed at teaching hands-on exploitation techniques to interested students in a friendly and legal setting! In particular, we will focus on gaining familiarity with techniques used for competing in Capture the Flag (CTF)* competitions.

We'll be hosting the first workshop this Friday, 10/27, from 5 PM - 7 PM in Shriram 366 in preparation for the Hitcon CTF next week. Bring a laptop!

This workshop will assume no prerequisite experience with hacking or cybersecurity so please attend regardless of how unfamiliar you are with the topic. For this workshop, we will focus on web vulnerabilities, binary reversing, and some basic cryptography challenges. Note that experience equivalent to CS107 will be useful.

Chip Hacking: Exploiting Systems Beneath the OS

Once you're compromised below the operating system level, no anti-virus can save you.
  • When Oct 19, 2017 from 05:00 PM to 06:30 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 262
  • Add event to calendar iCal

Baseboard Management Controllers have been deployed over the past decade to allowIT professionals remote access to the underlying hardware of computer systems. In many cases they have vulnerabilities which bypass OS defenses, allowing an attacker complete, undetected control over a machine. As a result, these attacks represent some of the most valuable, dangerous attacks against computer systems.

This workshop will first present what Baseboard Management Controllers are, followed by a demonstration of the recent Intel AMT hack and several other vulnerabilities found in these systems.

We will cover details which draw on CS107-level material. However, people of all backgrounds are welcome.

Zero to Hero in 60 Weeks: How To Build a World-Class IR Team

Learn from the founding member of Uber's Security Response team about what it takes to build one of the best security teams in the world.
  • When May 25, 2017 from 04:00 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Huang 305
  • Add event to calendar iCal
This talk will deep dive on many technical challenges facing companies today and battle tested solutions that have enabled Uber's Security Team to respond in any situation.
 
Alex Levinson is one of Uber's senior security engineers and has been instrumental in shaping Uber's Security Response team (Incident Response team) into what it is today.  Alex will describe what Uber's IR team does, explain how the IR team's mission breaks into technical roles, go over each role in detail, and share how they have evolved over time.
 

Spring Workshop: Introduction to Digital Privacy with Guest Speaker Jennifer Granick

Are you new to cybersecurity? Interested in learning how to protect your digital privacy? This workshop will explore some basic security concepts that are relevant to activism, business, and finance.
  • When May 11, 2017 from 04:00 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Old Union 200
  • Add event to calendar iCal
We will open with guest speaker Jennifer Granick, then break into stations discussing a range of policy and technical topics.  Food will be served!
 
 
Guest Speaker: Jennifer Stisa Granick
Director of Civil Liberties at the Stanford Center for Internet and Society
Granick practices, speaks, and has published books about computer crime and security, electronic surveillance, security vulnerability disclosure, encryption policy, and the Fourth Amendment.  She has received the the 2016 Duo Security's Women in Security Academic Award for her expertise and her guidance for young women in the security industry.
 
 
Breakout Sessions:
Phishing
Curious about the phishing email that went around last week? Want to learn how to keep yourself safe? We can help you out!

Read Handout 

 
Secure Communication
We will demonstrate how to secure your communications and accounts using encryption and two-factor authentication. Tools such as GPGmail (https://gpgtools.org/) and Signal let you encrypt your emails and messages so that they cannot be read in-flight, ensuring that your conversations remain private between you and the recipient. We'll also talk about how to add additional security measures to your online accounts to protect against your accounts being hijacked.
Read Handout
 
Disk Encryption
What is encryption and what does it protect you from? Almost every device today has some support for full-disk encryption. Learning how to set up and use disk encryption is essential to ensuring your privacy and security from both individuals and powerful governments, and everything in between.
Read Handout
View Slides
 
Digital Finance and Cryptocurrency
What trust do we place in financial institutions and how are our electronic transactions protected? Learn about the basic security and privacy risks of finance and how cryptocurrencies like Bitcoin address these issues.
Read Handout

The Practical Hacker's Handbook: Ch 1-3

Vault 7, Fare Hacking, and iPhone Jailbreaking
  • When Apr 13, 2017 from 05:00 PM to 06:30 PM (America/Los_Angeles / UTC-700)
  • Where Spilker 232
  • Add event to calendar iCal
WikiLeaks Vault 7: “Marble”
This session will give an overview of the WikiLeaks Vault 7 project and explore the latest release, “Marble,” in more depth. The Marble Framework is an obfuscation library developed by the CIA, and its release was called “one of the most technically damaging” for it. Come learn about what this framework actually does and why it could affect CIA operations.
Presenter: Brad Girardeau 
View Slides 
 
Fare Hacking!
This introductory session will cover techniques for finding and booking significantly discounted plane fares for both domestic and international travel. Learn how to leverage the pro tools of the trade like Google Flights, Matrix ITA, and Momondo to locate the cheapest flights, mistake fares, and coveted “fuel dumping” legs. Bring your laptop and join the hunt for an awesome trip!
Presenter: Alex Keller
View Slides 
 
iPhone Jailbreaking 101
This segment will be an introduction to jailbreaking, including what jailbreaking is, how to do it, and what are the consequences. There will be a live example showing how to SSH into a jailbroken iPhone.
Presenter: Brandon Azad
 
 
Watch full video of event here.

Web Hacking

Basic web-based vulnerabilities
  • When May 11, 2016 from 04:30 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 366
  • Add event to calendar iCal

Want to know how hackers steal password databases and take over websites? Come to our technical workshop this Wednesday to get hands-on experience with web hacking. You will attack a website using cross-site scripting and SQL injection and then exploit the famous Heartbleed and Shellshock bugs to take control of the webserver.

Many browsers (including Chrome) offer protections against cross site scripting that will interfere with the demos. If you want to participate in the cross site scripting demo, we recommend installing Firefox beforehand.

HTML/Javascript knowledge is recommended but not required.

Google CTF

Google CTF event
  • When Apr 30, 2016 (America/Los_Angeles / UTC-700)
  • Add event to calendar iCal

Interested in learning some hacking techniques? Google is hosting a CTF (Capture the Flag) competition this weekend that is open to anyone who is interested! If you are interested in participating in this or any future CTFs with Stanford, sign up to join the slack channel.

More information on logistics will be posted in the slack channel. If you have issues joining, please contact psekhar.

What are CTFs? Capture the Flag (CTF) is a computer security competition. There are several types- we’ll be doing “jeopardy style” ones. In this type, we work together to solve puzzles, break into systems, and exploit security bugs to “capture the flag,” finding secret keys that give you points. There are different categories of problems (crypto, forensics, web, reversing, finding people on the internet..) with a range of difficulties, so prior experience isn’t required to get started and have fun.

Slaying SSL Dragons With mitmproxy

  • When Apr 27, 2016 from 04:30 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 366
  • Add event to calendar iCal

Ever wonder what information your smartphone is giving away?

mitmproxy (mitmproxy.org) is an open source man-in-the-middle HTTPS proxy. It can be used as an interactive proxy to intercept and modify requests or as a passive proxy to act like tcpdump, but for HTTP. It is highly extensible using a simple Python scripting interface. Max, one of the mitmproxy authors, will give a brief introduction to mitmproxy and show how you can use it to debug applications, see what data your smartphone is giving away, tamper with APIs, and more.

There will be a hands-on demo, so feel free to bring your laptop if you want to participate!