Spring 2024

Intro to Ethical Web Hacking (Admit Weekend Special)

Friday, April 26, 2024 at 4:30pm
Y2E2 362

Join us to hack into a cat-themed startup that’s riddled with common vulnerabilities! You’ll learn how to defend against these attacks in your own projects and hear some war stories along the way.

Speaker: Aditya Saligrama
Aditya Saligrama is the President of Applied Cyber and a senior from the Boston area studying Computer Science on the systems track with interests in web, mobile, and cloud security, distributed systems, and open source software. He competes on the CCDC team as Linux & Cloud lead, helping bring home a National Championship in 2023, and leads web penetration testing on the CPTC team, helping the team place 2nd globally in 2024. Aditya also taught CS 40 Cloud Infrastructure and Scalable Application Deployment and is a Course Assistant for CS 155 Computer and Network Security.

Cross-Language Vulnerabilities

Friday, April 19, 2024 at 4:30pm
Y2E2 362

Memory corruption attacks have long plagued computer systems that use unsafe programming languages like C/C++. To enhance the security of these systems, developers have gradually introduced memory-safe languages like Rust to existing codebases, an approach that is effective but not foolproof. This talk will delve into the ways in which attackers can carefully manoeuvre between safe and unsafe code to undermine the security of mixed-language applications.

Speaker: Nathan Bhak
Nathan Bhak is a CS coterm and the almost-retired Projects Lead for Stanford Applied Cyber. He has experience in product security and reverse engineering, and currently does research on network infrastructure hijacks and automated vulnerability detection.

A Postmortem of the Attempted XZ Backdoor

Friday, April 12, 2024 at 4:30pm
Y2E2 362

Who would win in a fight: a suspected nation-state APT, or a curious engineer worried about the speed of his SSH logins? Come hear about the most ambitious backdoor attempt in recent memory. Learn how the intersection of innovative social engineering and insane technical feats created an attack that almost backdoored millions of systems.

Speaker: Cody Ho
Cody Ho is the Vice President of Applied Cyber and a senior studying Symbolic Systems and Computer Science. Cody’s academic pursuits focus on the intersection of machine learning and cybersecurity, with extensive experience that spans AI safety and ethics, low level systems and networking, HPC workloads, and reverse engineering malware. Cody is a member of Applied Cyber’s CCDC and CPTC teams focusing on Linux and Windows defense and automation.