Spring 2024
Intro to Ethical Web Hacking (Admit Weekend Special)
Friday, April 26, 2024 at 4:30pm
Y2E2 362
Join us to hack into a cat-themed startup that’s riddled with common vulnerabilities! You’ll learn how to defend against these attacks in your own projects and hear some war stories along the way.
Speaker: Aditya Saligrama
Cross-Language Vulnerabilities
Friday, April 19, 2024 at 4:30pm
Y2E2 362
Memory corruption attacks have long plagued computer systems that use unsafe programming languages like C/C++. To enhance the security of these systems, developers have gradually introduced memory-safe languages like Rust to existing codebases, an approach that is effective but not foolproof. This talk will delve into the ways in which attackers can carefully manoeuvre between safe and unsafe code to undermine the security of mixed-language applications.
Speaker: Nathan Bhak
A Postmortem of the Attempted XZ Backdoor
Friday, April 12, 2024 at 4:30pm
Y2E2 362
Who would win in a fight: a suspected nation-state APT, or a curious engineer worried about the speed of his SSH logins? Come hear about the most ambitious backdoor attempt in recent memory. Learn how the intersection of innovative social engineering and insane technical feats created an attack that almost backdoored millions of systems.