Winter 2024

Germ: Privacy & Safety Forward E2EE Messaging

Friday, March 15, 2024 at 3:30pm
Y2E2 105

Germ Network created Germ DM and the Germ protocols to empower people to store information privately on their devices and choose with whom they exchange information and messages. Germ DM, our messenger beta for iOS, lets people start an end-to-end encrypted message instantly without using phone numbers. Come learn how Germ Network uses end-to-end encrypted messages and user profile flexibility to provide users total control over privacy and availability!

Our whitepaper will be presented by cofounders Tessa Brown (CEO), a former Stanford PWR lecturer with a focus on digital culture, and Mark Xue (CTO), Apple’s former privacy engineer for iMessage and Facetime, and a Stanford MSCS grad.

Fundamentals and Footguns of Cloud Security

Friday, March 8, 2024 at 3:30pm
Y2E2 105

The landscape of security challenges for deployed web applications has evolved significantly over the past decade. While many enterprises have moved much of their compute workload into the public cloud (AWS, GCP, Azure) for both cost and security reasons, use of the cloud does not necessarily mean an application is secure; rather, the cloud changes the nature of the attack surface for that application. This workshop will provide a brief primer on cloud identity and access management (IAM) and its role as the core driver of attack surface for modern serverless and containerized workloads running on the cloud. We’ll then run through a cloud capture-the-flag (CTF) challenge that will demonstrate how to take advantage of cloud misconfigurations on AWS.

Speaker: Aditya Saligrama
Aditya Saligrama is the President of Applied Cyber and a senior from the Boston area studying Computer Science on the systems track with interests in web, mobile, and cloud security, distributed systems, and open source software. He competes on the CCDC team as Linux & Cloud lead, helping bring home a National Championship in 2023, and leads web penetration testing on the CPTC team, helping the team place 2nd globally in 2024. Aditya also teaches CS 40 Cloud Infrastructure and Scalable Application Deployment.

Slides

Legal Threats to Security Researchers

Friday, March 1, 2024 at 3:30pm
Y2E2 105

From a legal standpoint, doing security research is safer today than it’s ever been. But legal risks still remain (as Stanford students sometimes find out the hard way). This talk presents the primary laws that can be used against good-faith security research, reviews real-life legal incidents from hacker history, discusses what’s still needed to better protect researchers, and tells you how you can get involved.

Speaker: Riana Pfefferkorn
Riana Pfefferkorn is a Research Scholar at the Stanford Internet Observatory. Her work focuses on investigating and analyzing the U.S. and other governments’ policies and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests. She teaches INTLPOL 268 Hack Lab: Introduction to Cybersecurity in the fall.

CISO: A Career off the Beaten Path

Monday, February 26, 2024 at 4:00pm
Y2E2 382

Julie Tsai, former CISO of Roblox, will be coming to talk about her career today! This event is open to anyone interested in working on security in the industry. Show up with questions! Boba will be served.

Roguespot Project Update

Friday, February 23, 2024 at 3:30pm
Y2E2 105

Nathan Bhak and Joey Holtzman will be presenting on the current status of Roguespot, a distributed system for rogue access point detection on campus. Come hear about project progress, future milestones, and ways you can get involved in development!

Speakers: Nathan Bhak and Joey Holtzman

Nathan Bhak is a CS coterm and the semi-retired Projects Lead for Stanford Applied Cyber. He does security research with ESRG to detect network infrastructure hijacks, as well as the MIT Lincoln Lab, where he’s developing automated software testing methods for the government.

Joey Holtzman is currently a freshman at Stanford majoring in Computer Science and focusing specifically on applications within cybersecurity. He’s currently a member of Stanford’s CCDC team and is actively focusing on secure software development. In addition to studying cybersecurity, he also likes to exercise, jump rope, and hike.

Reflections on a Quarter of Security Clinic

Friday, February 16, 2024 at 3:30pm
Y2E2 105

In fall quarter, Aditya Saligrama and Miles McCain founded the Stanford Security Clinic to provide pro-bono security and safety consultations to Stanford startups. Come hear their insights on running weekly short but highly effective pentesting sessions and fun vulns found!

Speakers: Aditya Saligrama and Miles McCain

Aditya Saligrama is the President of Applied Cyber and a senior from the Boston area studying Computer Science on the systems track with interests in web, mobile, and cloud security, distributed systems, and open source software. He competes on the CCDC team as Linux & Cloud lead, helping bring home a National Championship in 2023, and leads web penetration testing on the CPTC team, helping the team place 2nd globally in 2024. Aditya also teaches CS 40 Cloud Infrastructure and Scalable Application Deployment.

Miles McCain is a senior studying Symbolic Systems and Computer Science. He has worked on election security at CISA/DHS, privacy engineering at Apple, trust and safety at the Stanford Internet Observatory, and AI safety policy in collaboration with OpenAI and the Cornell Tech Policy Institute. He is an alum of the Recurse Center, worked on cyber policy for a 2020 presidential campaign, and loves building products in the public interest.

Linux Containers are Swiss Cheese

Friday, February 9, 2024 at 3:30pm
Y2E2 105

It seems like everyone is using Docker containers or Kubernetes these days—for simpler deployment, development, and sometimes security. But are they actually secure? We’ll dive into Linux container technologies, how they work, how they differ from other tools, and what happens when things go wrong.

Speaker: Danny Lin
Danny Lin is building OrbStack, a developer tool that makes Docker & Kubernetes faster, lighter, and easier to use. He’s also a freshman at Stanford studying CS.

Jack Cable on Secure by Design

Wednesday, February 7, 2024 at 3:00pm
Y2E2 382

Jack Cable, a Stanford computer science graduate and Applied Cyber alum, and now Senior Technical Advisor at the U.S. Cybersecurity and Infrastructure Security Agency, will speak on CISA’s Secure by Design initiative which places the focus on software manufacturers to build security into products from the design stage to ensure better outcomes for their customers, as well as rethinking academia’s role in fostering security as a first-class priority within the computer science curriculum.

Women in Applied Cyber: Intro to Hacking Workshop & Social

Monday, January 29, 2024 at 4:00pm
Huang 304

Hack a website with Stanford Applied Cyber! Join our workshop to conduct your own web exploits, learn about vulnerabilities in your favorite apps, and meet other women in cybersecurity. All levels of experience welcomed!

Cracking the Code: Intro to CTF Competitions (Pt. 2)

Friday, January 26, 2024 at 3:30pm
Y2E2 105

A follow-up to our first CTF workshop, we’ll jump right into real beginner-friendly Capture-the-Flag (CTF) challenges. Come by to try out these popular cybersecurity competitions, open to everyone at any level!

Speaker: Teddy Zhang
Teddy Zhang is the Workshops Lead for Applied Cyber and a junior at Stanford studying CS on the systems track. He has served as a TA for Hack Lab (INTLPOL 268), and also enjoys playing the bassoon.

TL;DR of Operation Triangulation

Friday, January 19, 2024 at 3:30pm
Y2E2 105

Synopsis of Operation Triangulation, examining how an apex threat actor (likely US intelligence) managed to compromise the mobile phones of staff at Russian security company Kaspersky, in one of the most sophisticated attack chains to ever see the light of day. Technical details will be contextualized within the current geo-political landscape.

Speaker: Alex Keller
Alex’s 25 year career in the higher education technology sector brought him to Stanford‘s School of Engineering in 2012 where he now serves as Sr. Systems Security Engineer with responsibilities for security, research technology consulting, and datacenter operations. Advisor to the Stanford Applied Cyber student group and team coach since inception in late 2015, Alex is tirelessly passionate about cybersecurity education and outreach. When not hacking in the public interest, Alex loves spending time with his wife and 8 year old daughter on the beautiful northern California coast.