Winter 2024
Germ: Privacy & Safety Forward E2EE Messaging
Friday, March 15, 2024 at 3:30pm
Y2E2 105
Germ Network created Germ DM and the Germ protocols to empower people to store information privately on their devices and choose with whom they exchange information and messages. Germ DM, our messenger beta for iOS, lets people start an end-to-end encrypted message instantly without using phone numbers. Come learn how Germ Network uses end-to-end encrypted messages and user profile flexibility to provide users total control over privacy and availability!
Our whitepaper will be presented by cofounders Tessa Brown (CEO), a former Stanford PWR lecturer with a focus on digital culture, and Mark Xue (CTO), Apple’s former privacy engineer for iMessage and Facetime, and a Stanford MSCS grad.
Fundamentals and Footguns of Cloud Security
Friday, March 8, 2024 at 3:30pm
Y2E2 105
The landscape of security challenges for deployed web applications has evolved significantly over the past decade. While many enterprises have moved much of their compute workload into the public cloud (AWS, GCP, Azure) for both cost and security reasons, use of the cloud does not necessarily mean an application is secure; rather, the cloud changes the nature of the attack surface for that application. This workshop will provide a brief primer on cloud identity and access management (IAM) and its role as the core driver of attack surface for modern serverless and containerized workloads running on the cloud. We’ll then run through a cloud capture-the-flag (CTF) challenge that will demonstrate how to take advantage of cloud misconfigurations on AWS.
Speaker: Aditya Saligrama
Legal Threats to Security Researchers
Friday, March 1, 2024 at 3:30pm
Y2E2 105
From a legal standpoint, doing security research is safer today than it’s ever been. But legal risks still remain (as Stanford students sometimes find out the hard way). This talk presents the primary laws that can be used against good-faith security research, reviews real-life legal incidents from hacker history, discusses what’s still needed to better protect researchers, and tells you how you can get involved.
Speaker: Riana Pfefferkorn
CISO: A Career off the Beaten Path
Monday, February 26, 2024 at 4:00pm
Y2E2 382
Julie Tsai, former CISO of Roblox, will be coming to talk about her career today! This event is open to anyone interested in working on security in the industry. Show up with questions! Boba will be served.
Roguespot Project Update
Friday, February 23, 2024 at 3:30pm
Y2E2 105
Nathan Bhak and Joey Holtzman will be presenting on the current status of Roguespot, a distributed system for rogue access point detection on campus. Come hear about project progress, future milestones, and ways you can get involved in development!
Speakers: Nathan Bhak and Joey Holtzman
Nathan Bhak is a CS coterm and the semi-retired Projects Lead for Stanford Applied Cyber. He does security research with ESRG to detect network infrastructure hijacks, as well as the MIT Lincoln Lab, where he’s developing automated software testing methods for the government.
Joey Holtzman is currently a freshman at Stanford majoring in Computer Science and focusing specifically on applications within cybersecurity. He’s currently a member of Stanford’s CCDC team and is actively focusing on secure software development. In addition to studying cybersecurity, he also likes to exercise, jump rope, and hike.
Reflections on a Quarter of Security Clinic
Friday, February 16, 2024 at 3:30pm
Y2E2 105
In fall quarter, Aditya Saligrama and Miles McCain founded the Stanford Security Clinic to provide pro-bono security and safety consultations to Stanford startups. Come hear their insights on running weekly short but highly effective pentesting sessions and fun vulns found!
Speakers: Aditya Saligrama and Miles McCain
Aditya Saligrama is the President of Applied Cyber and a senior from the Boston area studying Computer Science on the systems track with interests in web, mobile, and cloud security, distributed systems, and open source software. He competes on the CCDC team as Linux & Cloud lead, helping bring home a National Championship in 2023, and leads web penetration testing on the CPTC team, helping the team place 2nd globally in 2024. Aditya also teaches CS 40 Cloud Infrastructure and Scalable Application Deployment.
Miles McCain is a senior studying Symbolic Systems and Computer Science. He has worked on election security at CISA/DHS, privacy engineering at Apple, trust and safety at the Stanford Internet Observatory, and AI safety policy in collaboration with OpenAI and the Cornell Tech Policy Institute. He is an alum of the Recurse Center, worked on cyber policy for a 2020 presidential campaign, and loves building products in the public interest.
Linux Containers are Swiss Cheese
Friday, February 9, 2024 at 3:30pm
Y2E2 105
It seems like everyone is using Docker containers or Kubernetes these days—for simpler deployment, development, and sometimes security. But are they actually secure? We’ll dive into Linux container technologies, how they work, how they differ from other tools, and what happens when things go wrong.
Speaker: Danny Lin
Jack Cable on Secure by Design
Wednesday, February 7, 2024 at 3:00pm
Y2E2 382
Jack Cable, a Stanford computer science graduate and Applied Cyber alum, and now Senior Technical Advisor at the U.S. Cybersecurity and Infrastructure Security Agency, will speak on CISA’s Secure by Design initiative which places the focus on software manufacturers to build security into products from the design stage to ensure better outcomes for their customers, as well as rethinking academia’s role in fostering security as a first-class priority within the computer science curriculum.
Women in Applied Cyber: Intro to Hacking Workshop & Social
Monday, January 29, 2024 at 4:00pm
Huang 304
Hack a website with Stanford Applied Cyber! Join our workshop to conduct your own web exploits, learn about vulnerabilities in your favorite apps, and meet other women in cybersecurity. All levels of experience welcomed!
Cracking the Code: Intro to CTF Competitions (Pt. 2)
Friday, January 26, 2024 at 3:30pm
Y2E2 105
A follow-up to our first CTF workshop, we’ll jump right into real beginner-friendly Capture-the-Flag (CTF) challenges. Come by to try out these popular cybersecurity competitions, open to everyone at any level!
Speaker: Teddy Zhang
TL;DR of Operation Triangulation
Friday, January 19, 2024 at 3:30pm
Y2E2 105
Synopsis of Operation Triangulation, examining how an apex threat actor (likely US intelligence) managed to compromise the mobile phones of staff at Russian security company Kaspersky, in one of the most sophisticated attack chains to ever see the light of day. Technical details will be contextualized within the current geo-political landscape.