Events

Unpacking CVE-2021-40444 (Microsoft Office RCE) with Bill Demirkapi

Thursday 9/23 @ 4PM PT via Zoom (see Slack #general for link)

Open to the Stanford community!

Bill Demirkapi is a junior at the Rochester Institute of Technology with an impressive security research portfolio honed since his early high school days. Bill's expertise includes Windows internals, reverse engineering, and offensive security with notable back-to-back speaker appearances at DEF CON in 2019 & 2020.

Join us for Bill's technical deep dive and reversal of the recently discovered CVE-2021-40444, a high severity Microsoft Office remote code execution (RCE) being broadly exploited in the wild.

https://billdemirkapi.me
https://twitter.com/billdemirkapi

Applied Cyber welcomes Julie Tsai, Head of Information Security at Roblox

Wednesday 5/26, 4-5PM PT

As an experienced cybersecurity and DevSecOps professional, Julie has a bedrock passion for security, privacy - and enabling technology to better society. Julie received her B.A. in Political Science with a minor in Economics while at Stanford.

Zoom link in Slack #general

Applied Cyber Welcomes Jackson Henry, Bug Hunter from Down Under

Friday 2/12, 4PM PT

Jackson Henry is an accomplished security researcher and bug bounty hunter hailing from Sydney, Australia - notably talented even before you consider his 15 years of age. Specializing in OSINT and web application penetration testing, Jackson continues to rack up CVEs and notoriety for his ethical hacking expertise, including recent recognition from the United Nations for discovering and reporting (along with colleagues John Jackson, Aubrey Cottle, and Nick Sahler) a misconfiguration exposing 100,000 UN staff records. Join us to hear about his infosec journey, current projects, and a demo of his favorite techniques.

Join Stanford's Womxn in Applied Cybersecurity (WAC) this Friday at 5pm PST for an informal Q&A with Stanford alumni Kate Stowel and Esther Goldstein and industry speaker Savanah Frisk! 

Hosted by Stanford’s Information Security and Privacy Offices, the festival aims to raise awareness and understanding about how to ensure our online lives are safe and secure. The event includes a variety of talks and workshops from different speakers and security leaders, with an overarching focus on online safety and end user protection based on security best practices.

The festival will provide value for students, faculty, and staff alike, including:

• Deepen your knowledge about the importance of cybersecurity and privacy to ensure that Stanford community have the resources to be more secure online
• Attend talks by subject matter experts and industry leaders
• Engage with team members from Stanford’s Information Security Office, University Privacy Office as well as security professionals from around the campus
• Win prizes and raffles drawings

 This is an all-virtual event hosted through Zoom. All Stanford University, Healthcare and the Education communities are invited.

 

Join Stanford Applied Cyber for a talk by hacker and photojournalist Gillis Jones who will introduce his #ForgottenMemories project which is a forensic journey through the banal, the profound, and the profoundly disturbing world of images from people's everyday lives meticulously recovered from "Formatted" SD cards available for sale in third party markets around the world.

A fascinating endeavor at the intersection of technology, photography, and ethnography, Gillis will brief us on the inception of this project, delve into forensic recovery techniques, and showcase some of his favorite images.

https://gillis.media/forgotten-memories
https://twitter.com/Gillis57 

Wednesday 5/27, 4-5PM (Pacific time)

Zoom Link will be posted to Applied Cyber Slack #general

Come relax and socialize at the Applied Cyber movie night!

Friday 2/7, 8-11PM
Fairclough Lounge (Rains)

Join us for an introduction to Metasploit with Anna Zeng and Michael Hayashi. Come learn the basics of a popular offensive framework and test your new skills on a live cyber range!

Tuesday, 2/4, 4:30-5:30PM
Y2E2, Room 382

End-of-quarter Applied Cyber Social!

Saturday 12/7,  6-9PM
Jerry Lounge

We'll have pizza/snacks/drinks, and a variety of board games, movies, etc.

RSVP here for food: https://forms.gle/jPXtf42JXHS16bit6

Math, Motion, and Machine Learning: Implicit Authentication in the Real World - John Whaley, CEO and Founder of UnifyID, Stanford CS Alum 

How do you identify people? What is it that makes you, you? Certain aspects of human behavior can be as unique and as hard to spoof as a fingerprint. The way you walk, the way you move, the places you go, and your little idiosyncrasies have the promise of being more convenient and more secure than other forms of authentication like passwords or biometrics. But there are significant practical challenges in building a system that can authenticate you to >99% accuracy with just a few seconds of passive sensor readings while still maintaining user privacy. It requires lots of advanced math, signal processing, machine learning, tricky engineering, and re-thinking existing security paradigms.

Come hear about our experience in building such a platform and a glimpse into the future of authentication.

About UnifyID:

UnifyID, a rapidly growing startup located in Downtown Redwood City, that uses human behavioral data (like gait) to build authentication software. UnifyID has raised $23.4 million from top firms like NEA and Andreessen Horowitz.

Dinner will be served for the first 15 to RSVP and guarantee attendance! 

RSVP: https://forms.gle/9EA3HTkCvMH44HpP7

Learn to use one of the most versatile tools in the security domain! Bring your laptop for a hands-on Nmap workshop where you will perform host and service enumeration on live targets. We will start with the basics on how to install Nmap, run your first scan, and progress through more sophisticated techniques like OS and service detection.

Download Nmap here to prepare for the workshop: https://nmap.org/download.html

Ellie Dunn & Alex Keller
Wednesday 10/23/2019, 4-5:30PM
Spilker Building (Science & Engineering Quad), Room 143

* FOSS = free and open source software

CPTC Western Regional website:
https://cptc-west.stanford.edu

The Collegiate Penetration Testing Competition (CPTC) provides a venue for top cybersecurity student teams to discover, triage, and mitigate critical security vulnerabilities. This competition focuses on improving the security posture of a fictitious organization and reporting on risks in a manner that is similar to a real professional engagement. 

The top teams from the Western/Central/North-East/South-East Regional Competitions will advance to the CPTC National Finals hosted at the Rochester Institute of Technology, November 22-24, 2019.

Applied Cyber Welcome Bash-1.0$ is Monday 9/30/2019 from 7-9PM in Building 320 Room 109. Looking forward to seeing you all there! Reminder: Come early to get boba!!

Real-world Cybersecurity Issues at Scale with John Asante, Head of Cybersecurity & Privacy Response at Google

Learn about real-life cybersecurity issues at scale and how approaches may differ between internet-based tech companies and other industries like intelligence and finance.

Wednesday, May 22nd
3:00-4:00PM
Y2E2 382

Please RSVP here:
https://forms.gle/b8FLu1yWBoVxxcuU9

John Asante is the Head of Cybersecurity & Privacy Response at Google. John leads the global teams that help to defend Google and Alphabet from cybersecurity and privacy incidents. Prior to Google, he was the Vice President and Head of Cyber Defense at Visa, and has served in similar leadership and engineering roles at Microsoft, Nike, and the Department of Defense.

File similarity technologies applied across petabytes of malware sets generate novel discoveries within APT research, expanding possibilities for clustering and attribution. Let's examine an overview of clustering, attribution challenges, and examples of such discoveries as supported by our own similarity engine, YARA.

Speaker Bio: Kurt Baumgartner is a Principal Security Researcher on the Global Research and Analysis Team (GReAT) at Kaspersky Lab. He`s worked out of Boulder, Colorado, focused on targeted attacks since 2010. He supports research efforts with reversing and analysis, and authors private APT intelligence reports and external publications.

RSVP Please: https://forms.gle/3KURu4bqsAsmV9GR6

Attend Remotely via Zoom: https://stanford.zoom.us/j/167750053

PLEASE RSVP: https://goo.gl/vgUqvZ

By examining recent exploits and malware attacks, we'll illustrate that macOS is a rather vulnerable and an ever more targeted OS. And unfortunately for Mac users, traditional signature-based approaches often fail to detect such threats. Instead a heuristic-based, behavioral approach is clearly needed. In this talk, we will discuss a new open-source monitoring framework which passively collects a myriad of system events. Building on top of this, we will then detail a predicate-based system that leverages Apple’s game (logic) engine to quickly and efficiently apply rules against these events. End result? A comprehensive detection, response and threat hunting platform.

Patrick Wardle is the Chief Research Officer at Digital Security and founder of Objective-See.

Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

The information security community glorifies offensive research, stunt hacks, and red teaming. For many years, defensive work was not viewed as particularly enticing or interesting -- but this is starting to change. There has been a catalyst in the defensive world which has pushed detection engineering, response tradecraft, and intelligent engineering back into focus for the industry. As many are starting to realize, defensive work is challenging, rewarding, and can be immensely impactful.

This talk will be an informal and candid exploration of the realities of building and running a blue team for a modern Tech company. Topics covered will include organizational theory, operational challenges, detection engineering philosophy, telemetry and orchestration, and automation. Chris and Dane will also host a short defense-oriented ask-me-anything (AMA) at the end of the talk.

Dane Stuckey (@cryps1s) is the CISO / Cyber Janitor for Palantir. Dane has 8 years of information security experience and has specialized in incident detection/response, Windows platform security, and security program development. Prior to joining Palantir full-time, Dane worked in the U.S. Intelligence and Law Enforcement community. Dane graduated with a Bachelors in Information Security with an emphasis in Digital Forensics from the University of Texas, San Antonio."

Chris Long (@centurion) is a Detection and Response (CIRT) Engineer at Palantir. Chris has 8 years of information security experience and has specialized in incident detection/response, MacOS platform security, and is a strong advocate for the osquery platform. Prior to joining Palantir full-time, Chris worked on the Incident Detection and Response Teams for Facebook and Uber.

Thursday, January 31st, 2019

3:00-4:30PM
Spilker 143

Interested in learning how to tackle challenging CTF problems from some of the best in the field? Want to learn more about symbolic execution and SMT solvers in practice? Join Applied Cybersecurity and ForAllSecure for a talk on tools and techniques for CTFs!

RSVP here: https://goo.gl/forms/AMzHT57Nqrh2FKTt1

ForAllSecure combines autonomous machine-based cybersecurity tools with the creativity of humans. The company crafted a fully autonomous cybersecurity system,
taking first place at the DARPA Cyber Grand Challenge.

They will talk about using SMT solvers in reversing and CTFs, symbolic execution for CTFs, and real world applications.

Join us for the exciting upcoming PlaidCTF!

CTFs are hacking competitions where you earn points by exploiting, reversing, pwning, or breaking various challenges to get flags. CTF games often touch on many aspects of information security: cryptography, stenography, binary analysis, reverse engineering, application security and others so it is a great way to learn to analyse and exploit vulnerable applications, understand practical security concepts, and have a ton of fun in the process.

This CTF is particularly tailored to people of all levels so you are encouraged to participate if you are new to this!

Event: PlaidCTF May 5-6th (Saturday / Sunday)!

MEETUP: Saturday, May 5th, 1-4PM, in Huang 306.

MEETUP: Saturday, May 5th, 1-4PM, in Huang 306.

Online Communication: https://appliedcybersecurity.slack.com #ctf channel (invites will be sent out)

Meetups: We are planning on hosting a physical space where people can collaborate and compete! More info to come!

SIGNUP FORM: https://goo.gl/forms/KLIH556a1DbhB7Yz2

PlaidCTF Website: http://plaidctf.com

Wireshark Workshop

Friday, April 27th, 2018
4:00-5:30PM
Spilker 143

Join Applied Cyber for a workshop exploring the awesome capabilities of Wireshark, the world’s most popular open source packet sniffer. No experience necessary, come follow along as CS staff member Andrej Krevl guides us through packet captures, filtering, and protocol dissection. Attendees are encouraged to bring their laptops with Wireshark installed (https://www.wireshark.org/#download).

This event is open to all Stanford students, faculty, and staff. 

RSVP @ https://goo.gl/forms/Dh8uSS8K1IMAFzzG2

Embedded Device Pwning

Thursday, April 5th, 2018
4:30-5:30PM
Huang 305

You get your hands on an embedded device - what now? Join us as we learn about basic hardware analysis, reversing extracted firmware, and how to tailor a payload to gain persistence on a device.

Embedded devices are found everywhere. These devices are much more resource constrained than the average computer and tend to be rushed to market. This talk will focus on reverse engineering techniques, ranging from hardware tear-downs to reversing the firmware on the device.

We will scope the talk so that no prior experience will be necessary, and those who focus on software security can hopefully learn about a new class of targets to analyze.

This event is open to all Stanford students, faculty, and staff. 

About Leviathan:

Leviathan (https://www.leviathansecurity.com) is a security consulting firm based out of Seattle. They work for a mixture of large and small clients, performing assessments for everything from web applications to analyzing unreleased hardware.

Applied Cyber and security engineers from Redpoint Ventures <http://www.redpoint.com/> are hosting a computer security hackathon on Saturday, February 24th.

Participants, in teams of any size, are tasked with running static analysis on open-source *nix libraries, from OpenVPN to Darknet, SciPy to memcached.  From there, they can take on any combination of these three challenges:

1. Discover a vulnerability: demonstrate a code exploit, and maybe even walk away from the hackathon with a CVE <https://cve.mitre.org/> to your name.  The more impactful your discovery, the better.
2. Build a defense: implement fixes for everything from memory mismanagement to brand-new vulnerabilities.  Reduce attack surface, contribute to a live code base, and prevent future exploits from ever happening.
3. Experiment with tools: Redpoint Ventures has built its own static analysis tool based on Clang scan-build. This tool will be provided to all participants at the start of the competition; particularly creative use of this tool will be noted.

Whether you have years of experience or are just getting started, there is an open source project that can use your help.  While we have a list of selected projects that can work with Redpoint Venture's tool immediately, participants should feel free to work on any open source project that interests them.

Join us for a day of hands-on learning and security hacking with prizes!

This event is open to current Stanford affiliates only. RSVP here. <https://goo.gl/forms/i6R5KgjH3dgoIG1u2>

Are you interested in cybersecurity? Have you wanted to learn offensive cyber techniques but don't know where to get started?. The Applied Cybersecurity team is hosting an introductory workshop to get people going with practicing exploitation and offensive cyber techniques in an ethical setting.

Applied Cyber is excited to present the first in a series of workshops aimed at teaching hands-on exploitation techniques to interested students in a friendly and legal setting! In particular, we will focus on gaining familiarity with techniques used for competing in Capture the Flag (CTF)* competitions.

We'll be hosting the first workshop this Friday, 10/27, from 5 PM - 7 PM in Shriram 366 in preparation for the Hitcon CTF next week. Bring a laptop!

This workshop will assume no prerequisite experience with hacking or cybersecurity so please attend regardless of how unfamiliar you are with the topic. For this workshop, we will focus on web vulnerabilities, binary reversing, and some basic cryptography challenges. Note that experience equivalent to CS107 will be useful.

Baseboard Management Controllers have been deployed over the past decade to allowIT professionals remote access to the underlying hardware of computer systems. In many cases they have vulnerabilities which bypass OS defenses, allowing an attacker complete, undetected control over a machine. As a result, these attacks represent some of the most valuable, dangerous attacks against computer systems.

This workshop will first present what Baseboard Management Controllers are, followed by a demonstration of the recent Intel AMT hack and several other vulnerabilities found in these systems.

We will cover details which draw on CS107-level material. However, people of all backgrounds are welcome.

Want to know how hackers steal password databases and take over websites? Come to our technical workshop this Wednesday to get hands-on experience with web hacking. You will attack a website using cross-site scripting and SQL injection and then exploit the famous Heartbleed and Shellshock bugs to take control of the webserver.

Many browsers (including Chrome) offer protections against cross site scripting that will interfere with the demos. If you want to participate in the cross site scripting demo, we recommend installing Firefox beforehand.

HTML/Javascript knowledge is recommended but not required.