Past Events

Cybersecurity workshops for everyone in the Stanford community

Previous events are listed here.

For slides and recordings of these events, please consult the Resources page. To hear about upcoming events, check the Events page for updates or join our mailing list.

Applied Defense at Google

  • When May 22, 2019 from 03:00 PM to 04:30 PM (America/Los_Angeles / UTC-700)
  • Where Y2E2 382
  • Add event to calendar iCal

Real-world Cybersecurity Issues at Scale with John Asante, Head of Cybersecurity & Privacy Response at Google

Learn about real-life cybersecurity issues at scale and how approaches may differ between internet-based tech companies and other industries like intelligence and finance.

Wednesday, May 22nd
Y2E2 382

Please RSVP here:

John Asante is the Head of Cybersecurity & Privacy Response at Google. John leads the global teams that help to defend Google and Alphabet from cybersecurity and privacy incidents. Prior to Google, he was the Vice President and Head of Cyber Defense at Visa, and has served in similar leadership and engineering roles at Microsoft, Nike, and the Department of Defense.

Pursuing Novel Discoveries in APT Research

  • When May 01, 2019 from 03:00 PM to 04:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram SB35 (sub-basement) and Zoom (
  • Add event to calendar iCal

File similarity technologies applied across petabytes of malware sets generate novel discoveries within APT research, expanding possibilities for clustering and attribution. Let's examine an overview of clustering, attribution challenges, and examples of such discoveries as supported by our own similarity engine, YARA.

Speaker Bio: Kurt Baumgartner is a Principal Security Researcher on the Global Research and Analysis Team (GReAT) at Kaspersky Lab. He`s worked out of Boulder, Colorado, focused on targeted attacks since 2010. He supports research efforts with reversing and analysis, and authors private APT intelligence reports and external publications.

RSVP Please:

Attend Remotely via Zoom:

Leveraging Apple’s Game Engine to Heuristically Detect macOS Threats

  • When Mar 07, 2019 from 03:00 PM to 04:00 PM (America/Los_Angeles / UTC-800)
  • Where Spilker 317
  • Add event to calendar iCal


By examining recent exploits and malware attacks, we'll illustrate that macOS is a rather vulnerable and an ever more targeted OS. And unfortunately for Mac users, traditional signature-based approaches often fail to detect such threats. Instead a heuristic-based, behavioral approach is clearly needed. In this talk, we will discuss a new open-source monitoring framework which passively collects a myriad of system events. Building on top of this, we will then detail a predicate-based system that leverages Apple’s game (logic) engine to quickly and efficiently apply rules against these events. End result? A comprehensive detection, response and threat hunting platform.

Patrick Wardle is the Chief Research Officer at Digital Security and founder of Objective-See.

Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.


Blue Team, Best Team: The joys, pains, and pride of building and running a defensive security organization.

  • When Feb 27, 2019 from 05:00 PM to 06:00 PM (America/Los_Angeles / UTC-800)
  • Where Shriram 262
  • Add event to calendar iCal

The information security community glorifies offensive research, stunt hacks, and red teaming. For many years, defensive work was not viewed as particularly enticing or interesting -- but this is starting to change. There has been a catalyst in the defensive world which has pushed detection engineering, response tradecraft, and intelligent engineering back into focus for the industry. As many are starting to realize, defensive work is challenging, rewarding, and can be immensely impactful.

This talk will be an informal and candid exploration of the realities of building and running a blue team for a modern Tech company. Topics covered will include organizational theory, operational challenges, detection engineering philosophy, telemetry and orchestration, and automation. Chris and Dane will also host a short defense-oriented ask-me-anything (AMA) at the end of the talk.

Dane Stuckey (@cryps1s) is the CISO / Cyber Janitor for Palantir. Dane has 8 years of information security experience and has specialized in incident detection/response, Windows platform security, and security program development. Prior to joining Palantir full-time, Dane worked in the U.S. Intelligence and Law Enforcement community. Dane graduated with a Bachelors in Information Security with an emphasis in Digital Forensics from the University of Texas, San Antonio."

Chris Long (@centurion) is a Detection and Response (CIRT) Engineer at Palantir. Chris has 8 years of information security experience and has specialized in incident detection/response, MacOS platform security, and is a strong advocate for the osquery platform. Prior to joining Palantir full-time, Chris worked on the Incident Detection and Response Teams for Facebook and Uber.

ForAllSecure Tech Talk

  • When Jan 31, 2019 from 03:00 PM to 04:30 PM (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Thursday, January 31st, 2019

Spilker 143

Interested in learning how to tackle challenging CTF problems from some of the best in the field? Want to learn more about symbolic execution and SMT solvers in practice? Join Applied Cybersecurity and ForAllSecure for a talk on tools and techniques for CTFs!

RSVP here:

ForAllSecure combines autonomous machine-based cybersecurity tools with the creativity of humans. The company crafted a fully autonomous cybersecurity system,
taking first place at the DARPA Cyber Grand Challenge.

They will talk about using SMT solvers in reversing and CTFs,symbolic execution for CTFs, and real world applications.

PlaidCTF: Call for Competitors!

  • When May 05, 2018 09:00 AM to May 06, 2018 09:00 PM (America/Los_Angeles / UTC-700)
  • Where TBD: Join Slack ( #ctf channel
  • Add event to calendar iCal

Join us for the exciting upcoming PlaidCTF!

CTFs are hacking competitions where you earn points by exploiting, reversing, pwning, or breaking various challenges to get flags. CTF games often touch on many aspects of information security: cryptography, stenography, binary analysis, reverse engineering, application security and others so it is a great way to learn to analyse and exploit vulnerable applications, understand practical security concepts, and have a ton of fun in the process.

This CTF is particularly tailored to people of all levels so you are encouraged to participate if you are new to this!

Event: PlaidCTF May 5-6th (Saturday / Sunday)!

MEETUP: Saturday, May 5th, 1-4PM, in Huang 306.

MEETUP: Saturday, May 5th, 1-4PM, in Huang 306.

Online Communication: #ctf channel (invites will be sent out)

Meetups: We are planning on hosting a physical space where people can collaborate and compete! More info to come!


PlaidCTF Website:

Wireshark Workshop

  • When Apr 27, 2018 from 04:00 PM to 05:30 PM (America/Los_Angeles / UTC-700)
  • Add event to calendar iCal

Wireshark Workshop

Friday, April 27th, 2018
Spilker 143

Join Applied Cyber for a workshop exploring the awesome capabilities of Wireshark, the world’s most popular open source packet sniffer. No experience necessary, come follow along as CS staff member Andrej Krevl guides us through packet captures, filtering, and protocol dissection. Attendees are encouraged to bring their laptops with Wireshark installed (

This event is open to all Stanford students, faculty, and staff. 



Embedded Device Pwning

  • When Apr 05, 2018 from 04:30 PM to 05:30 PM (America/Los_Angeles / UTC-700)
  • Add event to calendar iCal

Embedded Device Pwning

Thursday, April 5th, 2018
Huang 305

You get your hands on an embedded device - what now? Join us as we learn about basic hardware analysis, reversing extracted firmware, and how to tailor a payload to gain persistence on a device.

Embedded devices are found everywhere. These devices are much more resource constrained than the average computer and tend to be rushed to market. This talk will focus on reverse engineering techniques, ranging from hardware tear-downs to reversing the firmware on the device.

We will scope the talk so that no prior experience will be necessary, and those who focus on software security can hopefully learn about a new class of targets to analyze.

This event is open to all Stanford students, faculty, and staff. 

About Leviathan:

Leviathan ( is a security consulting firm based out of Seattle. They work for a mixture of large and small clients, performing assessments for everything from web applications to analyzing unreleased hardware.

Applied Cyber Hackathon

Discover and fix vulnerabilities in open source projects - join us for a day of hands-on learning and security hacking!
  • When Feb 24, 2018 from 09:00 AM to 06:00 PM (America/Los_Angeles / UTC-800)
  • Where Huang Basement
  • Add event to calendar iCal

Applied Cyber and security engineers from Redpoint Ventures <> are hosting a computer security hackathon on Saturday, February 24th.

Participants, in teams of any size, are tasked with running static analysis on open-source *nix libraries, from OpenVPN to Darknet, SciPy to memcached.  From there, they can take on any combination of these three challenges:

  1. Discover a vulnerability: demonstrate a code exploit, and maybe even walk away from the hackathon with a CVE <> to your name.  The more impactful your discovery, the better.
  2. Build a defense: implement fixes for everything from memory mismanagement to brand-new vulnerabilities.  Reduce attack surface, contribute to a live code base, and prevent future exploits from ever happening.
  3. Experiment with tools: Redpoint Ventures has built its own static analysis tool based on Clang scan-build. This tool will be provided to all participants at the start of the competition; particularly creative use of this tool will be noted.

Whether you have years of experience or are just getting started, there is an open source project that can use your help.  While we have a list of selected projects that can work with Redpoint Venture's tool immediately, participants should feel free to work on any open source project that interests them.

Join us for a day of hands-on learning and security hacking with prizes!

This event is open to current Stanford affiliates only. RSVP here. <>

Introduction to Hacking: Exploiting Web, Binary, and Crypto Vulnerabilities

  • When Oct 27, 2017 from 05:00 PM to 07:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 366
  • Add event to calendar iCal

Are you interested in cybersecurity? Have you wanted to learn offensive cyber techniques but don't know where to get started?. The Applied Cybersecurity team is hosting an introductory workshop to get people going with practicing exploitation and offensive cyber techniques in an ethical setting.

Applied Cyber is excited to present the first in a series of workshops aimed at teaching hands-on exploitation techniques to interested students in a friendly and legal setting! In particular, we will focus on gaining familiarity with techniques used for competing in Capture the Flag (CTF)* competitions.

We'll be hosting the first workshop this Friday, 10/27, from 5 PM - 7 PM in Shriram 366 in preparation for the Hitcon CTF next week. Bring a laptop!

This workshop will assume no prerequisite experience with hacking or cybersecurity so please attend regardless of how unfamiliar you are with the topic. For this workshop, we will focus on web vulnerabilities, binary reversing, and some basic cryptography challenges. Note that experience equivalent to CS107 will be useful.

Chip Hacking: Exploiting Systems Beneath the OS

Once you're compromised below the operating system level, no anti-virus can save you.
  • When Oct 19, 2017 from 05:00 PM to 06:30 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 262
  • Add event to calendar iCal

Baseboard Management Controllers have been deployed over the past decade to allowIT professionals remote access to the underlying hardware of computer systems. In many cases they have vulnerabilities which bypass OS defenses, allowing an attacker complete, undetected control over a machine. As a result, these attacks represent some of the most valuable, dangerous attacks against computer systems.

This workshop will first present what Baseboard Management Controllers are, followed by a demonstration of the recent Intel AMT hack and several other vulnerabilities found in these systems.

We will cover details which draw on CS107-level material. However, people of all backgrounds are welcome.

Zero to Hero in 60 Weeks: How To Build a World-Class IR Team

Learn from the founding member of Uber's Security Response team about what it takes to build one of the best security teams in the world.
  • When May 25, 2017 from 04:00 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Huang 305
  • Add event to calendar iCal
This talk will deep dive on many technical challenges facing companies today and battle tested solutions that have enabled Uber's Security Team to respond in any situation.
Alex Levinson is one of Uber's senior security engineers and has been instrumental in shaping Uber's Security Response team (Incident Response team) into what it is today.  Alex will describe what Uber's IR team does, explain how the IR team's mission breaks into technical roles, go over each role in detail, and share how they have evolved over time.

Spring Workshop: Introduction to Digital Privacy with Guest Speaker Jennifer Granick

Are you new to cybersecurity? Interested in learning how to protect your digital privacy? This workshop will explore some basic security concepts that are relevant to activism, business, and finance.
  • When May 11, 2017 from 04:00 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Old Union 200
  • Add event to calendar iCal
We will open with guest speaker Jennifer Granick, then break into stations discussing a range of policy and technical topics.  Food will be served!
Guest Speaker: Jennifer Stisa Granick
Director of Civil Liberties at the Stanford Center for Internet and Society
Granick practices, speaks, and has published books about computer crime and security, electronic surveillance, security vulnerability disclosure, encryption policy, and the Fourth Amendment.  She has received the the 2016 Duo Security's Women in Security Academic Award for her expertise and her guidance for young women in the security industry.
Breakout Sessions:
Curious about the phishing email that went around last week? Want to learn how to keep yourself safe? We can help you out!

Read Handout 

Secure Communication
We will demonstrate how to secure your communications and accounts using encryption and two-factor authentication. Tools such as GPGmail ( and Signal let you encrypt your emails and messages so that they cannot be read in-flight, ensuring that your conversations remain private between you and the recipient. We'll also talk about how to add additional security measures to your online accounts to protect against your accounts being hijacked.
Read Handout
Disk Encryption
What is encryption and what does it protect you from? Almost every device today has some support for full-disk encryption. Learning how to set up and use disk encryption is essential to ensuring your privacy and security from both individuals and powerful governments, and everything in between.
Read Handout
View Slides
Digital Finance and Cryptocurrency
What trust do we place in financial institutions and how are our electronic transactions protected? Learn about the basic security and privacy risks of finance and how cryptocurrencies like Bitcoin address these issues.
Read Handout

The Practical Hacker's Handbook: Ch 1-3

Vault 7, Fare Hacking, and iPhone Jailbreaking
  • When Apr 13, 2017 from 05:00 PM to 06:30 PM (America/Los_Angeles / UTC-700)
  • Where Spilker 232
  • Add event to calendar iCal
WikiLeaks Vault 7: “Marble”
This session will give an overview of the WikiLeaks Vault 7 project and explore the latest release, “Marble,” in more depth. The Marble Framework is an obfuscation library developed by the CIA, and its release was called “one of the most technically damaging” for it. Come learn about what this framework actually does and why it could affect CIA operations.
Presenter: Brad Girardeau 
View Slides 
Fare Hacking!
This introductory session will cover techniques for finding and booking significantly discounted plane fares for both domestic and international travel. Learn how to leverage the pro tools of the trade like Google Flights, Matrix ITA, and Momondo to locate the cheapest flights, mistake fares, and coveted “fuel dumping” legs. Bring your laptop and join the hunt for an awesome trip!
Presenter: Alex Keller
View Slides 
iPhone Jailbreaking 101
This segment will be an introduction to jailbreaking, including what jailbreaking is, how to do it, and what are the consequences. There will be a live example showing how to SSH into a jailbroken iPhone.
Presenter: Brandon Azad
Watch full video of event here.

Web Hacking

Basic web-based vulnerabilities
  • When May 11, 2016 from 04:30 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 366
  • Add event to calendar iCal

Want to know how hackers steal password databases and take over websites? Come to our technical workshop this Wednesday to get hands-on experience with web hacking. You will attack a website using cross-site scripting and SQL injection and then exploit the famous Heartbleed and Shellshock bugs to take control of the webserver.

Many browsers (including Chrome) offer protections against cross site scripting that will interfere with the demos. If you want to participate in the cross site scripting demo, we recommend installing Firefox beforehand.

HTML/Javascript knowledge is recommended but not required.

Google CTF

Google CTF event
  • When Apr 30, 2016 (America/Los_Angeles / UTC-700)
  • Add event to calendar iCal

Interested in learning some hacking techniques? Google is hosting a CTF (Capture the Flag) competition this weekend that is open to anyone who is interested! If you are interested in participating in this or any future CTFs with Stanford, sign up to join the slack channel.

More information on logistics will be posted in the slack channel. If you have issues joining, please contact psekhar.

What are CTFs? Capture the Flag (CTF) is a computer security competition. There are several types- we’ll be doing “jeopardy style” ones. In this type, we work together to solve puzzles, break into systems, and exploit security bugs to “capture the flag,” finding secret keys that give you points. There are different categories of problems (crypto, forensics, web, reversing, finding people on the internet..) with a range of difficulties, so prior experience isn’t required to get started and have fun.

Slaying SSL Dragons With mitmproxy

  • When Apr 27, 2016 from 04:30 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 366
  • Add event to calendar iCal

Ever wonder what information your smartphone is giving away?

mitmproxy ( is an open source man-in-the-middle HTTPS proxy. It can be used as an interactive proxy to intercept and modify requests or as a passive proxy to act like tcpdump, but for HTTP. It is highly extensible using a simple Python scripting interface. Max, one of the mitmproxy authors, will give a brief introduction to mitmproxy and show how you can use it to debug applications, see what data your smartphone is giving away, tamper with APIs, and more.

There will be a hands-on demo, so feel free to bring your laptop if you want to participate!

Locksport: An Introduction to Ethical Lockpicking

An introduction to ethical lockpicking
  • When Apr 13, 2016 from 04:30 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 366
  • Add event to calendar iCal

This technical session will focus on non-destructive methods for defeating locks with simple tools you can make yourself. Topics will include basic lock design and a sample of picking, raking, and bypass techniques. Additional time will be devoted to discussing the overlap between physical and cyber security. All attendees are expected to strictly uphold the TOOOL (The Open Organisation Of Lockpickers) Rules of Ethics: [].

Network Metadata: What's all the fuss about?

A discussion about network metadata and what it reveals
  • When Mar 03, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Edward Snowden’s NSA revelations made “metadata” a hot news topic as well as a political football. After a brief review of its origin and history, this talk will explain exactly what network metadata is; where it fits in the spectrum of network traffic analysis; why it remains useful even for encrypted traffic; and how you can use it to observe a rich range of system behaviors. Join us for a survey of this timely and interesting topic with Stanford netflow expert John Gerth (CS/EE) and Alex Keller (SoE).

Presenters: John Gerth & Alex Keller, Stanford

Level: Beginning

Risk Analysis in the Cyber World

Risk Analysis in the Cyber World
  • When Feb 25, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Join Marshall Kuypers, CISAC fellow give a presentation of quantitative models for determining cyber risk, and decision-making in the face of cyber threats.

Presenter: Marshall Kuypers, Stanford CISAC

Level: Beginning

Killer Apps: Lethal Software in a Networked World

Applications for big data and its impact on security
  • When Feb 04, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Come watch Tim Junio, CEO of Qadium give a presentation on massive data-gathering and all the cool (and terrifying) applications they have found.

Presenter: Tim Junio, Qadium

Level: Beginning

Anonymity and Tor

Anonymity and the Tor network
  • When Jan 29, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

This will be an overview of techniques and tools used to maintain anonymity over the web. This session will cover both beginner (e.g. Tor) as well as more advanced topics in obfuscation.

Presenter: Mike Precup, Stanford

Level: Beginning to Intermediate

Fuzzing with AFL

An introduction on the use of AFL
  • When Jan 21, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

We will be covering a popular technique called fuzzing or fuzz testing that is used to reveal security vulnerabilities or errors in programs, networks, and operating systems.

Presenter: Brandon Azad, Stanford

Level: Intermediate

Set Up and Introduction to the Kali Toolbox

Introduction to Kali Linux
  • When Jan 14, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Kali is a popular and free security platform that contains a wide collection of penetration testing (i.e. hacking) tools. In this session, we will be going over how to set up Kali on a virtual machine and providing a brief overview of select tools on the platform.

Presenters: Emma Marriot, Priyanka Sekhar, & Brandon Azad

Level: Beginning

Search Based Exposures (Google Hacking)

Using Google searches to find unexpected results
  • When Nov 19, 2015 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Come join Applied Cybersecurity for our kick-off session with Alex Keller, Systems Admin and Security Lead, Stanford School of Engineering to learn how to find vulnerabilities using web-based search exposure.

Presenter: Alex Keller, Stanford

Level: Beginning