Events

Cybersecurity workshops for everyone in the Stanford community

Applied Cyber hosts workshops every quarter on computer security topics. Workshops provide a broad, general introduction to cybersecurity. We cover a wide range of material, going into both technical subjects and their impact on the real world.

Workshop formats include:

  • Guest Speakers
        ex.) Discussing the ramifications of a government leak on national policy
  • Live Demos
        ex.) Learn how to use Kali Linux, a common platform for penetration testing
  • Hands-on Walkthroughs
        ex.) Learn web exploits and perform them against a demonstration server

Applied Cyber thinks of workshops as a way to connect with everyone in the Stanford community who is interested in computer security, a way to share thoughts with experienced veterans and new members alike. To this end, we aim to be as inclusive and accommodating to our diverse community as possible, and we always welcome feedback on how we can improve.

No matter what your background or depth of technical knowledge, we have a workshop developed for you. Our events are open to students, staff, faculty, and community members alike! Join us!

For slides and recordings of these events, please consult the Resources page. To hear about upcoming events, check this Events page for updates or join our mailing list.

Google CTF

Google CTF event
  • When Apr 30, 2016 (America/Los_Angeles / UTC-700)
  • Add event to calendar iCal

Interested in learning some hacking techniques? Google is hosting a CTF (Capture the Flag) competition this weekend that is open to anyone who is interested! If you are interested in participating in this or any future CTFs with Stanford, sign up to join the slack channel.

More information on logistics will be posted in the slack channel. If you have issues joining, please contact psekhar.

What are CTFs? Capture the Flag (CTF) is a computer security competition. There are several types- we’ll be doing “jeopardy style” ones. In this type, we work together to solve puzzles, break into systems, and exploit security bugs to “capture the flag,” finding secret keys that give you points. There are different categories of problems (crypto, forensics, web, reversing, finding people on the internet..) with a range of difficulties, so prior experience isn’t required to get started and have fun.

Slaying SSL Dragons With mitmproxy

  • When Apr 27, 2016 from 04:30 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 366
  • Add event to calendar iCal

Ever wonder what information your smartphone is giving away?

mitmproxy (mitmproxy.org) is an open source man-in-the-middle HTTPS proxy. It can be used as an interactive proxy to intercept and modify requests or as a passive proxy to act like tcpdump, but for HTTP. It is highly extensible using a simple Python scripting interface. Max, one of the mitmproxy authors, will give a brief introduction to mitmproxy and show how you can use it to debug applications, see what data your smartphone is giving away, tamper with APIs, and more.

There will be a hands-on demo, so feel free to bring your laptop if you want to participate!

Locksport: An Introduction to Ethical Lockpicking

An introduction to ethical lockpicking
  • When Apr 13, 2016 from 04:30 PM to 06:00 PM (America/Los_Angeles / UTC-700)
  • Where Shriram 366
  • Add event to calendar iCal

This technical session will focus on non-destructive methods for defeating locks with simple tools you can make yourself. Topics will include basic lock design and a sample of picking, raking, and bypass techniques. Additional time will be devoted to discussing the overlap between physical and cyber security. All attendees are expected to strictly uphold the TOOOL (The Open Organisation Of Lockpickers) Rules of Ethics: [http://toool.us/bylaws.html].

Network Metadata: What's all the fuss about?

A discussion about network metadata and what it reveals
  • When Mar 03, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Edward Snowden’s NSA revelations made “metadata” a hot news topic as well as a political football. After a brief review of its origin and history, this talk will explain exactly what network metadata is; where it fits in the spectrum of network traffic analysis; why it remains useful even for encrypted traffic; and how you can use it to observe a rich range of system behaviors. Join us for a survey of this timely and interesting topic with Stanford netflow expert John Gerth (CS/EE) and Alex Keller (SoE).

Presenters: John Gerth & Alex Keller, Stanford

Level: Beginning

Risk Analysis in the Cyber World

Risk Analysis in the Cyber World
  • When Feb 25, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Join Marshall Kuypers, CISAC fellow give a presentation of quantitative models for determining cyber risk, and decision-making in the face of cyber threats.

Presenter: Marshall Kuypers, Stanford CISAC

Level: Beginning

Killer Apps: Lethal Software in a Networked World

Applications for big data and its impact on security
  • When Feb 04, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Come watch Tim Junio, CEO of Qadium give a presentation on massive data-gathering and all the cool (and terrifying) applications they have found.

Presenter: Tim Junio, Qadium

Level: Beginning

Anonymity and Tor

Anonymity and the Tor network
  • When Jan 29, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

This will be an overview of techniques and tools used to maintain anonymity over the web. This session will cover both beginner (e.g. Tor) as well as more advanced topics in obfuscation.

Presenter: Mike Precup, Stanford

Level: Beginning to Intermediate

Fuzzing with AFL

An introduction on the use of AFL
  • When Jan 21, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

We will be covering a popular technique called fuzzing or fuzz testing that is used to reveal security vulnerabilities or errors in programs, networks, and operating systems.

Presenter: Brandon Azad, Stanford

Level: Intermediate

Set Up and Introduction to the Kali Toolbox

Introduction to Kali Linux
  • When Jan 14, 2016 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Kali is a popular and free security platform that contains a wide collection of penetration testing (i.e. hacking) tools. In this session, we will be going over how to set up Kali on a virtual machine and providing a brief overview of select tools on the platform.

Presenters: Emma Marriot, Priyanka Sekhar, & Brandon Azad

Level: Beginning

Search Based Exposures (Google Hacking)

Using Google searches to find unexpected results
  • When Nov 19, 2015 (America/Los_Angeles / UTC-800)
  • Add event to calendar iCal

Come join Applied Cybersecurity for our kick-off session with Alex Keller, Systems Admin and Security Lead, Stanford School of Engineering to learn how to find vulnerabilities using web-based search exposure.

Presenter: Alex Keller, Stanford

Level: Beginning