Author: Zander Work

Oregon State University Security Club

Meeting Notes 5/9

Today we hosted Ryan Gurr and Alex Ryan from Fidelis Cybersecurity, who talked about their experiences and background in information security, and showed a cool demo of Fidelis’s platform. If you have any questions for Ryan or Alex, please contact them, they said they’d love to answer any questions you may have, related to Fidelis…
Read more

2019-2020 Officers

Here are the new officers for the 2019-2020 school year: President: Zander Work Vice President: Hadi Rahal-Arabi Treasurer: David Park Multimedia Coordinator: Adam Stewart Lab Manager: Ryan Kennedy Recruitment/Public Relations: Alex Rash Thanks to everyone who participated!

Meeting Notes 4/18

Tonight I gave a tutorial on IDA Pro basics, and how to get started with this awesome tool. I also released some new binaries on the CTF site for you to practice IDA. Remember, as a OSU Security Club member you have access to our lab systems, which has the full version of IDA Pro…
Read more

2019-2020 Officer Elections on April 25th

We will be holding officer elections for next school year during our regular meeting on Week 4 (April 25th). This is a great way to be more involved with the club, and represent us to the College of Engineering. Here are the positions (link goes to position duties): President Vice President Treasurer Multimedia Coordinator Lab…
Read more

PRCCDC 2019 Results

This past weekend, OSUSEC competed at the Pacific Rim Collegiate Cyber Defense Competition (PRCCDC) hosted by Highline College. I’m pleased to announce that we placed 3rd out of 13 teams in this tough competition. PRCCDC is a 2 day competition where each team must secure a mix of approximately 10 Windows and Linux systems, configure…
Read more

UTCTF 2019 – Scrambled

Tl;dr Cool encoding using Rubik’s cube, I wrote a Python script. This was a 1250 point Forensics challenge (highest points in the category). Here’s the description: By the time I took a look at the challenge, they had released a hint as well: Based on the hint, I quickly discovered that the challenge description described…
Read more

UTCTF 2019 – Crackme

This was a 1200 point reversing challenge (tied for highest point value in the category). Here’s the description: This what we see when we run the binary: $ ./crackmePlease enter the correct password.>plsIncorrect password. utflag{wrong_password_btw_this_is_not_the_flag_and_if_you_submit_this_i_will_judge_you} Let’s take a look at the code in IDA Pro: Here’s what the decompilation shows: Read in 64 bytes from…
Read more

Meeting Notes – 3/7

Thanks to Kees Cook for an awesome look at kernel security! Kees talked about how the kernel exploit for CVE-2017-7038 was discovered, which allowed privilege escalation due to a heap overflow. You can see his slides here, which also has information for building the POC images for the exploit. This was our last meeting for…
Read more

Meeting Notes 2/28 – OSUSEC Lab

Tonight I talked about the new OSUSEC lab environment! A few systems are currently live, and more will be coming up through the end of the term, including the self-registration system. For information about the lab environment, please see the dedicated page for it.

Meeting Notes 2/21

Tonight we hosted Karl Fosaaen from NetSPI, and he gave an awesome talk on pentesting in an Azure environment. If you’re interested in learning more about this, check out the NetSPI blog or the Azure pentesting book he mentioned. Karl’s post on using Azure RunAs certificates is now live here.