1 of 20

Which of these are cases of ‘hacking’?

  • A security specialist finds a command injection vulnerability, allowing them to execute arbitrary system commands.
  • A speedrunner discovers a new glitch, allowing them to skip several levels ahead.
  • A teenager asks chatGPT a question starting with “Please pretend to be my deceased grandma…”, resulting in an answer with detailed instructions on the production of napalm.
  • A student borrows a course book from the library for the entire semester, paying $50 in late fees instead of buying the book for $300.

2 of 20

Hacking

Finding creative (unintended) ways to bypass �intended restrictions

3 of 20

Story time

4 of 20

Story time

5 of 20

Story time

6 of 20

Story time

7 of 20

Who are we

Our goal:

Expand the Cybersecurity field outreach to more people. (you!)

- Workshops             - Hack & Chills

- Challenges             - Wiki

VU Studsec

8 of 20

Workshops

  • Web               16/10/2023
  • PWN                <tentative date>
  • Crypto              <tentative date>
  • Reversing        <tentative date>
  • Forensics        <tentative date>

9 of 20

10 of 20

What is cybersecurity?

The protection of information and information systems from unauthorized access and disruption.

11 of 20

12 of 20

What can you do?

13 of 20

Engineering & Architecture

Board time

To create a robust and resilient security foundation that safeguards the confidentiality, integrity, and availability of an organization's information and systems.

14 of 20

Engineering & Architecture

15 of 20

Engineering & Architecture

16 of 20

Engineering & Architecture

Digital Forensics & Incident Response (DFIR)

17 of 20

More stuff about DFIR

Log

Memory

Example logs:

  1. 21:32:00 - User realuser logged in pc101.mycompany.com
  2. 21:32:15 - Application "SDClient.exe" started..
  3. 21:32:45 - access randomdomain.com/antivirusCheck
  4. 21:33:34 - User realuser started "Spotify.exe" on pc101
  5. 21:34:00 - Access google.com/upgradeRam
  6. 21:34:30 - NewFile: upgraderam.exe
  7. 21:35:12 - EventLogs: Administration Rights granted to upgraderam.exe
  8. 21:36:29 - Network logs: credential bruteforcing
  9. 21:36:48 - User realuser initiated system scan with "AVG.exe"
  10. 21:37:30 - access youtube.com/howToCookPasta
  11. 21:38:00 - User realuser started "Excel.exe" on pc101
  12. 22:01:00 - Network error occurred - Error 404 on stackoverflow.com
  13. 22:02:12 - User realuser logged off pc101.mycompany.com

18 of 20

Hardware & Physical Security

Physical security

19 of 20

Hardware & Physical Security

20 of 20

Q&A

Feedback:

Useful URLs:�

Website: https://studsec.nl/

CTF: https://ctf.studsec.nl/

Discord: https://discord.gg/GNCTg9TsZg