Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

CyberSecurity Seminar

No description
by

kc Udonsi

on 28 January 2017

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of CyberSecurity Seminar

> So You Want To Be A Hacker...
About Us
Conclusion
Kc Udonsi
Richard Song - @richardmcsong
Why Cybersecurity?
Q & A
Purpose
Increase cybersecurity awareness at U of T
Create a U of T CTF team to compete internationally
Provide motivation and space for hackers
FUN! FUN!! FUN!!!
What is CTF?
Capture The Flag.
Cybersecurity competition. Think hackathon for hackers.
Simulates real world security challenges and scenarios
Two (2) major styles: Jeopardy and attack defense
CTF continued
CTFTime is to CTFs as MLH is to Hackathons
CTFs are a great way to get famous and recognized in the field
Some big players include; PPP, DCUA
Universities in the game; Carnegie Mellon University, New York University etc.
U of T? That's our point!
Aspects Covered
Secure Programming
Exploitation
Networking
Forensics
Countermeasures (defense)
Cryptography
Reverse Engineering
Web security
Steganography
Forensics
Exploitation?
Networking
Secure Programming
Complete verification of user input
Proper memory management
Using safe libraries
Synchronization and race conditions
Packet Analysis
TCP/IP
Countermeasures (defense)
Reverse Engineering
Can you crack the code?
Anti-reversing techniques
Learn to read and understand assembly. Various architectures
Cryptography
Recognizing encryption suites
Separating the weak from the strong
Recognizing incorrect implementations of strong algorithms
Web security
XSS,
SQLi,
Incomplete mediation
Steganography
Hey look it's a cute cat! Uhh... really? Look harder
We hope this seminar inspired you!
We can't teach you everything. For those of you interested, you'll have to learn a lot on your own!
You thought programming could be frustrating and time consuming? oh well ...
Having a club and team makes this more fun and legit
We look forward to working with you !
4th Yr. Computer Science Specialist
Over 2 years experience in professional software development
Aspiring Penetration Tester and Digital forensics expert
Candidate, OSCP
Learn, chat and practice / solve challenges together
Demystify hacking
Learn computer ethics and discipline
> loading ...
> Thank you for coming!
4th Yr. Pharmacology Specialist, Computer Science Minor
Interested in computer and physical security
Founder of Skie Monitoring (http://eyesintheskie.com)
Image credits:
Cute cat: http://wac.450f.edgecastcdn.net/80450F/thefw.com/files/2013/02/wishingfor-happiness.jpg
Lion king: http://25.media.tumblr.com/tumblr_m4xx6909pi1qghkx5o1_500.gif
Fuzz application
Discover vulnerability
Develop Proof of Concept
Crash Image: https://rootisthelimit.com/wp-content/uploads/2014/08/ability-crash1.png
STOP ignoring compiler warnings!
No, there's no 100% security
Very important in Attack and Defense CTF
Recognise and deploy countermeasures
File formats
Do you trust the extensions?
What is a disc image?
Who, what, when, why, where, how
Bass guitarist
DEMO
Member of dcua
How can we know what a program does without the source code?
Or develop a patch / fix
Develop exploit
Diffie-Hellman: https://upload.wikimedia.org/wikipedia/commons/thumb/4/46/Diffie-Hellman_Key_Exchange.svg/2000px-Diffie-Hellman_Key_Exchange.svg.png
AES: https://upload.wikimedia.org/wikipedia/commons/thumb/a/a4/AES-SubBytes.svg/2000px-AES-SubBytes.svg.png
CSAW photo: https://csaw.engineering.nyu.edu/application/files/4714/6056/6054/gym7.jpg
Wireshark screenshot: http://www-scf.usc.edu/~csci571/Special/Tutorials/wireshark_OLD_html/image003.png
SQL injection screenshot: http://assets.devx.com/articlefigs/19310.jpg
Server diagram: http://i0.wp.com/planetvm.net/blog/wp-content/uploads/2009/01/dmzsecuritydeployment-300x296.jpg
Symmetric encryption diagram: https://upload.wikimedia.org/wikipedia/commons/thumb/2/27/Symmetric_key_encryption.svg/2000px-Symmetric_key_encryption.svg.png
"If you know others and know yourself,
you will not be imperiled in a hundred battles."
- Sun tzu

Keylogger picture: https://www.refog.com/blog/wp-content/uploads/2010/06/usb-keylogger-03.jpg
Full transcript