Security Daemons

10/05/2019

Hello everyone,

This week we had a great time with those who made it out to DC312 and the CCDC meetups. I have included some notes below revolving around up coming events:

HIVESTORM - Team Registration deadline is 10/17/19 @ 11:59PM
HiveStorm is a cyber defense competition created by the same people who run CCDC. Teams compete by securing a set of virtual machines from a variety of security issues such as malware, misconfigurations, vulnerabilities and so on. The competition allows teams to practice and prepare for a more sophisticated event like CCDC.
Those interested in participating in CCDC, attendance and involvement is HIGHLY encouraged.
Interested in participating in a DePaul HiveStorm CTF team? Reach out to our email box ([email protected]) to express interest.
We are building teams with past CCDC members to help build skills for newcomers and they will be onsite.
Workshop Events
We will be holding on site workshops to help and collaborate during the competition:
In CDM 342 on
November 1st - 12PM - 9PM
November 2nd - 11AM - 5PM

CAR HACKING TALK - CDM 350 - 10/15/19 @ 6:00 PM – 8:30 PM (Bi-weekly Meetup)
Have you ever wondered how people hack cars and what techniques they use to discover vulnerabilities? Well, Security Daemons will be hosting a Car Hacking Event on October 15th, 2019! The event will be hosted in room 350 of the College of Computing and Digital Media building (CDM), and will be held from 6:00 PM – 8:30 PM.
Neiko Rivera and Ryan Quasney will be our two presenters who have been car hacking for over a year. Both will be assisted by Austin Bransky, who also has experience with car hacking. Neiko and Austin have both attended SAE CyberAuto. They each have their own specialty in the field which makes this event more special, we’ll be learning multiple techniques and different avenues to hacking a car! Ryan Quasney participates in bug bounty programs for car hacking through Bugcrowd. Neiko also participates in bug bounty programs through Bugcrowd, as well as HackerOne.
If you’re interested in learning more about car hacking, how to get into the field of car hacking, or bug bounty programs, come by the event on the 15th! There will be pizza and refreshments provided.

National Cyber League (NCL) - Fall Registration ends on 10/10/19
Soon after PicoCTF ends, NCL picks right up on 10/14 with the start of the Preseason game. Make sure you register for NCL if you plan to participate by 10/10. It costs $35 to register for the season. If you haven't participated in NCL yet, please attend the October bi-weekly club meetings for more information. We are also having a workshop event on 10/21, see below.
Important Dates
Registration ends on 10/10.
Preseason game runs from 10/14 to 10/21.
SecDaemons Workshop Event - 10/21/19 @ 6:30PM - CDM 342
If you have never participated in NCL or just having trouble, come swing by our workshop event in CDM 342 on 10/21 for help.
Individual game runs from 11/1 to 11/3 (Same weekend as HiveStorm, plan accordingly).
Team game runs from 11/15 to 11/17.

CCDC
Interested in joining the CCDC team? We will be starting our weekly meet ups soon. Be on the look out for more information over the next few days.
In the meantime, do some research into the competition:
https://ilccdc.wordpress.com/category/ilccdc/
http://www.cssia.org/ccdc/
http://www.nationalccdc.org/
http://www.iac.iastate.edu/
https://github.com/mubix/howtowinccdc
https://www.youtube.com/watch?v=oclbbqvawQg - Raphael Mudge on CCDC RedTeam

-Security Daemons Leadership

09/27/2019

Come on by CDM 350 tonight at 6PM for the PicoCTF night! Food and drink will be provided.

09/25/2019

Hello everyone, here are some quick updates:

KPMG Advisory Spotlight - TODAY @ 4:00PM - 5:30PM in DePaul Center

KPMG will be at the DePaul loop campus this Wednesday (9/25/19) from 4-5:30PM in the DePaul Center - DePaul Club (11th Floor). Stop by and check out what opportunities are available for students.

PicoCTF Kickoff Night - CDM 350 - 9/27/19 @ 6:00PM - 8:00PM - BRING LAPTOP!
This Friday we are having a meetup to begin the PicoCTF challenge as a club. We will provide a quick overview of the CTF, our prior experiences and answer any questions. The remaining time will be used as a workshop/open event to work on challenges and collaborate. We will provide food and drink (first come, first serve).
Make sure you register before the event: https://picoctf.com/
Try to connect with your fellow club members to form a team ahead of time!

PicoCTF - Weekly Office Hours/Workshops - BRING LAPTOP!
Following the kickoff night, we will have subsequent meetups for PicoCTF scattered throughout the following weeks up until the end of PicoCTF on 10/11/19. Feel free to stop by if you are stuck, or if you just want to hang out!
Please see the SecDaemons Calendar (https://tinyurl.com/secdaemonscal) for daily times and locations.

CCDC 2020 Kickoff Event - CDM 350 - 10/2/19 @ 6:30PM - 8:30PM
Interested in participating in this years CCDC? We will be having our introduction event on Wednesday 10/2/19 @ 6:30PM for this year's CCDC. We will provide a general overview of the competition and have past team members talk and provide their retrospectives. We will also discuss NCDC (Iowa CDC) and the upcoming HiveStorm (CCDC-prep) competitions. Any questions will be addressed and we plan to have an open discussion after the overview.

CCDC 2020 Daytime Q&A - CDM 342 - 10/4/19 @ 2:00PM - 4:30PM
To accommodate everyone's schedules and potential for conflicts, we are having a smaller subsequent CCDC meeting on the Friday of the same week. Feel free to stop by if you weren't able to make our Wednesday night kickoff event.

HiveStorm Competition - Application Deadline is 10/17/19 at 11:59 PM CST
HiveStorm is a cyber defense competition created by the same people who run CCDC. Teams compete by securing a set of virtual machines from a variety of security issues such as malware, misconfigurations, vulnerabilities and so on. The competition allows teams to practice and prepare for a more sophisticated event like CCDC. Those interested in participating in CCDC, attendance and involvement is HIGHLY encouraged. If you are interested in participating, please email [email protected] ASAP and we will try to help form teams of 2-4 (there can be multiple teams per university).
Dates & Times
All day from 11/1 to 11/2
Be on the look out for exact location and times as the competition date gets closer.
Bi-weekly Club Meetings - CDM 350 - 10/3/19 @ 6:30PM - 8:30PM AND 10/15/19 @ 6:30PM - 8:30PM
As mentioned during our initial meeting, we will be having consistent bi-weekly meets on the first Thursday and third Tuesday of each month. Please see the SecDaemons Calendar (https://tinyurl.com/secdaemonscal) for a high level agenda.
Discussion and attendance are open to all.

National Cyber League (NCL) - Fall Registration ends on 10/10/19
Soon after PicoCTF ends, NCL picks right up on 10/14 with the start of the Preseason game. Make sure you register for NCL if you plan to participate by 10/10. It costs $35 to register for the season. If you haven't participated in NCL yet, please attend the October bi-weekly club meetings for more information.
Important Dates
Registration ends on 10/10.
Preseason game runs from 10/14 to 10/21.
Individual game runs from 11/1 to 11/3 (Same weekend as HiveStorm, plan accordingly).
Team game runs from 11/15 to 11/17.
Although the Security Daemons Leadership will be out of town during this weekend for the Department of Energy CyberForce Competition, try to connect with your fellow club members and form teams to compete.
Similar to PicoCTF, we plan to have daily workshops during the week of the preseason game for collaboration and assistance. Please see the SecDaemons Calendar (https://tinyurl.com/secdaemonscal) for weekly times and locations.

-Security Daemons Leadership

Stay connected and share these links with your friends!

Email - [email protected]
Website - https://secdaemons.org
Calendar - https://tinyurl.com/secdaemonscal
Discord - https://discord.gg/ba8U8X2
Slack - https://tinyurl.com/secdaemonsslack
Twitter - https://twitter.com/securitydaemons
Mailman (Email Updates) - https://mailman.depaul.edu/mailman/listinfo/sec-daemons

01/22/2018

Hi Guys!

Unfortunately, due to the government shutdown, the DoD will not be able to come in on Tuesday January 23. There will be no meetings Tuesday or Thursday.

09/11/2017

09/11/2017

Welcome back everyone, for the 2017 - 2018 school year! We’re excited to let you know that the first meetings of the year for Security Daemons will be held this week. This weeks meetings consist of an introductory meeting for all current and prospective members on Tuesday September 12 and An Introduction to Hacking Web Applications which will be our workshop on Thursday September 14. Both meetings will be held from 6-7:30 PM at the College of Computing and Digital Media (CDM) room 350.

During the Thursday workshop we will go over how to setup BURP Suite + Proxy SwitchyOmega (A google chrome plugin), basic client-server communications, intercepting communication with BURP, understanding common HTTP methods, modifying communication data within BURP, and an introduction to Cross-Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)).

Thursday's workshop is hands on so please remember to BRING A LAPTOP!! Please also download the FREE BURP Suite + Proxy SwitchyOmega from the following links BEFORE the workshop: https://portswigger.net/burp and in google chrome: https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif?hl=en

More details about these meetings and other events can be found on the calendar here:
http://tinyurl.com/secdaemon-calendar

Looking forward to seeing everyone this week!
-The Security Daemons Board

Attacker sends text-based attack scripts that exploit the interpreter in the browser. Almost any source of data can be an attack vector, including internal sources such as data from the database.

09/08/2017

Interested in getting involved in Security Daemons? Stop by our booth at the Involvement Fair on the Lincoln Park Campus!! Our table is by the Quad entrance!

06/01/2017

Topic: An Overview of the Digital Forensics Field

This talk will focus primarily on how to get to where you'd like to be career-wise during/after your time at DePaul. This talk will also cover a layout of the digital forensics field (i.e. what is it; what does it involve?), the job types offered by it (e.g. host investigation, incident management, malware analysis), digital forensics basics, useful learning resources, and making the most of your time at DePaul.

All are welcome; freshmen are highly encouraged to attend. This talk will not be streamed or recorded, so come out!

When: Friday, 06/02 @ 06:00PM

Where: DePaul CDM, Room 228

05/24/2017

Topic: Crossing the Streams and Making Purple: Discover Financial Services

Members from the Security Intelligence & Incident Response Team at Discover Financial Services will be talking on creating a symbiotic relationship between Red and Blue team in a way that improves the security of the organization, and constantly improving the skills and processes of both teams.

When: Friday, 05/26 @ 6:00PM

Where: CDM Room 310

Pizza will be served!

https://www.google.com/calendar/embed?src=dggbqj0ibklj30v6r4mvqvr1c0%40group.calendar.google.com&ctz=America/Chicago

05/01/2017

[Event] Bug Bounties and the OWASP Top 10: Messy Vulns and Real Lessons
We'll be hosting a talk this Wednesday (05/03) on bug bounties and related application security issues. Join us in CDM Room 308 at 6PM! More details at goo.gl/TDSe1M

04/24/2017

[Event] Project Avatar: Building a Lab in Your Own Image by Tony Robinson

Tony Robinson, Senior Security Operations Center Analyst for Hurricane Labs, will be giving a talk this Thursday (04/27) at 6PM in CDM Room 350 on building your own customized lab environment. The lab relies heavily on virtualization and will be a great resource for everyone, especially for those new to the field. More info can be found @ https://goo.gl/SkCquJ. Hope to see you there!

With Google's free online calendar, it’s easy to keep track of life’s important events all in one place.

01/03/2017

We are excited to announce that the first competition for our new cyber range is nearing completion!

The competition mimics a traditional King of the Hill (KoTH) cyber competition.

Fundamentally, players are allowed to attack each other, capture flags, and make undesirable changes to each others machines (i.e., hack each other!)

No prior experience in cybersecurity is required! A handbook that outlines useful tips and commands will be provided prior to the start of the competition. Prizes will be distributed to the top five competitors (Amazon gift cards and SecDaemons T-Shirts).

For now, we are limiting registration to DePaul students. Please use your accounts associated with the "mail.depaul.edu" domain!

You may sign up at www.secdaemons.org/koth/

- Cyber Range Development Team