It targets to inspire CS fellows as they may not realize why algorithms, theories and skills are critical, I will brief about hacking and security, correlate their learnt skills and knowledge domain, hopefully, it helps them to find out their research interest in security area.
Presentation on how to chat with PDF using ChatGPT code interpreter
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and Research
1. Computer Science,
Hacking and Research:
For fun and profit
@CompSci Festival, HKUST
Anthony LAI
Valkyrie-X Security Research Group
VXRL
2. Welcome, who am I?
Computer Science graduate in 1998.
Not in {Dean List, First Honor}
Currently work on security research, penetration
test, attack analysis and incident response
Speaking at DEFCON, HITCON, Blackhat...etc.
Found VXRL, which is a non-profit making
security research organization; Invited by OGCIO
to be a member of information Security advisory
member.
3. Why do I set up this talk?
With the past 15 years after graduation, I wanna:
Inspire you guys
Clear your misunderstanding over Computer
Science
Convey ideas that faculty and your fellows
cannot give you
Basically, I believe it is my duty to do it.
4. Agenda
Computer Science
- Important and Useful Algorithm
- Other “kungfu”?
Computer Security and Hacking
- Fun? Profit?
Security Research
- Why is it critical and interesting?
6. Computer Science
Why do we need computer science?
Computer science teaches you programming
only?
Why do we need algorithm?
Why do you need to learn about it?
Top useful algorithm:
http://www.quora.com/Computer-Science/What-are-some-of-the-most-ingenious-algorithms-in-computer-science
14. Once you learn them all
What are their usage in security?
For example,
Pattern recognition
Data mining
Search algorithm
15. Security Area
For example
1. Encryption
2. Server Logs and Network Packets
- Identify threats and attack
- Identify network attack
3. Malicious Code and Executable (Malware)
17. Security and Hacking
You need to understand various technical
disciplines:
Operating System
Networking
Cryptography
Memory
Binary structure
Protocols
Be ethical, don't make offense
19. 19
What is CTF game?
You need to get the key for points
Challenges include crypto, network, forensics,
binary/reverse engineering/exploitation, web
hack and miscellaneous.
Top teams could enter final round of contest
DEFCON, Plaid CTF, Codegate, Secuinside
are famous CTFs in the planet and we join
every year.
20. 20
Why do we enjoy to play?
Challenges are practical
Need your knowledge
Need your skills
Understanding vulnerabilities
Thinking like an attacker
Train you up to manipulate proper tools
26. 26
Question 1
There are a couple of things to note:
We must do the operations in reverse order
since this is the inverse function.
The hex2bin function is only available in PHP >=
5.4.0. Had to resort to the documentation to
find the alternative: pack ("H*", $str)
27. 27
Okay, let us do some hack (10-15
minutes :)
www.overthewire.org
Please click “Natas”
It is a module to practice your Web hack.
You could do it in group, I got prize for top 3
fellows.
However, you need to understand:
− HTTP protocol
− Web Application
− Common vulnerabilities of Web Application (Please
refer to OWASP Top 10 from www.owasp.org)
31. 32
If the key leaks
We could generate our own cookie and sign it
over.
32. 33
We even could include command execution
1. Generate and sign the new cookie
with command execution
2. Replace the original cookie with our
generated one.
34. 35
More than that, we could get the
key from the server to change our
command to read file instead ...
35. 36
CTF fun and profit
The fun is to practice our security and “kungfu”
The profit is to earning knowledge, building trust
and friendship.
Sometimes, we could get reward :)
37. Research
Research is not limited to academia only
As UG, or even you don't enroll PhD program at
this moment, you could even start it.
Someone do the research for career, some may
do the research for “homework”, but I do it for
“passion” and community.
40. Security and Hacking Conference
http://en.wikipedia.org/wiki/Computer_security_conference
Realize the problems in both academia and
industry.
Top Academic security conference (focus on
practicality)
− Usenix (https://www.usenix.org/)
Reviewers and panelists come from both academic and
industry sectors.
41. Security and Hacking Conference
Industry Conference
− DEFCON (www.defcon.org)
− Blackhat (www.blackhat.com)
− AVTokyo (www.avtokyo.org)
− Hack In Taiwan (www.hitcon.org)
− POC (http://www.powerofcommunity.net/)
− XCON (xcon.xfocus.net)
42. Cheer up!
I try to correlate computer science,
security/hacking and research together in the
past 50 minutes.
Remember to position yourself as a scientist.
Reading others' paper (for example: Usenix)
Pick your strength and favorite.
Research could internationalize your capability
and talents.
Enjoy computer science, hacking and research.
:-)
43. Our VX Research
Malware and Target Attack
Web Hacking
Forensics
Cryptography and Password
Reverse Engineering, Exploitation and
Software Security
Secret mission and operation :-)