Whitehatters Computer Security Club

Status

In progress

Text

The Whitehatters Computer Security Club is an organization at the University of South Florida that is focused on teaching important cybersecurity concepts that are not present in the school’s official curriculum. The unfortunate reality is that the speed at which curriculums are created and implemented is much too slow to keep up with the constant evolution of technology in the IT space. That is why this club provides crucial knowledge to its members about tools and concepts that are commonly found in the workforce. Additionally, the club also works on numerous capture the flag challenges to practice both red team (offensive) and blue team (defensive) security skills.

The club has two one and a half hour meetings every week and functions like a lecture. In many ways, the club is not only considered an additional course, but probably the most important course at the school. The topics of these meeting can be beginner friendly like installing virtual machines or intro to Linux command line interface. Later in the semester, we get into more advanced topics like Windows privilege escalation, binary exploitation, and hardening Linux systems, all of which I’m very excited for.

On this page I will be documenting some of the more interesting topics we tackle and any related projects or exploration I do.

Week 1:

The first month of the club is going to be “beginner month” which will allow all members at varying skill levels of the club to learn and participate. Our first meeting was installing and configuring virtual machines to use for the rest of the semester. This meeting was pretty relaxed because I already have my virtual machine configured. I have Kali Linux running on VirtualBox with extra tools from the GitHub repository PimpMyKali. Additionally, I made sure to take a snapshot of this clean state of the OS to have a baseline I can always restore to.

Our second meeting of the week was another beginner event. This time we discussed the basics of the Linux command line and went through several navigational commands in bash. Prior to this meeting, we had a short TryHackMe room as “homework” to get our feet wet with these commands. For me, I already have some experience with the command line (see Linux Practice page) so this was another relaxed meeting. I am looking forwards to next week’s Intro to Capture the Flag since it is a topic I don’t know much about.

Week 2:

Our first meeting of the second week was an intro to Capture the Flag or CTF challenges. CTF challenges are cybersecurity games in which players try to find hidden messages or “flags” in vulnerable programs or websites. These can be done in an educational setting or as a competition where teams compete with each other for a prize. Regardless, the activity helps hone skills like cryptography, Linux command line, exploitation, and many others.

In our meeting we went over steganography, digital forensics, and several different ciphers. We even dipped our toes into binary reverse engineering, although there is a full meeting on this topic later in the semester. Besides learning, we had hands on exercises in TryHackMe where we used tools like CyberChef and dCode to solve for various flags. These websites give you the tools to decrypt, decode, or extract data. This is important in CTF challenges because there is often data that needs to be transformed in some way to get to the flag.

Our other meeting this week was Intro to Penetration Testing. The meeting began with simply discussing what a penetration tester is and the necessary skills. A pen tester is hired to identify and exploit vulnerabilities in order to test a company’s security posture. This involves several stages, including passive reconnaissance, active reconnaissance or scanning, vulnerability assessment, exploitation, and, most importantly, reporting. A pen tester must document everything they do because that is what ultimately reveals how a company can strengthen its defenses. We then discussed various exploitation tools like Metasploit and ExploitDB, which are tools that professional penetration testers utilize in their work.

The hands-on portion of the meeting was presented in the form of a challenge. The club created a vulnerable website and challenged us to find a flag somewhere within the website. The solution for completing this task was as follows:

Run a URI brute force tool against the website like Gobuster or Feroxbuster
This would reveal robots.txt and login.php pages
Robots.txt had text that read like a riddle suggesting examining the login page
Login.php appeared to be a working login page, but there were no credentials to be found
Using a SQL injection payload like “ OR 1 = 1 “ on the login box revealed the hidden flag

I found this to be a fun and engaging meeting where I was able to learn something as well. For me, penetration testing isn’t necessarily what I am interested in going into since I am more focused on the defensive side of security. Still, it was an educational and entertaining meeting.

Week 3:

We began the week with Intro to Web Exploitation, which covered several topics relevant to compromising websites. These topics included different requests like GET, POST, and PUT and their response codes like 200, 302, or 404. We also reviewed what cookies are used for and how they can be compromised, as well as HTML, JavaScript, PHP, and SQL, which are all common ingredients of websites.

We discussed the actual attacks and vulnerabilities, such as file inclusion, SQL injection, cross-site scripting, command injection, insecure file uploads, and a few more, such as cross-site request forgery and open redirects. While the presentation part of the meeting was informative, the really valuable portion was the hands-on activity that came afterward.

The club set up an instance of the Damn Vulnerable Web Application or DVWA. For those unfamiliar, the DVWA is a web application that is purposefully left vulnerable. It is used to train and test the skills of security professionals and teach about different web vulnerabilities. The cool thing about the website is that it can be set to various difficulty levels where certain attacks might not work against the more secure versions of the website. I enjoyed trying a few different exploits and succeeded in getting administrator access through both command injection and SQL injection.

Our other meeting for the week was primarily focused on the fundamentals of networking. This was presented by a club member who has extensive experience working in SOC environments and gave us some practical advice on top of all of the regular networking information.

The presentation covered stuff like LANs vs WANs vs MANs and a brief history of ARPANET and the Internet. We went more in-depth into the OSI and TCP/IP models to get a better logical understanding of how computers can communicate. After this, IP addressing was discussed in detail concerning private vs public IP addresses and IPv4 vs IPv6. From here, MAC addresses and ARP or address resolution protocol were discussed, as well as how network devices like switches work. The presentation wrapped up with a discussion of the TCP handshake and then moved on to a quick lab in Wireshark.

In this meeting we also went over the Pickle Rick TryHackMe room. This is a beginner friendly CTF challenge that involves exploiting a webserver. Solving this required a tool like Gobuster and knowledge of command prompt injection.