Computer Science, Hacking and Research:

For fun and profit@CompSci Festival, HKUST

Anthony LAIValkyrie-X Security Research Group

VXRL

Welcome, who am I?

Computer Science graduate in 1998.Not in {Dean List, First Honor}

Currently work on security research, penetration test, attack analysis and incident response

Speaking at DEFCON, HITCON, Blackhat...etc.

Found VXRL, which is a non-profit making security research organization; Invited by OGCIO to be a member of information Security advisory member.

Why do I set up this talk?

With the past 15 years after graduation, I wanna:Inspire you guys

Clear your misunderstanding over Computer Science

Convey ideas that faculty and your fellows cannot give you

Basically, I believe it is my duty to do it.

Agenda

Computer Science- Important and Useful Algorithm- Other “kungfu”?

Computer Security and Hacking- Fun? Profit?

Security Research- Why is it critical and interesting?

Part 1: Computer Science(10 minutes)

Computer Science

Why do we need computer science?

Computer science teaches you programming only?

Why do we need algorithm?

Why do you need to learn about it?

Top useful algorithm:

http://www.quora.com/Computer-Science/What-are-some-of-the-most-ingenious-algorithms-in-computer-science

Most Important Algorithm:http://www.koutschan.de/misc/algorithms.php

From MSR

Other Kungfu?Protocols

ProgrammingDatabase

Operating System FundamentalNetworking

Software Engineering and DesignCryptography

Pattern RecognitionData mining

Discrete MathsStatistics

Once you learn them all

What are their usage in security?

For example,Pattern recognitionData miningSearch algorithm

Security Area

For example

1. Encryption

2. Server Logs and Network Packets

- Identify threats and attack

- Identify network attack

3. Malicious Code and Executable (Malware)

Part 2: Hacking(30 minutes)

Security and Hacking

You need to understand various technical disciplines:

Operating SystemNetworkingCryptographyMemoryBinary structureProtocols

Be ethical, don't make offense

18

CTF (Capture The Flag for Fun and Profit)

19

What is CTF game?

You need to get the key for pointsChallenges include crypto, network, forensics,

binary/reverse engineering/exploitation, web hack and miscellaneous.

Top teams could enter final round of contestDEFCON, Plaid CTF, Codegate, Secuinside

are famous CTFs in the planet and we join every year.

20

Why do we enjoy to play?

Challenges are practicalNeed your knowledgeNeed your skillsUnderstanding vulnerabilitiesThinking like an attackerTrain you up to manipulate proper tools

21

HITCON CTF 2013

22

Our rank? Any rewards?

4th prize in HITCON CTF 2013 (19-20 July, Taipei)

23

Our world ranking

24

Sample Question (1)

Please read the following code, how can you solve it?

25

Sample Question (1)

Please read the following code, how can you solve it?

26

Question 1

There are a couple of things to note:

We must do the operations in reverse order since this is the inverse function.

The hex2bin function is only available in PHP >= 5.4.0. Had to resort to the documentation to find the alternative: pack ("H*", $str)

27

Okay, let us do some hack (10-15 minutes :)

www.overthewire.org Please click “Natas” It is a module to practice your Web hack. You could do it in group, I got prize for top 3

fellows. However, you need to understand:

HTTP protocol Web Application Common vulnerabilities of Web Application (Please

refer to OWASP Top 10 from www.owasp.org)

29

Pickle object serialization

30

Serialization

31

A Vulnerable Django

https://github.com/OrangeTW/Vulnerable-Django/

32

If the key leaks

We could generate our own cookie and sign it over.

33

We even could include command execution1. Generate and sign the new cookie with command execution

2. Replace the original cookie with our generated one.

34

Pwned :) (Simply input Guest, type in some

text in box and submit)

35

More than that, we could get the key from the server to change our command to read file instead ...

36

CTF fun and profit

The fun is to practice our security and “kungfu”

The profit is to earning knowledge, building trust and friendship.

Sometimes, we could get reward :)

Part 3: Research(10 minutes)

Research

Research is not limited to academia only

As UG, or even you don't enroll PhD program at this moment, you could even start it.

Someone do the research for career, some may do the research for “homework”, but I do it for “passion” and community.

My Research

http://scholar.google.com.hk/citations?user=YcjzoFkAAAAJ&hl=en

Research

Objectives:Current problem

Issue/Industry driven

Practical

Impact and Improvement

Novelty or/and incremental efforts

Security and Hacking Conference

http://en.wikipedia.org/wiki/Computer_security_conference

Realize the problems in both academia and industry.

Top Academic security conference (focus on practicality) Usenix (https://www.usenix.org/)

Reviewers and panelists come from both academic and industry sectors.

Security and Hacking Conference

Industry Conference DEFCON (www.defcon.org) Blackhat (www.blackhat.com) AVTokyo (www.avtokyo.org) Hack In Taiwan (www.hitcon.org) POC (http://www.powerofcommunity.net/) XCON (xcon.xfocus.net)

Cheer up!

I try to correlate computer science, security/hacking and research together in the past 50 minutes.

Remember to position yourself as a scientist. Reading others' paper (for example: Usenix) Pick your strength and favorite. Research could internationalize your capability

and talents. Enjoy computer science, hacking and research. :-)

Our VX Research

Malware and Target Attack Web Hacking Forensics Cryptography and Password Reverse Engineering, Exploitation and

Software Security Secret mission and operation :-)

Attack Map

Thank you for your listening

https://www.facebook.com/darkfloyd2 darkfloyd[at]vxrl.org