Our last meeting covered the basics of Cryptography, and introduced the history of Cryptography, along with the concepts of Ciphers, Symmetric Key Encryption, and Public key encryption. Members were then given a set of challenges to practice these techniques on. Cipher-based encryption techniques have been prevalent since ancient times. The most popular historic ciphers are the Spartan Scytale cipher and the Roman Caesar cipher. In Medieval times, polyalphabetic ciphers such as the Vigenère cipher became more popular, and substitution techniques grew progressively more difficult as time progressed, leading to the famous Enigma Machine, used during the World Wars (this cipher method was eventually reverse-engineered and solved by a group of Polish cryptanalysts with the help of Alan Turing). In the 1970s digital encryption methods arose, leading to most Public- and Private-key cryptography methods known today, and recently Quantum-resistant algorithms are in high demand. The Caesar Cipher was invented by and used by Julius Caesar during ancient Roman times, and is novel, yet simplistic; to encrypt text using the Caesar Cipher, each letter needs to be shifted a fixed amount to the right, with the last characters wrapping around to the beginning. Decrypting the message was just as easy, since all you need to do is shift the letters back the same amount. Since there are normally only 26 possible keys, Caesar cipher is relatively easy to decrypt today, but since this cipher method was novel at the time, it wasn’t obvious to Rome’s enemies how to decrypt the message, even if they had the key. The Vigenère cipher is much harder to decrypt, as it uses a large chart of letters and a keystring to encrypt the message. It is good at preventing frequency analysis attacks to a higher extent, but is vulnerable to many plaintext attacks. Vigenère is very secure when the key is the same length as the encrypted text, as it has been proven to be non-crackable. Xor (exclusive-or) encryption is a more modern method of encryption which relies purely on the binary ascii representation of characters. With Xor cipher, chunks of the plaintext are bit-wise exclusive-or’d with the key, resulting in a messy, unreadable bytestring. It is popular because of its symmetricity, aka the same operation is used to both encrypt and decrypt the message. Symmetric Key Encryption is a gene of encryption methods where a single key is shared between the sender and receiver. It is a very fast method and has laid the foundation for secure communication today. The Advanced Encryption Standard (AES), which relies on Symmetric Key encryption has been tested for over 20 years and, and is used in banking, the military, VPNs, messaging apps, and disk-encryption. Public Key Encryption is a bit more complex; Every individual shares their public key to everyone else, and messages are encrypted using the intended recipients’ public key, which they can then decipher using their secondary private key as well. This eliminates the possibility of a 3rd unwanted party intercepting a private key during sharing, and also allows for much more scalability, at the cost of being much slower to carry out an encryption or decryption. The concept was first proposed in 1976 by Diffie and Hellman, and has since been used as the basis for RSA and Elliptic Curve Cryptography, and is utilized today in fields such as HTTPS, digital signatures, blockchain, and cryptocurrency. The challenges provided in this meeting can be found at the following GitHub repository: https://github.com/CSEC-President/csec-classic-crypto-workshop

Yesterday's meeting covered the basics of Binary Exploitation of the Windows operating system, and highlighted three key concepts central to understanding the operating system's binary execution and its weaknesses. Members were then given a set of challenges to practice these techniques on. The first topic of interest is the Memory Architecture and Anatomy of Windows. Like in all operating systems, Windows' memory structure is linear and contains a kernel, a heap, and a stack, and Windows' Memory architecture also contains a section for Dynamic Link Libraries (DLLs), Process Metadata (PEB), and Thread Metadata (TEB). The architecture executes commands using registers, small data holders which are used for data manipulation and can be directly modified by binaries. With this base knowledge in mind, the second concept is buffer overflows, which are unsafe implementations of memory management which may allow users to interact with Windows' memory in unintended ways, namely, while accepting user input. If a program attempts to write unrestricted user input to a memory buffer (a section of memory which has been allocated) which is too small, the user's input will overwrite the data stored beyond the buffer, which may damage the program or cause unintended consequences, and may be used to read hidden data or execute arbitrary code. Many Windows programs are compiled with mitigations which attempt to prevent damage from binary attacks. For example, binaries which are compiled using ASLR (Address Space Layout Randomization) will randomize the location of the program instruction data before execution so as to prevent attacks which rely on raw instruction addresses. Binaries which are compiled with DEP (Data Execution Prevention) will mark certain areas in memory as non-executable, causing the process to panic if any code is executed in that section or the stack. Many binaries are compiled with a Stack Canary, which is a checksum stored on the stack which aims to prevent buffer overflows. And there are many other mitigations that Windows OS implements, such as CFG, CET, SEHOP, ACG, and CIG. The challenges provided in this meeting can be found at the following GitHub repository: https://github.com/CSEC-President/csec-windows-exploitation-workshop

Yesterday's meeting covered the basics of website-based attacks, and highlighted four common methods of targeting systems, data, and users through server, browser, and API exploits. Members were then given a set of challenges to practice these techniques on. The first technique is using IDOR, Insecure Direct Object Reference, which is an access control vulnerability where a website or web application may inadvertently publicize some reference data which can be intercepted and modified by the attacker. For example, if a website URL contains the query "?user=1", this can easily be edited by the user to "?user=2", potentially revealing other users' information. The second technique is XXE, XML External Entity injection, which refers to an exploit of applications which process XML input. Such an application may be abused to read and reveal sensitive files or execute malicious code server-side. Third is XSS, or Cross-Site Scripting, which results when JavaScript code fails to properly sanitize malicious code, allowing attackers to potentially access the user's sensitive data. This can allow attackers to steal session data, keylog users' inputs, or redirect the user to other webpages. The last technique is SQL Injection, which results from improperly parsed user input in the context of database interaction. If an application were to utilize user input to generate a database query without sanitizing it properly first, the attacker may be able to inject logical statements or comment out sections of the query, allowing them to access sections of the database they shouldn't have access to. The challenges provided in this meeting can be found at the following GitHub repository: https://github.com/CSEC-President/csec-web-workshop/tree/main