We are the Hacking Club at the University of Birmingham. We get together every week to look at offensive hacking and cyber security. We do this because understanding threats and how attackers think is the best way to keep computers secure... also it's fun.
Any problem can be solved by enough monkeys acting completely at random.
Everyone is welcome, we can find hacking challenges that are appropriate for every skill level, however you must bring a laptop.
We're meeting every Friday, in room 217, Computer Science building, from 3pm. If you want to confirm, drop Andreea an email.
A full list of write-ups for competitions we have participated in can be found here.
For submitting write-ups, please use this template if you want the file hosted on our site, or the external template if you plan to host the write-up on your own website. The format is Markdown. There are some explanations included in the files. Send them by email or submit a Git pull request.
Some of the previous hacking competitions that we've gone in for include...
Below you find the schedule of topics we will discuss each meeting and who will give the presentation. Important CTFs in which we will participate are also mentioned.
|Date||Topic / CTF||Presenter / Info|
|28th Oct '16||Binary analysis and overflows||Using IDA pro|
|21th Oct '16||Web Hacking||Using the Burp Proxy|
|14th Oct '16||Web Hacking|
|7 Oct '16||Introduction to CTFs||What we do and what is a CTF?|
|16 Oct '15||SQL injection, XSS, OWASP top 10||Pegasus|
|20 Oct '15||Hack.lu CTF||20 Oct. 2015, 08:00 UTC — 22 Oct. 2015, 08:00 UTC
Costa Coffee in Guild of Students for 20 Oct
Room 245 booked for 21 Oct
|23 Oct '15||Traceroute, Nmap, Wireshark, Burp Proxy||neko3|
|24 Oct '15||TUM CTF Teaser||24 Oct. 2015, 12:00 UTC — 25 Oct. 2015, 12:00 UTC|
|30 Oct '15||AFNOM goes on vacation!|
|06 Nov '15||IDA/x86/x86-64||xorpse|
|13 Nov '15||Reverse engineering - practice||xorpse|
|20 Nov '15||Advanced Burp Usage||Abstract|
|27 Nov '15||ROP, SROP||Break|
|27 Nov '15||9447 CTF||27 Nov. 2015, 23:00 UTC — 29 Nov. 2015, 23:00 UTC|
|4 Dec '15||AFNOM Mini-CTF|
|18 Dec '15||FAUST CTF||18 Dec. 2015, 16:00 UTC — 19 Dec. 2015, 00:00 UTC
|08 Jan '15||Ghost in the Shellcode VII||08 Jan. 2016, 20:00 UTC — 10 Jan. 2016, 04:59 UTC|
|19 Feb '16||9447 2015 CTF -- practice|
|20 Feb '16||Internetwache CTF 2016||20 Feb. 2016, 11:00 UTC — 21 Feb. 2016, 23:00 UTC|
|26 Feb '16||Format strings|
|27 Feb '16||SSCTF 2016 Quals||27 Feb. 2016, 00:00 UTC — 29 Feb. 2016, 00:00 UTC|
|4 March '16||IoT pen-testing -- session 1|
|4 March '16||Boston Key Party||04 March 2016, 22:00 UTC — 06 March 2016, 22:00 UTC|
|11 March '16||IoT pen-testing -- session 2|
|18 March '16||MiniCTF -- reloaded!|
|1||WireShark||Network||A network packet sniffer and analyser.|
|2||IDApro free version (V5.0) and Evaluation version||Disassembler||IDA pro cheat sheet|
|6||0xED (Mac OS).||Hex Editor|
|7||Burp Proxy||Web App||An intercepting proxy|
Some learning resources and training exercises can be found below:
|1||Damn Vulnerable Web App||Web App||A Web App pen-testing tool|
|3||WarGames by OverTheWire|
|4||Smash the Stack|
|9||SecurityOverride -- Challenges, Tutorials|
|10||Can You Hack It?|
|13||EnigmaGroup||Great for self-leaning. Good mentoring support.|
|15||CTF Practice||Misc||Links to a lot of hacking websites|
|16||Pentestmonkey||Cheat Sheets||Some explanations towards pentesting and cheat sheets for SQL/shell injection|