We are the Hacking Club at the University of Birmingham. We get together every week to look at offensive hacking and cyber security. We do this because understanding threats and how attackers think is the best way to keep computers secure... also it's fun.

Any problem can be solved by enough monkeys acting completely at random.

Everyone is welcome, we can find hacking challenges that are appropriate for every skill level, however you must bring a laptop.

We're meeting every Friday, in room 217, Computer Science building, from 3pm. If you want to confirm, drop Andreea an email.

Organising Monkeys or How to Run a Hacking Club
Andreea-Ina Radu, Sam L. Thomas
Vibrant Workshop 2015, The first UK Workshop on Cybersecurity Training & Education
Presentation slides

A full list of write-ups for competitions we have participated in can be found here.

For submitting write-ups, please use this template if you want the file hosted on our site, or the external template if you plan to host the write-up on your own website. The format is Markdown. There are some explanations included in the files. Send them by email or submit a Git pull request.

Some of the previous hacking competitions that we've gone in for include...

  • VolgaCTF 2015 Quals
  • Boston Key Party 2015
  • Ghost in the Shellcode 2015
  • SECCON CTF 2014 Online Qualifications
  • 9447 Security Society CTF 2014
  • CSCAMP Quals Nov 2014
  • Hack.lu Oct 2014

Below you find the schedule of topics we will discuss each meeting and who will give the presentation. Important CTFs in which we will participate are also mentioned.

Date Topic / CTF Presenter / Info
19 Feb '16 9447 2015 CTF -- practice
20 Feb '16 Internetwache CTF 2016 20 Feb. 2016, 11:00 UTC — 21 Feb. 2016, 23:00 UTC
26 Feb '16 Format strings
27 Feb '16 SSCTF 2016 Quals 27 Feb. 2016, 00:00 UTC — 29 Feb. 2016, 00:00 UTC
4 March '16 IoT pen-testing -- session 1
4 March '16 Boston Key Party 04 March 2016, 22:00 UTC — 06 March 2016, 22:00 UTC
11 March '16 IoT pen-testing -- session 2
18 March '16 MiniCTF -- reloaded!
Past events
16 Oct '15 SQL injection, XSS, OWASP top 10 Pegasus
20 Oct '15 Hack.lu CTF 20 Oct. 2015, 08:00 UTC — 22 Oct. 2015, 08:00 UTC
Costa Coffee in Guild of Students for 20 Oct
Room 245 booked for 21 Oct
23 Oct '15 Traceroute, Nmap, Wireshark, Burp Proxy neko3
24 Oct '15 TUM CTF Teaser 24 Oct. 2015, 12:00 UTC — 25 Oct. 2015, 12:00 UTC
30 Oct '15 AFNOM goes on vacation!
06 Nov '15 IDA/x86/x86-64 xorpse
13 Nov '15 Reverse engineering - practice xorpse
20 Nov '15 Advanced Burp Usage Abstract
27 Nov '15 ROP, SROP Break
27 Nov '15 9447 CTF 27 Nov. 2015, 23:00 UTC — 29 Nov. 2015, 23:00 UTC
4 Dec '15 AFNOM Mini-CTF
18 Dec '15 FAUST CTF 18 Dec. 2015, 16:00 UTC — 19 Dec. 2015, 00:00 UTC
Attack-Defence CTF
08 Jan '15 Ghost in the Shellcode VII 08 Jan. 2016, 20:00 UTC — 10 Jan. 2016, 04:59 UTC
# Name Category Description
1 WireShark Network A network packet sniffer and analyser.
2 IDApro free version (V5.0) and Evaluation version Disassembler IDA pro cheat sheet
3 JD-GUI Disassembler Java disassembler
4 OllyDbg Disassembler Windows disassembler
5 Uncompyle2 Disassembler Python disassembler
6 0xED (Mac OS). Hex Editor
7 Burp Proxy Web App An intercepting proxy

Some learning resources and training exercises can be found below:

# Name Category Description
1 Damn Vulnerable Web App Web App A Web App pen-testing tool
2 VulnHub
3 WarGames by OverTheWire
4 Smash the Stack
5 Google Gruyere
6 Exploit Exercises
7 HackThisSite
8 Hellbound Hackers
9 SecurityOverride -- Challenges, Tutorials
10 Can You Hack It?
11 w3challs Hacking Section
12 CrackMes Reverse Engineering
13 EnigmaGroup Great for self-leaning. Good mentoring support.
14 HellBoundHackers
15 CTF Practice Misc Links to a lot of hacking websites
16 Pentestmonkey Cheat Sheets Some explanations towards pentesting and cheat sheets for SQL/shell injection

To keep up to date about meeting and competitions please join our mailing list bham-hacking-group. For more information please contact Andreea Radu or Tom Chothia.