Introduction to MetaSploit and EternalBlue // 26-03-2022

During the March holidays, NYP InfoSec organized an introduction workshop to the EternalBlue exploit. Through the workshop, we hoped to raise awareness about the infamous vulnerability. 

We started with a the fascinating story of EternalBlue's history, and how it came to be described by the New York Times as "one of the most useful exploits in the NSA's cyber arsenal".

Next, time for some (ethical) hacking! During the practical session, our members used the Metasploit command line tool to exploit the vulnerability on a special virtual machine. Metasploit is a staple during Cybersecurity competitions and Penetration Testing projects, so it was great to be able to introduce the tool in such an engaging way.

A big thank you to everyone who joined us. We hope you had fun and learnt something new. We're definitely planning more hacking workshops soon, so stay tuned.

CREDITS

Lim Yong En, Ho Xin Ying, Elton Tay

Excos: Mark Bosco, Gregory Choong, Edwin Chua 

FUN FACT

You can exploit EternalBlue manually without using Metasploit! Our vice president Edwin wrote a guide about the process here: 

https://kabinet.notion.site/kabinet/NYP-InfoSec-EternalBlue-Workshop-d59e026c05b14f56949c5970a8eb897e

NYP December CTF // 27-12-2021 to 28-12-2021

 

On the 27th of December, NYP InfoSec held our two day long December Capture The Flag (CTF) competition. This was our first time hosting such a long event, and we started preparations way back in September. Keeping participants entertained for that long takes a lot of work! All together, we had more than fifty challenges across eight categories.

We tried another special idea this year: All the challenges would follow a common scenario and theme. This made brainstorming challenge ideas much easier, and also helped all our challenges appear part of a bigger mission. 

This time, our CTF revolved around stopping an fictional hacker group known as EternalWinter from freezing the planet Earth.

To set the theme of the event, we designed our own custom CTF landing page that explained each category.

We kicked the event off at 12pm with a short introduction to the CTF platform, as well as an important reminder on the cybersecurity laws in Singapore. Once this was done, it was time to capture some flags! Our participants raced to crack codes, extract hidden data and hack websites in order to find the flags. The top spot on the scoreboard was passed around several times during the first hour of the competition.

Instead of releasing all our challenges at once, we divided them into three parts, and released a new wave every few hours. Our second wave of challenges was released at 6pm and contained more challenges from each category.

At 8pm the next day (the 28th of December), we released our final wave of challenges. Many participants got up especially early to get a head start. Not an easy thing to do during the holidays!

At 12pm, we observed the CTF competition tradition of 'freezing' the scoreboard. This means that any points earned are no longer visible to other competitors. The next four hours was a nervous experience for participants as they continued to solve challenges without any idea of how everyone else was doing.

When the CTF finally ended at 4pm, we took a short break to tabulate the scores. While waiting for the results, competitors swapped tips and stories about how they had solved the puzzles. Then, we returned for a closing ceremony to announce the winners of NYP December CTF. Our challenge creators also explained the solutions to some of their creations.

Congratulations to our winners: Dylan, Jong Han, and Jun Hui!

Thanks to all our participants and we hope to see you again soon!

Our next CTF competition will take place in May 2022. If you'd like to be the first to hear about it, please consider joining our discord server.

CREDITS

Administrative Management: Gregory Choong and Edwin Chua

Scenario Development and Design: Mark Bosco

Server and Hosting Management: Carl Voller

Publicity: Jeremy Chong

Emcee: Elton Tay

Challenges created by:

Greogry Choong

Edwin Chua

Jeremy Chong 

Mark Bosco

Arvin Lum

Derrick Png

Carl Voller

Elton Tay 

Goh Ee Sheng

Ho Xin Ying

Lim Yong En

Tan Chee Qing

FUN FACT

During the CTF, we hid a flag somewhere on this website. Can you find it? 

Introduction to CTF and Password Cracking // 22-12-2021

Ahead of our 2021 year-end Capture the Flag competition, NYP InfoSec organized a short sharing session and workshop.

To start the session, our Head of Development Mark introduced our club.

Next, our committee member Ee Sheng shared about the various categories of CTF challenges, and some strategies for solving them.

You can find the sharing slides here.

After that, it was time for some hacking! Our first-year committee members Carl and Xin Ying showed participants how to use the popular password cracking tool John the Ripper. 

You can find our practical workshop slides here.

We’re glad that the event went smoothly with no technical issues. In the future, we’ll also be conducting more workshops on other topics. If you'd like to be the first to hear about them, please consider joining our discord server.

Thank you everyone. See you again soon!

===

This event was as part of the Nanyang Polytechnic’s Tech Week initiative. The Tech Week initiative aims to help first year students discover their interests in the Tech landscape.

You can read more about the events held by other special interest groups here:

NLP & Deployment (hosted by NYP AI)

Analytics with Netflix Data and Intro to Algorithms (hosted by NYP Ladies In Tech)

FUN FACT
Did you know? You can use this website (https://hashes.com/en/tools/hash_identifier) to help you identify what format a hash is in.

Here's a secret flag: NYP{P@ssW0rd_Cr@cking}