Ce.Se.N.A. Security
Ce.Se.N.A. (CeSeNA Security Network and Applications) is an Italian Cyber-Security and Hacking team
It’s mainly composed by undergraduate students attending degree of Ingegneria e Scienze Informatiche course
Team
Our aim is to study, understand and deepen Software Security, both in Network and Application side:
- Web Security
- Systems & Network Security
- Secure Coding
- Binary Reversing and Exploitation
- Forensics Tecniques
- Social Engineering
- Cryptography
Main Topics
- Software configurations
- GNU/Linux setups, a.k.a. UNIX porn
- Lockpicking
- Eating Pizza
- ...
Off-Topics
Main Activities
Main Activities
- Weekly Meetings
- Operations
- Competitions (CTF, Wargames, ...)
Weekly Meetings
- We usually meet every week
- Sharing knowledge, challenges, and experiences
- Horizontal Growth
Operations
- Multiple sub-groups
- Separate evening meetings
- Every group goes in-deep in one specific topic
- Vertical Growth
Current Operations
- OpARM
- OpPataviumart
- OpWaldo
- OpFSOR
- OpSkynet
OpARM
Operation with the intent of studying themes like Reverse Engineering and Exploitation on ARM architectures
OpPataviumart
Group which role is to analyze and extend Advanced Web Attacks, using Advanced Web Exploitation techniques
Thus the subject of study are the advanced aspects of typical web attacks, usually studied by CeSeNA during its (horizontal) weekly meeting, but examined on a more detailed level
OpWaldo
Group focusing on Digital Forensics, particularly concentrating on every theme related to Memory Forensics in Windows environment
OpFSOR
A group that was born with the purpose of studying some aspects, specific of Red Teams Operations and Penetration Testing
OpSkynet
Group studying Artificial Intelligence in Cyber Security context
The objective is to make use of search algorithms, classification algorithms, etc.. applied to Cyber Security
This Operation has a dual purpose:
- It can be useful during CTF
- It can provide a great support to OpFSOR
Competitions
They let us improve a lot and exchange, interact and discuss with other brilliant people from all over the world
CTF
Capture the Flag (CTF) is a special kind of information security competition
CTF
There are two common types of CTF:
- Jeopardy
- Attack-Defence
CTF: Jeopardy
Jeopardy-style CTF is made of a collection of challenges:
- Every challenge has a category (for example: Web, Forensic, Crypto, Binary, ...)
- Teams can gain points for every solved task (usually more points for more complicated challenges)
- When the game time is over, the sum of points shows you a CTF winner
- Famous examples include: RuCTFe, Defcon CTF quals, ...
CTF: Attack-Defense
Attack-Defense is another kind of competitions, where:
- Every team has his own host/network with vulnerable services
- Your team has time for patching your services and developing exploits
- Organizers connect participants of the competition and the CTF starts!
- You should:
- Protect your own services for Defense Points
- Hack opponents for Attack Points
Our Point of View
Our Point of View
We like the Hackish culture:
- We don't care if a software or system just works, we aren't satisfied until we deeply understand how it works, in low-level details
- We are open to share our knowledge and to increase it with yours
The Jargon File
Current definition of a Hacker in the Jargon File:
- A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary
- A person who delights in having an intimate understanding of the internal workings of a system
- One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming
The Jargon File
- A person capable of appreciating hacking value
- A person who is good at programming quickly
- An expert at a particular program, or one who frequently does work using it or on it
- An expert or enthusiast of any kind: one might be an astronomy hacker, for example
- One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations
h4x0r vs suxx0r
-
haxor (= hacker)
-
suxx0r (= who sucks): it's typically attributed to script-kiddies
Which Hat?
Black Hat
Black-hat hackers violate computer security for personal gain, such as:
- Stealing credit card numbers
- Harvesting personal data for sale to identity thieves
- Perform DDOS attacks
- Install ransomware on victims
- ...
Black Hat
A black-hat hacker who finds a new, zero-day security vulnerability would sell it to criminal organizations on the black market or use it to compromise computer systems
White Hat
- White Hat hackers are the opposite of Black Hat hackers
- They are the Ethical Hackers, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes
- Examples include MalwareMustDie group
Grey Hat
-
A Gray Hat hacker may sometimes violate laws or typical ethical standards, but does not have the malicious intent, typical of a Black Hat hacker
-
When they discover a vulnerability, instead of telling the vendor how the exploit works, he or she may offer to repair it for a small fee
No Hat
-
Their goal is to learn hacking techniques just for
increase the personal knowledge and for having fun! -
They don't care about the hat you are wearing
-
IO SmashTheStack topic: take off your hats and lets corrupt some memor-y-ies
How to start?
Getting Started
- Getting started with Cyber-Security is hard as fuck!
- It requires deep knowledge in almost every feel of IT
Getting Started
You need to change your way of thinking:
- Stop thinking like an Engineer
- Start thinking like a Hacker
- Stop using stuff
- Start breaking stuff
- Stop asking yourself how to use it
- Start asking yourself how it works
Contacts
If you are curious about what we are doing, feel free to contact us at cesena.team@gmail.com
We usually meet every week, sharing write-ups, knowledge, challenges and interesting experiences..
https://cesena.ing2.unibo.it
How to Join
If you like our activities and you want to contribute come aboard!
You can join CeSeNA whenever you want!
CeSeNA Introduction
By Alessandro Molari
CeSeNA Introduction
CeSeNA Introduction