Ce.Se.N.A. Security

Ce.Se.N.A. (CeSeNA Security Network and Applications) is an Italian Cyber-Security and Hacking team

It’s mainly composed by undergraduate students attending degree of Ingegneria e Scienze Informatiche course

Team

Our aim is to study, understand and deepen Software Security, both in Network and Application side:

Web Security
Systems & Network Security
Secure Coding
Binary Reversing and Exploitation
Forensics Tecniques
Social Engineering
Cryptography

Main Topics

Software configurations
GNU/Linux setups, a.k.a. UNIX porn
Lockpicking
Eating Pizza
...

Off-Topics

Main Activities

Weekly Meetings
Operations
Competitions (CTF, Wargames, ...)

Weekly Meetings

We usually meet every week
Sharing knowledge, challenges, and experiences
Horizontal Growth

Operations

Multiple sub-groups
Separate evening meetings
Every group goes in-deep in one specific topic
Vertical Growth

Current Operations

OpARM
OpPataviumart
OpWaldo
OpFSOR
OpSkynet

OpARM

Operation with the intent of studying themes like Reverse Engineering and Exploitation on ARM architectures

OpPataviumart

Group which role is to analyze and extend Advanced Web Attacks, using Advanced Web Exploitation techniques

Thus the subject of study are the advanced aspects of typical web attacks, usually studied by CeSeNA during its (horizontal) weekly meeting, but examined on a more detailed level

OpWaldo

Group focusing on Digital Forensics, particularly concentrating on every theme related to Memory Forensics in Windows environment

OpFSOR

A group that was born with the purpose of studying some aspects, specific of Red Teams Operations and Penetration Testing

OpSkynet

Group studying Artificial Intelligence in Cyber Security context

The objective is to make use of search algorithms, classification algorithms, etc.. applied to Cyber Security

This Operation has a dual purpose:

It can be useful during CTF
It can provide a great support to OpFSOR

Competitions

They let us improve a lot and exchange, interact and discuss with other brilliant people from all over the world

CTF

Capture the Flag (CTF) is a special kind of information security competition

CTF

There are two common types of CTF:

Jeopardy
Attack-Defence

CTF: Jeopardy

Jeopardy-style CTF is made of a collection of challenges:

Every challenge has a category (for example: Web, Forensic, Crypto, Binary, ...)
Teams can gain points for every solved task (usually more points for more complicated challenges)
When the game time is over, the sum of points shows you a CTF winner
Famous examples include: RuCTFe, Defcon CTF quals, ...

CTF: Attack-Defense

Attack-Defense is another kind of competitions, where:

Every team has his own host/network with vulnerable services
Your team has time for patching your services and developing exploits
Organizers connect participants of the competition and the CTF starts!
You should:
- Protect your own services for Defense Points
- Hack opponents for Attack Points

Our Point of View

We like the Hackish culture:

We don't care if a software or system just works, we aren't satisfied until we deeply understand how it works, in low-level details
We are open to share our knowledge and to increase it with yours

The Jargon File

Current definition of a Hacker in the Jargon File:

A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary
A person who delights in having an intimate understanding of the internal workings of a system
One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming

The Jargon File

A person capable of appreciating hacking value
A person who is good at programming quickly
An expert at a particular program, or one who frequently does work using it or on it
An expert or enthusiast of any kind: one might be an astronomy hacker, for example
One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations

h4x0r vs suxx0r

haxor (= hacker)
suxx0r (= who sucks): it's typically attributed to script-kiddies

Which Hat?

Black Hat

Black-hat hackers violate computer security for personal gain, such as:

Stealing credit card numbers
Harvesting personal data for sale to identity thieves
Perform DDOS attacks
Install ransomware on victims
...

Black Hat

A black-hat hacker who finds a new, zero-day security vulnerability would sell it to criminal organizations on the black market or use it to compromise computer systems

White Hat

White Hat hackers are the opposite of Black Hat hackers
They are the Ethical Hackers, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes
Examples include MalwareMustDie group

Grey Hat

A Gray Hat hacker may sometimes violate laws or typical ethical standards, but does not have the malicious intent, typical of a Black Hat hacker
When they discover a vulnerability, instead of telling the vendor how the exploit works, he or she may offer to repair it for a small fee

No Hat

Their goal is to learn hacking techniques just for
increase the personal knowledge and for having fun!
They don't care about the hat you are wearing
IO SmashTheStack topic: take off your hats and lets corrupt some memor-y-ies

How to start?

Getting Started

Getting started with Cyber-Security is hard as fuck!
It requires deep knowledge in almost every feel of IT

Getting Started

You need to change your way of thinking:

Stop thinking like an Engineer
Start thinking like a Hacker
Stop using stuff
Start breaking stuff
Stop asking yourself how to use it
Start asking yourself how it works

Contacts

If you are curious about what we are doing, feel free to contact us at cesena.team@gmail.com

We usually meet every week, sharing write-ups, knowledge, challenges and interesting experiences..

https://cesena.ing2.unibo.it

How to Join

If you like our activities and you want to contribute come aboard!

You can join CeSeNA whenever you want!