diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a48cf0d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +public diff --git a/config.toml b/config.toml index 20ee2c5..d03067b 100644 --- a/config.toml +++ b/config.toml @@ -40,7 +40,8 @@ header_nav = [ { url = "https://exploiitm.github.io/", name_en = "home" }, { url = "/blog", name_en = "blog"}, { url = "/blog/writeups", name_en = "writeups"}, - { url = "/blog/about" ,name_en = "about"} + { url = "/blog/about" ,name_en = "about"}, + { url = "/blog/contacts" ,name_en = "contact"} ] # Optional footer license text. It will only show, when using footer_content_license. diff --git a/content/_index.md b/content/_index.md index 57fc851..a81a195 100644 --- a/content/_index.md +++ b/content/_index.md @@ -9,6 +9,7 @@ Official blog of Cybersecurity Club, IIT Madras. ## Posts +- [BoB](./posts/the_book) - [Summer School](./posts/summer_school) - [View all posts](./posts) diff --git a/content/about.md b/content/about.md index 7a6fcd4..476c03a 100644 --- a/content/about.md +++ b/content/about.md @@ -2,81 +2,108 @@ title = "About" +++ -We are a dedicated group of students who share a strong passion for computer and information security. Our primary goal is to introduce students to the fascinating field of cybersecurity and address complex challenges through research projects and collaborations with the industry. +We established ourselves as a small group of skilled cybersecurity enthusiasts +in 2022 and became a club in the Centre for Innovation in 2023. -What you can anticipate from our team: - -- Active exploration and research in both well-established and cutting-edge areas of cybersecurity, often intersecting with other related fields. -- We focus on solving real-world problems across diverse domains, including binary exploitation, cryptography, file forensics, web server exploitation, hardware exploitation, and more. -- Through informative sessions and Capture The Flag (CTF) events, we aim to assist the student community in embarking on their cybersecurity journey and encouraging them to dive deeper into this exciting domain. - -## Why Hack? - -Learning ethical hacking can offer several benefits and reasons for individuals: - -1. **Cybersecurity Skills**: Ethical hacking involves understanding the vulnerabilities and weaknesses in computer systems and networks. By learning ethical hacking, individuals can develop strong cybersecurity skills and contribute to making the digital world safer. - -2. **Defensive Strategy**: Ethical hackers, also known as "white hat" hackers, help organizations identify and fix vulnerabilities before malicious hackers can exploit them. By learning ethical hacking, individuals can become a valuable asset in creating a strong defense against cyber threats. - -3. **Career Opportunities**: The field of cybersecurity is in high demand, and ethical hackers are sought after by organizations to protect their digital assets. Learning ethical hacking can lead to various career opportunities, such as penetration tester, security analyst, or cybersecurity consultant. - -4. **Protecting Personal Data**: Understanding how cyberattacks work empowers individuals to better protect their personal data and online privacy. Ethical hacking skills can help individuals recognize potential threats and take appropriate measures to safeguard their digital identities. +We are a dedicated group of students who share a strong passion for computer and +information security. Our primary goal is to introduce students to the +fascinating field of cybersecurity and address complex challenges through +CTFs, research projects and collaborations with the industry. -5. **Contributing to Society**: Ethical hackers play a crucial role in safeguarding critical infrastructure, financial systems, healthcare facilities, and more. By learning ethical hacking, individuals can contribute to the overall security and stability of society. - -6. **Continuous Learning**: The field of cybersecurity is constantly evolving due to new technologies and attack techniques. Learning ethical hacking involves continuous learning and staying up-to-date with the latest developments, which can be intellectually stimulating. - -7. **Problem-Solving Skills**: Ethical hacking requires individuals to think critically and creatively to identify vulnerabilities and devise effective solutions. These problem-solving skills can be valuable in various aspects of life, not just in cybersecurity. - -8. **Ethical Use of Skills**: Learning ethical hacking emphasizes the responsible and ethical use of hacking techniques. It helps individuals understand the legal and moral boundaries of cybersecurity, promoting a more responsible and conscientious digital community. - -9. **Gaining Insights into Attackers' Techniques**: To defend against cyber threats, it's important to understand how attackers operate. Ethical hackers learn to think like attackers, which can help them anticipate and counter potential attack vectors. - -10. **Educational Value**: Even if individuals don't pursue a career in cybersecurity, learning ethical hacking can provide a deeper understanding of how computer systems and networks work, contributing to their overall technical knowledge. - -# Our Philosophy +What you can anticipate from our team: +- Active exploration and research in both well-established and cutting-edge + areas of cybersecurity, often intersecting with other related fields. +- We focus on solving real-world problems across diverse domains, including + binary exploitation, cryptography, file forensics, web server exploitation, + hardware exploitation, and more. +- Through informative sessions and Capture The Flag (CTF) events, we aim to + assist the student community in embarking on their cybersecurity journey and + encouraging them to dive deeper into this exciting domain. ## What is Hacking? -We as a team personally feel that _The Art of Exploitation_ tackles this question the best. Hence, we'll be borrowing the author's words for this. +We as a team personally feel that _The Art of Exploitation_ tackles this +question the best. Hence, we'll be borrowing the author's words for this. _Borrowing from **The Art Of Exploitation**_ -The idea of hacking may conjure stylized images of electronic vandalism, espionage, dyed hair, and body piercings. Most people associate hacking with breaking the law and assume that everyone who engages in hacking activities is a criminal. Granted, there are people out there who use hacking techniques to break the law, but hacking isn’t really about that. In fact, hacking is more about following the law than breaking it. The essence of hacking is finding unintended or overlooked uses for the laws and properties of a given situation and then applying them in new and inventive ways to solve a problem — whatever it may be. +The idea of hacking may conjure stylized images of electronic vandalism, +espionage, dyed hair, and body piercings. Most people associate hacking with +breaking the law and assume that everyone who engages in hacking activities is a +criminal. Granted, there are people out there who use hacking techniques to +break the law, but hacking isn’t really about that. In fact, hacking is more +about following the law than breaking it. The essence of hacking is finding +unintended or overlooked uses for the laws and properties of a given situation +and then applying them in new and inventive ways to solve a problem — whatever +it may be. The following math problem illustrates the essence of hacking: -Use each of the numbers 1, 3, 4, and 6 exactly once with any of the four basic math operations (addition, subtraction, multiplication, and division) to total 24. Each number must be used once and only once, and you may define the order of operations; for example, 3 * (4 + 6) + 1 = 31 is valid, however incorrect, since it doesn’t total 24.The rules for this problem are well defined and simple, yet the answer eludes many. Like the solution to this problem, hacked solutions follow the rules of the system, but they use those rules in counterintuitive ways. This gives hackers their edge, allowing them to solve problems in ways unimaginable for those confined to conventional thinking and methodologies. - -Since the infancy of computers, hackers have been creatively solving problems. In the late 1950s, the MIT model railroad club was given a donation of parts, mostly old telephone equipment. The club’s members used this equipment to rig up a complex system that allowed multiple operators to control different parts of the track by dialing in to the appropriate sections. They called this new and inventive use of telephone equipment hacking; many people consider this group to be the original hackers. - -The group moved on to programming on punch cards and ticker tape for early computers like the IBM 704 and the TX-0. While others were content with writing programs that just solved problems, the early hackers were obsessed with writing programs that solved problems well. A new program that could achieve the same result as an existing one but used fewer punch cards was considered better, even though it did the same thing. The key difference was how the program achieved its results — elegance. Being able to reduce the number of punch cards needed for a program showed an artistic mastery over the computer. A nicely crafted table can hold a vase just as well as a milk crate can, but one sure looks a lot better than the other. Early hackers proved that technical problems can have artistic solutions, and they thereby transformed programming from a mere engineering task into an art form. - - -Like many other forms of art, hacking was often misunderstood. The few who got it formed an informal subculture that remained intensely focused on learning and mastering their art. They believed that information should be free and anything that stood in the way of that freedom should be circumvented. Such obstructions included authority figures, the bureaucracy of college classes, and discrimination. In a sea of graduation-driven students, this unofficial group of hackers defied conventional goals and instead pursued knowledge itself. This drive to continually learn and explore transcended even the conventional boundaries drawn by discrimination, evident in the MIT model railroad club’s acceptance of 12-year-old Peter Deutsch when he demonstrated his knowledge of the TX-0 and his desire to learn. Age, race, gender, appearance, academic degrees, and social status were not primary criteria for judging another’s worth — not because of a desire for equality, but because of a desire to advance the emerging art of hacking. - -The original hackers found splendor and elegance in the conventionally dry sciences of math and electronics. They saw programming as a form of artistic expression and the computer as an instrument of that art. Their desire to dissect and understand wasn’t intended to demystify artistic endeavors; it was simply a way to achieve a greater appreciation of them. These knowledge driven values would eventually be called the Hacker Ethic: the appreciation of logic as an art form and the promotion of the free flow of information, surmounting conventional boundaries and restrictions for the simple goal of +Use each of the numbers 1, 3, 4, and 6 exactly once with any of the four basic +math operations (addition, subtraction, multiplication, and division) to total +24. Each number must be used once and only once, and you may define the order of +operations; for example, 3 * (4 + 6) + 1 = 31 is valid, however incorrect, since +it doesn’t total 24.The rules for this problem are well defined and simple, yet +the answer eludes many. Like the solution to this problem, hacked solutions +follow the rules of the system, but they use those rules in counterintuitive +ways. This gives hackers their edge, allowing them to solve problems in ways +unimaginable for those confined to conventional thinking and methodologies. + +Since the infancy of computers, hackers have been creatively solving problems. +In the late 1950s, the MIT model railroad club was given a donation of parts, +mostly old telephone equipment. The club’s members used this equipment to rig up +a complex system that allowed multiple operators to control different parts of +the track by dialing in to the appropriate sections. They called this new and +inventive use of telephone equipment hacking; many people consider this group to +be the original hackers. + +The group moved on to programming on punch cards and ticker tape for early +computers like the IBM 704 and the TX-0. While others were content with writing +programs that just solved problems, the early hackers were obsessed with writing + programs that solved problems well. A new program that could achieve the same +result as an existing one but used fewer punch cards was considered better, even + though it did the same thing. The key difference was how the program achieved +its results — elegance. Being able to reduce the number of punch cards needed +for a program showed an artistic mastery over the computer. A nicely crafted +table can hold a vase just as well as a milk crate can, but one sure looks a lot +better than the other. Early hackers proved that technical problems can have +artistic solutions, and they thereby transformed programming from a mere +engineering task into an art form. + + +Like many other forms of art, hacking was often misunderstood. The few who got +it formed an informal subculture that remained intensely focused on learning and + mastering their art. They believed that information should be free and anything + that stood in the way of that freedom should be circumvented. Such obstructions +included authority figures, the bureaucracy of college classes, and +discrimination. In a sea of graduation-driven students, this unofficial group of +hackers defied conventional goals and instead pursued knowledge itself. This +drive to continually learn and explore transcended even the conventional +boundaries drawn by discrimination, evident in the MIT model railroad club’s +acceptance of 12-year-old Peter Deutsch when he demonstrated his knowledge of +the TX-0 and his desire to learn. Age, race, gender, appearance, academic +degrees, and social status were not primary criteria for judging another’s worth +— not because of a desire for equality, but because of a desire to advance the +emerging art of hacking. + +The original hackers found splendor and elegance in the conventionally dry +sciences of math and electronics. They saw programming as a form of artistic +expression and the computer as an instrument of that art. Their desire to +dissect and understand wasn’t intended to demystify artistic endeavors; it was +simply a way to achieve a greater appreciation of them. These knowledge driven +values would eventually be called the Hacker Ethic: the appreciation of logic as + an art form and the promotion of the free flow of information, surmounting +conventional boundaries and restrictions for the simple goal of better understanding the world. -This is not a new cultural trend; the Pythagoreans in ancient Greece had a similar ethic and subculture, despite not owning computers. They saw beauty in mathematics and discovered many core concepts in geometry. That thirst for knowledge and its beneficial byproducts would continue on through history, from the Pythagoreans to Ada Lovelace to Alan Turing to the hackers of the MIT model railroad club. Modern hackers like Richard Stallman and Steve Wozniak have continued the hacking legacy, bringing us modern operating systems, programming languages, personal computers, and many other technologies that we use every day. - -How does one distinguish between the good hackers who bring us the -wonders of technological advancement and the evil hackers who steal our credit card numbers? The term cracker was coined to distinguish evil hackers from the good ones. Journalists were told that crackers were supposed to be the bad guys, while hackers were the good guys. Hackers stayed true to the Hacker Ethic, while crackers were only interested in breaking the law and making a quick buck. Crackers were considered to be much less talented than the elite hackers, as they simply made use of hacker-written tools and scripts without understanding how they worked. - - -Cracker was meant to be the catch-all label for anyone doing anything unscrupulous with a computer — pirating software, defacing websites, and worst of all, not understanding what they were doing. But very few people use this term today. The term’s lack of popularity might be due to its confusing etymology — cracker originally described those who crack software copyrights and reverse engineer copy-protection schemes. Its current unpopularity might simply result from its two ambiguous new definitions: a group of people who engage in illegal activity with computers or people who are relatively unskilled hackers. - -Few technology journalists feel compelled to use terms that most of their readers are unfamiliar with. In contrast, most people are aware of the mystery and skill associated with the term hacker, so for a journalist, the decision to use the term hacker is easy. Similarly, the term script kiddie is sometimes used to refer to crackers, but it just doesn’t have the same zing as the shadowy hacker. There are some who will still argue that there is a distinct line between hackers and crackers, but I believe that anyone who has the hacker spirit is a hacker, despite any laws he or she may break. - -The current laws restricting cryptography and cryptographic research further blur the line between hackers and crackers. In 2001, Professor Edward Felten and his research team from Princeton University were about to publish a paper that discussed the weaknesses of various digital watermarking schemes. This paper responded to a challenge issued by the Secure Digital Music Initiative (SDMI) in the SDMI Public Challenge, which encouraged the public to attempt to break these watermarking schemes. Before Felten and his team could publish the paper, though, they were threatened by both the SDMI Foundation and the Recording Industry Association of America (RIAA). The Digital Millennium Copyright Act (DCMA) of 1998 makes it illegal to discuss or provide technology that might be used to bypass industry consumer controls. - -This same law was used against Dmitry Sklyarov, a Russian computer programmer and hacker. He had written software to circumvent overly simplistic encryption in Adobe software and presented his findings at a hacker convention in the United States. The FBI swooped in and arrested him, leading to a lengthy legal battle. Under the law, the complexity of the industry consumer controls doesn’t matter - it would be technically illegal to reverse engineer or even discuss Pig Latin if it were used as an industry consumer control. Who are the hackers and who are the crackers now? - -When laws seem to interfere with free speech, do the good guys who speak their minds suddenly become bad? I believe that the spirit of the hacker transcends governmental laws, as opposed to being defined by them. The sciences of nuclear physics and biochemistry can be used to kill, yet they also provide us with significant scientific advancement and modern medicine. There’s nothing good or bad about knowledge itself; morality lies in the application of knowledge. Even if we wanted to, we couldn’t suppress the knowledge of how to convert matter into energy or stop the continued technological progress of society. In the same way, the hacker spirit can never be stopped, nor can it be easily categorized or dissected. Hackers will constantly be pushing the limits of knowledge and acceptable behavior, forcing us to explore further and further. - -Part of this drive results in an ultimately beneficial co-evolution of security through competition between attacking hackers and defending hackers. Just as the speedy gazelle adapted from being chased by the cheetah, and the cheetah became even faster from chasing the gazelle, the competition between hackers provides computer users with better and stronger security, as well as more complex and sophisticated attack techniques. - -The introduction and progression of intrusion detection systems (IDSs) is a prime example of this co-evolutionary process. The defending hackers create IDSs to add to their arsenal, while the attacking hackers develop IDS-evasion techniques, which are eventually compensated for in bigger and better IDS products. The net result of this interaction is positive, as it produces smarter people, improved security, more stable software, inventive problem-solving techniques, and even a new economy. +This is not a new cultural trend; the Pythagoreans in ancient Greece had a +similar ethic and subculture, despite not owning computers. They saw beauty +in mathematics and discovered many core concepts in geometry. That thirst for +knowledge and its beneficial byproducts would continue on through history, from +the Pythagoreans to Ada Lovelace to Alan Turing to the hackers of the MIT model +railroad club. Modern hackers like Richard Stallman and Steve Wozniak have +continued the hacking legacy, bringing us modern operating systems, programming +languages, personal computers, and many other technologies that we use every day. # Let's get in touch diff --git a/content/posts/summer_school.md b/content/posts/summer_school.md index 0c34cbe..f96d57b 100644 --- a/content/posts/summer_school.md +++ b/content/posts/summer_school.md @@ -3,7 +3,7 @@ title = "Summer School 2024" date = 2024-07-01 +++ -In the summer school conducted by the Cybersecuirty club, titled **"The Art of Exploitation"** , we provided a 9 session course on binary exploitation. +In the summer school conducted by the Cybersecurity club, titled **"The Art of Exploitation"** , we provided a 9 session course on binary exploitation. This course coverd everythin from the basics of C to advanced topics including ret2libc, ASLR and more. You can find the [YouTube playlist](https://www.youtube.com/watch?v=EfeU8pxDhVE&list=PLhHkiL2SJ7Xf9Meg6fj-yLJt1DJ0bwSAZ&pp=iAQB) of the recordings. diff --git a/content/posts/the_book.md b/content/posts/the_book.md new file mode 100644 index 0000000..d95a88a --- /dev/null +++ b/content/posts/the_book.md @@ -0,0 +1,49 @@ ++++ +title = "The Book Of Binaries" +date = 2024-07-02 +authors = ["InnocentZero"] ++++ + +Hi everyone, InnocentZero here. I've taken up on a very ambitious and extensive +"project" if you choose to call it that. I'll be writing a book about binaries. +That's it. Executables. But of all sorts. + +The main focus will be from a security and optimization point of view. It plans +to touch a vast range of topics ranging from compilers and linkers to operating +systems, embedded firmware and hardware design. Once again, all from the point +of view of mainly security. + +This is a massive project and would require many months if not complete years to +be in a remotely publishable stage. As of now, one of the chapters that serves +as a basic introdcution to C programming is complete. + + +## Why do it? + +Simply because we love sharing knowledge. On a personal basis, I want this book +to be a complete and total encyclopedic and academic text to everything about +executables. Let's see how we reach there and if there's a change of plans in +between. + +When I first entered this domain, the hardest part was to get a proper source +of information and knowledge in this field in particular. Web is easy, forensics +is mostly about dealing with the data given at hand and seeing if you can +extract something from it and cryptography is just mathematics. But to +understand rev and pwn, you need a very solid base that most people often do not +have. And many a times, CTF write-ups just tell you _how_ to exploit a challenge +without telling you the exact specifics of it. The _why_. That's what this book +is for. + +While there are many other notable attempts at this, the most important one +being "The Art of Exploitation", I feel they are somewhat dry in nature and not +engaging enough for the audience. On the other hand, this book is a direct +inspiration from the "The Art of Computer Programming", as I definitely found +it to be a very engaging text. + +## The How, typst and more + +The book is available for free [here](https://codeberg.org/innocent_zero/the_book). +It utilizes the new typst tool for generation of the book. I chose this because it's +far easier and faster to compose books in typst than in Latex. It is licensed +under Creative Commons, so with proper attribution nobody should have issues +utilizing or promoting the book. diff --git a/templates/blog-page.html b/templates/blog-page.html index 923c3d6..b17dc91 100644 --- a/templates/blog-page.html +++ b/templates/blog-page.html @@ -1,10 +1,16 @@ -{% extends "base.html" %} - -{% block content %} +{% extends "base.html" %} {% block content %}