📢 ASPIRING HACKERS! Want to learn to hack? Since it's virtual anyways, we're opening our Fall 2020 ASU Computer Systems Security / CTF course to the WHOLE WORLD! More info, including lecture times, youtube/twitch/presentation links, and practice problems:
Hello hackers! Wanted to try
@pwncollege
but never got past the expectation of x86 Assembly knowledge? Now you can! We just launched a new Assembly Crash Course lecture series to complement last year's Assembly Refresher challenges! Check it out:
Today, we launched this year's Kernel Security module, at ! Interested in getting into kernel exploitation? Want to know what we changed this year? Stay a while, and listen...
@DEFCON
29 was my 20th year at DEFCON, 13th year in the CTF room, and 4th (and final!) year on the organizer stage. I am so thankful to the community for giving me the chance to host DEFCON CTF, and to my amazing team,
@oooverflow
, for making this lifelong dream a reality!
Hello hackers! This thread is about a tricky but important issue: getting people into Cybersecurity, and one (of many!) things we're doing about it. Read on below! 🧵
Hello hackers! Finished all the awesome challenges on ? Ready for more? It's your lucky day! Today, we're launching a new feature: Community Dojos full of new and exciting challenges to tackle and learn from!
Read on! 🧵
Hello aspiring hackers!
@ASU
's fall semester starts today (2021/9/19), and that means that
@TheConnorNelson
and I are bringing you all another iteration of ! Interested in what this year will bring? Let me spin you a thread.
All five levels of the Kernel module of () are now released! Go hack them! As a reminder, this module is an *intro* to working with the kernel; we'll be exploiting actual bugs in the kernel a few modules from now!
Sorry for the late notice, but if you're looking for something to do this weekend, we've launched a few extra heap challenges while we get Race Conditions ready for next week!
Hello hackers!
@ASU
's Fall semester starts in one week, and that means so does this year's refresh of ! Interested in learning to hack, want to look back at the evolution of the platform that taught you to hack, or just like reading me ramble? Read on! 🧵
Congrats to the 7 companies that will receive $1 million each to develop AI-enabled cyber reasoning systems that automatically find and fix software vulnerabilities as part of the
#AIxCC
Small Business Track! Full announcement: .
Today is
@DEFCON
Quals... and for the first time in 15 years, I am not involved in any capacity! After 9 years playing, 4 years hosting, and 2 years playing again, this weekend is going to be a family event rather than a caffeine-fueled hacking extravaganza... Complex emotions!
Hello hackers! just passed a massive milestone: 1 MILLION flags have been captured by hackers across the platform! The millionth flag was from level 84 of the Program Interaction module! What a wild journey from humble beginnings.
Wondering what we've been up to since last semester's ? This semester, I ran a course to give
@ASU
students real-world Vulnerability Research experience. Thread here. TLDR: we'll have a summary stream on Apr 27 at 12:00pm AZ time at !
This year's iteration of is well on its way, with today's launch of a streamlined Program Interaction module! But, in BIGGER NEWS, the first stream by
@TheConnorNelson
for the new intro "White Belt" material (aka ASU CSE 365) is TODAY at 4:30pm AZ time!
Just finished my first teaching experience. Had a blast discussing computer architecture with the freshmen of
@uvtromania
this semester. We experimented with a new concept of turning the entire course into a CTF, computer architecture-themed.
Hello academics! Arizona State University is hiring tenure-track cybersecurity professors! Areas of interest include security of distributed systems, consensus (/blockchain!), distributed ML, MPC, IoT, and much much more! Deadline Jan 15th. More info at
It was an honor hosting
@DEFCON
CTF quals again! Thanks for playing! And a special thank you to my amazing teammates on
@oooverflow
! You rock. Team work makes the dream work.
And that's a wrap on
@defcon
#CTF
!
Congratulations A*0*E for the dominating win!
Also congratulations to Samurai for the 2nd place finish and to Shellphish for 3rd place!
Super honored to be part of the
@CISAgov
TAC! With the possible exception of this
@Zardus
fella, this is one of the most competent (and coolest) government committee compositions I’ve seen. I have no doubt we’ll help make
@CISAgov
’s mission a success!
Hello hackers! Sorry to overwhelm you with
@pwncollege
news, but we just launched the first new module of the new White Belt material: Talking Web ()! A few more details below 🧵
Hello (aspiring) hackers! I am (mostly) recovered and going on stream RIGHT NOW for the launch of this year’s Assembly Refresher (new!) and Shellcoding modules! See you at !
Good luck to everyone playing
@defcon
CTF quals! But most of all, good luck and smooth sailing to
@Nautilus_CTF
! Glad you’re running it and not us :-)
Videos for Module 4 of , Reverse Engineering, are UP! Check them out at , or join us Wednesday at 2:30pm AZ time for a prerecorded stream on . The extended Q&A and collaboration is right after, at 4:30pm!
My daughter brought me a mean cold (not COVID, according to MANY tests) from preschool and left me sick and miserable for 3 weeks now! Out of caution (and misery), I moved classes online for now, which resulted in this thread of reflection on online vs in-person teaching...
Hello Hackers! The inaugural
#pwncollege
Quarterly Quiz is LIVE at ! It’s a series of tough kernel pwning chals from the one and only
@ky1ebot
, kernel hacker extraordinaire, and will lead you on a journey through Linux kernel pwning and the VFS subsystem!
Just emerged up from the post-CTF coma. It was an honor for me and my incredible colleagues on
@oooverflow
to host
@DEFCON
#CTF
quals for the second time! Thanks to all the amazing teams for playing, and keep those pistachios coming!
#defconquals2018
is over! Congrats to the qualifying teams, and than you all for playing. Hosting
@DEFCON
CTF with
@oooverflow
is a dream come true, despite the lack of sleep and other associated insanity!
At the rate the students have been blowing through this semester, sometime in the next day or two, we'll surpass 31337 total flag captures on the new instance!
Finally, here is the blog documenting the crazy 7 days that I spent on CVE-2022-1786 to pwn kCTF (and won a lot of cash)! Let me know what you think of the blog!
I'm sure everyone's attention's elsewhere right now, but if you want to learn about (intro) heap exploitation, lectures for our next module () are up! We'll restream them at 2:30pm AZ time at , do a Q&A at 4:30, and launch challenges!
@zoaedk
@oooverflow
The personal impact is even worse. My daughter was born four months ago, and I spent most the time since in my office working on the CTF. I missed her first laugh and her first time rolling over to help bring you DEF CON. Others made similar sacrifices.
With DEFCON over and the thankyous sent, you, the twitter reader, might ask, "what's next"? There's a lot we're working on, from academic research, to and other education concepts, to
@ctfradiooo
. We'll stay busy. But let me ask, what is next for YOU?
20 years ago, high school me wandered the halls of the
@AlexisPark
at
@DEFCON
9, absolutely in awe of the giants throwing exploits in the CTF room, the legends speaking in the tracks, and the titans giving and getting black badges. I never imagined I could occupy the same ranks.
Are you an undergrad or recent graduate interested in a summer internship doing awesome research and playing CTF at our lab at ASU? Our summer internship applications are now open! Apply at and choose my project :-)
Hello hackers! Tomorrow, April 1st, at 5pm Arizona time (8pm Eastern), we’ll launch the inaugural
#pwncollege
Quarterly Quiz! It’ll be a tough set of challenges written by one of the top hackers in the world! Drop by tomorrow, or read on for more details!
The first 7 levels of the sandbox escape challenges from are live, with more launching in over the next day! Check them out at . Can
@ASU
students hack out of sandboxes faster than students around the world? We'll find out!
The best part of hosting (and playing!) CTFs is being forced to learn amazing, little-known tech to an absurd depth. This DEFCON,
@JakeCorina
forced me to learn VMX to write this part of the OOOWS challenge series with him and
@michaeljpizza
.
@adamdoupe
@intel
Finally, on the last day (after an all-nighter by
@Zardus
to set everything up), was ooows-hyper-o!
This time we replaced that pesky KVM with our OOOWN hypervisor, to see how teams could successfully execute a hypervisor exploit to steal the flag
Yo! Hopping back on to spread the word that
@TheConnorNelson
, of
@pwncollege
fame, is making moves toward becoming Dr. Nelson! Join us for his PhD proposal, which will be live streamed on at 3pm AZ time today (in just over an hour)!!!
Recently, with the support of
@DARPA
's CHESS program, I grew a decompiler! If you're interested, grab an **alpha** release of my GUI, and get decompiling! My *alpha-quality* decompilation's optimized for one amd64 binary, but may work on other stuff!
Hello aspiring academics! I'm excited to spread the news that Arizona State University once again has open Assistant/Associate/Full Professor positions in Cybersecurity (job ad: )! Curious about ASU? Read this thread!
Order has been established! Thank you, cybercitizens, and congratulations to DEFKOR00T for winning
@DEFCON
#CTF
! Enjoy the black badges.
Congrats to 2nd place PPP and 3rd place HITCON!
Hello hackers! Quick reminder that in just under 6 hours, at 12:00pm AZ time, we'll be streaming about our experience running an Applied Vulnerability Research course this semester as a followup to . See you at noon at !
@zoaedk
@oooverflow
We make these sacrifices because we are passionate about the CTF community. Traditionally, those who dominated under an organizer took on the mantle to serve the community for the next phase. This held for 20 years of ghettohackers, kenshoto, ddtek, and legitbs.
Read about our new research center: the
@asu_gsi
center for Cybersecurity and Trusted Foundations!
@ASU
has an awesome institutional design in which centers like the CTF (see what we did there?) enable us to do things that would normally be insane/impossible in academia.
Hello hackers! Last semester, you joined us for
@TheConnorNelson
’s PhD proposal. Now, come to his PhD defense to see him present his accomplishments and (attempt to) become Dr. Nelson! See you in 30 minutes (5pm AZ) at !
I learn tech by hacking it, and I’d never actually dug deep into the underpinnings of virtualization before. Thanks to this challenge, I’ve learned so much about modern CPU architectures that I’m planning to run a “Dirty Secrets of Modern X86” course at
@ASU
next spring!
I just realized that this bash code is vulnerable:
A=(1 2 3)
read IDX
echo "${A[$IDX]}"
I've used the underlying weakness in other contexts, but realizing that it applied here was pretty terrifying. If you're interested, there's lots more like this at
Attention hackers! We're starting in on the next module of : Shellcoding! More videos coming tonight, with an extended Q&A, knowledge solidification, and the launch of challenge problems on the Wednesday stream!
@zoaedk
@oooverflow
Hosting CTF does not help our careers. Example: the highest priority for me, career wise, is to submit a proposal for an NSF CAREER grant, a soft requirement for tenure. It is due tonight. For the third year in a row, I will miss it due to DEFCON.
Thanks for joining us for ASU's Applied Vulnerability Research end-of-the-semester stream! For those that missed it, you can read the livetweet summary in the linked thread, or watch it in all its glory on youtube!
Big day in infosec! Aside from its huge direct impact on the pwning community, without articles like
@aleph_one
’s, resources like or would have never existed.
Hello hackers! If you're following along live with this year's course, the Sandboxing module is over and the Reverse Engineering module is launching today! Join us at at 4:30 (in 10 mins)!
Hello aspiring hackers! Hope you’re digging into that Program Interaction module! We’ll do an extended Q&A and launch the Program Misuse module () in 25 minutes, live at . See you there!
Now, we need your help! We have our ideas of hackers and hacks that we'll cover (), but we're fallible. See someone/thing missing? Reply and let me know! If you have some long-form reference material along with your suggestion, that would be even better!
If you’re an aspiring hacker in high school, consider applying to our second annual high school research internship! It’s a great opportunity to work with great minds (plus me) at ASU’s SEFCOM research lab, hack with
@asuhackingclub
and
@shellphish
, and learn a lot!
Know any high school students in the Phoenix area who are passionate about hacking & computer science? The Center for Cybersecurity
@asu_gsi
is accepting applications for our summer '22 research internship! Due: March 21. Spread the word!
💻More info:
Looking for a tenure track position in Cybersecurity? We're hiring at ASU, with focuses on security of AI, ML, and cryptography! Apply at and come work with
@adamdoupe
,
@___tiffanyb___
,
@LtFish_
, me, and other awesome ASU faculty to usher in the future!
Got an hour for a cool discussion at
@DEFCON
? Drop by the Policy
@DEFCON
Roundtable discussion room and talk about Emerging Technical Cyber Policy Topics with
@bcrypt
,
@kurtopsahl
,
@effffn
, and myself at 2pm!
The videos for Module 8 of , Kernel, are up! Module 8 is about understanding the kernel, and we'll be heavily exploiting said kernel in our second combo module in a few weeks! More details at , and extended Q&A Wed at 4:30pm!
Hello aspiring hackers! Every summer, we host high school cybersecurity enthusiasts from around the Phoenix valley for summer internships through ASU’s Center for Cybersecurity and Trusted Foundations! Applications for this summer close in under a week!
The first 10 levels of practice problems for module 4 of (Reverse Engineering) are up (except for level7_testing1, which we're tracking down an issue with). A few more levels launching tomorrow! Details at
Okay! Second module extension: Module 6 (exploitation scenarios) is being extended by a week to give the students a bit more time to fully master the concepts! ROP is now coming on 10/21 rather than 10/14. More details on discord!
Interested in the academic peer review process in cybersecurity? Think it can be improved? Check out our upcoming
@IEEESP
paper where we talked to the experts and analyzed their views on the whole thing. You can start by reading this awesome and extensive thread by
@adamdoupe
!
👏
@AnantaSoneji
will present her first first-author paper "“Flawed, but like democracy we don’t have a better system”: The Experts’ Insights on the Peer Review Process of Evaluating Security Papers"
@IEEESSP
If you're in academia, you'll want to 👀👇
📜
Looking for an awesome PhD program in Computer Science? Want to do awesome cybersecurity research side by side with DEFCON CTF organizers, prominent CTF players, and other crazy people? Come to ASU! Apply here:
Hello aspiring hackers!
@ASU
's fall semester starts today (2021/9/19), and that means that
@TheConnorNelson
and I are bringing you all another iteration of ! Interested in what this year will bring? Let me spin you a thread.
So how do we do it? This semester,
@LtFish_
and I are teaching a 1st year hacking class that (hopefully!) requires ZERO technical knowledge! The course is CSE 194: Cybersecurity History and Culture (if you are an ASU student, sign up here: ).
Always wanted leave your mark on “The Olympics of Hacking”? Now you can! Check out
@DEFCON
’s Call For Organizers and consider diving in to help make DEF CON CTF an incredible event for the CTF world! As mentioned in the CFO,
@oooverflow
is happy to help with the transition!
#DEFCON30
Call for
#CTF
Organizers!
Ready to create the next gen of elite CTF tournaments? Do you have the skills to elevate the game for the world’s best players?
Info is at . Submit the CTF you want to see in the world. For the chosen, glory awaits.
.
@ASU
GSI has an open position for 'senior software engineer' will play a key role in advancing the growth and success of GSI's Center for Cybersecurity and Digital Forensics. Join this thriving and growing team!
@ASUResearch
➡️ Apply by Sept. 30th
➡️