2020-10-07 - Introductory Session

Skill Level: All Skills

Welcome to the Cyber Security Society! Things may be a bit crazy at the moment, but we will still be running events this academic year.

Webpages are written in the Hypertext Markup Language (HTML) and sent to your computer using the Hypertext Transfer Protocol (HTTP). This sessions will guide you through some basic webpage security, allowing you to get to grips with how our events are run.

What SUCSS Does

SUCSS runs sessions on several security topics, such as web security, networking, cryptography, and also lockpicking! We have also entered competitions in the past, such as the Higher Education Cyber Challenge (HECC), Inter-ACE, and Cambridge2Cambridge.

It should go without saying, but don't hack other people! We are giving you our express permission to attack machines that we have specifically told you about, in the way that we describe. The blame will rest on your shoulders if you illegally break into other machines!

Flag Tracker

In order to track your progress with challenges this year, please make an account with our flag tracker.

Challenges

Our introductory challenges can be found at http://intro.sucss.org/.

If you are able to complete these challenges, you can complete the Natas challenges from OverTheWire at https://overthewire.org/wargames/natas/. You can enter the passwords as flags into our flag tracker.

For a few of the later challenges, we recommend that you install Burp Suite. Burp Suite provides a range of tools for web security testing. Go to our Burp Suite docs page for information on how to download and set up Burp Suite.

Base64

Arabic numerals (0 through 9) is a decimal numeral system. In other words, it is in base 10.

Base64, as the name implies, use 64 different symbols. Rather than being used numerically, it is typically used to represent information. An easy way to spot Base64 is when there are equals signs at the end of a sequence (e.g. U1VDU1M=), though this may not always be the case!

There are plenty of websites to encode and decode Base64.

Helpful Documents

Inspecting Elements

Console

HTTP Headers