Batman's Kitchen
Frequently Asked Questions
General Information
We're a cybersecurity club! Most of our official activities consist of our talks and workshops — which are designed to teach the core skills used by hackers in the cybersecurity industry — as well as participating in CTF competitions as a team.
We don't have any formal application process! Anyone is welcome to show up to meetings.
None at all! Our goal is for everyone to be able to participate in this club, regardless of how much experience they have in cybersecurity or tech. Almost everybody in this club joined with no experience, so we're more than happy to help newer members.
Our regular meetings are Wednesdays from 5:30–7:30 PM in More Hall 230. We also usually get food/boba on the ave afterwards. On Fridays we either have special topics talks (also 5:30–7:30 PM) or participate in CTFs.
A Capture the Flag (CTF) competition is a cybersecurity competition designed to test many of the skills which security professionals use in
the real world. In a CTF, there are usually 10 to 20 challenges set up by the organizers to mimic real-world computer systems.
Teams compete to complete as many challenges as possible by hacking web servers, cracking encryption algorithms, reverse-engineering code, etc.
in order to find a "flag" — a string of text which might look like flag{exampl3_fl4g_h3r3} — that can then be submitted for points.
CTFs are an excellent way to get hands-on experience with hacking, and a lot of employers look for CTF experience in candidates for both internships and full-time positions!
Security Resources
Most topics in the world of security fall into one of the following categories. Each of these categories has a channel on our Discord server - don't hesitate to ask questions there!
Web
Web security deals with the security of websites and servers. Hackers might attempt to dump a website's database, take over other users' accounts, access pages or files they shouldn't have access to, etc. Web is generally considered to be the most beginner-friendly category, and is where we recommend starting if you have no experience.
Practice challenges: PortSwigger Web Security Labs, PicoCTF, OverTheWire: Natas, WebHacking.kr
Feel free to reach out to Krishna, Jono, Chris, or Sonya with questions!
Pwn / Binary Exploitation
Pwn (more formally known as binary exploitation) deals with directly exploiting "low-level" bugs in computer programs. Attackers use in-depth familiarity with how computer memory and instructions work in order to execute malicious code on a machine. Pwn is one of the more advanced categories, as it requires knowledge of computer architecture and programming languages such as C.
Practice challenges: PWN College Dojo, PicoCTF, PWN College: Binary Exploitation
Recommended course: CSE 351
Feel free to reach out to Pranav, Adi, Geeoon, or Camden with questions!
Reverse Engineering
Reverse engineering is the process of figuring out how a program created by someone else works, usually without access to its source code. Challenges in this category generally deal with decompilation (taking compiled machine code and attempting to return it to human-readable form) and deobfuscation (analyzing code which has been intentionally made hard to read to thwart reverse engineering efforts). There is a good amount of overlap between reverse engineering and pwn, as the two skillsets often go hand in hand in the real world.
Practice challenges: PicoCTF, Pwnable.kr, Crackmes.one
Feel free to reach out to Adi and Ryan (@rhystic on discord) with questions!
Cryptography
Cryptography is the art of securely communicating in the presence of adversaries. This includes encrypting messages so attackers can't read them, or digitally signing messages so attackers can't tamper with them. While encryption and digital signatures are workhorses that often secure our digital landscape, secure cryptographic algorithms are notoriously difficult to come up with and implement correctly. Challenges in this category often feature cryptographic schemes which may look secure, but have a fatal flaw that allows hackers to, say, decrypt some data, or forge a digital signature.
Practice challenges: PicoCTF, CryptoHack, Cryptopals
Feel free to reach out to Simon with questions!
OSINT
OSINT stands for "Open-Source Intelligence," and involves using publicly available sources to compile information on a target. This can include finding the location an image was taken at (basically Geoguessr lol), tracking down information on a person or company through public records, etc.
Practice challenges: Bellingcat Challenge
Feel free to reach out to Joey with questions!