PQC: A Mundane-12 Powerball Dot Upgrade to Your Entire Life and Everything! – April 2024

/ roanokeinfosec

The Roanoke InfoSec Exchange (RISE) is excited to announce our next monthly meetup for April! This month, we’ll be venturing into the fascinating realm of post-quantum cryptography (PQC). For this month’s talk, we have Schr0ding3r discussing “PQC: A Mundane-12 Powerball Dot Upgrade to Your Entire Life and Everything!” and provided us the following description of this talk by sending us encoded photons:

Quantum computing, driven by AI, will take over the world. You’ll lose your job, your privacy, your freedom, even your life. How??? MAGIC. LITERAL MAGIC. Your situation is hopeless. You can’t fight magic!

UNTIL NOW. Introducing: post-quantum cryptography! If you thought your typical gold-level cryptography was effective, get ready to blow right past platinum and quantum levels straight to POST-QUANTUM level. This stuff is literally the “Expelliarmus” to quantum computing’s “Avada Kedavra.” In this thrilling talk, we will discuss quantum mechanics (magic), quantum computing (also magic), and how to fight these evil tools of government conspirators with the maximum 1000XP top-quality get-it-while-supplies-last post-quantum cryptography!

…or maybe, in the spirit of Craig Martell, we will reveal how overhyped and mundane this highly-specialized computing system is, and then look into some of the interesting algorithms being developed to resist these efficient password-cracking machines.

…but which talk will you receive??? YOU’LL HAVE TO SHOW UP TO FIND OUT!

Speaker Bio:

Schr0ding3r, a B.S. holder in physics and mathematics (with a cybersecurity degree on the horizon!), possesses a boundless curiosity that extends to hacking, programming, philosophy, and even ancient Hebrew.

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building.   Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.

See you there!

Meeting info:
Virginia Western Community College
Business/Science Building, Room M302
April 11th, 2024 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA


Online Session:
Sign up for the mailing list to get the online session!

Using Pwntools and Frida for Dynamic Exploitation – March 2024

/ roanokeinfosec

Get ready to explore the exciting world of binary exploitation with the Roanoke Infosec Exchange (RISE)! We’re thrilled to announce our next monthly meetup, happening on March 14th at 6pm, where we’ll delve into two powerful libraries: Pwntools and Frida.

Using Pwntools and Frida for Dynamic Exploitation by Hristo Asenov

This talk will focus on two libraries that help with binary exploitation. The first is called Pwntools which is a python library that creates shellcode out of functional building blocks. The second, Frida, is used for hooking functions and / or modifying the dynamic state of a process through instrumentation. Examples will be shown of how these libraries can be leveraged to make this daunting process a little simpler.

Bio:
Hristo Asenov, an avid cybersecurity enthusiast and platform engineer at Torc Robotics in Blacksburg, will be leading this informative session.

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building.   Take the stairs to the left, go to the third floor, and go to CyberSecurity lab in room M302.

Meeting info:
Virginia Western Community College
Business/Science Building, Room M302
March 14th, 2024 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

Online Session:
Sign up for the mailing list to get the online session!

Kerberos 101 – February 2024

/ roanokeinfosec

Get ready to unlock the secrets of secure logins with Tyler’s captivating talk on Kerberos 101 at next month’s RISE event! This session is your gateway to understanding the ubiquitous Kerberos protocol, the silent guardian of countless Windows domains.

Dive into the core mechanics:

  • Unravel the encryption magic: Demystify key generation and witness the dance of TGT and TGS tickets.
  • Experience the ticket flow: See firsthand how secure authentication unfolds in real-time.
  • Grasp the power and limitations: Understand Kerberos’ strengths and vulnerabilities.

But the adventure doesn’t stop there!

  • Confront the dark side: Explore common Kerberos-based attacks and learn strategies to fortify your defenses.
  • Gain practical insights: Gain real-world knowledge you can apply to your own network security.
  • Fuel your security passion: Get inspired by Tyler’s expertise and stay ahead of the curve.

Meeting info:
February 8th, 6pm
5234 Airport Rd NW #200
Roanoke, VA 24012
https://maps.app.goo.gl/usS5mLFdqBFQaM5M6

Online Session:
Subscribe to the mailing list to receive session details.

See you there for an “authentication adventure” you won’t forget!

The RISE Team

SANS 2024 Holiday Hack Challenge Sampler – January 2024

/ roanokeinfosec

As the new year begins, let’s kick off our cybersecurity journey with an exciting walk through of the SANS 2024 Holiday Hack Challenge. 

SANS 2024 Holiday Hack Challenge Sampler

Hold onto your reindeer socks, cybersecurity enthusiasts, because we’re diving into the wonderland of the SANS Holiday Hack Challenge 2023! This annual event isn’t just your average holiday cheer; it’s a Capture the Flag (CTF) competition disguised as a festive frenzy, pitting hackers of all levels against ingeniously crafted cybersecurity puzzles.

But what exactly is a CTF and why should you care? Imagine a treasure hunt through a virtual landscape, where each hidden “flag” represents a solved challenge. Cracking codes, dissecting networks, and unraveling mysteries – it’s a thrilling combination of mental gymnastics and technical prowess. And the SANS Holiday Hack Challenge takes this concept to a whole new level, wrapping it in a charming holiday theme.

So, let’s peel back the wrapping paper and explore some of the challenges of the 2023 edition.

Speaker Bio: Jared Register is an IT enthusiast and cybersecurity practitioner. He is currently employed as a Cybersecurity Engineer for a hospital system and has been in cybersecurity for over 9 years. Jared mainly focuses on the blue team side of cybersecurity. He holds the CISSP and is working on my Masters of Science in Information Systems Security Engineering from SANS.  Jared can be connected with at: https://www.linkedin.com/in/jaredregister/

Remember, the SANS Holiday Hack Challenge might be festive, but our January event is all about sharpening your skills and fueling your cybersecurity passion in the fresh year ahead! Remember, if you can’t make it in person, we’ll also be streaming the presentation via Google Meet.


Meeting info:

ECPI University
January 11, 2024 @ 6:00PM
5234 Airport Rd NW #200, Roanoke, VA 24012
https://maps.app.goo.gl/usS5mLFdqBFQaM5M6

Online Session:
Please subscribe to the mailing list to receive online session details by emailing info@roanokeinfosec.com.

Building a Hackable Badge for BSides Roanoke – December 2023

/ roanokeinfosec

As the year draws to a close, RISE is excited to gather for one final event of 2023, and what better way to celebrate than by diving into the world of hacking and creativity? This month, Aaron McPhall is presenting:

From Concept to Reality: Building a Hackable Badge for BSides Roanoke

This presentation chronicles the journey of creating a unique and interactive digital badge for BSides Roanoke. Attendees will be taken on a behind-the-scenes exploration, from the initial concept to the finished product, with plenty of lessons to be learned along the way.

The presentation will delve into the intricacies of the process, including design, hardware, software, and fabrication. You’ll gain insights into the electronics and PCB that bring the badge to life, as well as the integrated security challenges embedded within it. We’ll also explore the firmware that powers the badge and the puzzle server that supports its interactive elements.

Finally, we’ll discuss the assembly and programming of the individual components and provide a transparent breakdown of the project’s costs. Along the way, we’ll share valuable lessons learned and inspire others to embark on their own creative endeavors.

We hope to see you there as we close out the year on a high note! Remember, if you can’t make it in person, we’ll also be streaming the presentation via Google Meet.


Meeting info:
ECPI University
December 14, 2023 @ 6:00PM
5234 Airport Rd NW #200, Roanoke, VA 24012
https://maps.app.goo.gl/usS5mLFdqBFQaM5M6

HTB CTF Crypto Challenge – November 2023

/ roanokeinfosec

The leaves are falling and the air is crisper, which means it’s time to get cozy and learn a little about ciphers through challenges.  This month, schr0ding3r is presenting:

HTB CTF Crypto Challenge Walkthrough (or – Exploiting Nonce Reuse in ECDSA Signatures)
An interactive walkthrough of a cryptography challenge (credit to Hack the Box for hosting it for their Defcon CTF this year). I will show what the challenge is, what indicated a vulnerability, a brief intro to elliptic curve algorithms, and then how I crafted an exploit to harvest private keys.

We look forward to seeing you in-person.  If you can’t make it, we will also attempt a google meet session.


Meeting info:
ECPI University
November 9, 2023 @ 6:00PM
5234 Airport Rd NW #200, Roanoke, VA 24012
https://maps.app.goo.gl/usS5mLFdqBFQaM5M6


Speaker Bio:
schr0ding3r has a B.S. in physics and a minor in mathematics; additionally, he is currently pursuing a B.S. in Cybersecurity. He dabbles in everything [but am a master of nothing], including hacking, programming, philosophy, dancing, theater, and ancient Hebrew. Whatever the topic, schr0ding3r seeks to probe the very depths of it.

Hope to see you there!

Social – October 2023

/ roanokeinfosec

The month of October snuck up on us, and it’s been a few months since we had a social. Let’s meet at Starr Hill on October 12th to kick back and enjoy the fall with some brews and banter.

If this social happens to stir up an idea, and it seems like a good speaking topic, please let us know at: https://forms.gle/VnVBpZDzNgBzM2qn6

“Meeting” info:
October 12th, ~6:00pm
Starr Hill Pilot Brewery & Side Stage
6 Old Whitmore Ave, Roanoke, VA 24016

https://maps.app.goo.gl/FMF3Vc54yUTuwahv6

September 2023 – Lightning Talks Round 2

/ roanokeinfosec

We are doing our second round of lightning talks this month after the successful first round!

The ⚡two ⚡lightning ⚡talks we have set for this month are:

Common Pentest Wins

In this talk, Logan Diomedi will cover the top 3 things that get penetration testers initial access on tests.

From Paper Jams to Domain Compromise: Abusing Multi-Function Printers

In this talk, Tyler Booth wants to share with you: Whether you manage multi-function printers (MFPs) yourself or delegate the task to an outside vendor, unsecured MFPs pose a significant risk to your environment. This talk explores how attackers can exploit MFP vulnerabilities to gain an initial foothold in an Active Directory domain, potentially escalate privileges, and access sensitive documents.

In other news, there is an upcoming CTF hosted by RBTC on September 7th.  Find out more at:
https://www.rbtc.tech/event/hands-on-security-capture-the-flag-event/

We look forward to seeing you in-person.  If you can’t make it, we will also attempt a google meet session and recording.

Meeting info:

September 14th, 2023 at 5:30pm
Grandin Colab
1327 Grandin Rd SW, Roanoke, VA 24015
https://goo.gl/maps/4JqvZRD6bPUDEZmy5

Hope to see you there!

August 2023 – Lightning Talks Round 1

/ roanokeinfosec

We had more lightning talks submitted than we initially expected! So, we are going to adjust the flow a bit, and split the lightning talks into two great sessions to provide a little more wiggle room for speakers to deliver their material.

The ⚡three ⚡lightning ⚡talks we have set for this month are:

Verify your Verification
Speaker Ben Eldritch shared the following for this talk: “I’ve pentested 3 different webapps over the past few months, and none of them have implemented account/email verification correctly. Here are a few examples of what can go wrong with account creation, and how you can fix it!”

Terraforming your Cyber Landscape
Speaker Aaron McPhall shared the following for this talk: “This talk will cover an introduction to Terraform, and why it should be considered for any cloud enabled organization. Aaron will cover the benefits of infrastructure as code as well and how terraform can be used to enable scaling and security for cloud services.”

DDoS: What you wanted to know but didn’t want to talk to your 13 year old neighbor
Andrew Beard will be leading this talk on DDoS techniques and mitigation.

In other news, there is an upcoming CTF hosted by RBTC on September 7th. Find out more at:
https://www.rbtc.tech/event/hands-on-security-capture-the-flag-event/

We look forward to seeing you in-person. If you can’t make it, we will also attempt a zoom session and recording.

Meeting info:

August 10th, 2023 @ 5:30PM

ECPI University
5234 Airport Rd NW Suite 200, Roanoke, VA 24012
https://goo.gl/maps/T6TikCHLoPQaWXzT7

Hope to see you there!

RISE August 2023 – Call for Lightning Talks

/ roanokeinfosec

Hey there, RISE Members!

Based on July’s Social Meeting, Andrew had an excellent idea of doing a lightning talk session to get the brain juices flowing. We are looking for some speakers. This is a great place to start with an idea and see if the audience engages with it!

Please submit lightning talk ideas here: https://forms.gle/9jNBphermEi4w78EA

If there are enough submissions (more than 5), overlapping topics, etc; we may have a follow-up survey to downselect or do another lightning talk round in September. Not quite sure yet, but let’s see where this goes.

What is a lightning talk? A shortened talk (10 minutes speaking, 5 minutes for questions) to quickly introduce a topic. Time is important here, so you will want to cover the following items:

  • Establish rapport
  • Quick overview of subject
  • Establish value (teach the crowd something new)
  • Offer hints for follow-on talk (you will learn XYZ)
  • Topics consistent with last month’s Topic Survey Results

Meeting info:

August 10th, 2023 @ 5:30pm
Venue TBD

Hope to see some fun talks!