Month: November 2016

Dec 2016 – SANS Holiday Hack Challenge Party

/ roanokeinfosec / Leave a comment

santa1

 

 

 

 

 

 

 

The SANS Holiday Hack Challenge is going to be released on Dec 9th, we’re going to party on Dec 15th:

santa2

 

 

 

 

 

 

 

 

If you’re not familiar with the challenge it is an annual event put on by Ed Skoudis and his team. It is essentially a game that involves a series of cyber security challenges designed to get you to learn a wide variety of skills. The team does a phenomenal job. It has elements for all skill levels and hints as you go along the way. Last year’s challenge was EPIC and I think my wife was ready to kill me if I didn’t stop playing. I’ll warn you, it can get addictive.

166-addiction

The challenges are kept online each year so you can continue to play, even if you didn’t complete it by the deadline. Here is last year’s challenge if you want take a look: https://holidayhackchallenge.com/ This link will likely update to the 2016 challenge on 12/9. If so, here is a list of past challenges: https://pen-testing.sans.org/holiday-challenge/

I can honestly say, after playing last year, I have looked forward to this year’s challenge all year long. My wife, maybe not so much, since I had my head buried in my laptop for 2 weeks last time 🙂 Here are just a few of the things I either learned about, or added skills to while playing last years challenge: sed, awk, scapy, python, JSON, SQL injection techniques,  numerous web application pentesting techniques, Burp Suite, mondoDB, firmware extraction, DNS CnC and data exfil. And when I wasn’t pulling out my hair, I had an absolute blast doing it!

Join us on 12/15 to work on the Holiday Hack Challenge. It is for all skill levels and you will be surprised how much you will learn. We will have wifi access available so everyone can work on the challenge. If you are a student and want to participate but don’t have a laptop, let us know and I will make arrangements so you will have somethig to work on.

To make the best use of the time at the party, go ahead and sign up for an account once the challenge is posted on 12/9.  You can start playing anytime after you get an account. I  also recommend having some sort of virtualization software on your laptop such as VirtualBox or VMWare Player, both are free. And having a VM running Kali set up. Or if Kali is your main OS you may want to have a Windows VM setup. All of that will aid you in the challenge.

gladiator

As usual we’ll have beer/soda and snacks. Just bring your brains because you’re going to need them.

dan-akroid-santa

The meeting will be at 5:30pm on 12/15 at R&K Solutions, 2797 Frontage Rd NW, STE 1000, Roanoke, VA 24017. Google Maps.

Advertisement

Notes from Oct 2016 Ransomware Meeting

/ roanokeinfosec / Leave a comment

notes

Special thanks to Brad at malware-traffic-analysis.net (http://www.malware-traffic-analysis.net/index.html), we used his examples for the October meeting. His site is an excellent resource for learning. He also posts updates and other malware related info on his twitter @malware_traffic.

Here is the traffic we walked through: http://www.malware-traffic-analysis.net/2016/05/13/index.html

And here is the solution: http://www.malware-traffic-analysis.net/2016/05/13/page2.html

To use Security Onion to analyze the traffic you can get the Security Onion ISO here and install it in a VM: https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Here is how to replay the traffic in Security Onion for analysis:

We also had some discussion on how to identify what different types of files really are, regardless of what the extension is; and also how you can carve them out of traffic streams using hex editors. To determine file types you use the “Magic Bytes”:  https://blog.netspi.com/magic-bytes-identifying-common-file-formats-at-a-glance/

Here are some resources on ways to extract files (file carving) from pcaps:

We talked about some quick ways to get info on IPs and domains when researching potential incidents. Here is a quick hit list:

November 2016 – Continuous Pentesting

/ roanokeinfosec / Leave a comment

continuous-battle

The next RISE meeting will be at Virginia Western community college in the Natural Science Center (directions are below). Our speaker will be Darren Manners from SyCom and he will be discussing Redspy365 and the rise of automated pentesting.

redspy

Darren designed this automated approach and he has a list of certs longer than a Nascar race. Come out and learn from one of the innovators in the field.

Here is Darren’s Bio:
Darren is the Lead Penetration Tester for SyCom Technologies, 9 years Royal Naval Intelligence (Communication Technician (Analyst)) Worked for 15 years in various security roles with VAR’s and education. Certifications obtained include; SANS Cyber Guardian (Red/Blue), SANS GSE (#42), CCIE sec (18929), OSCP, CISSP, CISA and others. Written papers on iPhone backup files for penetration testing and anomaly detection using user agent headers. Designer of RedSpy 365, Sphere of Influence (security visualization tool) and Ice-hole. (email phishing tool)
We will be meeting at our usual time of 5:30 pm on November the 10th.
Snacks and drinks will be provided as always.

Location: Charles L. Downs Natural Science Center, Roanoke, VA 24015