Nov 2022 – Penetration Testing Certifications: Acronym Aerobics

Penetration Testing Certifications: The Good, the Bad and the Ugly
aka: Acronym Acrobatics

Wanting a career pivot or to level up your skill set can be intimating. The seemingly endless offensive security certifications out there today can be overwhelming.  How do you know which to choose?  Join RISE Thursday, Nov 10th with Ken Nevers at ECPI as this self proclaimed cert junky will share his honest opinions on which certs to go for and which to avoid along your journey.”

Bio:

Ken Nevers, Principle Security Consultant

Current Certifications: OSEP, OSCP, CRTO, CRTE, CRTP, PAWASP

Ken holds an Associate degree in Computer and Information Science with a major in Cyber and Network Security from ECPI University in addition to several red teaming and penetration testing certifications. In his free time, Ken co-organizes BSides Roanoke, co-leads the Roanoke Information Security Exchange, is a member of the Roanoke Linux Users Group, and volunteered on the security teams for HackRedCon and DerbyCon, plays guitar and tells dad jokes.

Hall Of Fames (security acknowledgements):

Oracle, Rackspace, Dell, TripAdvisor

Location

ECPI Roanoke
5234 Airport Rd NW #200
Roanoke, VA 24012

Date and Time

November 10th
5:30pm

Advertisement

Sept 2022- RISE/RBTC Capture the Flag

The RBTC Capture the Flag is here, and we are ready.   For those that aren’t aware we are doing something a little different for the month of September.  Instead of meeting on the second Thursday of the month we are meeting on the second Wednesday of the month (Sept. 14th) in Blacksburg, VA at the VTCRC Training & Event Center at 1691 Innovation Drive, #1025, Blacksburg, VA for a Capture the Flag (CTF) event.  This will be a great opportunity for both new and veteran IT Security focused individuals.  I encourage everyone that can make it to attend.  This is an open event and those that are not familiar with a CTF should not feel intimidated.  There will be several folks available for consultation and assistance.  For those that are familiar with CTF’s we have you covered as well.  We have a great selection of prizes such as Bash Bunnies, Flipper Zeros and Raspberry Pi’s. 

Lastly, there will be pizza and beverages provided so come hungry and learn some new skills.

The Deets:

  • This is a bring your own laptop and power supply event. You must bring a laptop to participate.
  • The Virginia Cyber Range has challenge ready VM’s available for use but you need a laptop to access them.
  • If you choose to use your own laptop for the challenges know that a KALI like image works best.

CTF registration details will be sent in a email to the RISE email distribution list. Please subscribe to the distribution list if you are already a member.

Time and Location Information:

Sept 14th @ 5:30pm

VTCRC Training & Event Center

1691 Innovation Drive, #1025,

Blacksburg, VA.

Aug 2022 – Capture The Flag

Its here!  The August CTF is finally here.  What is a CTF?  Well, I’m so glad you asked.  A CTF or Capture the Flag is kind of a computer security competition where you challenge yourself to get past hacking exercises to “capture a flag”.  This will be an interactive opportunity open to ANYONE!  Whether you’re new to IT Security and wanna learn more or a seasoned Pentester who wants to win it all, this event is for you.  If you’re new to IT Security and are concerned about what lies ahead don’t fret, we will have several veteran IT Security professionals available for consultation if you need assistance.  So come on out and let’s have some fun and learn a little while we’re at it. 

We understand that sometimes things don’t work out and you can’t make it in person so we are offering this as a virtual event as well.  The CTF will be publicly available via the web, however you must be at the event location to win prizes. 

  • CTF provided by our friends at The Virginia Cyber Range
  • Food, beverages, and prizes provided by our friends at GuidePoint Security

The Deets:

  1. This is a bring your own laptop and power supply event. You must bring a laptop to participate.
  2. The Virginia Cyber Range has challenge ready VM’s available for use.
  3. If you choose to use your own laptop for the challenges know that a KALI like image works best.
  4. Please register for the CTF before Aug 11th.
    1. Registration opens at 4pm Friday Aug 5th, 2022
    2. Registration requires a Microsoft or Google ID
    3. Link to registration will be sent in an email
      • Please send a message to info@roanokeinfosec.com if you would like to be added to the distribution list and get the link to the CTF

Date / Time / Location

Aug 11th at 5:30pm at the Roanoke Co-Lab

1327 Grandin Rd SW, Roanoke, VA 24015

(Turn onto Westover Ave SW for parking)

July 2022 – OSINT Side Channels

I know July has likely been a busy month for many of you, but you might want to carve out some time for our next meeting.  This will be an interesting topic that intrigues of most all of us.   On July 14th Ben Eldritch will be giving us his talk on OSINT Side Channels.  We will be meeting at Twisted Track in downtown Roanoke at 5:30pm.  See below for more information.  Also, if you missed the last book exchange feel free to bring some books that you want to trade or donate.   

Of course, we understand that not everyone can make it in person, we will attempt to provide a zoom link in a follow up email closer to the meeting date.

Hope to see ya there in person or virtually.

Discussion Topic:

OSINT Side Channels

  • Basic overview of OSINT and how it can be used for both good and bad
  • How posts on social media provide more information about you than you think
  • What your “Foodstagrams” tell me about you
  • The power of license plates
  • Why everyone knows where you live
  • Safeguards to being owned by anyone

Speaker:

Ben Eldritch

A security researcher who likes to break things and program others. Always learning and adapting, I love to delve deep into applications to see what makes them tick. Experience with red and blue teaming has helped me learn effective offense and essential defense.

Date and Time:

July 14th @ 5:30pm

Location:

Twisted Track BrewPub

523 Shenandoah Ave NW

Roanoke, VA 24016

June 2022 – Using Zeek Without Scripting

Welcome to June.  Things are heating up both with the weather and RISE.  Our next meeting is June 9th at Roanoke College in the Pickle Lounge in the Colket Building with Andrew Beard.  Andrew’s topic is “Using Zeek Without Scripting”.  We are fortunate that our friends at Varonis are sponsoring this month so this will be a catered event with beverages and heavy hors d’oeuvres.  So, bring your curiosity and hunger to the next RISE meeting, both will be satisfied.  See below for more details about the location and parking.

Also we will be offering a book exchange at this meeting

Are you looking to downsize your current library, or perhaps you are looking to diversify your current library.  Well RISE wants to help.  At our next meeting (6/9/22) we will be offering a book exchange.  Bring all those books that you want to get rid off and while you are there perhaps you can find a new book that might interest you.  This is a great chance to explore new areas and find a new book that might change your whole career or at least find something for summer reading.  Just remember to bring those books.

Discussion Topic:

Zeek (formerly Bro) is a great tool for network visibility, but many first timers are turned off by the complexity of Zeek scripting.  Good news!  Zeek is a totally functional stand-alone tool for network traffic analysis, no scripting required.  We’ll go through some hands-on examples of how to use Zeek to inspect PCAP files and some of the tool’s out of the box capabilities without writing a line of Zeek code.

Bringing a laptop with Docker installed is highly recommended if you want to follow along and experiment.

Location / Date / Time

Pickle Lounge, Colket Center, Roanoke College, June 9th @ 5:30 pm

https://www.google.com/maps/place/Colket+Center/@37.296069,-80.0561825,374m/data=!3m1!1e3!4m5!3m4!1s0x0:0xdbe44d3491ec6479!8m2!3d37.297078!4d-80.0556333

-Parking is adjacent to the venue. Park in designated spots and walk to the Colket Center building.

May 2022 – RF: It’s Everywhere.  An introduction to SDR – UPDATE!

Now Includes Hands-On Workshop – BYOD!

For the month of May RISE is going on the air!  Well not really, but we are gonna talk about it.  Darrell Little a member of the local amateur radio club is going to talk to us about radio frequencies and software defined radios.  SDR (for those that might not know) is taking a traditional hardware-based radio system and translating that into software whereby it can be leveraged by a PC or Laptop.  In this talk Darrell is going to take us through the basics and then discuss how these systems are used.  This will be an important talk to those that need to be prepared for DR situations or natural disasters.  As always, the talk and beverages are free so come on out and catch some waves… Radio Waves! 

Just added this week – Tom Weeks (aka TWeeks) will be bringing GQRX software and RTL-SDR devices for us to play with in real time. Make sure to bring your laptop, or mobile device to participate.

See below for location info

 Special thanks to the Roanoke Co-Lab for hosting this month’s event.

Topic:

RF: It’s Everywhere.  An introduction to SDR
A brief review of radio frequencies – part of the electromagnetic spectrum. What are traditional radio receivers and transmitters and what is SDR (software-defined radio). Beyond basic communications, take a look at how RF is used in business, industrial and medical applications. Then comparing some of the reasonably priced SDR devices available for research and testing use, along with the software tools to implement these devices.

Speaker:

Darrell Little

Founder of the Roanoke Linux Users Group and the Python Users Group Roanoke, Darrell Little has been in HealthCare IT for 20+ years, in a variety of roles. With an interest in keeping data security in the forefront to protect sensitive PHI, being involved in InfoSec has been an important part of my IT career.

Location

Roanoke Co-Lab , May 12th 5:30pm

1327 Grandin Rd SW, Roanoke, VA 24015

(Turn onto Westover Ave SW for parking)

April 2022 – Exploring Data Outside the SIEM

Spring is here and so are the taxes.   If you’re looking for a break from taxes and want to gather with some likeminded IT Security professionals join us for our next RISE meeting.   Our next meeting will be with our own Aaron McPhall at R&K Solutions. This month Aaron is asking: 

Have you ever found a new data source on your network, and ever wonder? 

·  What is this data and how could it help me?

·  How would I load this data into my SIEM?

·  Is this worth the time and effort for it to go into my SIEM?

·  How could I compare this data to what is already in my SIEM?

As network defenders, we rely on data from devices to tell a story of what is happening in our network.  We often have important datasets loaded at our fingertips, but there is always more out there.  Perhaps we even have a different story to tell, one that involves a complex story where we need to bring in data from esoteric sources. 

In our next talk, Aaron McPhall will walk through how he processes data outside any SIEM.  He will first introduce the concept of hunting, using resources from Sqrrl, to help formalize the process. Building on this, he will describe common data frameworks and methodologies to process data.  He will hopefully be able to demonstrate concepts that focus around open source tools (not a spreadsheet!) that you can easily install and use. 

Also we need a slightly experienced person to manage our social media and web presence. If you are interested let us know at info@roanokeinfosec.com. This is not a paid position, but you will be recognized as a major contributor to the RISE team and really isn’t that incentive enough?

Hope to see you all Thursday the 14th!   

Speaker Bio: 

Aaron McPhall is cybersecurity professional working in the Roanoke area.  Aaron started off as a Network/System Admin back in 2006 and has worked various IT and Security related roles, including Security {Engineering, Architecture, Research, Incident Response}.  Aaron has been a RISE member for 4 years and recently joined as a member of the RISE advisory board in 2022.     

R&K Solutions in Roanoke VA. 

April 14th, 2022 @ 5:30 PM 

R&K Solutions 
2797 Frontage Rd NW Ste 1000 
Roanoke, VA 24017 

Enter on the right side of the building 

March 2022 – What’s Lurking On Your Network

Yes, it’s true we will be meeting this month!  After a great break from the norm at Blade gaming, we are ready to move ahead with our next meeting on March 10th at 5:30pm at ECPI in Roanoke, VA.  If you can’t make it in person that’s fine, we are streaming this event via our Zoom.  Our next meeting will feature special guest Jay McClung.  Jay will be speaking to us about how cyber-crime organizations and state sponsored actors exploit physical layer 1 “blind spots” to gain access to an organization’s most valuable assets.   See below for more info.

With the most recent events in the news, it is safe to say that state sponsored cyber attacks will be on the rise.  Protecting our assets on all levels is more important than ever and often layer 1 protections often gets overlooked in favor of the flashier exploits.  Jay McClung wants to make sure that you don’t make that mistake.  On Thursday Jay will explain how layer 1 blind spots provide opportunities for malicious actors to take advantage of our networks using malware injection, ransomware and data leakage via rogue devices.

Don’t miss the opportunity to hear from an industry expert while taking the opportunity to share some of your personal experiences with others in the IT security community.

As usual this will be free event, welcome to all!  Hope to see you there.

Location:

ECPI Roanoke

5234 Airport Rd NW #200

Roanoke, VA 24012

Presenter Bio:

Jay McClung has nearly 25 years in IT and Technical Sales, having worked for Dell, Gateway, Cisco, HyTrust, AlgoSec, the Department of Defense and currently Sepio Systems, a company focused solely on layer 1 network based security stemming from malicious IT, OT, IOT, and USB devices. He also holds a degree in Information Systems from Virginia Commonwealth University and is also volunteers as a driver for Meals on Wheels and for Moments of Hope, a homeless veteran’s outreach ministry where he is the active Board President.

February 2022 – Blade Gaming Social Event


You know every now again we like to mix it up a little. After having to delay last months meeting due to COVID we are really looking forward to getting together this month on February 10th downtown Roanoke at Blade Gaming at 5:30pm. We just want to get together, hang out and play some games. While you are there you can take advantage of the 100s of games they have on the shelf or you can bring your own. I personally will be bringing Backdoors and Breaches and Cards Against Security. There is a $5 fee to play games, but I believe that a snack is included in this cost. So, if you have the time on February 10th, come by Blade Gaming in downtown Roanoke and play some games with us. Please keep in mind this is a casual event with no speaker so there will no online event this month. As always, we look forward to seeing you and hanging out.

Meeting Info:
February 10th, 2022 @ 5:30pm

Blade Gaming
430 Salem Ave SW,
Roanoke, VA 24016

January 2022 – Welcome to 2022 – Blade Gaming Postponed.

Happy New Year! 

As we begin our new year, I just wanted to say thanks to everyone.  RISE would not be what it is today with you and we just want to say thanks!  Thanks for participating and making RISE a success.  Now on to the business at hand.  First off, I am sorry to say that we will be postponing our January Blade Gaming event to February.  With Omicron on the rise and with so many cases out there I just don’t feel comfortable asking folks to meet in person yet.  I hope that by February things will have calmed down and we will be able to meet in person on February 10th at Blade Gaming in Roanoke VA.  I will share more details about this event in the coming weeks but for now please take a look at the following video.  Again thanks to everyone and looking forward to seeing you soon.

Welcome to 2022 video