Note: This cooperative event will start at 6:30pm!
Capture the Flag challenges offer the opportunity to improve your InfoSec skills whether you are a seasoned penetration tester or just starting your journey. An InfoSec novice may not sweep the competition but they will certainly improve their knowledge. Trying new things can be hard especially in a profession that contains talent that, at times, seems untouchable. Let’s calm those fears with a CtF demonstration and review.
Continue reading
Many new RISE attendees ask how they can get started in InfoSec. Where do I start? What skills do I need. How can I learn new skills? Black Hills InfoSec posted a fantastic curated list of “30 Things to Get You Started”. It covers a variety of areas from log analysis, password cracking, hardware hacking, and more. Content includes blog posts and video to satisfy all types of learners.
It only takes initiative and a few minutes a day to sharpen your skills. RISE can help pair you with the people and tools – all you need to provide is the desire and effort!
We ran into a few issues with flight delays and technology – unfortunately our streaming and recording failed to save audio for this event so we do not have a video available. But RISE attendees pulled together to make this a great interactive meeting covering Hack the Box. If you weren’t able to make the event, keep reading for notes from the demonstrations. Special thanks to R&K Solutions for hosting this event.
Logs. We’ve talked about them in several presentations. “Maintenance, Monitoring, and Analysis of audit logs” is one of the basic CIS security controls. Security administrators have many choices in tools that handle logs, but do you really understand the purpose, function, and use case for each? What makes a “log aggregation” tool and a Security Information and Event Management (SIEM) tool different? When would you use one over the other?
We had a great turnout for our presentation on Cloud Security this month. Thank you to everyone who attended and special thanks to ECPI University for hosting! Ed Summers presented on securing commercial cloud environments by protecting critical identities. Click through for a link to the recording on the RISE YouTube channel, courtesy of R&K Solutions.
Finally in – check out the Roanoke InfoSec Exchange stickers! Display your dedication to excellence in the field of InfoSec by sporting one of these on your laptop! These are a great way to introduce others to the group and build our regional professional community.
One of the most asked about topics at RISE meetings is “How do I become a Red Teamer?” or “What skills do I need for penetration testing?” As the “opposition force” of IT security, Red Teams have long held the most visible and alluring jobs in the realm of InfoSec. Shrouded in mystery they are known for their advanced skills that can penetrate even the most diligent of defenses. The role requires a breadth of IT system and application knowledge but also depth in several areas to understand fundamentals of operation and how to thwart them. This sometimes poses a barrier to entry to the new InfoSec professional uncertain about how to approach the myriad skills needed for success in the role.
We know you don’t need additional incentive to come out to monthly RISE meetings. But a little icing on the cake never hurts. Did you know that you can earn continuing professional education (CPE) credits for your (ISC)2 certifications through participation in RISE?
Commercial cloud offerings have been available for several years, yet some data and application owners still struggle to secure their assets. Properly securing your cloud resources and accounts is critical to avoid loss of sensitive data, financial loss, and the associated impact to business reputation.
Aaron McPhall put together an excellent brief on using Bloodhound as a blue teaming tool to identify unknown or unintended avenues of privilege escalation in your Active Directory infrastructure. If you missed out – don’t despair! View a recording of the brief on the RISE YouTube channel.
Aaron has also made his slides available here.
RISE extends special thanks to the following for their support of this event:
ABS Technology – Hosting and fantastic refreshments
R&K Solutions – Live-streaming and recording support
RISE - Roanoke InfoSec Exchange 