Author: roanokeinfosec

Meeting notes – ‘Attacking the Gatekeeper’

/ roanokeinfosec

This week RISE welcomed Harrison Neal (PatchAdvisor) via video conference to talk about two vulnerabilities he discovered in the RSA authentication agent for IIS. Thanks to R&K Solutions for hosting the event!

RISE meeting photo

Harrison’s was a tale of accidental findings, curiosity, and persistence. Some odd language he found while working on an unrelated task provided a tantalizing thread to pull. Over the next few months, he spent his spare time fuzzing, analyzing encryption schemes, and reading up on named pipes to convert that accidental finding into two CVEs: CVE-2018-1232 and CVE-2018-1234.

The brief exemplified many qualities of successful vulnerability analysis. A curious eye caught an oddly-worded statement. Data gathering ensued using a methodical approach and a common tool set to look for known vulnerabilities, patterns, or unusual signatures as starting points for research. Researching vendor documentation to understand the systems and look for additional attack vectors. Perhaps most importantly – persistence in spending many hours of personal time in trial-and-error working towards a solution. Even if his work hadn’t resulted in two findings, Harrison likely picked up additional knowledge and techniques in the journey for future application.

RISE meeting photo

RISE thanks Harrison for sharing his story with our members. Do you have an idea for an upcoming meeting? Share your stories or expertise! Reach out to us at roanokeinfosec@gmail.com.

May 2018 – Attacking the Gatekeeper

/ roanokeinfosec

exploits_of_a_mom-xkcd

(source: xkcd.com; Don’t forget Mother’s Day!)

It’s scheduled! Mark your calendars to join us on May 10th at R&K Solutions for more experts sharing their trade craft. Harrison Neal, Security Engineer with PatchAdvisor, joins us to present a couple of (now patched) vulnerabilities he reported in the RSA authentication agent for IIS. If you’re interested in vulnerability research and details you’ll want to be at this meeting. Come for the tech, stay for the networking and refreshments!

Date and Location:
May 10th, 2018 @ 5:30 PM

R&K Solutions
2797 Frontage Rd NW
Roanoke, VA 24017
Google Maps Link

Topic: Attacking the gatekeeper: RSA’s Authentication Agent for IIS

Summary: This presentation will discuss two vulnerabilities recently discovered and patched in RSA’s software to enable two-factor authentication in IIS-hosted web applications. These vulnerabilities could enable an unprivileged domain user to impersonate other users, or crash IIS. While the vulnerabilities are fairly straightforward, there are some peculiarities that will be explored, such as exploiting one vulnerability through a named pipe rather than typical IP sockets. The presentation will also review known available mitigations for administrators.

Speaker Bio: Harrison Neal alternates between pentesting and security research roles, primarily around the DC metro area. His free time is typically spent metaphorically poking bears, enjoying the company of cats, playing Pokemon Go, or getting locked in Shenandoah National Park after hours.

April Intro to KALI Meeting Notes

/ roanokeinfosec / Leave a comment

Thanks to Nate Sykes and R&K Solutions for hosting our April ‘Intro to KALI’ meeting! Rob Garbee reviewed some of the popular tools included in the KALI Linux distribution. Rob’s presentation can be downloaded using the link below.

We’re lining up events for the coming months. If you have a topic or idea of interest to the group, please drop us a line at roanokeinfosec@gmail.com.

Rob’s ‘Intro to Kali’ presentation

April 2018 – Intro to KALI

/ roanokeinfosec / Leave a comment

FINALLY!

It’s really gonna happen this time.  Seriously, I mean it.

KALI

After multiple attempts to get this one in we’re really gonna do it this time.

Our next meeting will be on April 12th at R&K Solutions in Roanoke, VA. at 5:30pm.  Our subject will be an Intro to KALI Linux.   If you don’t know what KALI Linux is or if you do but want to know a little more have we got a meeting for you!  This operating system  is the defacto standard for Pen Testing.  We will be going through some of the more popular tools such as Metasploit, SPARTA, NMAP and OpenVAS as well as Offensive Security cert paths.

Please come out and join us.

Address: R&K Solutions,  2797 Frontage Rd NW, Roanoke, VA 24017

More info about KALI below:

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

March 2018 – Next Gen WAN Branch Architecture

/ roanokeinfosec / Leave a comment

dilbert2

(Source: Dilbert.com)

We will be meeting at ECPI (thanks Mike) in Roanoke on March the 8th at 5:30 pm.  Our speaker will be Allen Surface from World Wide Technology, Inc.   Allen will be discussing next generation WAN branch architecture with a focus on security.  I spoke to Allen briefly about this methodology and it is honestly quite amazing.   If you are a blue teamer responsible for protecting your network you should attend this session, if you are in management and are looking for ways to provide value to your security program, you should attend this session.  Ahh heck, just come to the session.  I have even included a MS Calendar appointment.

Disclaimer: This session will be vendor agnostic so if your planning on being sold something you won’t find it here.

Anyway, here are the details…

ECPI

5234 Airport Rd NW #200

Roanoke, VA 24012

March 8th, 2018, 5:30 PM

 

Topic: Next Generation Wide Area Network (WAN)

Topic Summary: This session will briefly cover next generation WAN branch architecture with a focus on security. The networking industry is quickly transforming. To support digital business, infrastructure and operations leaders for networking must transform their networks from a fixed environment to an agile and intelligent environment that provides visibility and advanced security controls across the wide area network.

BIO: Allen has 20+ years working in the IT industry and now works at World Wide Technology (WWT) as a Consulting Solutions Architect where he focuses on SD-WAN, Security, and Cisco DNA. He has experience consulting in various verticals including large pharmaceuticals, defense contractors, retail, and healthcare.

FEB 2018 – Gaining Perspectives on Cyber Risk Management

/ roanokeinfosec / Leave a comment

 

boxed-warning1

Attempting to address all aspects of a Cyber Security program has always been part of the RISE mission, and our next meeting is an attempt to reflect that mission.   Stephen Hamilton who is a Commercial Risk Specialist with HAWK Advisers Inc. and Helen Stevens who is Regional Executive with Travelers Global Technology have agreed to present for us on Gaining Perspectives on Cyber Risk Management.

I met Stephen last year while doing a Cyber Security presentation for local businesses and felt that given his experience dealing with Cyber Risk he would be an excellent choice for a presentation sometime.  His availability was limited until now, so when I found out his schedule had cleared up I jumped at the opportunity.

Stephen and Helen’s presentation is designed to provide us, as security practitioners, the information we need to advise our management teams on how best to manage risk as well as what options are available when risk needs to be deferred to another party.

Stephen has agreed to open his business to us so we will be meeting at HAWK Advisers downtown at 5:30 pm.  I have included the address below.

I am truly looking forward to this presentation and I hope that I will see you all there tomorrow Thursday the 8th  at 5:30 pm.

 

Location:

206 Williamson Rd.

Suite 100

Roanoke, VA 24011

Point of reference:

Corner of Williamson & Tazewell (across from the Norfolk Southern Building – downtown Roanoke

Shameless ask for help

If you have an idea for a presentation or if you would like to present at a meeting or if you have a location to host a meeting, drop us a note at Roanokeinfosec@gmail.com.

 

 

 

Jan 2018 – SANS Holiday Hack Challenge Party

/ roanokeinfosec / Leave a comment

 

 

PandR

Hope everyone had a great holiday break!  Our next RISE meeting will be this coming Thursday the 11th at 5:30 pm R&K Solutions.  We will be trying our hand at the SANS 2017 Holiday Hack.  Please see the link below to setup your account and then bring your laptop on the 11th.  While we won’t be getting through the entire thing we will have a chance to hang out and share ideas.  This is an excellent opportunity to learn some new chops and to show off the ones you have.   Come on out, you don’t want to miss out on this year’s event.

https://holidayhackchallenge.com/2017

R&K Solutions

2797 Frontage Rd NW

Roanoke, VA 24017

Let’s do this!!!

Pandr2

 

 

Dec 2017 – Hack-Lab with Oracle Ravello Cloud

/ roanokeinfosec / Leave a comment

thebat

We will be meeting on Dec. 14th at ECPI at 5:30 pm

Grant Sims will be presenting Oracle Ravello Cloud and how it can be used as a training platform, in a “Hack-Lab” scenario. The presentation will explain the benefits of utilizing the Ravello Cloud and how the underlying “Nested Virtualization” technology can expand our InfoSec training & testing capabilities. The short presentation will be followed by a demo of the Ravello platform and the “Hack-Lab” Grant has created within.

Grant Sims

Grant Sims has been an IT professional for over the last 10 years. His professional path began as a Network Engineer for the US DoD and is now currently a Security Engineer for Advance Auto Parts. He has a passion for security and an even greater passion for sharing his knowledge! Grant claims not to be an expert of any kind but rather a firm believer in that we all possess knowledge and experiences to share that would benefit likeminded individuals.

ECPI

5234 Airport Rd NW #200,

Roanoke, VA 24012