Author: roanokeinfosec

Cancelled!!! November 2017 – Intro to KALI

/ roanokeinfosec / Leave a comment

KALI

I’m sorry but we have had to cancel this meeting due to an unforeseen scheduling conflict at ECPI.  We will be meeting next month.

Our next meeting will be on Nov. 9th at ECPI in Roanoke, VA. at 5:30pm.  Our subject will be an Intro to KALI Linux.   We will be going through some of the more popular tools such as Metasploit, AirCrack-NG and OpenVAS as well as Offensive Security cert paths.

 

More info about KALI below:

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

ECPI’s address:

5234 Airport Rd NW #200

Roanoke, VA 24012

Sept 2017 – Low Hanging Fruit

/ roanokeinfosec / Leave a comment

1410315833-low_hanging_fruit_tickets-1

Victor Garcia will be sharing what vulnerabilities he sees most often when performing Pen Tests and how to fix them.

The meeting will be at 5:30pm on 9/14 at R&K Solutions, 2797 Frontage Rd NW, STE 1000, Roanoke, VA 24017. Google Maps.

love-low-fruit

Victor Garcia is a Security Consultant, Penetration Tester for Sword & Shield Enterprise Security. His primary role consists of conducting network vulnerability assessments, penetration tests, and web application assessments. He also performs social engineering assessments such as phishing campaigns, telephone pre-texting, and malicious USB drops. He has more than 8 years of experience in the technical field in roles such as help desk, network and system administration, auditing, and information security. Additionally, Victor holds a Bachelor’s of Science in Computer Engineering and has also obtained several Offensive Security certifications.

The last presenter we had from Sword & Shield, Russel Van Tuyl, hit it out of the park. Definitely looking forward to Victor’s presentation. Guessing that while low hanging fruit are great for pen testing, they might be so good for the rest of us 🙂

lowfruit

Cyber Security Forum: Web Service Security Best Practices

/ roanokeinfosec / Leave a comment

cyber-security-aug17_post-image

Hello all, this month’s RISE meeting will be a little different, in fact it’s going to be a lot different.  This month we are doubling up with the RBTC.  The RBTC will be hosting a Cyber Security Forum highlighting Web Service Security Best Practices on Tuesday August 8th from 5:30pm – 7:30pm at Virginia Western Community College.  The speaker will be Adam Memisyazici from Virginia Tech.

Not only will this provide a great opportunity to learn more about Web Security but this also provides a great opportunity to rub elbows with likeminded technologist from the Valley.  Please keep in mind that unlike our meetings the RBTC actually needs to you register for this event.  Click on the link provided and register quickly.  Also there is a minor cost to attend but they probably have better snacks and drinks than we do so it’s probably worth it.  In any case, if you can make it I encourage you to attend.

Lastly, I want everyone to understand that that this will not be the norm for us but I do feel that it is a good fit for us this month.  If this works perhaps we will do again sometime in the future, if it doesn’t, well we gave it a shot.   I have provided additional details below.  Please check them out.

 

Link to register for the RBTC event and location info.

https://rbtc.tech/2017/07/cyber-security-forum-august-8/

 

The Software Defined Enterprise

/ roanokeinfosec / Leave a comment

puzzle-prepration

The next RISE meeting will be July 13th at 5:30 pm at ECPI in Roanoke (address is below).  Our discussion will be The Software Defined Enterprise, Building Security into the Infrastructure with Darrell Hix.  This will fall right in line with our recent discussion of Zero Trust Networks and should be an excellent opportunity to dig deeper into how virtualization technologies are helping push the Zero Trust Network methodology forward.

Here is Darrell’s Bio.

Darrell has spent 25 years in the Information Technology field beginning as a system administrator, then as a System Engineer/Analyst, Data Center Architect, Enterprise Architect and now as his current role as a Technical Account Manager for VMware.  He has worked with the Department of Defense, managed professional services teams for a System Integration firm, worked for Defense Contractors and now works for the leading virtualization and cloud software company in the world.  His experience ranges from developing early secure messaging networks for the US Navy, designing enterprise virtual desktop architectures for a Fortune 500 defense contractor and leading an initiative to leverage cloud computing capabilities to better support software development teams for project collaboration.  Darrell now acts as a technical adviser and advocate for key VMware, Inc. customers within the US Department of Defense spectrum.

ECPI
5234 Airport Rd NW #200
Roanoke, VA 24012

So Hot Right Now!

/ roanokeinfosec / Leave a comment

1ozagu

Let me just start off by saying The reports of our death are greatly exaggerated!  RISE is not dead, we were merely dormant due to issues beyond our control.  We are back now and better than ever!

So what’s next?  Well we thought we would cover the most recent attack, WannaCry.  Seems like we were all covered up pretty good with this one, so with that in mind we want to discuss it.  What was it?  Why was it successful?  How can we prevent it?  This will be an open discussion so be prepared to share your thoughts.  What crazy things did your senior management team have you do in preparation for this one?  Did it work?  What is your war story?  We want to know.  Come on out, have a beverage and share your thoughts among friends.

We will be meeting on June 8th at 5:30 at R&K Solutions.  (Thanks Nate)

See you all there!

 

R&K Solutions

2797 Frontage Rd NW

Roanoke, VA 24017

 

 

March 2017 – 20 Critical Security Controls

/ roanokeinfosec / Leave a comment

technology.png

Hello all,

I am very pleased to announce that Randy Marchany (I’m sure he’ll sign autographs later) from Virginia Tech has agreed to speak about the 20 Critical Security Controls at our next meeting.  This will be a great presentation from a great speaker, you really want to make this one if you can.  Our meeting will be at ECPI in Roanoke at 5:30pm on the 9th.  I have included the address below.  Thanks to ECPI for hosting this month and all those that make our meetings possible.  You guys rock!

The 20 Critical Security Controls

Defending information systems is becoming more complicated with the introduction of personally owned mobile devices (BYOD) and the Internet of Things (IoT) controllers. Where to spend your cyber defense budget effectively depends on your ability to prioritize where these dollars should be spent.  The 20 Critical Security controls provide a prioritized set of controls and metrics to give you the best chance of actually defending your IT assets. The controls align with a number of well established security standards/frameworks such as ISO 27002, NIST 800-53, PCI among them. This talk describes what the controls are and provides some metrics and spreadsheets for performing a gap analysis of the controls implementation. Virginia Tech is actively implementing the controls and this talk will discuss some of the successes and roadblocks encountered so far.

OK so normally I put a little bio together for our speaker so you have a chance to read a little background on the speaker but honestly Randy is such a cyber superstar that his bio is literally a page long.  So, while not complete here are some highlights of Randy’s bio.  Please check out the link at the bottom of the message for more info on Randy.

Randy is University Information Security Officer for Virginia Tech. He is also the director of the VA Tech IT Security Lab, a component of the university’s Information Technology Security Office.  He is the author of VA Tech’s Acceptable Use Statement and a co-author of the original FBI/SANS Institute’s “Top 10/20 Internet Security Vulnerabilities” document. He is a co-author of the SANS Institute’s “Responding to Distributed Denial of Service Attacks” document that was prepared at the request of the White House in response to the DDOS attacks of 2000.  He is also one of the founders of the Virginia Alliance for Secure Computing and Networking (www.vascan.org), a consortium of security practitioners and researchers from VA Tech, U of Virginia, James Madison Univ., George Mason Univ. He has been a frequent speaker at national and international conferences such as Educause, SANS, IIA, ISACA, ACUA, International CISO symposium, IEEE, NIST, NY State OIT Security conference, FBI-Infraguard chapters, RSA.

Randys Bio

https://members.educause.edu/randy-marchany

ECPI

5234 Airport Rd NW Suite 200

Roanoke, VA 24012

Jan 2017 – Open Mic Night

/ roanokeinfosec / Leave a comment

open-mic

 

We had a great time at our December meeting trying our hand at the SANS Holiday Hack and we are planning on our next meeting being just as entertaining. This month we will having an “Open Mic Night” at ECPI on January 12th at 5:30pm.

Here’s how it works, collect those burning IT Security questions and bring them to the group. We will give everyone an opportunity to ask the group questions and then see what we as a group of security professionals can contribute as a whole. The idea is that one of us is never as smart as all of us so let’s share our questions and our knowledge to better secure the valley. If you don’t have any questions that’s fine, we still need you to share your experiences with those of us that do have questions.

We look forward to seeing everyone on Thursday the 12th at ECPI.