For December we have asked that Logan Diomedi return and give us an in-depth dive into Burp Suite. As you may remember Logan gave us a quick overview of Burp Suite back in February and many of you requested more so here it is.
Logan Diomedi and Burp Suite, Part 2, Pro Edition
Burp Suite is one of the many free tools available in Kali Linux. Burp Suite allows anyone to test and verify their web applications using various techniques from initial mapping and analysis of an application’s attack surface, to finding and exploiting security vulnerabilities. In this meeting Logan will show us how he uses Burp Suite in his “Red Teaming” pen tests and how you can use the tool to test your own websites.
December 10th @ 5:30pm; This will be a virtual meeting
Logan Diomedi is a 24-year-old Roanoke native and has been in the Information Security world since his early teens. He currently works as a penetration tester for an offensive information-security firm known as Depth Security, where he performs network, application-based, social engineering, and physical penetration testing. Logan is a Capture-the-Flag & HackTheBox regular, and regularly performs infosec-related research in his spare time. Logan has been a RISE attendee for almost 2 years now and has a passion to bring knowledge and resources to the greater Roanoke information security community.
We’re back! RISE is back for the month of July. Once again, we will be hosting a virtual meeting, but we are hopeful that we will be able to meet in person again very soon. This month we are going to cover end to end password attack and defense. So, what does that mean exactly? First, we will cover how nefarious actors steal your user’s credentials and how they use it, then we will discuss what free tools are available to audit passwords and defend against such attacks. Topics covered will be things like Hunter.io, Phishing-Frenzy, Password Spraying, Hash-Cat, DPAT, have i been pwned, MFA and others.
This will be a high-level overview of the entire kill chain process however if we determine that more discussion is needed in one area, we will discuss getting it on the calendar for a more in-depth review. I am looking forward to seeing all of you at the next meeting. Be on the look out for more information regarding online meeting information.
Meeting scheduled for 5:30 pm, July 9th. Online meeting details sent via email, please subscribe to the mailing list for more information.
See you all soon
Robert Garbee is a Cyber Security Engineer working for the Carilion Clinic Information Security Department located in Roanoke Va. In this role, Robert is responsible for performing threat analysis, network assessments and compliance auditing for enterprise network systems located in various locations scattered across Virginia. He has more than 25 years of experience in information technology and during that time has held positions in information security, information technology and industrial security. His certifications have included Microsoft Certified Systems Engineer (MCSE), Cisco Certified Network Associate (CCNA) and most recently Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker(CEH). Robert is also a graduate of Liberty University and holds a Bachelor of Science degree in Business Management Information Security.
As a founder of the Roanoke Information Security Exchange (RISE) Robert has been asked to present to both local business leaders and community service groups. Additionally, Robert has provided commentary for featured articles in the Roanoke Times and for WSLS News 10 in Roanoke, VA.
Robert can be contacted via the RISE website at Roanokeinfosec.com, or via email at firstname.lastname@example.org or via Twitter @robgarbee.
Update: Unfortunately we are cancelling the September meeting due to weather. We will reschedule this presentation for our next regular meeting on 11 October.
September is National Preparedness Month – so prepare yourself by joining us at the next RISE meeting to better understand the threats facing your IT systems. We will continue to explore tools and techniques that attackers use to exploit software for code execution and shell access.
If you’re the type that likes to dig deeper into tech, into the depths of the operating system and compiled code, then the August RISE meeting was for you. Shane Kennedy presented part 1 of a multi-part series on software exploit development that laid foundational concepts of software exploits such as buffer overflows.
Ready to learn about ‘buffer overflows’ and methods of exploiting binary software packages? Our next meeting will kick off a short series in the world of software exploitation and the tools and techniques used for analysis and execution. Continue reading →