DOMination: Weaponizing XSS – July 2025

July 8, 2025 / roanokeinfosec

Hope you’re all staying cool in this scorching July heat! While the temperatures outside are blazing, we’ve got a meeting coming up that’s going to be even hotter – in a good, cybersecurity-savvy way, of course!

Prepare to have your minds melted (with knowledge, not the sun!) at our next RISE Cyber Security meeting. We’re thrilled to announce a speaker who’s ready to fire up your understanding of web vulnerabilities.

This month, we’re welcoming the brilliant Ben Eldritch to the stage. He’s bringing a talk with the following details:

DOMination: Weaponizing XSS

Even the smallest input can create a big problem. Oftentimes XSS vulnerabilities are demonstrated by popping an alert box on your screen or sending out document cookies to an external endpoint. But did you know as soon as you get access to the DOM the webpage becomes a blank canvas? The possibilities are endless from background JavaScript execution, mapping internal networks and even assisting in MFA mimicry. Join us as we discuss various techniques that turn simple XSS vulnerabilities into powerful phishing landscapes and advanced threat playgrounds.

Come join us for an evening that’s sure to be illuminating and help you beat the heat of potential cyber threats! We promise it’ll be more refreshing than an ice-cold lemonade on a hot day.

Event Details:

Date: Thursday, July 10, 2025
Time: 6pm
Location: Virginia Western Business/Science Building Room M302
Speaker: Ben Eldritch
Talk Title: DOMination: Weaponizing XSS

Meeting Details:

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.

Meeting info:
Virginia Western Community College
Business/Science Building, Room M302
July 10th, 2025 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

Looking forward to seeing you there!

September 2023 – Lightning Talks Round 2

September 1, 2023September 11, 2023 / roanokeinfosec

We are doing our second round of lightning talks this month after the successful first round!

The ⚡two ⚡lightning ⚡talks we have set for this month are:

Common Pentest Wins

In this talk, Logan Diomedi will cover the top 3 things that get penetration testers initial access on tests.

From Paper Jams to Domain Compromise: Abusing Multi-Function Printers

In this talk, Tyler Booth wants to share with you: Whether you manage multi-function printers (MFPs) yourself or delegate the task to an outside vendor, unsecured MFPs pose a significant risk to your environment. This talk explores how attackers can exploit MFP vulnerabilities to gain an initial foothold in an Active Directory domain, potentially escalate privileges, and access sensitive documents.

In other news, there is an upcoming CTF hosted by RBTC on September 7th. Find out more at:
https://www.rbtc.tech/event/hands-on-security-capture-the-flag-event/

We look forward to seeing you in-person. If you can’t make it, we will also attempt a google meet session and recording.

Meeting info:

September 14th, 2023 at 5:30pm
Grandin Colab
1327 Grandin Rd SW, Roanoke, VA 24015
https://goo.gl/maps/4JqvZRD6bPUDEZmy5

Hope to see you there!

December – Burp Suite, Part 2, Pro Edition

November 24, 2020November 24, 2020 / roanokeinfosec

For December we have asked that Logan Diomedi return and give us an in-depth dive into Burp Suite. As you may remember Logan gave us a quick overview of Burp Suite back in February and many of you requested more so here it is.

Logan Diomedi and Burp Suite, Part 2, Pro Edition

Burp Suite is one of the many free tools available in Kali Linux. Burp Suite allows anyone to test and verify their web applications using various techniques from initial mapping and analysis of an application’s attack surface, to finding and exploiting security vulnerabilities. In this meeting Logan will show us how he uses Burp Suite in his “Red Teaming” pen tests and how you can use the tool to test your own websites.

December 10th @ 5:30pm; This will be a virtual meeting

Logan’s Bio

Logan Diomedi is a 24-year-old Roanoke native and has been in the Information Security world since his early teens. He currently works as a penetration tester for an offensive information-security firm known as Depth Security, where he performs network, application-based, social engineering, and physical penetration testing. Logan is a Capture-the-Flag & HackTheBox regular, and regularly performs infosec-related research in his spare time. Logan has been a RISE attendee for almost 2 years now and has a passion to bring knowledge and resources to the greater Roanoke information security community.

July 2020 – Password Attack and Defense

July 1, 2020August 6, 2020 / roanokeinfosec

We’re back! RISE is back for the month of July. Once again, we will be hosting a virtual meeting, but we are hopeful that we will be able to meet in person again very soon. This month we are going to cover end to end password attack and defense. So, what does that mean exactly? First, we will cover how nefarious actors steal your user’s credentials and how they use it, then we will discuss what free tools are available to audit passwords and defend against such attacks. Topics covered will be things like Hunter.io, Phishing-Frenzy, Password Spraying, Hash-Cat, DPAT, have i been pwned, MFA and others.

This will be a high-level overview of the entire kill chain process however if we determine that more discussion is needed in one area, we will discuss getting it on the calendar for a more in-depth review. I am looking forward to seeing all of you at the next meeting. Be on the look out for more information regarding online meeting information.

Meeting scheduled for 5:30 pm, July 9^th. Online meeting details sent via email, please subscribe to the mailing list for more information.

See you all soon

Speaker BIO:

rob

Robert Garbee

Twitter: @robgarbee

RISE: Roanokeinfosec.com

Robert Garbee is a Cyber Security Engineer working for the Carilion Clinic Information Security Department located in Roanoke Va. In this role, Robert is responsible for performing threat analysis, network assessments and compliance auditing for enterprise network systems located in various locations scattered across Virginia. He has more than 25 years of experience in information technology and during that time has held positions in information security, information technology and industrial security. His certifications have included Microsoft Certified Systems Engineer (MCSE), Cisco Certified Network Associate (CCNA) and most recently Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker(CEH). Robert is also a graduate of Liberty University and holds a Bachelor of Science degree in Business Management Information Security.

As a founder of the Roanoke Information Security Exchange (RISE) Robert has been asked to present to both local business leaders and community service groups. Additionally, Robert has provided commentary for featured articles in the Roanoke Times and for WSLS News 10 in Roanoke, VA.

Robert can be contacted via the RISE website at Roanokeinfosec.com, or via email at robgarbee@yahoo.com or via Twitter @robgarbee.

January 2019 – Phishing Frenzy

January 4, 2019 / roanokeinfosec / Leave a comment

Source: xkcd.com

The holidays are over, but RISE is ramping up for a new year of presentations and meet-ups. Come out to our first meeting of 2019 to learn about phishing. Rob Garbee will present phishing concepts and show some open source tools to aid your organization’s phishing campaigns.

Continue reading →

April Intro to KALI Meeting Notes

April 18, 2018April 18, 2018 / roanokeinfosec / Leave a comment

Thanks to Nate Sykes and R&K Solutions for hosting our April ‘Intro to KALI’ meeting! Rob Garbee reviewed some of the popular tools included in the KALI Linux distribution. Rob’s presentation can be downloaded using the link below.

We’re lining up events for the coming months. If you have a topic or idea of interest to the group, please drop us a line at roanokeinfosec@gmail.com.

Rob’s ‘Intro to Kali’ presentation

April 2018 – Intro to KALI

April 8, 2018 / roanokeinfosec / Leave a comment

FINALLY!

It’s really gonna happen this time. Seriously, I mean it.

KALI

After multiple attempts to get this one in we’re really gonna do it this time.

Our next meeting will be on April 12th at R&K Solutions in Roanoke, VA. at 5:30pm. Our subject will be an Intro to KALI Linux. If you don’t know what KALI Linux is or if you do but want to know a little more have we got a meeting for you! This operating system is the defacto standard for Pen Testing. We will be going through some of the more popular tools such as Metasploit, SPARTA, NMAP and OpenVAS as well as Offensive Security cert paths.

Please come out and join us.

Address: R&K Solutions, 2797 Frontage Rd NW, Roanoke, VA 24017

More info about KALI below:

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

Jan 2018 – SANS Holiday Hack Challenge Party

January 8, 2018 / roanokeinfosec / Leave a comment

PandR

Hope everyone had a great holiday break! Our next RISE meeting will be this coming Thursday the 11th at 5:30 pm R&K Solutions. We will be trying our hand at the SANS 2017 Holiday Hack. Please see the link below to setup your account and then bring your laptop on the 11th. While we won’t be getting through the entire thing we will have a chance to hang out and share ideas. This is an excellent opportunity to learn some new chops and to show off the ones you have. Come on out, you don’t want to miss out on this year’s event.

https://holidayhackchallenge.com/2017

R&K Solutions

2797 Frontage Rd NW

Roanoke, VA 24017

Let’s do this!!!

Pandr2

December Hack-Lab Meeting Notes

December 27, 2017December 27, 2017 / roanokeinfosec / Leave a comment

Thanks to Grant for a great presentation and to ECPI for providing an excellent venue. It was an awesome meeting. To see the presentation via YouTube please click the link below.

004 002

https://youtu.be/Zyivtod0hYE

Sept 2017 – Low Hanging Fruit

September 6, 2017September 6, 2017 / roanokeinfosec / Leave a comment

1410315833-low_hanging_fruit_tickets-1

Victor Garcia will be sharing what vulnerabilities he sees most often when performing Pen Tests and how to fix them.

The meeting will be at 5:30pm on 9/14 at R&K Solutions, 2797 Frontage Rd NW, STE 1000, Roanoke, VA 24017. Google Maps.

love-low-fruit

Victor Garcia is a Security Consultant, Penetration Tester for Sword & Shield Enterprise Security. His primary role consists of conducting network vulnerability assessments, penetration tests, and web application assessments. He also performs social engineering assessments such as phishing campaigns, telephone pre-texting, and malicious USB drops. He has more than 8 years of experience in the technical field in roles such as help desk, network and system administration, auditing, and information security. Additionally, Victor holds a Bachelor’s of Science in Computer Engineering and has also obtained several Offensive Security certifications.

The last presenter we had from Sword & Shield, Russel Van Tuyl, hit it out of the park. Definitely looking forward to Victor’s presentation. Guessing that while low hanging fruit are great for pen testing, they might be so good for the rest of us 🙂

lowfruit

RISE – Roanoke InfoSec Exchange

The premier InfoSec group in the Roanoke, VA region!

Offensive Security