April Intro to KALI Meeting Notes

Thanks to Nate Sykes and R&K Solutions for hosting our April ‘Intro to KALI’ meeting! Rob Garbee reviewed some of the popular tools included in the KALI Linux distribution. Rob’s presentation can be downloaded using the link below.

We’re lining up events for the coming months. If you have a topic or idea of interest to the group, please drop us a line at roanokeinfosec@gmail.com.

Rob’s ‘Intro to Kali’ presentation

April 2018 – Intro to KALI

FINALLY!

It’s really gonna happen this time.  Seriously, I mean it.

KALI

After multiple attempts to get this one in we’re really gonna do it this time.

Our next meeting will be on April 12th at R&K Solutions in Roanoke, VA. at 5:30pm.  Our subject will be an Intro to KALI Linux.   If you don’t know what KALI Linux is or if you do but want to know a little more have we got a meeting for you!  This operating system  is the defacto standard for Pen Testing.  We will be going through some of the more popular tools such as Metasploit, SPARTA, NMAP and OpenVAS as well as Offensive Security cert paths.

Please come out and join us.

Address: R&K Solutions,  2797 Frontage Rd NW, Roanoke, VA 24017

More info about KALI below:

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

Jan 2018 – SANS Holiday Hack Challenge Party

 

 

PandR

Hope everyone had a great holiday break!  Our next RISE meeting will be this coming Thursday the 11th at 5:30 pm R&K Solutions.  We will be trying our hand at the SANS 2017 Holiday Hack.  Please see the link below to setup your account and then bring your laptop on the 11th.  While we won’t be getting through the entire thing we will have a chance to hang out and share ideas.  This is an excellent opportunity to learn some new chops and to show off the ones you have.   Come on out, you don’t want to miss out on this year’s event.

https://holidayhackchallenge.com/2017

R&K Solutions

2797 Frontage Rd NW

Roanoke, VA 24017

Let’s do this!!!

Pandr2

 

 

Sept 2017 – Low Hanging Fruit

1410315833-low_hanging_fruit_tickets-1

Victor Garcia will be sharing what vulnerabilities he sees most often when performing Pen Tests and how to fix them.

The meeting will be at 5:30pm on 9/14 at R&K Solutions, 2797 Frontage Rd NW, STE 1000, Roanoke, VA 24017. Google Maps.

love-low-fruit

Victor Garcia is a Security Consultant, Penetration Tester for Sword & Shield Enterprise Security. His primary role consists of conducting network vulnerability assessments, penetration tests, and web application assessments. He also performs social engineering assessments such as phishing campaigns, telephone pre-texting, and malicious USB drops. He has more than 8 years of experience in the technical field in roles such as help desk, network and system administration, auditing, and information security. Additionally, Victor holds a Bachelor’s of Science in Computer Engineering and has also obtained several Offensive Security certifications.

The last presenter we had from Sword & Shield, Russel Van Tuyl, hit it out of the park. Definitely looking forward to Victor’s presentation. Guessing that while low hanging fruit are great for pen testing, they might be so good for the rest of us 🙂

lowfruit

Cyber Security Forum: Web Service Security Best Practices

cyber-security-aug17_post-image

Hello all, this month’s RISE meeting will be a little different, in fact it’s going to be a lot different.  This month we are doubling up with the RBTC.  The RBTC will be hosting a Cyber Security Forum highlighting Web Service Security Best Practices on Tuesday August 8th from 5:30pm – 7:30pm at Virginia Western Community College.  The speaker will be Adam Memisyazici from Virginia Tech.

Not only will this provide a great opportunity to learn more about Web Security but this also provides a great opportunity to rub elbows with likeminded technologist from the Valley.  Please keep in mind that unlike our meetings the RBTC actually needs to you register for this event.  Click on the link provided and register quickly.  Also there is a minor cost to attend but they probably have better snacks and drinks than we do so it’s probably worth it.  In any case, if you can make it I encourage you to attend.

Lastly, I want everyone to understand that that this will not be the norm for us but I do feel that it is a good fit for us this month.  If this works perhaps we will do again sometime in the future, if it doesn’t, well we gave it a shot.   I have provided additional details below.  Please check them out.

 

Link to register for the RBTC event and location info.

https://rbtc.tech/2017/07/cyber-security-forum-august-8/

 

Jan 2017 – Open Mic Night

open-mic

 

We had a great time at our December meeting trying our hand at the SANS Holiday Hack and we are planning on our next meeting being just as entertaining. This month we will having an “Open Mic Night” at ECPI on January 12th at 5:30pm.

Here’s how it works, collect those burning IT Security questions and bring them to the group. We will give everyone an opportunity to ask the group questions and then see what we as a group of security professionals can contribute as a whole. The idea is that one of us is never as smart as all of us so let’s share our questions and our knowledge to better secure the valley. If you don’t have any questions that’s fine, we still need you to share your experiences with those of us that do have questions.

We look forward to seeing everyone on Thursday the 12th at ECPI.

Dec 2016 – SANS Holiday Hack Challenge Party

santa1

 

 

 

 

 

 

 

The SANS Holiday Hack Challenge is going to be released on Dec 9th, we’re going to party on Dec 15th:

santa2

 

 

 

 

 

 

 

 

If you’re not familiar with the challenge it is an annual event put on by Ed Skoudis and his team. It is essentially a game that involves a series of cyber security challenges designed to get you to learn a wide variety of skills. The team does a phenomenal job. It has elements for all skill levels and hints as you go along the way. Last year’s challenge was EPIC and I think my wife was ready to kill me if I didn’t stop playing. I’ll warn you, it can get addictive.

166-addiction

The challenges are kept online each year so you can continue to play, even if you didn’t complete it by the deadline. Here is last year’s challenge if you want take a look: https://holidayhackchallenge.com/ This link will likely update to the 2016 challenge on 12/9. If so, here is a list of past challenges: https://pen-testing.sans.org/holiday-challenge/

I can honestly say, after playing last year, I have looked forward to this year’s challenge all year long. My wife, maybe not so much, since I had my head buried in my laptop for 2 weeks last time 🙂 Here are just a few of the things I either learned about, or added skills to while playing last years challenge: sed, awk, scapy, python, JSON, SQL injection techniques,  numerous web application pentesting techniques, Burp Suite, mondoDB, firmware extraction, DNS CnC and data exfil. And when I wasn’t pulling out my hair, I had an absolute blast doing it!

Join us on 12/15 to work on the Holiday Hack Challenge. It is for all skill levels and you will be surprised how much you will learn. We will have wifi access available so everyone can work on the challenge. If you are a student and want to participate but don’t have a laptop, let us know and I will make arrangements so you will have somethig to work on.

To make the best use of the time at the party, go ahead and sign up for an account once the challenge is posted on 12/9.  You can start playing anytime after you get an account. I  also recommend having some sort of virtualization software on your laptop such as VirtualBox or VMWare Player, both are free. And having a VM running Kali set up. Or if Kali is your main OS you may want to have a Windows VM setup. All of that will aid you in the challenge.

gladiator

As usual we’ll have beer/soda and snacks. Just bring your brains because you’re going to need them.

dan-akroid-santa

The meeting will be at 5:30pm on 12/15 at R&K Solutions, 2797 Frontage Rd NW, STE 1000, Roanoke, VA 24017. Google Maps.

Notes from Oct 2016 Ransomware Meeting

notes

Special thanks to Brad at malware-traffic-analysis.net (http://www.malware-traffic-analysis.net/index.html), we used his examples for the October meeting. His site is an excellent resource for learning. He also posts updates and other malware related info on his twitter @malware_traffic.

Here is the traffic we walked through: http://www.malware-traffic-analysis.net/2016/05/13/index.html

And here is the solution: http://www.malware-traffic-analysis.net/2016/05/13/page2.html

To use Security Onion to analyze the traffic you can get the Security Onion ISO here and install it in a VM: https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Here is how to replay the traffic in Security Onion for analysis:

We also had some discussion on how to identify what different types of files really are, regardless of what the extension is; and also how you can carve them out of traffic streams using hex editors. To determine file types you use the “Magic Bytes”:  https://blog.netspi.com/magic-bytes-identifying-common-file-formats-at-a-glance/

Here are some resources on ways to extract files (file carving) from pcaps:

We talked about some quick ways to get info on IPs and domains when researching potential incidents. Here is a quick hit list: