Hope everyone had a great holiday break! Our next RISE meeting will be this coming Thursday the 11th at 5:30 pm R&K Solutions. We will be trying our hand at the SANS 2017 Holiday Hack. Please see the link below to setup your account and then bring your laptop on the 11th. While we won’t be getting through the entire thing we will have a chance to hang out and share ideas. This is an excellent opportunity to learn some new chops and to show off the ones you have. Come on out, you don’t want to miss out on this year’s event.
2797 Frontage Rd NW
Roanoke, VA 24017
Let’s do this!!!
Hello all, this month’s RISE meeting will be a little different, in fact it’s going to be a lot different. This month we are doubling up with the RBTC. The RBTC will be hosting a Cyber Security Forum highlighting Web Service Security Best Practices on Tuesday August 8th from 5:30pm – 7:30pm at Virginia Western Community College. The speaker will be Adam Memisyazici from Virginia Tech.
Not only will this provide a great opportunity to learn more about Web Security but this also provides a great opportunity to rub elbows with likeminded technologist from the Valley. Please keep in mind that unlike our meetings the RBTC actually needs to you register for this event. Click on the link provided and register quickly. Also there is a minor cost to attend but they probably have better snacks and drinks than we do so it’s probably worth it. In any case, if you can make it I encourage you to attend.
Lastly, I want everyone to understand that that this will not be the norm for us but I do feel that it is a good fit for us this month. If this works perhaps we will do again sometime in the future, if it doesn’t, well we gave it a shot. I have provided additional details below. Please check them out.
Link to register for the RBTC event and location info.
We are in for a treat in September! Jeremy Dorrough is going to do an updated version of the presentation he did at DEF CON last year.
USB Attack to Decrypt Wi-Fi Communications
Jeremy Dorrough Senior Network Security Architect / Genworth Financial
The term “Bad USB” has gotten some much needed press in last few months. There have been talks that have identified the risks that are caused by the inherent trust between the OS and any device attached by USB. I found in my research that most of the available payloads for the USB rubber ducky would be stopped by common enterprise security solutions. I then set out to create a new exploit that would force the victim to trust my Man-In-The-Middle access point. After my payload is deployed, all Wi-Fi communications will be readable, including usernames, passwords and authentication cookies. The attack will work without the need of elevating privileges, which makes it ideal for corporate environments.
Bio: Jeremy has built his career around protecting assets in the most critical IT sectors. He started his career working in a Network Operations Security Center for the US Army. He then went on to work as a Network Security Engineer defending Dominion’s North Anna Nuclear Power Station. He is currently a Senior Network Security Engineer/Architect at Genworth Financial. He is a MBA, CISSP, CEH, GIAC GPPA, CSA CCSK, ABCDEFG… Blah Blah Blah.
Jeremy has spent over 10 years researching and implementing new ways to defend against the latest attacks. He enjoys creating new exploits and feels it makes him a more well-rounded defensive Security Engineer. He is happily married and a father to two soon to be hackers. When he’s not staring at a command prompt, he is busy building and driving demolition derby cars.
ECPI was kind enough to host this month, the meeting will be on Sept. 8th @ 5:30pm.