Well it’s all over now but man did we have fun. Check out a few pics from our BSidesROA event on Oct 2nd, 2021. Big thanks goes out to all our sponsors and attendees. Looking forward to the next one in the Spring of 2023.
A breakdown of the complex eco-system of ECrime Actors
Wizard Spider, Carbon Spider, Prophet Spider, no we’re not talking about the next Marvel movie, we’re talking about ECrime Actors. This month we have brought in Cristian Rodriguez from CrowdStrike to discuss how various ECrime groups operate and how they spread evil to organizations like yours. Christian will provide an overview of the observed tactics, techniques and procedures (TTPs) used by various groups and will allow us to see the nasty underbelly of the world of the Spider.
Cristian Rodriguez is a Sr. Sales Engineer with CrowdStrike, working with some of the largest global enterprise clients. His background includes the implementation and consultation of a variety of security tools, such as Endpoint Security, DLP Platforms, Mobile Security, Proxy and IDS/IPS technologies. Before working with CrowdStrike, Cristian worked with the likes of security resellers, NH&A & FishNet Security (now Optiv) and technology vendors such as Forcepoint, & Zimperium.
This will be both a live in person event as well as virtual via Zoom.
We want to thank ECPI for hosting this event. Looking forward to seeing you all there.
Thursday September 9th, 2021 @ 5:30pm @ ECPI Roanoke
5234 Airport Rd NW #200
Roanoke, VA 24012
Two new posts are now available on our YouTube site.
Ed Summer’s talk regarding Automation via Ansible and Rob Perry’s discussion regarding Space Weather. If you missed these meetings now is your chance to see the pros in action.
Automation via Ansible
We will not hold a meeting for May – but do not fret! We already have June and July meetings in the works as well as some promising news for the return of in-person events!
RISE is closely watching reports that Virginia may remove gathering restrictions in June pending favorable metrics on vaccinations and infection rates. Keep an eye here on the RISE blog as well as RISE emails as the news develops.
We look forward to seeing you in June and thank you for your continued support!
Save the date! On July 20-22, 2021, the Virginia Cyber Range presents the 2021 Cybersecurity Education Conference. This will be a virtual conference and the Call for Proposals is open for workshops and presentations fitting this year’s theme: “Cracking the Code to Cybersecurity Education”. Follow the link above fore more information and stay tuned to the Virginia Cyber Range website or Twitter (@VaCyberRange) for more information.
We thank Randy Marchany for returning to discuss the Critical Security Controls. Find recording of the event on our YouTube channel.
This November marks 5 years of Roanoke InfoSec Exchange. What started as a simple idea for a free, informal group discussing InfoSec topics has managed to stay alive and continue to draw interest 5 years later. Looking back, this isn’t a trivial feat. One of, if not the, core principles of RISE is maximum inclusion of attendees in the area. Whether you are a seasoned professional, a student, in another career and looking for a change, or just an enthusiast – we want you to attend and benefit from RISE. “Exchange” means the exchange of knowledge for the improvement of our community and profession. We try to stay true to this principle by keeping meetings informal and free from “sales pitches”. When you come to a RISE meeting you should feel you’re getting honest information and free exchange of ideas.
This couldn’t happen without you. Your attendance, enthusiasm, and participation enables RISE to continue. If you are a RISE “elder”, we thank you for your continued participation in the group. If you are relatively new – welcome! We thank you for joining us and helping continue the spirit of InfoSec Exchange.
With your support we hope to continue bringing the community together for time to come. Thank you for your support to RISE and the local InfoSec community!
-Rob Garbee, Nate Sykes, & Ed Summers
For December we have asked that Logan Diomedi return and give us an in-depth dive into Burp Suite. As you may remember Logan gave us a quick overview of Burp Suite back in February and many of you requested more so here it is.
Logan Diomedi and Burp Suite, Part 2, Pro Edition
Burp Suite is one of the many free tools available in Kali Linux. Burp Suite allows anyone to test and verify their web applications using various techniques from initial mapping and analysis of an application’s attack surface, to finding and exploiting security vulnerabilities. In this meeting Logan will show us how he uses Burp Suite in his “Red Teaming” pen tests and how you can use the tool to test your own websites.
December 10th @ 5:30pm; This will be a virtual meeting
Logan Diomedi is a 24-year-old Roanoke native and has been in the Information Security world since his early teens. He currently works as a penetration tester for an offensive information-security firm known as Depth Security, where he performs network, application-based, social engineering, and physical penetration testing. Logan is a Capture-the-Flag & HackTheBox regular, and regularly performs infosec-related research in his spare time. Logan has been a RISE attendee for almost 2 years now and has a passion to bring knowledge and resources to the greater Roanoke information security community.
Click through to access the slides and video for November’s virtual meeting on Zero to the Evidence Room with Tyler Booth.