September 2021 -Spiders and the webs they weave

A breakdown of the complex eco-system of ECrime Actors

Wizard Spider, Carbon Spider, Prophet Spider, no we’re not talking about the next Marvel movie, we’re talking about ECrime Actors.  This month we have brought in Cristian Rodriguez from CrowdStrike to discuss how various ECrime groups operate and how they spread evil to organizations like yours.  Christian will provide an overview of the observed tactics, techniques and procedures (TTPs) used by various groups and will allow us to see the nasty underbelly of the world of the Spider.

Cristian Rodriguez is a Sr. Sales Engineer with CrowdStrike, working with some of the largest global enterprise clients. His background includes the implementation and consultation of a variety of security tools, such as Endpoint Security, DLP Platforms, Mobile Security, Proxy and IDS/IPS technologies. Before working with CrowdStrike, Cristian worked with the likes of security resellers, NH&A & FishNet Security (now Optiv) and technology vendors such as Forcepoint, & Zimperium.

This will be both a live in person event as well as virtual via Zoom.   

We want to thank ECPI for hosting this event.  Looking forward to seeing you all there.

Meeting info:

Thursday September 9th, 2021 @ 5:30pm @ ECPI Roanoke

ECPI Roanoke

5234 Airport Rd NW #200

Roanoke, VA 24012

No Meeting in May – Returning in June!

We will not hold a meeting for May – but do not fret! We already have June and July meetings in the works as well as some promising news for the return of in-person events!

RISE is closely watching reports that Virginia may remove gathering restrictions in June pending favorable metrics on vaccinations and infection rates. Keep an eye here on the RISE blog as well as RISE emails as the news develops.

We look forward to seeing you in June and thank you for your continued support!

Va Cyber Range presents: VACyberEduCon21

Save the date! On July 20-22, 2021, the Virginia Cyber Range presents the 2021 Cybersecurity Education Conference. This will be a virtual conference and the Call for Proposals is open for workshops and presentations fitting this year’s theme: “Cracking the Code to Cybersecurity Education”. Follow the link above fore more information and stay tuned to the Virginia Cyber Range website or Twitter (@VaCyberRange) for more information.

5 Years of RISE

This November marks 5 years of Roanoke InfoSec Exchange. What started as a simple idea for a free, informal group discussing InfoSec topics has managed to stay alive and continue to draw interest 5 years later. Looking back, this isn’t a trivial feat. One of, if not the, core principles of RISE is maximum inclusion of attendees in the area. Whether you are a seasoned professional, a student, in another career and looking for a change, or just an enthusiast – we want you to attend and benefit from RISE. “Exchange” means the exchange of knowledge for the improvement of our community and profession. We try to stay true to this principle by keeping meetings informal and free from “sales pitches”. When you come to a RISE meeting you should feel you’re getting honest information and free exchange of ideas.

This couldn’t happen without you. Your attendance, enthusiasm, and participation enables RISE to continue. If you are a RISE “elder”, we thank you for your continued participation in the group. If you are relatively new – welcome! We thank you for joining us and helping continue the spirit of InfoSec Exchange.

With your support we hope to continue bringing the community together for time to come. Thank you for your support to RISE and the local InfoSec community!

-Rob Garbee, Nate Sykes, & Ed Summers

December – Burp Suite, Part 2, Pro Edition

For December we have asked that Logan Diomedi return and give us an in-depth dive into Burp Suite.  As you may remember Logan gave us a quick overview of Burp Suite back in February and many of you requested more so here it is. 

Logan Diomedi and Burp Suite, Part 2, Pro Edition

Burp Suite is one of the many free tools available in Kali Linux.  Burp Suite allows anyone to test and verify their web applications using various techniques from initial mapping and analysis of an application’s attack surface, to finding and exploiting security vulnerabilities.  In this meeting Logan will show us how he uses Burp Suite in his “Red Teaming” pen tests and how you can use the tool to test your own websites.

December 10th @ 5:30pm; This will be a virtual meeting

Logan’s Bio

Logan Diomedi is a 24-year-old Roanoke native and has been in the Information Security world since his early teens. He currently works as a penetration tester for an offensive information-security firm known as Depth Security, where he performs network, application-based, social engineering, and physical penetration testing. Logan is a Capture-the-Flag & HackTheBox regular, and regularly performs infosec-related research in his spare time. Logan has been a RISE attendee for almost 2 years now and has a passion to bring knowledge and resources to the greater Roanoke information security community.