Web Security

December – Burp Suite, Part 2, Pro Edition

/ roanokeinfosec

For December we have asked that Logan Diomedi return and give us an in-depth dive into Burp Suite.  As you may remember Logan gave us a quick overview of Burp Suite back in February and many of you requested more so here it is. 

Logan Diomedi and Burp Suite, Part 2, Pro Edition

Burp Suite is one of the many free tools available in Kali Linux.  Burp Suite allows anyone to test and verify their web applications using various techniques from initial mapping and analysis of an application’s attack surface, to finding and exploiting security vulnerabilities.  In this meeting Logan will show us how he uses Burp Suite in his “Red Teaming” pen tests and how you can use the tool to test your own websites.

December 10th @ 5:30pm; This will be a virtual meeting

Logan’s Bio

Logan Diomedi is a 24-year-old Roanoke native and has been in the Information Security world since his early teens. He currently works as a penetration tester for an offensive information-security firm known as Depth Security, where he performs network, application-based, social engineering, and physical penetration testing. Logan is a Capture-the-Flag & HackTheBox regular, and regularly performs infosec-related research in his spare time. Logan has been a RISE attendee for almost 2 years now and has a passion to bring knowledge and resources to the greater Roanoke information security community.

Advertisement

Meeting notes – ‘Attacking the Gatekeeper’

/ roanokeinfosec

This week RISE welcomed Harrison Neal (PatchAdvisor) via video conference to talk about two vulnerabilities he discovered in the RSA authentication agent for IIS. Thanks to R&K Solutions for hosting the event!

RISE meeting photo

Harrison’s was a tale of accidental findings, curiosity, and persistence. Some odd language he found while working on an unrelated task provided a tantalizing thread to pull. Over the next few months, he spent his spare time fuzzing, analyzing encryption schemes, and reading up on named pipes to convert that accidental finding into two CVEs: CVE-2018-1232 and CVE-2018-1234.

The brief exemplified many qualities of successful vulnerability analysis. A curious eye caught an oddly-worded statement. Data gathering ensued using a methodical approach and a common tool set to look for known vulnerabilities, patterns, or unusual signatures as starting points for research. Researching vendor documentation to understand the systems and look for additional attack vectors. Perhaps most importantly – persistence in spending many hours of personal time in trial-and-error working towards a solution. Even if his work hadn’t resulted in two findings, Harrison likely picked up additional knowledge and techniques in the journey for future application.

RISE meeting photo

RISE thanks Harrison for sharing his story with our members. Do you have an idea for an upcoming meeting? Share your stories or expertise! Reach out to us at roanokeinfosec@gmail.com.

May 2018 – Attacking the Gatekeeper

/ roanokeinfosec

exploits_of_a_mom-xkcd

(source: xkcd.com; Don’t forget Mother’s Day!)

It’s scheduled! Mark your calendars to join us on May 10th at R&K Solutions for more experts sharing their trade craft. Harrison Neal, Security Engineer with PatchAdvisor, joins us to present a couple of (now patched) vulnerabilities he reported in the RSA authentication agent for IIS. If you’re interested in vulnerability research and details you’ll want to be at this meeting. Come for the tech, stay for the networking and refreshments!

Date and Location:
May 10th, 2018 @ 5:30 PM

R&K Solutions
2797 Frontage Rd NW
Roanoke, VA 24017
Google Maps Link

Topic: Attacking the gatekeeper: RSA’s Authentication Agent for IIS

Summary: This presentation will discuss two vulnerabilities recently discovered and patched in RSA’s software to enable two-factor authentication in IIS-hosted web applications. These vulnerabilities could enable an unprivileged domain user to impersonate other users, or crash IIS. While the vulnerabilities are fairly straightforward, there are some peculiarities that will be explored, such as exploiting one vulnerability through a named pipe rather than typical IP sockets. The presentation will also review known available mitigations for administrators.

Speaker Bio: Harrison Neal alternates between pentesting and security research roles, primarily around the DC metro area. His free time is typically spent metaphorically poking bears, enjoying the company of cats, playing Pokemon Go, or getting locked in Shenandoah National Park after hours.

Cyber Security Forum: Web Service Security Best Practices

/ roanokeinfosec / Leave a comment

cyber-security-aug17_post-image

Hello all, this month’s RISE meeting will be a little different, in fact it’s going to be a lot different.  This month we are doubling up with the RBTC.  The RBTC will be hosting a Cyber Security Forum highlighting Web Service Security Best Practices on Tuesday August 8th from 5:30pm – 7:30pm at Virginia Western Community College.  The speaker will be Adam Memisyazici from Virginia Tech.

Not only will this provide a great opportunity to learn more about Web Security but this also provides a great opportunity to rub elbows with likeminded technologist from the Valley.  Please keep in mind that unlike our meetings the RBTC actually needs to you register for this event.  Click on the link provided and register quickly.  Also there is a minor cost to attend but they probably have better snacks and drinks than we do so it’s probably worth it.  In any case, if you can make it I encourage you to attend.

Lastly, I want everyone to understand that that this will not be the norm for us but I do feel that it is a good fit for us this month.  If this works perhaps we will do again sometime in the future, if it doesn’t, well we gave it a shot.   I have provided additional details below.  Please check them out.

 

Link to register for the RBTC event and location info.

https://rbtc.tech/2017/07/cyber-security-forum-august-8/