This month will just be a social meeting at a local watering hole, Blue 5. Come on out and network with other security folks, discuss current security topics and enjoy a frosty beverage.
June 2016 – Security Architecture: Then and Now
We are ready and set for our next meeting on June 9th. This meeting will be hosted by our friends at SyCom Technologies:
SyCom Technologies
2800 Electric Rd #103c
Roanoke, VA 24018
We will start at our usual time of 5:30pm. Our speaker this month is Allen Surface and his subject will be Security Architecture: Then and Now. Allen will walk us through how Security Architectures have changed over the years, where they are headed and how we need to plan for these changes. Allen is a founding member of RISE and has worked for the past eight years as a solutions architect with SyCom Technologies. He is currently focused on designing network and security solutions for various customers in both medium and large scale networks. Prior to moving into his Security Architect role Allen was responsible for implementing hardware solutions such as Intrusion Prevention Systems, Firewalls, and DMVPNs. What this says is that Allen is one of us! He is a down in the trenches kind of guy that is willing to share his experiences with us. Come on out and support one of own and hear his take on where we are all headed as IT Security Professionals.
Taming the Shark
Another great meeting with a lot new faces and a lot of familiar ones. Big “Thanks!” to David Raymond (@dnomyard) for presenting and ECPI for hosting. David was kind enough to provide us a copy of the slides, you can grab them here:
If you want some more practice with pcaps and malware definitely check out: http://www.malware-traffic-analysis.net/ Just be careful if you export HTTP Objects
out of those as they do contain actual malware. Don’t infect yourself! 🙂
Brad (@malware_traffic), who runs that site, does an outstanding job posting tutorials as well as breakdowns of current samples and traffic patterns. He joined Unit 42, Palo Alto’s Threat Research group,which does some excellent in depth write-ups on malware. This write-up on Locky ransomware and Nuclear EK is a good example: http://researchcenter.paloaltonetworks.com/2016/03/locky-ransomware-installed-through-nuclear-ek/
David Raymond presenting
David, Michael and Rob
Just talkin’ shop
Also, don’t forget the RBTC Vulnerability Management forum is coming up as well as RVASec. If you know of other “local” security events please email roanokeinfosec@gmail.com and we will get them posted to the site.
Last but not least, if there is a topic that you would like to request for a presentation please let us know. We will do our best to line up a speaker. Or if you can speak on a topic please let us know and we’ll get you in the line up!
RISE in the Roanoke Times
If you haven’t seen it yet, RISE and several of our members were in a Roanoke Times article about cyber security on Sunday, “Cyber security experts wage quiet war on hackers“. Shout out to Rob, Ted and Nate for fighting the good fight and promoting RISE.
May 2016 – Deep Dive with Wireshark
Meeting info: May 12th, @6pm, at ECPI (directions below).
This meeting is a can’t miss opportunity for a hands on deep dive with Wireshark. David Raymond (@dnomyard, bio below) who has previously spoken at Black Hat USA, RSA and Scmoocon will be presenting.
Wireshark is a great tool for quick-and-dirty network traffic analysis and it is widely used for network troubleshooting and incident response. In this hands-on discussion, we will review the basics of Wireshark and discuss capture filters, display filters, and basic protocol analysis. We’ll then go beyond the basics to talk about more advanced features of Wireshark and touch on some of the command-line utilities that come with it, such as tshark, editcap, mergecap, and randcap.
To get the most from the discussion, attendees should bring a laptop with the latest version of Wireshark installed.
ECPI (5234 Airport Rd NW #200, Roanoke, VA 24012 or Google Maps) will be hosting the meeting and there will be some lab machines available for use by those without a laptop available.
David Raymond currently serves as Deputy Director in the Virginia Tech IT Security Office and Lab. In this position he helps oversee the security of the VT network, advises graduate students and undergrads doing cybersecurity research, and teaches courses in computer networking and security in the Department of Electrical and Computer Engineering. David holds a Ph.D. in Computer Engineering from Virginia Tech, a Masters in Computer Science from Duke University, and a Bachelors in CS from West Point. He has published over 25 journal and conference publications on a variety of topics and has spoken at numerous industry and academic conferences to include Black Hat USA, RSA, Shmoocon, and the NATO Conference on Cyber Conflict.
RBTC Cyber Security Forum: Vulnerability Management – May 24th
Don’t miss another great local opportunity to network with area security professionals. The RBTC Cyber Security Form next month is all about vulnerability management. Prior RBTC events have been excellent, and the hors d’oeuvres are not to be missed! Details on the event can be found on the RBTC website: https://rbtc.tech/2016/04/cyber-security-forum-vulnerability-management-may/
We’re Growing
It was awesome to see so many new faces and so many familiar ones at last Thursday’s meeting, thanks again to ECPI for hosting. We ended up running out of chairs!
I hope to see everyone again next month, where we will dive back down in to the weeds and take an in-depth look at Wireshark.
Get on the mailing list or check the site for more details once we get them finalized.
When is the Next RISE (Roanoke Information Security Exchange) Meeting?
We meet every 2nd Thursday of the month at 5:30pm. The meeting location rotates between several local businesses and colleges. Please see below to find out how to get on the email list for the meeting announcements. The meeting locations will also be posted to this site.
What is RISE?
We are a group of Roanoke and NRV Information Security Professionals. We get together the 2nd Thursday every month to discuss current security topics. Meetings are free, usually so is the beer, and they are open to anyone.
How Can I Get Added to the Email List for RISE meetings?
Please send an email to RoanokeInfoSec@gmail.com if you would like to be added to the email notification list.
April 2016 – Here come the Feds!
Our next meeting is April 14th at ECPI in Roanoke (address is below) at 5:30pm. The speaker will be an FBI Special Agent who has been with the FBI for 12 years and is currently in the Richmond Division with a focus toward the Roanoke area. He is currently working national security matters and has agreed to come and share with us his experiences and his thoughts on how we can assist in protecting our companies, valley and country.
It’s always good to meet your local FBI liaison. If you have a serious breach at your company or discover illegal activity on your network, you need to know who to contact.
Special thanks to Michael for opening up the ECPI facility to us and to Stephan for lining up our speaker.
Meeting Location:
ECPI University
5234 Airport Rd NW #200
Roanoke, VA 24012
March 2016 – Common Network Penetration Testing Techniques
Our discussion subject for the month of March was Network Pen Tests.
- What are they?
- Do they provide value?
- How are they done?
- What do you do with the results?
Our guest speaker was Russel C. Van Tuyl (@Ne0nd0g). Russel is an experienced Network Pen Tester with Sword & Shield in Knoxville, TN and has agreed to walk us through his Network Pen Testing procedures.
Here is a quick write up about his presentation:
Attackers can take complete control of a Windows domain by establishing full administrative rights to networks resources. This access can then be used to steal your organizations crown jewels, the thing that makes your organization money. This talk will introduce common attack paths used to compromise a domain. Additionally, a brief introduction to the tools used to perform some of these common attacks will be covered. This presentation will conclude by providing information on mitigating or detecting these common attacks. The audience will be provided with an opportunity to ask any questions, even if they’re not related to the presentation.
Update: Russel did a fantastic job presenting. His presentation was entertaining and had a ton of great information. He not only covered some of the techniques he uses when pen testing, he also talked about ways to mitigate them. If you didn’t walk away with a “To Do” list of things to check on your network, or a list of fun new things to try, you weren’t paying attention.
Here are the slides from the presentation:
He demonstrated how PowerShell can be an admins best friend, or worst enemy, by showing us how easy it was to use PowerShell Empire to compromise a box.
Our own Grant Sims has since created step by step video showing how to use one of the PowerShell techniques Russel spoke about. He shows how to use PowerSploit to get a meterpreter shell:
RISE - Roanoke InfoSec Exchange 