Building a Hackable Badge for BSides Roanoke – December 2023

As the year draws to a close, RISE is excited to gather for one final event of 2023, and what better way to celebrate than by diving into the world of hacking and creativity? This month, Aaron McPhall is presenting:

From Concept to Reality: Building a Hackable Badge for BSides Roanoke

This presentation chronicles the journey of creating a unique and interactive digital badge for BSides Roanoke. Attendees will be taken on a behind-the-scenes exploration, from the initial concept to the finished product, with plenty of lessons to be learned along the way.

The presentation will delve into the intricacies of the process, including design, hardware, software, and fabrication. You’ll gain insights into the electronics and PCB that bring the badge to life, as well as the integrated security challenges embedded within it. We’ll also explore the firmware that powers the badge and the puzzle server that supports its interactive elements.

Finally, we’ll discuss the assembly and programming of the individual components and provide a transparent breakdown of the project’s costs. Along the way, we’ll share valuable lessons learned and inspire others to embark on their own creative endeavors.

We hope to see you there as we close out the year on a high note! Remember, if you can’t make it in person, we’ll also be streaming the presentation via Google Meet.


Meeting info:
ECPI University
December 14, 2023 @ 6:00PM
5234 Airport Rd NW #200, Roanoke, VA 24012
https://maps.app.goo.gl/usS5mLFdqBFQaM5M6

HTB CTF Crypto Challenge – November 2023

The leaves are falling and the air is crisper, which means it’s time to get cozy and learn a little about ciphers through challenges.  This month, schr0ding3r is presenting:

HTB CTF Crypto Challenge Walkthrough (or – Exploiting Nonce Reuse in ECDSA Signatures)
An interactive walkthrough of a cryptography challenge (credit to Hack the Box for hosting it for their Defcon CTF this year). I will show what the challenge is, what indicated a vulnerability, a brief intro to elliptic curve algorithms, and then how I crafted an exploit to harvest private keys.

We look forward to seeing you in-person.  If you can’t make it, we will also attempt a google meet session.


Meeting info:
ECPI University
November 9, 2023 @ 6:00PM
5234 Airport Rd NW #200, Roanoke, VA 24012
https://maps.app.goo.gl/usS5mLFdqBFQaM5M6


Speaker Bio:
schr0ding3r has a B.S. in physics and a minor in mathematics; additionally, he is currently pursuing a B.S. in Cybersecurity. He dabbles in everything [but am a master of nothing], including hacking, programming, philosophy, dancing, theater, and ancient Hebrew. Whatever the topic, schr0ding3r seeks to probe the very depths of it.

Hope to see you there!

Social – October 2023

The month of October snuck up on us, and it’s been a few months since we had a social. Let’s meet at Starr Hill on October 12th to kick back and enjoy the fall with some brews and banter.

If this social happens to stir up an idea, and it seems like a good speaking topic, please let us know at: https://forms.gle/VnVBpZDzNgBzM2qn6

“Meeting” info:
October 12th, ~6:00pm
Starr Hill Pilot Brewery & Side Stage
6 Old Whitmore Ave, Roanoke, VA 24016

https://maps.app.goo.gl/FMF3Vc54yUTuwahv6

September 2023 – Lightning Talks Round 2

We are doing our second round of lightning talks this month after the successful first round!

The ⚡two ⚡lightning ⚡talks we have set for this month are:

Common Pentest Wins

In this talk, Logan Diomedi will cover the top 3 things that get penetration testers initial access on tests.

From Paper Jams to Domain Compromise: Abusing Multi-Function Printers

In this talk, Tyler Booth wants to share with you: Whether you manage multi-function printers (MFPs) yourself or delegate the task to an outside vendor, unsecured MFPs pose a significant risk to your environment. This talk explores how attackers can exploit MFP vulnerabilities to gain an initial foothold in an Active Directory domain, potentially escalate privileges, and access sensitive documents.

In other news, there is an upcoming CTF hosted by RBTC on September 7th.  Find out more at:
https://www.rbtc.tech/event/hands-on-security-capture-the-flag-event/

We look forward to seeing you in-person.  If you can’t make it, we will also attempt a google meet session and recording.

Meeting info:

September 14th, 2023 at 5:30pm
Grandin Colab
1327 Grandin Rd SW, Roanoke, VA 24015
https://goo.gl/maps/4JqvZRD6bPUDEZmy5

Hope to see you there!

August 2023 – Lightning Talks Round 1

We had more lightning talks submitted than we initially expected! So, we are going to adjust the flow a bit, and split the lightning talks into two great sessions to provide a little more wiggle room for speakers to deliver their material.

The ⚡three ⚡lightning ⚡talks we have set for this month are:

Verify your Verification
Speaker Ben Eldritch shared the following for this talk: “I’ve pentested 3 different webapps over the past few months, and none of them have implemented account/email verification correctly. Here are a few examples of what can go wrong with account creation, and how you can fix it!”

Terraforming your Cyber Landscape
Speaker Aaron McPhall shared the following for this talk: “This talk will cover an introduction to Terraform, and why it should be considered for any cloud enabled organization. Aaron will cover the benefits of infrastructure as code as well and how terraform can be used to enable scaling and security for cloud services.”

DDoS: What you wanted to know but didn’t want to talk to your 13 year old neighbor
Andrew Beard will be leading this talk on DDoS techniques and mitigation.

In other news, there is an upcoming CTF hosted by RBTC on September 7th. Find out more at:
https://www.rbtc.tech/event/hands-on-security-capture-the-flag-event/

We look forward to seeing you in-person. If you can’t make it, we will also attempt a zoom session and recording.

Meeting info:

August 10th, 2023 @ 5:30PM

ECPI University
5234 Airport Rd NW Suite 200, Roanoke, VA 24012
https://goo.gl/maps/T6TikCHLoPQaWXzT7

Hope to see you there!

RISE August 2023 – Call for Lightning Talks

Hey there, RISE Members!

Based on July’s Social Meeting, Andrew had an excellent idea of doing a lightning talk session to get the brain juices flowing. We are looking for some speakers. This is a great place to start with an idea and see if the audience engages with it!

Please submit lightning talk ideas here: https://forms.gle/9jNBphermEi4w78EA

If there are enough submissions (more than 5), overlapping topics, etc; we may have a follow-up survey to downselect or do another lightning talk round in September. Not quite sure yet, but let’s see where this goes.

What is a lightning talk? A shortened talk (10 minutes speaking, 5 minutes for questions) to quickly introduce a topic. Time is important here, so you will want to cover the following items:

  • Establish rapport
  • Quick overview of subject
  • Establish value (teach the crowd something new)
  • Offer hints for follow-on talk (you will learn XYZ)
  • Topics consistent with last month’s Topic Survey Results

Meeting info:

August 10th, 2023 @ 5:30pm
Venue TBD

Hope to see some fun talks!

July 2023 – Summer Social

For the month of July, we want to do a social event with a little bit of business upfront at Twisted Track Brewpub on July 13th. To start, we want to take a short amount of time to introduce some changes for RISE.  Afterwards, let’s kickback and enjoy the summer with some brews and banter.

We’re talking about the perfect fuel for brainstorming and beer-sampling adventures! So, bring your witty banter and a thirst for craft beers as we celebrate and enjoy an evening of great times. Also remember to invite colleagues or friends who might be interested in joining the RISE community. The more, the merrier!

It would be helpful to us if you fill out a quick survey on what you’d like to see at future RISE events: https://forms.gle/74MyWCcAqUBeoCMr5.  The results from this survey will be used to inspire and balance out future RISE events.

If you are interested in speaking, please let us know at: https://forms.gle/VnVBpZDzNgBzM2qn6

We look forward to seeing you in person on July 13th at Twisted Track Brewpub.

Meeting info:
July 13th, 5:30pm
523 Shenandoah Ave NW
Roanoke, VA 24016
https://goo.gl/maps/2iFxmSNrp7bmuFoMA

April 2023– More ChatGPT Shenanigans

In our last meeting we had ChatGPT do some things that it wasn’t really designed to do.  In our next meeting we are going to expand on this by looking at the malware script that ChatGPT wrote and see what it really does.  Ben Eldritch has volunteered to dissect the written script and share his findings with us. Did ChatGPT really write malware?  Is ChatGPT able to create deployable badness?  Let’s find out together.

We will be meeting at Virginia Western Community College on April 13th in the Hall Family Business/Science Building.   Take the stairs to the left and go to the second floor and go to CyberSecurity lab in room M302.  

March 2023 – Let’s break AI

We have something special planned for the month of March.  RISE is going out on the town!  This month we will are going to meetup at Twisted Track to hang out.  I am attempting to get us a conference room with the hope of bringing up ChatGPT and seeing what insightful thoughts this new AI has on IT Security, cyber risk and other areas of interest.  Perhaps we may even play stump the chump or in this case stump the AI. 

Looking forward to seeing you all there.

Location:

Twisted Track Brewpub
523 Shenandoah Ave NW
Roanoke, VA 24016

Date and Time:

March 9th, 2023 @5:30pm

Feb 2023 – Byte-by-Byte – A Beginners Look into Binary Analysis

Ever wonder how computers can interpret programs? Are you interested in looking at random bytes on a screen and reading them like the Matrix? Do you always get stumped on “easy” reverse engineering CTF challenges? Then join us for a night of learning binary analysis! 

This talk will focus on looking at binaries/executables for interesting strings, compiler information, linked DLLs with dependencies, and even a basic overview of Assembly – the lowest level language we can program in! This discussion will also include commonly used tools, methods, and even utilizing AI to interpret a binary! Following the talk, we will statically analyze a simple piece of custom malware and be able to decipher just what devious tasks it may be doing! Laptops/personal machines recommended but not required (use whatever OS you want!)

BIO:

Ben Eldritch, Vulnerability Assessment Analyst for Raytheon Technologies

Current Certs: GICSP, OSCP, Pentest+, CySA+

Ben holds a Bachelor’s degree in Cybersecurity and Information Assurance from WGU and an associates in Engineering from DMACC. His interest in security started when he began tinkering with his GameBoy and messing with in-memory data via a GameShark. From there, he started writing prankware for his friends and eventually learned the ins and outs of penetration testing. When not breaking into things (with permission of course!), Ben enjoys taking long mountain hikes and observing all the different kinds of creatures of the world. 

Date & Time:

February 9th @ 5:30pm

Location

The RAMP Building
709 S. Jefferson Street Roanoke,
VA 24016

Parking and entrance are in the rear of the building