cyber security

DOMination: Weaponizing XSS – July 2025

/ roanokeinfosec

Hope you’re all staying cool in this scorching July heat! While the temperatures outside are blazing, we’ve got a meeting coming up that’s going to be even hotter – in a good, cybersecurity-savvy way, of course!

Prepare to have your minds melted (with knowledge, not the sun!) at our next RISE Cyber Security meeting. We’re thrilled to announce a speaker who’s ready to fire up your understanding of web vulnerabilities.

This month, we’re welcoming the brilliant Ben Eldritch to the stage. He’s bringing a talk with the following details:

DOMination: Weaponizing XSS

Even the smallest input can create a big problem. Oftentimes XSS vulnerabilities are demonstrated by popping an alert box on your screen or sending out document cookies to an external endpoint. But did you know as soon as you get access to the DOM the webpage becomes a blank canvas? The possibilities are endless from background JavaScript execution, mapping internal networks and even assisting in MFA mimicry. Join us as we discuss various techniques that turn simple XSS vulnerabilities into powerful phishing landscapes and advanced threat playgrounds.

Come join us for an evening that’s sure to be illuminating and help you beat the heat of potential cyber threats! We promise it’ll be more refreshing than an ice-cold lemonade on a hot day.

Event Details:

  • Date: Thursday, July 10, 2025
  • Time: 6pm
  • Location: Virginia Western Business/Science Building Room M302
  • Speaker: Ben Eldritch
  • Talk Title: DOMination: Weaponizing XSS

Meeting Details:

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.

Meeting info:
Virginia Western Community College
Business/Science Building, Room M302
July 10th, 2025 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

Looking forward to seeing you there!

Unmasking PAN-OS Exploits & Red Team Success – June 2025

/ roanokeinfosec

Summer’s heating up, and so is the next Roanoke Infosec Exchange (RISE) meeting! Get ready to dive deep and PAN out some serious knowledge, because we’ve got a fantastic session lined up that’s going to make your security senses tingle.

We’re absolutely thrilled to announce that Regen Peterson will be joining us on Thursday, June 12th to deliver a talk that’s as cool as a summer breeze and as insightful as a perfectly executed exploit:

“Forging the Attack Path: A Deep Dive into PAN-OS Exploitation and Post-Exploitation”

In this talk, Regen will pull back the curtain on a recent attack path he discovered and successfully utilized in multiple real-world engagements. You’ll gain a unique perspective on how a chain of Palo Alto PAN-OS vulnerabilities can be leveraged, and critically, how post-exploitation steps were identified and simplified using a custom-developed tool. Think of it as mapping out the perfect summer road trip, but for attackers!

This presentation offers a compelling blend of the “Hacker Mindset” – exploring methodology and thought processes – with a more technical discussion of the specific vulnerabilities abused. Regen will also briefly touch on crucial prevention and detection strategies, so you can help keep your networks as chill as a pool party.

And for those who love live action, if the demo gods are with us and time permits, Regen plans to walk through the entire attack chain on his own vulnerable VM! Prepare for some real-time fireworks!

This is a fantastic opportunity to learn from real-world experience and enhance your understanding of modern attack techniques and red team operations. Whether you’re a seasoned security professional or just starting out, you’ll walk away with valuable insights to Alto-er your security game.

Event Details:

  • Date: Thursday, June 12th, 2025
  • Time: 6pm
  • Location: Virginia Western Business/Science Building Room M302
  • Speaker: Regen Peterson
  • Talk Title: Forging the Attack Path: A Deep Dive into PAN-OS Exploitation and Post-Exploitation

Talk Description:

Through the talk we’ll be discussing a chain of PAN-OS vulnerabilities used in an attack path I recently found and used successfully in multiple real world engagements, as well as looking at how these post-exploitation steps were identified, and the tool I developed for simplifying these attacks. This allows the talk to serve as a combination of the typical “Hacker Mindset” talks (methodology, etc) and a slightly more technical discussion of each of the specific vulnerabilities abused in both the exploitation and post-exploitation. We’ll also very briefly touch on prevention and detection of these attacks. Lastly, I do have my own vulnerable VM, so if the demo gods and the clock allow it then we will be able to walk through it all in real time.

Meeting Details:

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.

Meeting info:
Virginia Western Community College
Business/Science Building, Room M302
June 12th, 2025 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

Please mark your calendars and spread the word! We look forward to seeing you there for another engaging RISE meeting. Don’t miss out on this hot topic!

SANS Holiday Hack Challenge 2024 – December 2024

/ roanokeinfosec

We’re excited to announce our December RISE meeting!

Calling all cybersecurity enthusiasts! Get ready to unleash your inner cyber sleuth as we explore SANS Holiday Hack Challenge 2024 with our very own Jared Register.

Mark your calendars!

  • Date: Thursday, December 12th, 2024
  • Time: 6:00 PM
  • Location: Virginia Western, Business/Science Building, Room M302

What to Expect:

This session, much like our popular event last year, will offer a sneak peek into the exciting world of the SANS Holiday Hack Challenge. Jared will guide us through the festive challenges designed to test your cybersecurity skills in a fun and interactive way.

Why You Should Join:

SANS Holiday Hack Challenge is a fantastic game for anyone interested in cybersecurity, regardless of experience level. It’s a Capture the Flag (CTF) competition disguised as a holiday wonderland, brimming with puzzles and challenges that will put your security problem-solving skills to the test.

Remember: SANS Holiday Hack Challenge is not just about holiday cheer; it’s about learning new skills, keeping up with latest trends, and expanding your cybersecurity knowledge.

About the Speaker:

Jared Register is an IT enthusiast and cybersecurity practitioner with over 10 years of experience. He currently serves as a Cybersecurity Engineer at a hospital system and focuses on the “blue team” side of cybersecurity. Jared holds a CISSP and is pursuing his Master’s in Information Systems Security Engineering from SANS.

Meeting Details:

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building.   Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.

Meeting info:

Virginia Western Community College
Business/Science Building, Room M302
December 12th, 2024 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

Online Session: This is an in-person only event!  Perhaps next month?

Don’t miss out on this opportunity to level up your cybersecurity skills and embrace the holiday spirit!

See you there!

Using Pwntools and Frida for Dynamic Exploitation – March 2024

/ roanokeinfosec

Get ready to explore the exciting world of binary exploitation with the Roanoke Infosec Exchange (RISE)! We’re thrilled to announce our next monthly meetup, happening on March 14th at 6pm, where we’ll delve into two powerful libraries: Pwntools and Frida.

Using Pwntools and Frida for Dynamic Exploitation by Hristo Asenov

This talk will focus on two libraries that help with binary exploitation. The first is called Pwntools which is a python library that creates shellcode out of functional building blocks. The second, Frida, is used for hooking functions and / or modifying the dynamic state of a process through instrumentation. Examples will be shown of how these libraries can be leveraged to make this daunting process a little simpler.

Bio:
Hristo Asenov, an avid cybersecurity enthusiast and platform engineer at Torc Robotics in Blacksburg, will be leading this informative session.

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building.   Take the stairs to the left, go to the third floor, and go to CyberSecurity lab in room M302.

Meeting info:
Virginia Western Community College
Business/Science Building, Room M302
March 14th, 2024 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

Online Session:
Sign up for the mailing list to get the online session!

Dec 2016 – SANS Holiday Hack Challenge Party

/ roanokeinfosec / Leave a comment

santa1

 

 

 

 

 

 

 

The SANS Holiday Hack Challenge is going to be released on Dec 9th, we’re going to party on Dec 15th:

santa2

 

 

 

 

 

 

 

 

If you’re not familiar with the challenge it is an annual event put on by Ed Skoudis and his team. It is essentially a game that involves a series of cyber security challenges designed to get you to learn a wide variety of skills. The team does a phenomenal job. It has elements for all skill levels and hints as you go along the way. Last year’s challenge was EPIC and I think my wife was ready to kill me if I didn’t stop playing. I’ll warn you, it can get addictive.

166-addiction

The challenges are kept online each year so you can continue to play, even if you didn’t complete it by the deadline. Here is last year’s challenge if you want take a look: https://holidayhackchallenge.com/ This link will likely update to the 2016 challenge on 12/9. If so, here is a list of past challenges: https://pen-testing.sans.org/holiday-challenge/

I can honestly say, after playing last year, I have looked forward to this year’s challenge all year long. My wife, maybe not so much, since I had my head buried in my laptop for 2 weeks last time 🙂 Here are just a few of the things I either learned about, or added skills to while playing last years challenge: sed, awk, scapy, python, JSON, SQL injection techniques,  numerous web application pentesting techniques, Burp Suite, mondoDB, firmware extraction, DNS CnC and data exfil. And when I wasn’t pulling out my hair, I had an absolute blast doing it!

Join us on 12/15 to work on the Holiday Hack Challenge. It is for all skill levels and you will be surprised how much you will learn. We will have wifi access available so everyone can work on the challenge. If you are a student and want to participate but don’t have a laptop, let us know and I will make arrangements so you will have somethig to work on.

To make the best use of the time at the party, go ahead and sign up for an account once the challenge is posted on 12/9.  You can start playing anytime after you get an account. I  also recommend having some sort of virtualization software on your laptop such as VirtualBox or VMWare Player, both are free. And having a VM running Kali set up. Or if Kali is your main OS you may want to have a Windows VM setup. All of that will aid you in the challenge.

gladiator

As usual we’ll have beer/soda and snacks. Just bring your brains because you’re going to need them.

dan-akroid-santa

The meeting will be at 5:30pm on 12/15 at R&K Solutions, 2797 Frontage Rd NW, STE 1000, Roanoke, VA 24017. Google Maps.

Dec 2015 – Continuous Security Monitoring: A Big Data Challenge

/ roanokeinfosec / Leave a comment

I-dont-always

At our Dec. meeting our guest speaker was Randy Marchany (bio below). @randymarchany is the University Information Security Officer for Virginia Tech. He is also the director of the VA Tech IT Security Lab, a component of the university’s Information Technology Security Office.   Randy did a great presentation about Continuous Monitoring and how they are implementing it at Virginia Tech. He also talked about how security is changing with “borderless” computing. They have to blend corporate security with ISP model security. He also talked about as much as things change, some seem to stay the same. One of my favorite slides from the presentation was a quote Randy said back in 2002, that still holds very true today:

marchany-quote

 

Here is the “Continuous Security Monitoring: A Big Data Challenge” presentation:

Randy Marchany - Continuous Monitoring

Here is the “What is Old is New Again” presentation:

Randy Marchany - Whats Old is New Again

Randy’s bio:

Randy Marchany is the University Information Security Officer for Virginia Tech. He is also the director of the VA Tech IT Security Lab, a component of the university’s Information Technology Security Office.

He is the author of VA Tech’s Acceptable Use Statement and a co-author of the original FBI/SANS Institute’s “Top 10/20 Internet Security Vulnerabilities” document. He is the co-author of the SANS Institute’s “Responding to Distributed Denial of Service Attacks” document that was prepared at the request of the White House in response to the DDOS attacks of 2000. He was part of the SANS Institute’s Secure Code project that developed a set of exams to test programmers’ knowledge of secure coding techniques. He has been a member of the SANS Institute’s faculty since 1992.

He is a co-author of the EDUCAUSE “Computer and Network Security in Higher Education” booklet. He is a member of the EDUCAUSE security task force focusing on risk assessment and security metrics. He was a coauthor of the original Center for Internet Security’s series of Security Benchmark documents for Solaris, AIX and Windows2000.

He is one of the original members of the US Cyber Challenge (USCC) Project. The USCC mission is to significantly reduce the shortage in the cyber workforce by serving as the premier program to identify, attract, recruit and place the next generation of cybersecurity professionals. He designed the curriculum for the USCC summer camps.

He is one of the founders of the Virginia Alliance for Secure Computing and Networking (www.vascan.org), a consortium of security practitioners and researchers from VA Tech, U of Virginia, James Madison Univ., George Mason Univ.

He has been a frequent speaker at national and international conferences such as Educause, SANS, IIA, ISACA, ACUA, International CISO symposium, IEEE, NIST, NY State OIT Security conference, FBI-Infraguard chapters, US Forest & Wildlife Service, Computer Security Conference, Air Force Material Command. He’s been the subject of articles in the Chronicle of Higher Education on security issues at university campuses.

He was a recipient of the SANS Institute’s Security Technology Leadership Award for 2000. He was a recipient of the VA Governor’s Technology Silver Award in 2003. He was part of the team that won the EDUCAUSE Excellence in Information Technology Solutions Award in 2005. He is a co-holder of two cybersecurity patents.

He is acknowledged as one of the North American masters of the hammer dulcimer. He is the author of the original theme song of National Public Radio’s nationally syndicated radio program, “World Cafe”. His band, “No Strings Attached” was nominated for or won “Indie” awards (independent record label’s version of the Grammy) for Best Album (String Music) category in 1984, 1985, 1986, 1988, 1990.

Nov 2015 – Cyber Warfare Threat

/ roanokeinfosec / Leave a comment

At our Nov. 2015 meeting our guest was Col. Lapthe Flora (bio below), brigade commander of the 91st Troop Command. He shared his experience dealing with the advance persistent threat represented by outside actors. He talked about some of the steps DoD is taking for prevention, how cyber warfare is moving out of the realm of science fiction and becoming a real threat and weapon, and current need for DoD to develop talent.

Col. Flora’s Bio:
Col. Lapthe Flora is currently the brigade commander of the 91st Troop Command, headquartered at Bowling Green, Va. Col. Flora’s command includes the Petersburg-based 276th Engineer Battalion, the Sandston-based 2nd Battalion, 224th Aviation Regiment, the Fairfax-based Data Processing Unit, the Norfolk-based Joint National Guard Augmentation Unit and the Fairfax-based Information Operations Support Center.

Flora started his military career in 1988 in the Virginia National Guard after graduating from the Virginia Military Institute and has since served in every staff position within 1st Battalion, 116th Infantry Regiment, 116th Infantry Brigade Combat Team, including as commander of that battalion. Additionally, Flora served as the 116th IBCT executive officer, 29th Infantry Division’s director of operations and most recently as the Joint Force Headquarters – Virginia director of strategic plans. He has successfully completed three overseas deployments to Bosnia, Kosovo and Afghanistan.

In his civilian capacity, Flora is the Senior Applications Engineer with Harris Night Vision & Communications Solutions in Roanoke, Va., and holds six patent awards related to the AN/PVS-14 and AN/AVS-9 night goggles.