Infosec

Unmasking PAN-OS Exploits & Red Team Success – June 2025

/ roanokeinfosec

Summer’s heating up, and so is the next Roanoke Infosec Exchange (RISE) meeting! Get ready to dive deep and PAN out some serious knowledge, because we’ve got a fantastic session lined up that’s going to make your security senses tingle.

We’re absolutely thrilled to announce that Regen Peterson will be joining us on Thursday, June 12th to deliver a talk that’s as cool as a summer breeze and as insightful as a perfectly executed exploit:

“Forging the Attack Path: A Deep Dive into PAN-OS Exploitation and Post-Exploitation”

In this talk, Regen will pull back the curtain on a recent attack path he discovered and successfully utilized in multiple real-world engagements. You’ll gain a unique perspective on how a chain of Palo Alto PAN-OS vulnerabilities can be leveraged, and critically, how post-exploitation steps were identified and simplified using a custom-developed tool. Think of it as mapping out the perfect summer road trip, but for attackers!

This presentation offers a compelling blend of the “Hacker Mindset” – exploring methodology and thought processes – with a more technical discussion of the specific vulnerabilities abused. Regen will also briefly touch on crucial prevention and detection strategies, so you can help keep your networks as chill as a pool party.

And for those who love live action, if the demo gods are with us and time permits, Regen plans to walk through the entire attack chain on his own vulnerable VM! Prepare for some real-time fireworks!

This is a fantastic opportunity to learn from real-world experience and enhance your understanding of modern attack techniques and red team operations. Whether you’re a seasoned security professional or just starting out, you’ll walk away with valuable insights to Alto-er your security game.

Event Details:

  • Date: Thursday, June 12th, 2025
  • Time: 6pm
  • Location: Virginia Western Business/Science Building Room M302
  • Speaker: Regen Peterson
  • Talk Title: Forging the Attack Path: A Deep Dive into PAN-OS Exploitation and Post-Exploitation

Talk Description:

Through the talk we’ll be discussing a chain of PAN-OS vulnerabilities used in an attack path I recently found and used successfully in multiple real world engagements, as well as looking at how these post-exploitation steps were identified, and the tool I developed for simplifying these attacks. This allows the talk to serve as a combination of the typical “Hacker Mindset” talks (methodology, etc) and a slightly more technical discussion of each of the specific vulnerabilities abused in both the exploitation and post-exploitation. We’ll also very briefly touch on prevention and detection of these attacks. Lastly, I do have my own vulnerable VM, so if the demo gods and the clock allow it then we will be able to walk through it all in real time.

Meeting Details:

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.

Meeting info:
Virginia Western Community College
Business/Science Building, Room M302
June 12th, 2025 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

Please mark your calendars and spread the word! We look forward to seeing you there for another engaging RISE meeting. Don’t miss out on this hot topic!

Tor: Spooky Internet for Everyday Criminals – February 2025

/ roanokeinfosec

Happy New Year! We hope you had a fantastic holiday season and are ready to dive into a year of exciting infosec learning. Our first Roanoke Infosec Exchange (RISE) meeting of 2025 is scheduled for February 13th, and we’re kicking things off with a very serious presentation.

Schrodinger will be giving a talk titled “Tor: Spooky Internet for Everyday Criminals”. He’s provided the following (completely non-satirical) abstract:

Tor is the darkweb. The darkweb is full of hackers, traffickers, thieves – bad people. The darkweb is a bad place. You are not a bad person. So you don’t go to the darkweb. Bad people hide from the government on the darkweb. You have nothing to hide, since the government takes care of good people like you.  

In this talk, we will look into this bad place and learn why it is so bad. We will talk about the evil networking, cryptography, and software used by real criminals every single day. Last of all, I will instruct you on why you should never ever visit this terrible corner of the internet.

There will be no satire. This is all very serious.

So, prepare yourselves for a very serious and informative evening as we delve into the dark (and apparently very serious) world of Tor. We look forward to seeing you there to start the year off right with some new infosec knowledge!

Meeting Details:

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building.   Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.

Meeting info:
Virginia Western Community College
Business/Science Building, Room M302
February 13th, 2024 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

SANS Holiday Hack Challenge 2024 – December 2024

/ roanokeinfosec

We’re excited to announce our December RISE meeting!

Calling all cybersecurity enthusiasts! Get ready to unleash your inner cyber sleuth as we explore SANS Holiday Hack Challenge 2024 with our very own Jared Register.

Mark your calendars!

  • Date: Thursday, December 12th, 2024
  • Time: 6:00 PM
  • Location: Virginia Western, Business/Science Building, Room M302

What to Expect:

This session, much like our popular event last year, will offer a sneak peek into the exciting world of the SANS Holiday Hack Challenge. Jared will guide us through the festive challenges designed to test your cybersecurity skills in a fun and interactive way.

Why You Should Join:

SANS Holiday Hack Challenge is a fantastic game for anyone interested in cybersecurity, regardless of experience level. It’s a Capture the Flag (CTF) competition disguised as a holiday wonderland, brimming with puzzles and challenges that will put your security problem-solving skills to the test.

Remember: SANS Holiday Hack Challenge is not just about holiday cheer; it’s about learning new skills, keeping up with latest trends, and expanding your cybersecurity knowledge.

About the Speaker:

Jared Register is an IT enthusiast and cybersecurity practitioner with over 10 years of experience. He currently serves as a Cybersecurity Engineer at a hospital system and focuses on the “blue team” side of cybersecurity. Jared holds a CISSP and is pursuing his Master’s in Information Systems Security Engineering from SANS.

Meeting Details:

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building.   Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.

Meeting info:

Virginia Western Community College
Business/Science Building, Room M302
December 12th, 2024 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

Online Session: This is an in-person only event!  Perhaps next month?

Don’t miss out on this opportunity to level up your cybersecurity skills and embrace the holiday spirit!

See you there!

Using Pwntools and Frida for Dynamic Exploitation – March 2024

/ roanokeinfosec

Get ready to explore the exciting world of binary exploitation with the Roanoke Infosec Exchange (RISE)! We’re thrilled to announce our next monthly meetup, happening on March 14th at 6pm, where we’ll delve into two powerful libraries: Pwntools and Frida.

Using Pwntools and Frida for Dynamic Exploitation by Hristo Asenov

This talk will focus on two libraries that help with binary exploitation. The first is called Pwntools which is a python library that creates shellcode out of functional building blocks. The second, Frida, is used for hooking functions and / or modifying the dynamic state of a process through instrumentation. Examples will be shown of how these libraries can be leveraged to make this daunting process a little simpler.

Bio:
Hristo Asenov, an avid cybersecurity enthusiast and platform engineer at Torc Robotics in Blacksburg, will be leading this informative session.

We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building.   Take the stairs to the left, go to the third floor, and go to CyberSecurity lab in room M302.

Meeting info:
Virginia Western Community College
Business/Science Building, Room M302
March 14th, 2024 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

Online Session:
Sign up for the mailing list to get the online session!

Kerberos 101 – February 2024

/ roanokeinfosec

Get ready to unlock the secrets of secure logins with Tyler’s captivating talk on Kerberos 101 at next month’s RISE event! This session is your gateway to understanding the ubiquitous Kerberos protocol, the silent guardian of countless Windows domains.

Dive into the core mechanics:

  • Unravel the encryption magic: Demystify key generation and witness the dance of TGT and TGS tickets.
  • Experience the ticket flow: See firsthand how secure authentication unfolds in real-time.
  • Grasp the power and limitations: Understand Kerberos’ strengths and vulnerabilities.

But the adventure doesn’t stop there!

  • Confront the dark side: Explore common Kerberos-based attacks and learn strategies to fortify your defenses.
  • Gain practical insights: Gain real-world knowledge you can apply to your own network security.
  • Fuel your security passion: Get inspired by Tyler’s expertise and stay ahead of the curve.

Meeting info:
February 8th, 6pm
5234 Airport Rd NW #200
Roanoke, VA 24012
https://maps.app.goo.gl/usS5mLFdqBFQaM5M6

Online Session:
Subscribe to the mailing list to receive session details.

See you there for an “authentication adventure” you won’t forget!

The RISE Team

Building a Hackable Badge for BSides Roanoke – December 2023

/ roanokeinfosec

As the year draws to a close, RISE is excited to gather for one final event of 2023, and what better way to celebrate than by diving into the world of hacking and creativity? This month, Aaron McPhall is presenting:

From Concept to Reality: Building a Hackable Badge for BSides Roanoke

This presentation chronicles the journey of creating a unique and interactive digital badge for BSides Roanoke. Attendees will be taken on a behind-the-scenes exploration, from the initial concept to the finished product, with plenty of lessons to be learned along the way.

The presentation will delve into the intricacies of the process, including design, hardware, software, and fabrication. You’ll gain insights into the electronics and PCB that bring the badge to life, as well as the integrated security challenges embedded within it. We’ll also explore the firmware that powers the badge and the puzzle server that supports its interactive elements.

Finally, we’ll discuss the assembly and programming of the individual components and provide a transparent breakdown of the project’s costs. Along the way, we’ll share valuable lessons learned and inspire others to embark on their own creative endeavors.

We hope to see you there as we close out the year on a high note! Remember, if you can’t make it in person, we’ll also be streaming the presentation via Google Meet.


Meeting info:
ECPI University
December 14, 2023 @ 6:00PM
5234 Airport Rd NW #200, Roanoke, VA 24012
https://maps.app.goo.gl/usS5mLFdqBFQaM5M6

HTB CTF Crypto Challenge – November 2023

/ roanokeinfosec

The leaves are falling and the air is crisper, which means it’s time to get cozy and learn a little about ciphers through challenges.  This month, schr0ding3r is presenting:

HTB CTF Crypto Challenge Walkthrough (or – Exploiting Nonce Reuse in ECDSA Signatures)
An interactive walkthrough of a cryptography challenge (credit to Hack the Box for hosting it for their Defcon CTF this year). I will show what the challenge is, what indicated a vulnerability, a brief intro to elliptic curve algorithms, and then how I crafted an exploit to harvest private keys.

We look forward to seeing you in-person.  If you can’t make it, we will also attempt a google meet session.


Meeting info:
ECPI University
November 9, 2023 @ 6:00PM
5234 Airport Rd NW #200, Roanoke, VA 24012
https://maps.app.goo.gl/usS5mLFdqBFQaM5M6


Speaker Bio:
schr0ding3r has a B.S. in physics and a minor in mathematics; additionally, he is currently pursuing a B.S. in Cybersecurity. He dabbles in everything [but am a master of nothing], including hacking, programming, philosophy, dancing, theater, and ancient Hebrew. Whatever the topic, schr0ding3r seeks to probe the very depths of it.

Hope to see you there!

Jan 2023 – Hack the Box: “We’ll Do It LIVE!”

/ roanokeinfosec

Wanting to take a step into the mind of a Penetration Tester? Or are you already a seasoned hacker, wanting to flex your muscles as part of a group experiment? Either way, we would love to have you join us at ECPI in Roanoke on Jan 12th at5:30pm for a guided group participation through one of the many excellent machines on the HackTheBox learning platform.

HackTheBox describes itself as “a massive hacking playground, and infosec community of over 1.3m platform members who learn, hack, play, exchange ideas and methodologies”, and it is a great place for learning and practicing alike. In this session, speaker Regen Peterson will be walking us through this platform step-by-step. This begins with creating an account and learning how to access and interact with the platform. Following this, we will conduct a group session in which we will use real-world methodologies to perform reconnaissance, enumerate and exploit vulnerabilities, and ultimately escalate privileges to gain administrator access to a vulnerable machine. And don’t worry if you are new to the offensive side of security, as inexperienced hackers will be allowed to offer their suggestions and ideas before the more experienced. 

We hope you will join us in this session of “HackTheBox: We’ll Do It LIVE!”, as we expect that it will be an extremely engaging meeting where group participation will be crucial to solving the puzzles presented. Unfortunately, due to the nature of the presentation, we will not be able to live-stream or record this meeting, but we hope to see you in person for an awesome group-learning session with HackTheBox.

BIO:

Regen Peterson, Offensive Security Consultant/Penetration Tester from Roanoke, Virginia. 

OSCP/PNPT/eJPT/+

Regen graduated from Patrick Henry High School, afterwards attending Virginia Western Community College for Computer Science Engineering. After spending some time in I.T., as well as different fields such as banking management, he developed a deep love and competitive spirit for hands-on ethical hacking learning platforms such as HackTheBox and TryHackMe. After several months of engagement with these platforms, Regen began acquiring various industry certifications and ultimately found a position in the field of Penetration Testing. Outside of `hacking`, Regen is an avid gamer, builds gaming PCs, performs music as a singer/songwriter, and spends time with his wife and three children.

Location:
ECPI Roanoke
5234 Airport Rd NW #200
Roanoke, VA 24012

Date and Time:
January 12th @ 5:30pm

December – Burp Suite, Part 2, Pro Edition

/ roanokeinfosec

For December we have asked that Logan Diomedi return and give us an in-depth dive into Burp Suite.  As you may remember Logan gave us a quick overview of Burp Suite back in February and many of you requested more so here it is. 

Logan Diomedi and Burp Suite, Part 2, Pro Edition

Burp Suite is one of the many free tools available in Kali Linux.  Burp Suite allows anyone to test and verify their web applications using various techniques from initial mapping and analysis of an application’s attack surface, to finding and exploiting security vulnerabilities.  In this meeting Logan will show us how he uses Burp Suite in his “Red Teaming” pen tests and how you can use the tool to test your own websites.

December 10th @ 5:30pm; This will be a virtual meeting

Logan’s Bio

Logan Diomedi is a 24-year-old Roanoke native and has been in the Information Security world since his early teens. He currently works as a penetration tester for an offensive information-security firm known as Depth Security, where he performs network, application-based, social engineering, and physical penetration testing. Logan is a Capture-the-Flag & HackTheBox regular, and regularly performs infosec-related research in his spare time. Logan has been a RISE attendee for almost 2 years now and has a passion to bring knowledge and resources to the greater Roanoke information security community.