Infosec

Jan 2023 – Hack the Box: “We’ll Do It LIVE!”

/ roanokeinfosec

Wanting to take a step into the mind of a Penetration Tester? Or are you already a seasoned hacker, wanting to flex your muscles as part of a group experiment? Either way, we would love to have you join us at ECPI in Roanoke on Jan 12th at5:30pm for a guided group participation through one of the many excellent machines on the HackTheBox learning platform.

HackTheBox describes itself as “a massive hacking playground, and infosec community of over 1.3m platform members who learn, hack, play, exchange ideas and methodologies”, and it is a great place for learning and practicing alike. In this session, speaker Regen Peterson will be walking us through this platform step-by-step. This begins with creating an account and learning how to access and interact with the platform. Following this, we will conduct a group session in which we will use real-world methodologies to perform reconnaissance, enumerate and exploit vulnerabilities, and ultimately escalate privileges to gain administrator access to a vulnerable machine. And don’t worry if you are new to the offensive side of security, as inexperienced hackers will be allowed to offer their suggestions and ideas before the more experienced. 

We hope you will join us in this session of “HackTheBox: We’ll Do It LIVE!”, as we expect that it will be an extremely engaging meeting where group participation will be crucial to solving the puzzles presented. Unfortunately, due to the nature of the presentation, we will not be able to live-stream or record this meeting, but we hope to see you in person for an awesome group-learning session with HackTheBox.

BIO:

Regen Peterson, Offensive Security Consultant/Penetration Tester from Roanoke, Virginia. 

OSCP/PNPT/eJPT/+

Regen graduated from Patrick Henry High School, afterwards attending Virginia Western Community College for Computer Science Engineering. After spending some time in I.T., as well as different fields such as banking management, he developed a deep love and competitive spirit for hands-on ethical hacking learning platforms such as HackTheBox and TryHackMe. After several months of engagement with these platforms, Regen began acquiring various industry certifications and ultimately found a position in the field of Penetration Testing. Outside of `hacking`, Regen is an avid gamer, builds gaming PCs, performs music as a singer/songwriter, and spends time with his wife and three children.

Location:
ECPI Roanoke
5234 Airport Rd NW #200
Roanoke, VA 24012

Date and Time:
January 12th @ 5:30pm

Advertisement

December – Burp Suite, Part 2, Pro Edition

/ roanokeinfosec

For December we have asked that Logan Diomedi return and give us an in-depth dive into Burp Suite.  As you may remember Logan gave us a quick overview of Burp Suite back in February and many of you requested more so here it is. 

Logan Diomedi and Burp Suite, Part 2, Pro Edition

Burp Suite is one of the many free tools available in Kali Linux.  Burp Suite allows anyone to test and verify their web applications using various techniques from initial mapping and analysis of an application’s attack surface, to finding and exploiting security vulnerabilities.  In this meeting Logan will show us how he uses Burp Suite in his “Red Teaming” pen tests and how you can use the tool to test your own websites.

December 10th @ 5:30pm; This will be a virtual meeting

Logan’s Bio

Logan Diomedi is a 24-year-old Roanoke native and has been in the Information Security world since his early teens. He currently works as a penetration tester for an offensive information-security firm known as Depth Security, where he performs network, application-based, social engineering, and physical penetration testing. Logan is a Capture-the-Flag & HackTheBox regular, and regularly performs infosec-related research in his spare time. Logan has been a RISE attendee for almost 2 years now and has a passion to bring knowledge and resources to the greater Roanoke information security community.

Meeting Notes – January 2020

/ roanokeinfosec

Ken Nevers shared his inspirational story rising from rock-bottom to being a self-employed InfoSec professional. We appreciate Ken’s willingness to share such a personal story that is certain to inspire others. If you missed out on this meeting be sure to check out the video!

View video on RISE YouTube Channel

Local InfoSec Slack

/ roanokeinfosec

RISE member Aaron McPhall has set up a Slack workspace for discussion of InfoSec related topics. Networking through local groups is a great way to build your career and maybe even solve a problem or two. Check out the New River Valley InfoSec slack at https://nrv-infosec.slack.com/.

The NRV InfoSec Slack channel is an independent resource and not run or moderated by RISE. We are providing this external link to members interested in building their local professional network.

Black Hills Security – 30 Things to Get You Started

/ roanokeinfosec / Leave a comment

Many new RISE attendees ask how they can get started in InfoSec. Where do I start? What skills do I need. How can I learn new skills? Black Hills InfoSec posted a fantastic curated list of “30 Things to Get You Started”. It covers a variety of areas from log analysis, password cracking, hardware hacking, and more. Content includes blog posts and video to satisfy all types of learners.

It only takes initiative and a few minutes a day to sharpen your skills. RISE can help pair you with the people and tools – all you need to provide is the desire and effort!

Dec 2016 – SANS Holiday Hack Challenge Party

/ roanokeinfosec / Leave a comment

santa1

 

 

 

 

 

 

 

The SANS Holiday Hack Challenge is going to be released on Dec 9th, we’re going to party on Dec 15th:

santa2

 

 

 

 

 

 

 

 

If you’re not familiar with the challenge it is an annual event put on by Ed Skoudis and his team. It is essentially a game that involves a series of cyber security challenges designed to get you to learn a wide variety of skills. The team does a phenomenal job. It has elements for all skill levels and hints as you go along the way. Last year’s challenge was EPIC and I think my wife was ready to kill me if I didn’t stop playing. I’ll warn you, it can get addictive.

166-addiction

The challenges are kept online each year so you can continue to play, even if you didn’t complete it by the deadline. Here is last year’s challenge if you want take a look: https://holidayhackchallenge.com/ This link will likely update to the 2016 challenge on 12/9. If so, here is a list of past challenges: https://pen-testing.sans.org/holiday-challenge/

I can honestly say, after playing last year, I have looked forward to this year’s challenge all year long. My wife, maybe not so much, since I had my head buried in my laptop for 2 weeks last time 🙂 Here are just a few of the things I either learned about, or added skills to while playing last years challenge: sed, awk, scapy, python, JSON, SQL injection techniques,  numerous web application pentesting techniques, Burp Suite, mondoDB, firmware extraction, DNS CnC and data exfil. And when I wasn’t pulling out my hair, I had an absolute blast doing it!

Join us on 12/15 to work on the Holiday Hack Challenge. It is for all skill levels and you will be surprised how much you will learn. We will have wifi access available so everyone can work on the challenge. If you are a student and want to participate but don’t have a laptop, let us know and I will make arrangements so you will have somethig to work on.

To make the best use of the time at the party, go ahead and sign up for an account once the challenge is posted on 12/9.  You can start playing anytime after you get an account. I  also recommend having some sort of virtualization software on your laptop such as VirtualBox or VMWare Player, both are free. And having a VM running Kali set up. Or if Kali is your main OS you may want to have a Windows VM setup. All of that will aid you in the challenge.

gladiator

As usual we’ll have beer/soda and snacks. Just bring your brains because you’re going to need them.

dan-akroid-santa

The meeting will be at 5:30pm on 12/15 at R&K Solutions, 2797 Frontage Rd NW, STE 1000, Roanoke, VA 24017. Google Maps.

Notes from Oct 2016 Ransomware Meeting

/ roanokeinfosec / Leave a comment

notes

Special thanks to Brad at malware-traffic-analysis.net (http://www.malware-traffic-analysis.net/index.html), we used his examples for the October meeting. His site is an excellent resource for learning. He also posts updates and other malware related info on his twitter @malware_traffic.

Here is the traffic we walked through: http://www.malware-traffic-analysis.net/2016/05/13/index.html

And here is the solution: http://www.malware-traffic-analysis.net/2016/05/13/page2.html

To use Security Onion to analyze the traffic you can get the Security Onion ISO here and install it in a VM: https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Here is how to replay the traffic in Security Onion for analysis:

We also had some discussion on how to identify what different types of files really are, regardless of what the extension is; and also how you can carve them out of traffic streams using hex editors. To determine file types you use the “Magic Bytes”:  https://blog.netspi.com/magic-bytes-identifying-common-file-formats-at-a-glance/

Here are some resources on ways to extract files (file carving) from pcaps:

We talked about some quick ways to get info on IPs and domains when researching potential incidents. Here is a quick hit list:

May 2016 – Deep Dive with Wireshark

/ roanokeinfosec / Leave a comment

sharks-1

Meeting info: May 12th, @6pm, at ECPI (directions below).

This meeting is a can’t miss opportunity for a hands on deep dive with Wireshark. David Raymond  (@dnomyard, bio below) who has previously spoken at Black Hat USA, RSA and Scmoocon will be presenting.

wireshark2

Wireshark is a great tool for quick-and-dirty network traffic analysis and it is widely used for network troubleshooting and incident response. In this hands-on discussion, we will review the basics of Wireshark and discuss capture filters, display filters, and basic protocol analysis. We’ll then go beyond the basics to talk about more advanced features of Wireshark and touch on some of the command-line utilities that come with it, such as tshark, editcap, mergecap, and randcap.

To get the most from the discussion, attendees should bring a laptop with the latest version of Wireshark installed.

ECPI  (5234 Airport Rd NW #200, Roanoke, VA 24012 or Google Maps) will be hosting the meeting and there will be some lab machines available for use by those without a laptop available.

David Raymond currently serves as Deputy Director in the Virginia Tech IT Security Office and Lab. In this position he helps oversee the security of the VT network, advises graduate students and undergrads doing cybersecurity research, and teaches courses in computer networking and security in the Department of Electrical and Computer Engineering. David holds a Ph.D. in Computer Engineering from Virginia Tech, a Masters in Computer Science from Duke University, and a Bachelors in CS from West Point. He has published over 25 journal and conference publications on a variety of topics and has spoken at numerous industry and academic conferences to include Black Hat USA, RSA, Shmoocon, and the NATO Conference on Cyber Conflict.