Columbia's Information Security Group

A free and informal gathering of information security professionals and enthusiasts in Columbia, South Carolina at the USC/Columbia Technology Incubator on the 3rd Tuesday of every month at 6:00 PM.

@Cola_Sec, #ColaSec, @USCColaInc

Image credit: Zach Pippin

June 2017 Meetup Recap

ColaSec + LockFale 2.0

Our June meeting was hosted at Conquest Brewery.  Our lock picking friends from the north, LockFale came down for the 2nd annual Lockpick Village night.  Nobody was removed from handcuffs via power tools this year, but we all increased our knowledge of physical security.   

Big thank you to Justin and Jon for hauling down all the gear and sharing your lock picking knowledge with the group.  We will see everybody back at the USC Incubator for the July meetup.

Meetup for Tuesday November 15th

Malware Analysis with Dan Boynton

Join us Tuesday Nov. 15th to learn about Malware Analysis

Join us Tuesday Nov. 15th to learn about Malware Analysis

This talk will provide a high level introduction to malware analysis. We will start with the basic concepts and considerations of analysis lab design along with a walk through of a simple Two-VM setup. Once we test and prepare our environment, we will discuss analysis techniques for document based malware (MS Office and Javascript). If time permits, we will discuss some methods for analyzing, classifying, and attributing malicious windows binaries.

ColaSec had an excellent representation at B Sides Charleston over the weekend.  Ralph Collum and Josh Huff both gave talks at the conference and several of our members attended the 2 training events as well.  Join us 6pm at the Incubator (EventBrite page here). Professional or enthusiast, all are welcome!

Intro Slides
Presenter Slides

Meetup for Tuesday October 18th

David Guirl and Trey Egan present:
Micro$oft LAPS (Local Admin Password Solution)

Join us tonight (10/18/16) 6pm at the USC Incubator.  Tonight's agenda includes a quick recap of Louisville antics at Derbycon, updates on our December meetup party plans, and In The News round table discussion.  Then David and Trey will present on Security with Microsoft LAPS (Local Admin Password Solution).  

ColaSec is for anybody with an interest for Information Security in the Columbia area.  Professional or enthusiast all are welcome.  Food and Drinks provided as usual...See you there!


Intro Sldies
Presenter Slides

September 20th Meetup

Bsides Augusta recap and Josh's DerbyCon Practice Run

Minecraft In The Slide Deck Never Hurts

Minecraft In The Slide Deck Never Hurts

Join us this Tuesday the 20th for our September meetup at the Incubator.  A handful of members hit the road and went to B Sides Augusta.  We watched Lockfale anger the NSA, saw some excellent speakers and attacked Chiron's Pyramid Capture The Flag. (One of our member's may have won an awesome prize as well)

After the B Sides recap, Josh Huff will give us a practice run of his DerbyCon talk - What I Learned by Being an OSINT Creeper.  This talk will be given at Derbycon in Louisville in the stable track and was also picked up by B Sides Charleston in November.  Josh welcomes any feedback you have as he makes his final adjustments before presenting in Kentucky.  Talk outline from Derbycon site -

Food and Beverages start at 6PM.  Registration on EventBrite page here.

Intro Slides

July and August Recaps

After the whirlwind lock picking meetup in June our updates promptly fell off the face of the Earth.  Time to remedy that...

Date: July 19, 2016

Presenter: Ralph Collum

Ralph took us on a journey through the perils of our privacy on the inter-webs.  After going through the perils we got a lesson in opting out and other methods to reduce our digital footprint.  His meme-tastic slide deck and link set can be found here.

July Intro Slides

July Presenter Slides


Date: August 16, 2016


Presenter: Trey Funderburk

Hot off a Mr. Robot appearance the week before, OpenWRT was the presentation topic for August.  Trey gave us an outstanding primer to what OpenWRT is and what it can be used for.  Trey's talk showed specific use cases of how powerful and customizable OpenWRT can be.  Trey’s slide deck can be found here.

August Intro Slies

June 21st Meetup Recap

What happens when you invite LockFale from North Carolina to join ColaSec for a lock pick village?

Record Breaking attendance, solid lock picking knowledge and Adam with an epic handcuff escape story!

Lock Pick Village

Lock Pick Village

Justin Nordine and Matt Block of LockFale joined us and brought an impressive lock pick village to play in.  We learned about physical security and had a chance to try and pick tons of different lock types.  Check out the Gallery here.  This was one of our biggest turnouts for a meetup with 25 attendees. We want to thank LockFale for doing an awesome job and thanks to all of you for making it out to a great ColaSec meeting.

Once LockFale headed back across state lines, we had a chance to practice what we learned in the bonus round. Somebody “accidentally” double locked the handcuff with the “practice wrist” to Adam.  We put all of our lock picking skills to the test then promptly went to find a power drill.  After an epic lock pick session that would make an OSHA representative jump off a building, Adam was free!  Thank you LockFale.


June 21st Meetup


image lifted from

image lifted from

Eventbright signup

Our next meetup is this Tuesday, June 21st at 6:00 PM at the USC/Columbia Technology Incubator. Details (

Our agenda includes our “normal” intro plus some intel on SANS SEC501: Advanced Security Essentials –Enterprise Defender from Corey.  Josh went to Myrtle Beach to the Techno Security & Forensic Investigation Conference plus got smoked at NetWars competition. After the intro we have the lock sport group LockFALE from North Carolina joining us and putting on a lockpick village.  If you have interest in learning lock picking or want to hone your skills on some cool practice gear, join us Tuesday.  

FALE — FALE Association of Locksport Enthusiasts

FALE came together around a common idea of general curiosity and persuasion of the public’s “right to know”. Formally founded in early 2010, the individuals involved in the initial organization already had a history in and love for the practice of locksport and of having a better understanding of the mechanisms we rely on so heavily to keep us secure. Beginning with four members meeting monthly, we have quickly progressed to bi-monthly meetings attended by 15 or more individuals. We talk locks, picks, general security and a smattering of other topics when meeting all towards the end of a better knowledge of and ability to communicate the effectiveness (or lack thereof) of so many security measures in place in current society. We hope that through these conversations and our efforts publicly we will help to educate the larger community on the proper use and understanding of locks and security measures encountered daily.

FALE will be hosting a Lockpick Village where folks can come by to talk about physical security, learn to pick locks or talk about advanced picking techniques and tips. Plenty of locks and spare picks to play with, so be sure to stop by!

Hacky Easter challenge

On March 30, four of us got together at Grapes & Gallery to try our hand at Hacking-Lab's Hacky Easter challenge.  We got through 5 of the 24 challenges before being completely stumped by a Bluejay.  But we did have a lot of fun working through the challenges.

If you'd like to join us, you can sign up on the site for free.  The challenge includes simple buddy mechanism so you can see how far we've gotten (and how much catching up you have to do!)  Our usernames are:

  • Ndecizion
  • Coreyoliseffect
  • paladin_of_pubs
  • rob0101

We do plan on going back out for a second crack at it.  Keep an eye on the list-serve for dates and times.  Come join us!

January 19, 2016, meetup wrap-up

We had a really good meeting to kick off 2016. We defined some goals for 2016 including, but not limited to:

  • malware analysis and reverse engineering
  • Wireless hacking

Then Josh gave a presentation on OSINT, using me as the target. Here are some of the resources he used:

These are some of the links to the facebook OSINT techniques from Michael Bazzell's website I mentioned in my talk last night.
This is a 75 minute demo where he teaches you the basics of OSINT on facebook

This is the custom facebook search link that includes the PIPL/API search that I've found usually yields some decent information on most targets:

Finally, we got into the SANS Holiday Hack Challenge. We had some connection issues and didn't get very far, but we definitely had some fun.

I figured out how hard it is to get scapy on Windows 10.

Here's the recording of our meetup.