November 17, 2015, meetup wrapup

November 19, 2015 / Timothy De Block

We had an excellent Ask Me Anything with the Catalyst AKA Micheal Santarcangelo. We covered a couple different topics including policy design, passwords, approaching leadership, and much more. Thanks again to Michael for taking time out of his busy schedule to attend the meeting.

Next month we will be doing a more relaxed meetup. We are going to move to a restaurant for dinner, drinks, and some casual discussions on security (among other topics). We will have details soon and hope you can join us.

Comment 0 Likes

tags / infosec, leadership, communication

November 17, 2015, meetup agenda - Catalyst AMA

November 10, 2015 / Timothy De Block

This month Michael Santarcangelo will be joining us for an Ask Me Anything (AMA AKA Q&A AKA Question & Answer) at our November 17, 2015, meetup. Michael currently resides in Myrtle Beach. He contributes regularly to the Security Weekly and the Down the Security Rabbit Hole information podcasts. He's also a contributing editor to CSO online.

His focus is developing exceptions leaders and powerful communicators for the information security community. Check out his website at securitycatalyst.com.

BSides Charleston is this Saturday, November, 14, 2015. Several members of ColaSec plan to be there for the event. We will have short wrap-up on the conference during the opening introductions.

Festivities begin at 6:30 p.m. at IT-ology.

1 Comment 0 Likes

tags / Meetup Agenda, BSides Charleston, Michael Santarcangelo, Leadership, Communication, infosec

October 17, 2015, CTF wrapup

October 19, 2015 / Timothy De Block

ColaSec held its first ever capture the flag event this past Saturday. A huge shoutout goes to Ralph Collum and Training Concepts for making the event possible. Ralph pretty much picked up the idea of a CTF event and ran with it for a touchdown. Also a shoutout to Jeff Lang for doing the Tuesday presentation on CTF basics.

We peaked at 10 people participating during the event and had six people stay for the entire four-hour event. It was a valuable experience that everyone seemed to enjoy. We plan to do more of the events in the future. Right now we're looking at doing them twice a year. Stay tuned for more details.

Here are some thoughts and links from Ralph:

"ColaSec participated in its first CTF this past Saturday. It was a great opportunity to learn some new skills and tools as everyone could learn some new ways to compromise machines and technologies. This was a great opportunity to engaged in learning as oppose to strict lecture and presentations. There were a variety of challenges in the machines everything from web applications, password cracking, forensics and crypto. The list of VM’s available for compromises are listed below in order of target’s assigned to everybody at the meetup. These types of events are actually a critical element of the security professional’s development, helping to build and maintain skills essential to the protection of our institutions. These events offer a more practical way to learning about vulnerabilities and threats and help the individuals participating in them build their skillset and sharpen their tools in testing and assessing networks are services. Most of the CTF exercises follow a common methodology of attacks, which include recon/footprinting, scanning, system hacking/exploitation, post exploitation/privilege escalation, and then finally gaining root level access to the environment. Hopefully, the most important thing that came out of the CTF was that everybody got an opportunity to learn something new and possible find a new way to look at and understand the threats out there. Finally, even though it might seem like some of the challenges were tough through practice, patience, and dedications these CTF’s can be invaluable to the improvement and development of skills in information security."

VM Target #1: https://www.vulnhub.com/entry/de-ice-s1100,8/
VM Target #2: https://www.vulnhub.com/entry/de-ice-s1120,10/
VM Target #3: https://www.vulnhub.com/entry/de-ice-s1140,57/
VM Target #4: https://www.vulnhub.com/entry/pentester-lab-electronic-codebook-ecb,67/
VM Target #5: https://www.vulnhub.com/entry/tr0ll-1,100/
VM Target #8: https://www.vulnhub.com/entry/pentester-lab-xss-and-mysql-file,66/

I've created an events gallery which features some pictures from the CTF event.

Our next meetup will be November 17, 2015. I've confirmed that the security catalyst, Michael Santarcangelo, will be joining us.

Comment 0 Likes

categories / Events
tags / CTF, infosec

October 13, 2015, meetup wrapup - The CTF is coming.

October 14, 2015 / Timothy De Block

Jeff Lang giving a presentation on what one needs to participate in a CTF

We had a wonderful meetup with a couple of new faces.

Before we get to the recap, reminder that this Saturday October 17, 2015, we will be doing our first group CTF at Training Concepts. The address:

250 Berryhill Rd # 502, Columbia, SC 29210

Details are on our "Upcoming Events" page.

Onto the meetup. Josh gave a recap of DerbyCon and then Jeff went over some basics for participating in a CTF. His slides are available here: https://drive.google.com/open?id=16QyVo3UUOTMQyiZqAzBuLp2a_mDP9inkMWNj3JKMXwU

We did a Google Hangout again of the entire meetup if you're interested in watching the presentation.

We look forward to seeing everyone at the CTF Saturday.

Comment 0 Likes

categories / Meetup
tags / infosec, CTF

October 13 and 17, 2015, meetup agenda

October 06, 2015 / Timothy De Block

This month we will be putting on our first CTF event for ColaSec. We will meet October 13, 2015, at 6:30 p.m. at IT-ology for a CTF primer. The primer will be facilitated by Jeff and we'll walk through some basics and ensure Kali and other tools get installed on CTF machines.
Prior to all that Josh will give a presentation on his experiences at DerbyCon.

Schedule and requirements:

October 13 meetup - CTF Primer - IT-ology 6:30 p.m. - 9:00 p.m.

If you have problems loading Kali we can address them at the meeting. Here is a list of other programs that may be useful for the CTF:

nmap
netdiscover
nikto or wikto
wireshark
some form of ssh client
password cracker(online and offline)
netcat
dirbuster
some proxy
cookie editor
steganalysis tool(stegdetect or stegspy)
hex editor
picture viewer(infanview)
debugger(ollydb)
malware analysis(IDA, PEiD, PEView, PEScanner.py)
sqlmap

We will figure out teams at the Tuesday meetup as well.

October 17 CTF - Training Concepts - 1 p.m. to 5 p.m.

Ralph is putting together the CTF using VulnHub. He plans to have 3-4 local VMs with 1-2 additional online CTFs.

We will be at Training Concepts for the actual CTF on Saturday.

250 Berryhill Rd # 502, Columbia, SC 29210

Bring your Kali-loaded laptops or just bring yourself. There will be computers available for people who don't have a laptop to use for the CTF.

Comment 0 Likes

categories / Meetup
tags / infosec, CTF, Meetup Agenda

IT-ology Trends 2015

October 01, 2015 / Timothy De Block

Technology is driving business at an unprecedented speed. But, on an almost daily business, cyber security breaches or hacks are taking place throughout the world. So, how do you protect your business, your family, your self? Join us for Trends 2015 as we explore the important topic of cyber security. Presentations will range from trending topics in cyber security to new technologies. This is a must attend event for C Suite, citizens and technologists!

| Wed,October 28th | IT-oLogy | 1301 Gervais St., Columbia

Morning Keynotes Include:

Creating a Culture of Cyber Security, Michael Kaiser, National Cyber Security Alliance

Did you know it’s National Cyber Security Awareness Month (NCSAM)? Securing the internet is a responsibility we all share, and NCSAM is intended to provide all digital citizens with the resources they need to protect themselves and others online. Learn about how we start to create a culture of cyber security as we have with other issues such as recycling.

South Carolina's Cyber Landscape and Opportunities, General Les Eisner, University of South Carolina

Lessons Learned from Ashley Madison, Jim Salter, Openoid

38 million accounts and 9.7 million credit card transactions from the notorious adultery site leaked this year. How does this affect you? Probably more than you think, whether you were in AM's databases or not. Learn how to manage your data - and its inevitable exposure - in the harsh reality of the internet era.

But It Disappeared!

What REALLY happens when you use apps (such as SnapChat)? Demonstration by top forensic specialists.

Afternoon Sessions:

Citizen

How to Make Your Home and Family Cyber Safe, Michael Kaiser
Passwords in the Internet Age, Jim Salter, Openoid
So You've Been Hacked,Juliana Harris,SC Department of Consumer Affairs

Business

Learn how to put together a cybersecurity plan for your business, how to manage potential issues and more.

Speakers include:
Michael Santarcangelo
Adam Anderson
Greg Meetze,SLED
Jarrett Coco, Nelson Mullins Riley & Scarborough

Technologists

Low Cost Tools for Security Challenges, Timothy De Block, ColaSec
Application Security, Bruce Jenkins, HP
Simple Hacking Techniques Anyone Can Use, Mark Baggett,SANS Institute

Register

Comment 0 Likes

categories / Conference
tags / infosec, IT-ology

September 15, 2015, meetup wrap-up - frameworks for securing things

September 16, 2015 / Timothy De Block

We had an excellent meeting this month. About 14 people showed up and participated. We had a lot to talk about with BSides Augusta happening Saturday, the CTF planning for next month, and the usual infosec news. After that, Ralph Collum gave us an excellent talk on security frameworks and how to choose the best one. We finished with some videos from J4vv4d.

Next months meetup will be slightly different. We're planning to do two days. We'll meet our usual Tuesday, October 13, 2015, but we're also going to meet the following Saturday, October 17, 2015, for some capture the flag (CTF) fun. Details to come soon.

Comment 0 Likes

categories / Meetup
tags / infosec, CTF, security framework

September 15, 2015, meetup agenda - Security Frameworks

September 08, 2015 / Timothy De Block

It's looking like the September meetup is going to be jam-packed month for the ColaSec user group. We will wrap-up BSides Augusta, talk about the October CTF, and have a presentation on security frameworks.

BSides Augusta is this Saturday, September 12, 2015, in Augusta Georgia. It is one of the best well run BSides events out there and I highly recommend the event. Did I mention I'll be speaking at the event? The event is sold out, but has a waiting list. They've recently released some tickets, so who knows.

We're planning a CTF event for October. We will have a Tuesday primer meetup followed up by a CTF competition on the following Saturday. If you would like to participate fill out this Google survey and let us know what weekend in October works best for you: http://goo.gl/forms/ULuA1Jt3im

Finally, we're planning on having a presentation on security frameworks for this months meetup. If you have to decide on a framework for your organization, which one is the best one for your organization?

Comment 0 Likes

categories / Meetup
tags / infosec, security framework, CTF, BSides Augusta

Augusta 18, meetup wrapup - Blue Team Starter Kit Tour begins

August 19, 2015 / Timothy De Block

This past Tuesday, I presented my Blue Team Starter Kit talk, that I will be presenting at BSides Augusta (September 12) and DerbyCon (September 24-27) next month. It was a good chat with some good interaction and trolling. I've got a lot of work to do on refining the talk, which was why I wanted to present it at ColaSec as a warmup for the big security conferences.

I will be presenting on Blue Team track 1 at 5 p.m. for BSides Augusta and I will be presenting Friday in the Stable talk track at 1:30 p.m. for DerbyCon. I'm super excited to be presenting at both conferences and look forward to catching up with people I know, as well as meeting some new people.

We had a lot of new faces at this weeks meetup, which is always nice to see. Building relationships and strengthening the infosec community in Columbia, SC, is something I am really excited about and look forward to each month.

Finally, we are helping ITology find speakers for their Trends 2015 conference this October. Details are below:

IT-oLogy presents Trends 2015

Cybersecurity 2020: The Impact of Digital Business on Security

CALL FOR PRESENTERS NOW OPEN

Form to submit: https://itchallenge.wufoo.com/forms/r1pd8o9s19cfxod

What is Trends?

An IT-oLogy (www.it-ology.org) hosted annual conference focusing on technology issues and topics that are “trending” nationally as well as regionally/locally. Basically, it heightens awareness around issues that will impact the future of IT-oLogy partners, the local and regional community, and South Carolina in a big way. The conference is kicked off by a presentation from a Gartner analyst.

2015 Topic:

This year’s topic is the overall digital transformation taking place in society (everything is becoming ‘digital’) and the associated security issues that come along with it.

2015 Date/Location:

Trends will take place Wednesday, October 28 fro 9:00 am to 4:30 pm EST at IT-oLogy, 1301 Gervais Street, Columbia, SC 29201.

Call for Speakers:

The 2015 Call for Speakers is now open. We’re looking for talks in the following areas:

Digital Transformation

A massive “digital transformation” is taking place in society and the pace is only accelerating. Industries, as well as organizations and individuals, are being impacted in ways never imagined. What are examples of this transformation? How is it having an impact? Why is it important?

Security, specific to the following areas:

• C level/Executive – security issues impacting executives at all levels (decision makers). Those topics executives should be aware of and know about.

• Technologists – issues impacting those at a hands-on technical level. Target audience here will be technologists.

• Citizen 101 – issues impacting everyday citizens. Things they should be aware of. Examples might include a very basic overview of how to encrypt email and/or attachments (most don’t have a clue), why changing passwords often is a must-do (and how to keep up with all those passwords), and other like issues.

Do you have apresentation? We’d like to hear from you! Please fill out the form and Todd Lewis (todd.lewis@it-ology.org) will respond!

https://itchallenge.wufoo.com/forms/r1pd8o9s19cfxod

Comment 0 Likes

categories / Meetup
tags / infosec, Blue Team, Tools, EMET, OWASP ZAP, Redline, Presentation, PDQ Deploy

August 18, 2015, meetup agenda - Blue Team Starter Kit

August 11, 2015 / Timothy De Block

Next week, I will be presenting my Blue Team Starter Kit talk, in preparation for my presentation of the talk at BSides Augusta, September 12, 2015, and DerbyCon, September 25-27.

The talk is focused on low cost tools for Blue Teams. The tools I plan to cover in the talk include:

Google/Twitter
OWASP Zed Attack Proxy
Mandiant Redline
Microsoft EMET
Admin Arsenal PDQ Deploy

These are tools I've found to be effective and accomplishing specific challenges given to me by management. And the best thing is that all of them are easy to use and free (PDQ Deploy enterprise is $500).

Also, we will discuss IT-ology Trends 2015 event at the meetup.

Comment 0 Likes

categories / Meetup
tags / presentation, Blue Team, Tools, infosec

July 21, 2015, meetup wrapup - OSSEC in the house!

July 23, 2015 / Timothy De Block

At this weeks meeting we discussed the following news items:

Hacking Team hacked, attackers claim 400GB in dumped data - Steve Ragan - CSO Online

Flash. Must. Die - Brian Barrett - WIRED

OpenSSL patches critical certificate validation vulnerability - Michael Mimoso - Threatpost

And because it just came out the same day we also discussed the freshly new hacked Jeep news.

Hackers remotely kill a jeep on the highway -- with me in it - Andy Greenberg - WIRED

After the news, Robert Wilson gave an excellent talk on OSSEC. He showed us how to both set it up and use it to monitor for abnormal activity. It's really interesting stuff and only requires, as Robert put it, "nerd power" to get it up and running. Here are some links to get started with it:

Main OSSEC site

OSSEC on GitHub

Daniel Cid's OSSEC architecture presentation

OSSEC CON presentations

Vic Hargrave's ELK and OSSEC overview (somewhat outdated)

NSA Guidance on spotting the adversary

IAD GitHub

Thanks again to Robert for stepping up giving us an excellent presentation for our July meetup. It was very informative and fun as always hanging out with other infosec folks.

Our next meetup will be August 18. I will be presenting my Blue Team Starter Kit talk which I intend to use at BSides Augusta, September 12.

Comment 0 Likes

categories / Meetup
tags / infosec, OSSEC, presentation

July 21, 2015, meetup agenda - OSSEC

July 15, 2015 / Timothy De Block

Robert Wilson will be giving us a presentation on OSSEC host intrusion detection software and will be covering the following questions

What is it?
How do you get it?
What exactly does it do?
What does it NOT do?
How do you use it?
What are some real-world examples of using OSSEC
What about querying? What about all of the chatter?

If you have any other questions about OSSEC be sure to bring to drop them on our listserv or bring them to the meeting next week.

I'll also be adding a new "The NEWS" segment to the meetup. We'll try it out and see how it goes.

Also, we are planning to go to Brew at the Zoo August 7, 2015, as a group. If you would like to commit to going to the event, let me know and bring some money or a checkbook to the meetup to pay for a ticket.

Comment 0 Likes

categories / Meetup
tags / Meetup Agenda, infosec, OSSEC

June 16, 2015, meetup wrapup - demo gods pwn presenter

June 17, 2015 / Timothy De Block

Well it happened again.

The demo gods gave our demo presenter a case of the, "you're not presenting tonight" and thus we were left scrambling for a presentation again. It was still a good night though as we slogged our way through setting up Kali Linux and Metasplotable. Sandra also brought us some cool toys to play with and was kind enough to take notes and a recording of the meeting.

We started with introductions and the agenda for tonight. Then I shared some pictures of CircleCityCon. Adam then stepped up to the play and tried to give a demo until he realized he had downloaded the 32-bit version of VirtualBox and was trying to load 64-bit ISOs. Chris stepped in to assist in walking everyone through how to setup Kali Linux.

We were then distracted when Sandra pulled out some Google cardboard and sent us on trips to space museums, Paris, and other places. We then got back to business and discussed some VM nuances, movie reboots, and Edwin showed of the pfSense console. Back at the Kali Linux install we discovered that you shouldn't try to run a VM from an SD card. Metasploitable is up an running. I managed to pop a padlock in less than five seconds! After a few more errors and troubleshooting both Kali and Metasploitable are up and running. Success!

Robert wrapped up the meeting talking about OSSEC, which he will be presenting on at our next meeting.

Quotes of the night

"That's the problem with doing a presentation with a bunch of nerds; they'll tell what to do and what you're doing wrong." -Robert

"Peter Jackson will get bored and reboot the LORT movies" -Adam

(in the distance) "Ooooooo! Anyone want a cupcake!?" -Tim

Random other things

Teracopy is awesome
Don't download anything from Sourceforge
Hack news: LastPass and baseball hacks
Poly password hasher

Again, a big thanks to Sandra for the meeting notes. Our next meetup will be July 21, 2015.

Comment 0 Likes

categories / Meetup
tags / infosec, Google, Kali Linux, Virtualization, Metasploitable

June 16, 2015, meetup agenda

June 09, 2015 / Timothy De Block

Next week's meetup I will be giving a wrap-up of Circle City Con, which I am getting the opportunity to contribute to this year as a picture taker guy. I've been told that a few people plan to head to BSides Charolette this weekend and we'll hopefully have a review of that conference as well.

For the main event Jeff and Adam will be doing a demonstration on building your own home lab. Per Jeff:

"For next weeks meetup we will be doing some demos on how to install and configure a home virutal lab for Security testing and research. We will primarily be using VirtualBox as our host virtual environment. It will run on Windows, Mac, and Linux. If people would like to play along, they should download the base Virtualbox installer for their OS as well as the extension pack. The install is fairly straight forward and there are a lot of install guides out on the net.

Once we have our host environment setup, we will walk through an OS install from a base ISO image. We will also show how to move VMs from one machine and import them into another. Finally we'll go through setting up DHCP and configuring the different network types that you can do with VirtualBox. We will have a number of ISO images and some pre-built VMs that can be installed and configured"

Download VirtualBox on a laptop and bring that to the meetup if you'd like to follow along.

Also, we are planning to go to Brew at the Zoo August 7, 2015, as a group. If you would like to commit to going to the event, let me know and bring some money or a checkbook to the meetup to pay for a ticket.

Comment 0 Likes

categories / Meetup
tags / Meetup Agenda, Virtualization, demo

Presentation at ECPI University

June 05, 2015 / Timothy De Block

On Thursday, June 4, 2015, ColaSec was invited to ECPI University here in Columbia to give a presentation on Linux/Unix security. Jeff and Adam spent several hours building a security presentation for a students looking to get into infosec. Here are some thoughts from one of the presenters:

Jeff

"The presentation for ECPI was an interesting experience. We were
asked to come up with something dealing with Unix/Linux and Security.
We were given a time frame for anything from 1 hour to 3 hours. Adam
and I put together an presentation dealing with things like what
security professionals do, why they do it, what tools they use, how
you deal with data breaches, and some general sysadmin style best
practices for securing linux systems and user accounts.

It turned out to be a lot of material but we covered most of it,
albeit in 3.5 hours (with an unexpected 30 minute lunch break). We
had some demos tossed in and for the most part the demo gods were good
to us and we were able to complete all but one demo (ran out of time)
on network flow data. It proved that both Adam and I are talkers and
need to learn to stick to the material.

Most of the class seemed to appreciate the talk. They seemed to
appreciate the fact we told real life stories and experiences. They
also liked that we expanded on information on the slides rather than
just read them the information that was there. We got a lot of good
questions from the class and hope they took some useful information
away from it.

They perked up when we started talking about Wireshark because they
had some exercises on that during class. They wanted more information
about it and how its used. We're going to follow up with them with
some links for packet capture challenges (they will be uploaded to the
presentation's google document that they have access to). These are
games that have been setup that require you to use tcpdump or
wireshark to uncover information hidden in network packets.

Adam and I agreed that we have some tweaking to do to the presentation
and maybe look at breaking it into three parts that can be done
separately or chained together for a longer one. All and all I think
it went well and I learned some good things from the experience and I
hope the students did also."

Pictures of the presentation are available in the gallery section and the slides can be found via this Google Slides link.

Comment 0 Likes

categories / Outreach
tags / Presentation, infosec, Linux, Unix

May 19, 2015, meetup wrapup - pwned by the demo-gods

May 21, 2015 / Timothy De Block

Last Tuesday was our May meetup for 2015. We had planned to dive into the game PwnAdventure3, unfortunately, it was meant to be as we had hardware issues with the server that was supposed to be running the game. Of course, it worked perfectly the week prior. I even completed the first task! We still plan to do PwnAdeventure3 at a future meetup.

The meeting didn't go too waste, however, we discussed several things:

Skycure - https://maps.skycure.com/?loc=29201

Someone who attended HackMiami sent me this link. Based on "Crowd Wisdom," the map shows wifi networks that might have threats on them. We've got two in the Columbia, SC, area.

Cover VT - https://red.cirt.vt.edu/

We had a couple guys from Virgina Tech show us this nifty little link, that has their snort data mapped to Google Map API.

MT6D Visual Data Display - http://paisley.cirt.vt.edu/

This is a link that's meant to demonstrate one way of mitigating a DDoS attack. Essentially as I understood it, the IP address of a device or application keeps randomly switching, which in essence makes it harder for someone to DDoS an individual target.

Finally, we discussed a few things people would be interested in discussing for future meetups.

Thanks to everyone that came out. We look forward to seeing everyone next month!

Comment 0 Likes

categories / Meetup
tags / visualization, pwned, Skycure, Virginia Tech, infosec

May 19, 2015, meetup agenda - PwnAdventure3

May 14, 2015 / Timothy De Block

The next ColaSec meetup we will be taking a look at the hacking game Pwn Adventure 3, which was featured at Shmoocon and in this article on WIRED. The game is a massively multiplayer online (MMO) game, where objectives are completed by hacking the game.

We have setup a server to run the game. Attendees will need to bring a laptop and download the game client from the Pwn Adventure 3 site. After downloading and installing, launch the client to run an update on it.

Some other things attendees might want to install/bring is a decompiler program to view the game files, like .NET Reflector. I've also found a walkthrough that uses utilizes Wireshark, so that might come in handy as well. Speaking of walkthroughs, feel free to do a little research ahead of time. Here are some links to get your started:

Ghost in the Shellcode - Home of the Pwn Adventure. Has walkthroughs on last year's version.

PwnAdventure3 - Main website.

Dead Packet Society - A walkthrough using Wireshark.

PwnAdventure2 walkthroughs:

balidani

Everlasting Wanderer

Lockboxx

List of tools for static code analysis - Wikipedia

This exercise is something I've never done before and I those most of the group hasn't done before, so I'm hoping we can all learn and grow from the game together.

Comment 0 Likes

categories / Meetup
tags / Meetup, Meetup Agenda, infosec

ColaSec meetup January 20, 2015, roundup

January 22, 2015 / Timothy De Block

Tuesday we had our first ColaSec meeting of the new year at IT-ology. Among the announcements we have POSSCON looking for security professionals to present at the conference who have a background and experience with implementing open source for security related projects. The POSSCON organizers approached us to help them fill the five speaking slots they have available. Each speaking session will be 45 minutes and should cover a topic that includes implementing or developing an open source tool for security. If this of interest to you or if you have questions, contact me at timothy.deblock[at]gmail[dot]com.

I presented on, How to get started and keep up with information security. When I first got interested in security I wasn’t exactly sure where I needed to start. This presentation is meant to share my experiences of going from reading one security related site to reading several, listening to podcast, reading books, going to conferences, and getting involved. If you’re interested in reviewing my presentation the slides are available here.

PRESENTATION: How to get started and keep up with information security by Timothy De Block

A ShmooCon ball at our meeting tonight. One of our members is giving a review of the conference. pic.twitter.com/w2dMqHqFBP
— Cola InfoSec (@cola_sec) January 21, 2015

After my presentation Jeff gave us a review of ShmooCon which he recently attended in Washington, DC. Aside from scaring the shit out of us in regards to our vulnerable home routers, he also tolds us about the Keynote by Joseph Lorenzo Hall, which covered, “the intersection of technology, law, and policy.” Essentially, keeping the internet the open internet. He also told us about encryption and the police, a talk about analysis of point-of-sale (POS) software, Httpscreenshot, Masscan’s ability to scan the entire internet in 6 minutes (calling BS here), and also timing side channels which dealt with some cryptography voodoo.

After those two presentations we got into a little bit of a discussion on career paths into security and what someone would need to do for that. It was a great meetup with a lot of good back and forth and resource sharing. Our next meetup is scheduled for Tuesday, February 17, 2015. We look forward to seeing you there!

Comment 0 Likes

categories / Meetup
tags / infosec, ShmooCon, Presentation

January 20, 2015, meetup agenda

January 13, 2015 / Timothy De Block

Tuesday January 20, 2015, is our first meetup of the new year.

This Friday Blackhat gets released to theaters and we're looking to have a special ColaSec meetup to go watch the movie. Shmoocon is also this weekend so be on the look out for items to talk about from there next Tuesday.

On the docket is me giving a presentation on how to keep up/get into information security. The title is still very much in the works, but it's a presentation that talks about some of the resources an information security professional can use to keep up with the latest happening in the community. This is my first presentation every and I'm hoping it's not too noobish and gives people some good information they can use. The goal is to be interactive so that those already following the infosec community can participate as well. Really, it's just a way for us to create some discussion and share some great resources to make us all better professionals.

Looking forward to seeing some old faces and some new faces at the next meetup.

Comment 0 Likes

categories / Meetup
tags / Meetup Agenda

New ColaSec meetup day and social engineering

December 30, 2014 / Timothy De Block

After talking to several current and potential members of this user group, we have decided to shift our meetup day from every third Monday of the month to every Tuesday of the month. Tuesday just seems to fit everyone's schedule better and allows everyone to shake off those Monday blues. We also won't be conflicting with Monday night football during the fall.

With the new date it puts our next ColaSec meetup on Tuesday January 20th, 2015. The Tuesday after Blackhat releases. If anyone is planning on going hit me up on Twitter or by email (timothy.deblock[at]gmail[dot]com).

While on holiday and doing some chores this past week I was listening to episode 120 of the Down the Rabbithole security podcast and they had on Chris Hadnagy who was talking about social engineering. It's a really good episode, with a lot of good information and interesting stories about social engineering, as well as how organizations can better protect themselves against social engineering. If you can find the time I would highly recommend listening to the episode.

1 Comment 0 Likes

categories / Meetup
tags / Meetup, Podcast, Social Engineering