Presenter Name(s): David Burkett

Tell us about you or your group: David is the Security Operations Center (SOC) Manager for the company Corvid Cyberdefense, an MSSP based out of Mooresville NC. David has a background in building SOCs, performing technical assessments as a consultant for other SOCs, and working as a SOAR Architect helping over 3 dozen fortune 500 and major Federal Government agencies create playbooks and automate manual security tasks.

Presentation Synopsis: Does your SOC rely on dashboards, low-fidelity OOTB detection logic, and 3rd party threat intel feeds to detect and alert on activity? If so you are not alone. Through my background of working with various Security Operations Centers, the differences I've seen the large and more tech forward companies doing compared to your more average company are staggering. This isn't due to large budgets and being able to buy the most expensive equipment.

Unfortunately for us as defenders, there isn't a lot of great information out there on what these sort of organizations are doing from a process and procedures perspective as blue teams are commonly hesitant to share what they are doing, and a lot of the "Guide to Building a SOC!" blogs on the internet are written by consultants who have never worked in a SOC.

In this talk, my aim is to bring to light, what a modern security program looks like and ways to help you get there using free and open source tools.

Social Media Links: @signalblur / https://www.linkedin.com/in/david-burkett / https://github.com/david-burkett

Presenter Name: Timothy De Block

Presentation Title: Hacking Microsoft Exchange

Presentation Synopsis: The first big hack of 2021 has already occurred and it's not over yet. At the end of 2020 new vulnerabilities were discovered that have impacted tens of thousands of organizations worldwide. In this edition of the lunch and learn we'll walk through what the vulnerabilities are, the timeline of reporting, and eventual exploitation. We'll unravel all the different players involved and what could be coming in the future.

Social Media Links: https://twitter.com/TimothyDeBlock

Presentation: Tuesday, March 16th, 2021 at 6:30pm on Twitch

Presenter Name(s): Amanda Berlin

Tell us about you or your group: Feel free to make something up and maybe mention my employer, they'd be happy about that

Presentation Synopsis: Why mental health is important in the workplace, what we can do to help fix it, and what MHH is and what we've accomplished.

Social Media Links: @infosystir, @hackershealth (www.mentalhealthhackers.org), @blumirasec (www.blumira.com)

on Tuesday, February 16th, 2021 @mubix presented to ColaSEC “Cryptography for Pentesters”. You can watch the recording on YT.

Presenter Name(s): Rob Fuller

Presentation: Tuesday, February 16th at 6:30pm

Tell us about you or your group: Rob has over 14 years of experience covering all facets of information security. He has been behind the lines helping to design, build, and defend the US Marine Corps, US Senate, and Pentagon networks - as well as performing penetration tests and Red Team assessments against those same networks. More recently, Rob has performed numerous successful Red Team assessments against commercial Fortune 50 companies representing some of the best defensive teams in the industry.

Rob’s experience and expertise ranges from embedded and wireless devices in industrial control system networks to standard corporate IT infrastructures and domains. He is a frequent speaker at a number of well-known security conferences, including ShmooCon, DefCon, DerbyCon, CarolinaCon, Area41, RVASec, and HackCon; and has taught at BlackHat USA since 2013. He is the current CTO and Red Team Captain of the Mid-Atlantic Collegiate Cyber Defense Competition (CCDC). He has also served as a technical advisor for HBO’s show Silicon Valley and hosts his own show called “Metasploit Minute” for Hak5.

Rob has acquired a number of certifications and awards over the years, but the ones he holds above the rest are father, husband, and United States Marine.

Presentation Synopsis: This presentation will go into 3 stories of researching, identifying, and reverse-engineering encryption used in 3 major enterprise products and how they affected the outcome of the red team assessments they were discovered on. The products to be discussed are SolarWinds, Quest Migration and ManageEngine's OpManager.

Social Media Links: 
https://twitter.com/mubix
https://linkedin.com/in/mubix
https://malicious.link/

Presenter Name(s): Timothy De Block

Presentation: SolarWinds (sigh)

Presentation Synopsis: Nation state attacks, like the recent Solarwinds breach, are why organizations need to take a hard look at the vendors and applications the bring into their company. We’ll go over the technical details of the Solarwinds attack, how it impacted SolarWinds and thousands of other companies. We'll discuss how to respond and share stories from this type of attack.

When: January 19th, 2021 at 6:30pm

Presentation by: Timothy De Block

Presentation Synopsis: Nation state attacks, like the recent Solarwinds breach, are why organizations need to take a hard look at the vendors and applications the bring into their company. We’ll go over the technical details of the Solarwinds attack, how it impacted SolarWinds and thousands of other companies. We'll discuss how to respond and share stories from this type of attack.

Presented at ColaSEC on November 17th, 2020

Presenter: Scot Kight, Check Point

Synopsis: Our workforce has changed, we are more remote, more able to be wherever, whenever and with whatever systems and devices we need to do our jobs, many times our own unsecured devices. This has changed the forefront of security risk from being at the perimeter of Corporate systems out to everywhere our employees are and with whatever devices they are carrying with them. Security needs to adapt and overcome this change in environment, in a way that meets and exceeds the needs of this new way of doing business, while keeping the end user's needs in mind.

When: Tuesday, November 17th, 2020 at 6:30pm

Presentation by: Scot Kight, Check Point
@scotkight
linkedin.com/in/scotkight/

About Check Point:

Check Point is the worldwide leader in full play security platforms. With over 25 years of experience, and the inventor of the stateful firewall, we fully understand the demands and requirements put on IT groups around the world. Our solutions are designed to be flexible to meet all IT security needs and are able to provide services for industries and governments at all scales, from SOHO to large enterprise, offering protections from Network Appliances, Mobility, IOT, Endpoint, Cloud and beyond.

Presentation synopsis:

Our workforce has changed, we are more remote, more able to be wherever, whenever and with whatever systems and devices we need to do our jobs, many times our own unsecured devices. This has changed the forefront of security risk from being at the perimeter of Corporate systems out to everywhere our employees are and with whatever devices they are carrying with them. Security needs to adapt and overcome this change in environment, in a way that meets and exceeds the needs of this new way of doing business, while keeping the end user's needs in mind.

Join us for a conversation about how to secure your mobile systems in a complete and private, yet BYOD friendly manner.

All Things Open is 100% virtual this year, and 100% free!

https://2020.allthingsopen.org/

October is National Cybersecurity Awareness Month (NCSAM), which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners—including the National Cyber Security Alliance—to ensure every American has the resources they need to stay safe and secure online. This year’s theme, “Do your Part. #BeCyberSmart.,” encourages individuals and organizations to take proactive steps to enhance cybersecurity and protect their part of cyberspace. CISA encourages individuals and organizations to review the NCSAM 2020 page for ways to participate in and promote NCSAM.

https://us-cert.cisa.gov/ncas/current-activity/2020/10/01/october-national-cybersecurity-awareness-month

● An estimated $6 trillion will be spent globally on cybersecurity by 2021

● On average after a breach, company share prices fall 7.27%

● It takes companies nearly 6 months to detect a data breach

● 77% of organizations do not have a cybersecurity response plan

● 95% of cybersecurity breaches are due to human error

● By 2020 there will be roughly 200 billion connected devices

● 95% of breached records came from only three industries in 2016

● There is a hacker attack every 39 seconds

● The average cost of a data breach in 2020 will exceed $150 million

● In 2018 hackers stole half a billion personal records

● The number of cellular Internet of Things (IoT) connections is expected to reach 3.5 billion in 2023 – increasing with an annual growth rate of 30%. (Ericsson)

● Gartner forecasts that 25 billion connected things will be in use by 2021. (Gartner)

● 63% of people find connected devices ‘creepy’ in the way they collect data about people and their behaviors. (Consumers International & Internet Society)

● Once plugged into the internet, connected devices are attacked within 5 minutes and targeted by specific exploits in 24 hours. (NETSCOUT)

Presented at ColaSEC on September 15, 2020 by CrowdStrike. Falcon OverWatch™ is CrowdStrike’s managed threat hunting service, built on the CrowdStrike Falcon® platform. OverWatch provides deep and continuous human analysis, 24/7, to relentlessly hunt for anomalous or novel attacks tradecraft that is designed to evade standard security technologies. OverWatch is comprised of an elite team of cross-disciplinary specialists who harness the massive power of the CrowdStrike Threat Graph®, enriched with CrowdStrike threat intelligence, to continuously hunt, investigate and advise on sophisticated threat activity in customer environments. Armed with cloud-scale telemetry and detailed tradecraft on more than 130 adversary groups, OverWatch provides unparalleled ability to see and stop the most advanced threats.

Presented at ColaSec on July 21st, 2020. Panel Discussion on the Verizon Data Breach Investigation Report presented by ColaSec Organizers and Friends. The Verizon Data Breach Investigation Report (DBIR) is an annual report that talks about trends and takeaway from the information security field as a whole and split up into 16 industries. This panel will discuss the report and provide insights from their own industry.

ColaSec Intro Slides

Top Wire Fraud Schemes - Business Email Compromise & Romance Scams

Discussing how people get caught up in these schemes and how financial institutions (as well as colleagues and loved ones) can be aware of the 'red flags' that someone is vulnerable or has fallen victim to a scam. The presentation focuses on Business Email Compromise and Romance Scams as the top trends in wire fraud that also have a cyber/tech component.

Presenter Slides