ColaSec

Columbia's Information Security Group

A free and informal gathering of information security professionals and enthusiasts in Columbia, South Carolina at the USC/Columbia Technology Incubator on the 3rd Tuesday of every month at 6:00 PM.

@Cola_Sec, #ColaSec, @USCColaInc

Image credit: Zach Pippin
zachpippin.com

2019 Presentation Roster

January

TTP Safari: Taking a Look at Adversarial Tactics, Techniques, and Procedures Being Used in the Wild presented by Brandon Poole.

In order to be successful defenders we must know what our adversaries are doing hence the adage "offense must inform defense". During this talk we will discuss some of the TTP adversaries are using today in the wild to get into our networks as well as controls that can be implemented to detect or prevent the TTPs. Talk will end on discussion on MITIRE ATT&CK framework and how to test for gaps in your current security controls.

Brandon is a Detection Engineer at Red Canary, who spends most of his time analyzing, researching, and developing methods to detect evil on endpoints. Brandon's experience prior to Red Canary includes being an independent consultant for a large MSSP helping customers build SOCs, investigating and performing incident response for APT actors, and system/network administrator. Brandon is also a Mentor instructor for SANS.

February

OSINT: Breach Data, Ethics, and OpSec... Oh My! presented by Josh Huff.

What does breach data look like? Is breach data ethical? How can they be used? What does breach data teach us about privacy and security awareness? What can we do to protect our own data against a breach? Using real-world examples, we’ll discuss these questions and provide resources you can use to leverage breach data in your own investigation.

March

SOC Survival Guide: Analysis and Investigative Theory presented by Brandon Poole

Investigating security threats can for folks new to the SOC/DFIR roles in infosec. They often become overcome with thoughts such as "How can a deal with this massive volume of data/alerts?" or "What does evil look like?" or lastly "Where do I even start?!?!".

This talk is designed to provide models, processes, and common data pivots to help answer these questions and not just survive but thrive in an entry level SOC role. This presentation will end with a few common SIEM/IDS alerts so the group can apply what they have just been shown.

April

Multitasking Host Forensics presented by Beth Lancaster

Finding out how a host was compromised and/or what type of malware/exploit is present is a challenge. Dividing forensics tasks into processes that happen simultaneously can provide answers quicker.

Knowing how a host was compromised will help determine if other hosts on your network are vulnerable or have been compromised. This presentation will discuss strategies and steps for host based forensics focusing on things that can be done simultaneously. New analysts may feel overwhelmed at first with hosts forensics. Preparation and planning will help you respond quicker in a crisis. Strategies for what to examine first for a given situation can save valuable time. We will step through a typical situation that requires host forensics to attempt to identify the source of the exploit.

  • Acquire a memory dump

  • Pull network data from your SIEM

  • Pull the password hashes and start password cracking with tools such as John the Ripper and/or Hashcat

  • Review system log files Review application log files

  • Start running anti-virus on the image

May

TBD - Interested in presenting? Head over to the CFP page to fill out a presentation application.

June

TBD - Interested in presenting? Head over to the CFP page to fill out a presentation application.

July

TBD - Interested in presenting? Head over to the CFP page to fill out a presentation application.

August

TBD - Interested in presenting? Head over to the CFP page to fill out a presentation application.

September

TBD - Interested in presenting? Head over to the CFP page to fill out a presentation application.

October

TBD - Interested in presenting? Head over to the CFP page to fill out a presentation application.

November

TBD - Interested in presenting? Head over to the CFP page to fill out a presentation application.

December

End of another great year at ColaSec. Join us at Conquest Brewery for a chili cookoff and beer!