May 9th Meeting 6pm @ Elsies
For the May DC612 meeting, Paul Dokas will be presenting on the new Dragon Research Group (DRG) pod distro. The Dragon Research Group (DRG) is a volunteer group of security researchers that collect and freely distribute intelligence regarding malicious behavior seen online. One of the key platforms used to collect and analyze this data is the DRG pod which is a passive sensor built using NanoBSD (a slimmed down version of FreeBSD). This talk will cover the design goals, system layout, build system and future directions for the pods.
Bio: Paul Dokas is an IT security professional with 20+ years of experience in the IT industry as an IT security architect and analyst, programmer, and system administrator. Currently working in the Twin Cities as an senior IT security analyst he is expanding his passion for intrusion detection, data analysis and incident response. In off hours, he volunteers with the DRG and is building a network intrusion sensor and analysis framework (soon to be released as open source).
Agenda:
6:00PM-6:30PM – Get in, get drinks and food ordered
6:30PM-???? – Paul Dokas
Elsie’s Restaurant Bar and Bowling
729 MarshallStreet N.E.,
Minneapolis, MN 55413
No April DC612 Meeting
We are not going to have an April DC612 meeting as we didn’t receive any volunteers to present on a topic this month. If you have a topic you would like to present on at a future DC612 or are working on a project that you would like to solicit some feedback on, please email us at info – at – dc612.org.
Also, don’t forget about the Minne-Faire happening THIS WEEKEND at The Hack Factory! More info can be found here: http://minnefaire.org/
Thanks
-DC612
DEF CON 20 Badge Hacking
We are doing DEF CON 20 badge hacking at The Hack Factory tonight! Anyone is welcome to come by and hang out, so far all of the preregistration badges have been taken! Were going to solder on the VGA and PS/2 connectors, and post some fun info on what we did after the event!
See you tonight, after 6pm.
-David
No February Meeting
We are not going to have a February meeting. Stay home, stay warm, and enjoy Valentines Day. We will see you in March for the badge hacking night (details below):
Let’s hack some DEF CON XX badges!
DC612 is holding a badge hacking workshop! Wanna have fun and setup a commodore 64 emulator on your Defcon XX badge! Now is the time! DEF CON donated 30 extra badges (CDs and Programs too!). Their only request was that we post (Blog, Social Media, Office Xerox, etc) about your project or board when we complete it.
We are asking $5-$10, but you can always add more, as the donation goes directly to the Hack Factory. Each ticket comes with a badge. You will need to pay cash for the badge when you arrive, as we get chraged $1 for each ticket we sell via eventbrite. We’ve also setup individual badge tickets. So say you wanted a Human badge- design #1, well you can use that as your ticket and we will make sure you get that badge.
These were donated by DEF CON for us to play with. To order more and check out the designs, visit: http://hackerstickers.com/product/hardware-dc20-humanbadge/
– DC612
DC612 Day: March 9th 2013
This event is a one day hands-on learning conference that unlike traditional conferences, this event is geared towards hands-on learning. The topics selected are based in input from the community via survey that was completed last fall. Below is the schedule for the day. A buffet style lunch will be provided during the lunch break.
Schedule:
8:30am-9am – Get in, get settled (pastries and coffee available)
9am-12pm – Hands on Penetration Testing 101 by Scott Sutherland & Karl Fosaaen
12pm-1pm – Lunch (provided by Elsie’s)
1pm-3pm – Web Application Security: OWASP Top 10 by Brian Johnson
3pm-3:15pm – Break
3:15pm-5pm – Challenge Walk-through by Spenser Reinhardt
Beverages will be available all day. Soda is included with admission, beer/liquor is not.
Registration: http://dc612day.eventbrite.com/
Session Details:
Title: Hands on Penetration Testing 101 by Scott Sutherland & Karl Fosaaen
Abstract: The goal of this training is to introduce attendees to standard penetration test methodologies, tools, and techniques. Hands on labs will cover the basics of asset discovery, vulnerability enumeration, system penetration, privilege escalation, and bypassing end point protection. During the labs, common vulnerabilities will be leveraged to illustrate attack techniques, using freely available tools such as Nmap and Metasploit. This training will be valuable to anyone interested in gaining a better understanding of penetration testing or to system administrators trying to understand common attack approaches.
Requirements: All attendees interested in participating in the labs will need to bring their own laptop. A copy of BackTrack will be provided to all attendees on a USB flash drive that they can keep. Laptops should have a wired Ethernet port in order to participate in labs.
Title: Web Application Security: OWASP Top 10 by Brian Johnson
Abstract: In this session we will learn how to find, demonstrate how to exploit and discuss how to prevent the OWASP Top 10 Security Issues. We will also discuss how these issues are exploited in the real world. Students will have the opportunity to have hands on experience testing for and exploiting these issues.
Requirements: All attendees interested in participating in the labs will need to bring their own laptop. Laptops should have a wired Ethernet port in order to participate in labs.
Title: Challenge Walk-through by Spenser Reinhardt
Abstract: Capture the flag challenges, are no easy task and can require vast and intimate knowledge of many different aspects of computer systems. This session will guide participants through a variety of challenges, ranging from application exploitation, forensic image recovery, cryptography, and binary reverse engineering. Each task will be challenging and presents something new to learn. By the end, you should have a basic idea of how capture the flag events work, what to expect and an understanding of how to complete a variety of challenge types.
Requirements: All attendees interested in participating in the labs will need to bring their own laptop. Laptops should have a wired Ethernet port in order to participate in labs.