MiSec Meetup January 2013
MiSec is kicking off the new year with a lightening strikes night. We have several speakers lined up for quick 15 minute presentations.
Why I Defend by Matt Johnson (@mwjcomputing). When you hear students or people who want to get into infosec, generally you hear that they want to be pentesters or be on the red team. Well I have news for you. Defense is harder, sexier and more satisfying. I don’t pwn shit. I own shit. I protect shit. I know that “enemy” is coming for my data and my network. I see you pen tester. Well I have two words. SUCK IT. I will explain why most people have it wrong when it comes to what team they play for.
Flashbacks to Nam: Security Monitoring by Derek Thomas (@dth0m). My heart is beating fast, I woke up with cold sweats … again. I really need to get a handle on this problem. The attackers are everywhere, and they are good.
I’m in, now what?: Recon and maintaining access in Linux systems by Mark (@Tech357). Pentesters going after Windows systems have the distinct advantage of using Meterpreter. They can install programs, clear logs, escalate privileges, to name a few. Unfortunately, there is no good Linux equivalent so we must do it all by hand. Attendees will learn how to map out the server and install a backdoor for later use. This talk will cover identifying key directories and files, noting additional services that may not have been immediately evident during initial Recon, using netcat combined with crontab to create a backdoor window, and selectively clearing logs. Some Linux / Minimal Pentesting experience required as this assumes you have already compromised the box.
Hack and Score: Weaponizing the Fundamentals by Konrad (@KonradV2). This talk explores some of MiSec’s ruCTFe 2012 offensive tactics, including automating flag stealing and submission. During the talk we’ll learn how basic tools like netcat, wget, bash scripting, regular expressions, and Unix pipes can all be used together to fully automate the “flag retrieval” and scoring process. Code will be available afterwards, including a hack-and-submit one liner that netted the team points in the closing hours of ruCTFe 2012.
For details and location, please either contact us through email (firstname.lastname@example.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 401-898-702.