Wondering what makes a great #misec talk? Securelexicon sends us this video.

November’s MiSec meetup will be on Thursday, November 8th, at 7 pm. Keith Dixon (@tazdrumm3r) is giving a talk on honeypots in the cloud.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 913-366-262, Meeting Password: misec.

A sneak peak at what is to come:

• OWASP Detroit returns in December with Kevin Poniatowski covering SDLC
• In January, Raymond Lilly (@37point2) is presenting Intel Analysis – Twitter, Python, Data Mining
• Rapid7 presents on March 2013

The Dangers of Sharing Social Data, presented by Steven Fox
Social media offers a medium by which we connect with others quickly, regardless of distance. We disclose freely information, creating a sense of connection in a virtual community. This session explores the dark alleys of this world; where data is used my miscreants to deceive their targets. Attendees will learn first hand the tools used to collect social data, analyze it for patterns, and employ it nefariously. They will also learn how to negotiate the shadows of an open world while protecting their privacy online.

Event Details
Wednesday, October 17, 7:30 – 9:30 a.m.
Troy Campus
Cost: $10 includes refreshments and admission to the hands-on session
Register online.

Jack Crook designed the DFIR challenge for GrrCon 2012. Digital Forensics and Incident Response, a #misec presentation by Jack Crook, explores how to solve the challenge. This talk was given at a #misec meetup on October 11, 2012.

The files for this challenge are available:

• Live image with the tools
• Challenge readme
• Questions

The Moscow Rules for InfoSec Professionals: Achieve Détente to Secure the Enterprise, a #misec presentation by Jen Fox. This talk was given at a #misec meetup on August 9, 2012.

Derek Thomas writes:

Greetings friends, we are in the initial stages of creating a Misec Capture the Flag proving ground. We have been consistently in the top 30% of the competitions that we have entered and I would like to go higher! I think the proving ground is perfect for honing our CTF skills individually and as a team.

The goal is to create a portal that we can upload basic CTF challenges along with an article that describes the fundamental use of tools needed to solve the challenge and the basic thought processes that one would go through. Our hope is to release a challenge on a bi weekly basis, but that may change based on the amount of submissions.

Our secondary goal is to use the challenges that are submitted to the proving ground in a CTF that we host or co-host sometime in the next year. If you register for our CTF portal then you will not be able to compete in our hosted CTF but you will get to compete on our team for CSAW, RUCTFe, GITS, and so on.

We encourage everyone to join no matter what your skill level, and we encourage everyone to submit but it is not a pre-requisite. More than one person can submit a challenge as a group as well. We would like the submissions to be anything that you might see in a challenge.

ZTango has been working day and night to create the site that we will be using and it is coming along great. For now I would like anyone that has blogged about one of the challenges that they have previously solved to send the link to ctf-submissions@michsec.org if you don’t mind having it cross-posted in the CTF Proving Ground. Please let us know if you have any ideas or would like to help in any other way.

To whet your appetite for CTF challenges, check out our teaser challenge at http://ctf.michsec.org/web01

Steven Fox will be offering his Branding your Security Team workshop on September 15, from 10 am to 4 pm. The training is free and requires a workshop ticket from Eventbrite.

Branding your Security Team – Connecting with Customers through Compelling Experiences

What does your security team stand for? How does it add value to its customers? How does it drive value within itself? Most managers and customers ask these questions in some form; they want to know what your team will do and why they should interact with it. Unfortunately, most IT security teams approach their answer from a context alien to those whom they serve – leaving them puzzled and frustrated.

This workshop focuses on branding techniques that will aid in reframing your team’s value proposition into a context familiar to your internal customers. While a brand can be created by an individual or team, its success depends on how it is positioned by its target customers.  While the vagaries of organizational behavior make it hard to control positioning, this workshop will highlight a five step process to define your brand, promote it strategically, and influence its positive perception within the company.

1) Create – Attendees will be presented with a security team’s branding statement which is in conflict with its customers.  They will create a new statement via a reframing exercise utilizing a customer profile document.

2) Connect – We connect to people through stories.  Thus, attendees will learn the basic structure of a story and use this to write a compelling case study that conveys their new brand statement.  This story will be shared with others and discussed to explore how it resonates with the target customer and conveys the team brand.

3) Rehearse – Rehearsal allows the team to internalize the details of their brand, freeing it to deliver the value it represents.  Attendees will learn efficient rehearsal techniques they can use with their teams.

4) Deliver – Step 2 formed a connection with your customer – a short-lived relationship that will fade if left unenforced.  This step focuses on the security team’s ability to earn the customer’s trust by serving their needs consistently and professionally while reinforcing its brand message.

5) Follow-through – There is where you make your story a reality.  Attendees will learn the power of service follow-through to strengthen your brand, especially when mistakes are made.

Workshop materials will be made available in advance of the workshop so attendees can prepare. The workshop will be held on September 15, from 10 am to 4 pm, and requires a workshop ticket from Eventbrite.

Chris J will be offering his Linux hardening workshop on August 11, from 10 am to 4 pm. The event is free and requires a workshop ticket from Eventbrite. Chris writes:

One of the questions to come out of the Rats and Rogues Career Panel podcast was what as an industry can we do to help those coming up in the ranks behind us. At the time Security Moey and Elizabeth Martin dropped Mock InfoSec interviews.

That was great, I think helping people with interview skills is a big plus. But it doesn’t solve the first problem. Getting or having the skills you need to get the interview. So how do we fix this?

The Michigan Security community (aka MiSec) has and answer for that. MiSec is starting a series of workshops / classes. Some of these will be open source based, which should be able to be taken by any Information Security group and taught at their location without the original instructor.

The first of these will be held at 10am on August 11th, and should last for about six hours or so. During that time attendees will be installing and hardening a Linux system from scratch. When we are done, an attendee should be able to install a Linux distro from a network install media, harden the distro, configure Apache, Mysql, and PHP to be secure, set up a mail server, know how to read the related logs, and install a CMS system.

Hopefully we can get someone to help us pentest the systems, so the users can read the logs and see what an attack is like.

To participate you will need a computer with virtualization software set up. I would suggest pre-configuring the client system’s virtual with at least 10 gig, if you have the space 20 gigs.  If you do not have a system with you, you will not get a lot out of the class. This is a hands on workshop.

Software I will be using is Oracle’s VirtualBox with bridged networking set up for the guest OS. You can use whatever you like as long as you know it. If you’re not familiar with virtual software, I would go with VirtualBox. It’ll run on any system. While VMware is a good choice, I haven’t used it recently and won’t be able to help you set up before the event if you run in to problems.

The event is free but a ticket is required. Get your workshop tickets at Eventbrite.

August’s event is on Thursday, August 9th, 2012, at 7 pm. Jen Fox (@J_Fox) is presenting “The Moscow Rules for InfoSec Professionals: Achieve Détente to Secure the Enterprise”.

Abstract: Ever worked at a company with poor relations between IT and business? Ever been on the team that comes in for the second or third try at a failed project? Ever been a consultant or contractor at a company that is suspicious of outsiders? If you answered yes to any of these questions, this talk is for you. The Moscow Rules are said to be the rules used by spies operating in Russia during the Cold War to protect their lives and their missions. This talk adapts the Moscow Rules for the IT professional who needs to have ongoing interactions with the “other side” (business).

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 725-860-782, Meeting Password: misec.

A sneak peak at what is to come:

• August 11th, Chris J is leading a Linux hardening workshop
• In September, OWASP Detroit returns. J Wolfgang Goerlich (@jwgoerlich) is presenting on .Net security
• September 27-28, the GrrCon conference (http://grrcon.org)
• In October, Jack Crook is presenting on forensics and incident response
• In November, Keith Dixon is presenting on honeypots
• OWASP Detroit returns in December with Kevin Poniatowski covering SDLC

July’s event is on Thursday, July 12th, 2012, at 7 pm. Matt Johnson (@mwjcomputing) presents Breach Stains. Matt will walk us thru a major security incident and provide lessons learned.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 792-558-614, Meeting Password: misec.

A sneak peak at what is to come:

• In August, Jen Fox (@j_fox) presents: The Moscow Rules for InfoSec Professionals: Achieve Détente to Secure the Enterprise
• In September, OWASP Detroit returns. J Wolfgang Goerlich (@jwgoerlich) is presenting on .Net security
• September 27-28, the GrrCon conference (http://grrcon.org)