This month’s MiSec meeting will be on Thursday, May 9th, at 7 pm. Mark Stanislav (@markstanislav) will be presenting on Linux hardening.

Core Linux Security: 0-Day Isn’t Everything

Abstract: When discussion on hardening Linux systems occurs, usually someone will swear by a single feature or application to ‘save the day’. In reality, a mesh of complimentary technologies, most of which are built-in or easily installable on a Linux box, is the bestway to go. Defense in depth is more than marketing lingo, it’s a way of life for actual information security. Come see some of the technologies you may have ignored, never knew existed, or just weren’t fully leveraging in some helpful ways to add layered security to your next Linux deployment.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 895-788-789.

A sneak peak at what is to come:

• In June, OWASP Detroit returns
• On June 7-8, BSides Detroit conference
• In July, Ken Evans presents on the top 20 security controls
• In August, mad man Matt Johnson presents on persistence in PowerShell

This month’s MiSec meeting will be on Thursday, April 11th, at 7 pm. Steven Legg (@ZenM0de) will be presenting on Windows hardening.

Time and no money: Windows system hardening in Small and Medium business

Abstract: Many small and medium businesses know security is a concern, but have to make a choice between modern equipment and the vague prospect of “securing” their existing equipment in a modern way (seriously, what’s this security thing all about anyway?). We will approach the goal of hardening a Windows small business environment as seen commonly in many SMB organizations in the industry today by leveraging existing technologies within that environment.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 757-807-245.

A sneak peak at what is to come:

• In May, Mark Stanislav is presenting
• In June, OWASP Detroit returns
• On June 7-8, BSides Detroit conference

In addition to our quarterly meeting on March 14th, OWASP Detroit is putting on a workshop as part of the MiSec/OWASP Detroit monthly workshop series. This workshop will be hands on and concentrate on providing those who are new or unfamiliar with the process of assessing web applications from a security standpoint. We will be going over the basics of web-based communications, web architecture, common web application vulnerabilities and how to detect & exploit them.

Web applications aren’t just for posting pictures of cats, and haven’t been for a long time. Much of our modern communications infrastructure relies on Web application frameworks, protocols, and applications. Twitter, Facebook, commercial applications, administrative consoles, all rely on what, in many ways, are technologies and protocols developed in the infancy of the modern telecommunications revolution. In many ways, the security of these technologies hasn’t improved and security professionals oftentimes are not exposed to the unique challenges and methods involved in securing these applications. This workshop will provide attendees with a basis in how to assess the security of Web applications, and methodologies to help establish Web application security processes.

This will be a hands-on workshop with the ability to attack and assess a live application. Emphasis will be on learning manual testing methods.

Required: Laptop computer (OS agnostic), Java runtime engine (1.6 or 1.7), wired Ethernet connection. All other tools will be provided.

Tickets available online: http://www.eventbrite.com/event/5680869634

OWASP Detroit. MiSec hosts OWASP on the last month of every quarter: March, June, September, and December. OWASP Detroit returns March 14th at 7 pm.

Getting this out a little later than I’d like, but there was good reason. This month we’ve got some hot topics that our presenter isn’t even able to talk about yet! Will Vandevanter will be presenting on some original research surronding Amazon’s S3 services. What he can say is:

“This presentation will discuss a recent research project analyzing Amazon S3 Bucket security. It will review common misconfigurations ultimately leading to large amounts of exposed data along with best practice for securing data in the Amazon S3 cloud.”

Will Vandevanter is a Lead Penetration Tester at Rapid7. He enjoys a good web app pen test and beers of the cold variety. He has previously spoken at Defcon, BSides, SOURCE, and local meetups. He’ll be going us over the magic of modern telecommunications. This event WILL NOT be recorded, so see it or regret it.

As always, the meeting starts at 7pm @ Royal Oak. For those that want to jump on the GoToMeeting …

https://global.gotomeeting.com/join/274060902

2. Use your microphone and speakers (VoIP) – a headset is recommended. Or, call in using your telephone.

Dial +1 (805) 309-0010
Access Code: 274-060-902
Audio PIN: Shown after joining the meeting

Meeting ID: 274-060-902

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec).

I would like to share a ticket to CeBIT 2013 which will be held in Germany and to which I have no chance to attend this time due to heavy workload. I won this ticket by participating in hacking-lab.com CeBIT
challenge so it’s legal, sweet and free. Just one ticket on a first come – first serve basis, please be responsible.

http://www.cebit.de/ticketregistrierung?Rfe2xcyd7b4szc

–
Kind regards
-Nikki McCavee aka nMC

American Express: Engineering their Privacy Brand, a #misec presentation by Steven Fox (@securelexicon). This talk was given at the February 2013 #misec meet-up.

Hackers-on-a-Train is a packaged weekend of information security and fun. We will take the train from Royal Oak or Ann Arbor to Chicago Friday night. Saturday, we’ll spend listening to BSides Chicago talks and meeting up with our Burbsec friends. The Sunday train takes us home.

Everyone attending Hackers-on-a-Train must give a TED style talk. What’s your big idea? What’s your neat trick? What can you share with us in twenty minutes? These talks will be given on the train.

There are two train trips. People attending both Thotacon and BSides Chicago leave on Thursday. Attending BSides Chicago only? Leave Friday. Details below.

Thursday, April 25 (Part I)

Amtrack Train tickets (355 Wolverine Train)
Anyone participating will be expected to give a 20-minute presentation.
From: (Select departing Station to Chicago Union Station – CHI)

• Pontiac, MI: $36, departs 5:40pm Eastern
• Royal Oak, MI: $36, departs 6:00pm Eastern
• Detroit, MI: $33, departs 6:23pm Eastern
• Ann Arbor, MI: $33, departs 7:21pm Eastern

Friday, April 26 (Part II)

Amtrack Train tickets (355 Wolverine Train)
Anyone participating will be expected to give a 20-minute presentation.
From: (Select departing Station to Chicago Union Station – CHI)

• Royal Oak, MI: $36, departs 6:00pm Eastern
• Detroit, MI: $33, departs 6:23pm Eastern
• Ann Arbor, MI: $33, departs 7:21pm Eastern

Arrival:

• Chicago, IL, arrives 10:57pm Central (remember, -1 hour for Central).

Subway:
(Fair should be about $2.25 – pickup a fair card and put $10-12 on it)

• Take Blue Line from Union Station towards O’Hare Airport
• Get off at the CUMBERLAND stop (about 19 stops, 50 minutes)
• Walk 1/4 mile to Hotel

Holiday Inn O’Hare, $109/night – $277 after taxes and fees

Saturday, April 27

Subway:

• Leave for BSides at 8:00am. Doors open at 8:30 am.
• Take Blue Line train towards Forest Park
• Get off at ADDISON stop (about 5 stops, 15 minutes)
• Walk 1/2 mile to 3420 Grace
• Head north on Monticello, to Grace
• Turn right on Grace
• 3420 is past N. Elston Avenue

BSides Chicago 2013 tickets

• Abbey Pub, 3420 Grace, Chicago
• Free tickets available on March 1st
• Head back to the hotel afterwards

Sunday, April 28

Amtrack Train tickets

• Chicago, IL, departs 12:50pm Central (remember, -1 hour for Central).

Arrival:

• Royal Oak, MI: $85, arrives 7:37m Eastern
• Detroit, MI: $78, arrives 7:13pm Eastern
• Ann Arbor, MI: $78, arrives 6:16pm Central

Questions? Drop an email to info@michsec.org. Special thanks to j3remy for planning the itinerary.

A guest post by Len Isham (@LenIsham):

This June the Social Engineering Penetration Testers is coming to Detroit and offers the unique ability to take this class without incurring additional travel costs. The class scheduled adjacent to BSides Detroit.

First lets do a cost breakdown of a typical week long technical training class with travel costs included using my costs from taking the training in Seattle earlier this year:

$3,500 Typical cost for week of technical training
$2,000 My costs for the flight, rental car and hotel
———-
$5,500 Typical total costs

Taking the class locally removes the typical travel expenses and since the class only costs $3,500 is actually cheaper than a typical class with travel expenses. There is also a discount* if a company sends more than one person to the class.

Also if you can afford to pay for part of the class will your employer cover the rest of the cost? If you are considering paying for part or all of the class consider paying before December 31st and it becomes an 2012 expense that may reduce the money you pay to Uncle Sam.

Remember taking this class helps you protect your company from social engineering attacks, and has the added benefit of increasing your soft skills. How may other technical classes can offer that?

Len

*3-5 $250 per person off
6+ $500 per person off

MiSec is kicking off the new year with a lightening strikes night. We have several speakers lined up for quick 15 minute presentations.

Why I Defend by Matt Johnson (@mwjcomputing). When you hear students or people who want to get into infosec, generally you hear that they want to be pentesters or be on the red team. Well I have news for you. Defense is harder, sexier and more satisfying. I don’t pwn shit. I own shit. I protect shit. I know that “enemy” is coming for my data and my network. I see you pen tester. Well I have two words. SUCK IT. I will explain why most people have it wrong when it comes to what team they play for.

Flashbacks to Nam: Security Monitoring by Derek Thomas (@dth0m). My heart is beating fast, I woke up with cold sweats … again. I really need to get a handle on this problem. The attackers are everywhere, and they are good.

I’m in, now what?: Recon and maintaining access in Linux systems by Mark (@Tech357). Pentesters going after Windows systems have the distinct advantage of using Meterpreter. They can install programs, clear logs, escalate privileges, to name a few. Unfortunately, there is no good Linux equivalent so we must do it all by hand. Attendees will learn how to map out the server and install a backdoor for later use. This talk will cover identifying key directories and files, noting additional services that may not have been immediately evident during initial Recon, using netcat combined with crontab to create a backdoor window, and selectively clearing logs. Some Linux / Minimal Pentesting experience required as this assumes you have already compromised the box.

Hack and Score: Weaponizing the Fundamentals by Konrad (@KonradV2). This talk explores some of MiSec’s ruCTFe 2012 offensive tactics, including automating flag stealing and submission. During the talk we’ll learn how basic tools like netcat, wget, bash scripting, regular expressions, and Unix pipes can all be used together to fully automate the “flag retrieval” and scoring process. Code will be available afterwards, including a hack-and-submit one liner that netted the team points in the closing hours of ruCTFe 2012.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 401-898-702.

OWASP Detroit. MiSec hosts OWASP on the last month of every quarter: March, June, September, and … December! OWASP Detroit returns December 13th at 7 pm.

Securing the Software Development Life Cycle. Adding security into your SDLC can be an intimidating task for a development team that is asking, “Where do we start?”

This talk will introduce some of the most beneficial security practices that can be added to an SDLC, how they can be implemented within a large or small development team, and describe their time footprint within a development schedule.

Kevin Poniatowski began his information technology career by working for over eleven years as an application developer in the defense industry. Focusing on safety of flight issues for pilots and navigators within our armed forces led him into the application security field where he has spent the last five years teaching application security to developers, testers, and project managers from some of the largest organizations in the world. Kevin is currently the Director of Instructor led Services for Safelight Security.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 591-159-086.