This month’s MiSec meeting will be on Thursday, May 9th, at 7 pm. Mark Stanislav (@markstanislav) will be presenting on Linux hardening.

Core Linux Security: 0-Day Isn’t Everything

Abstract: When discussion on hardening Linux systems occurs, usually someone will swear by a single feature or application to ‘save the day’. In reality, a mesh of complimentary technologies, most of which are built-in or easily installable on a Linux box, is the bestway to go. Defense in depth is more than marketing lingo, it’s a way of life for actual information security. Come see some of the technologies you may have ignored, never knew existed, or just weren’t fully leveraging in some helpful ways to add layered security to your next Linux deployment.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 895-788-789.

A sneak peak at what is to come:

• In June, OWASP Detroit returns
• On June 7-8, BSides Detroit conference
• In July, Ken Evans presents on the top 20 security controls
• In August, mad man Matt Johnson presents on persistence in PowerShell

This month’s MiSec meeting will be on Thursday, April 11th, at 7 pm. Steven Legg (@ZenM0de) will be presenting on Windows hardening.

Time and no money: Windows system hardening in Small and Medium business

Abstract: Many small and medium businesses know security is a concern, but have to make a choice between modern equipment and the vague prospect of “securing” their existing equipment in a modern way (seriously, what’s this security thing all about anyway?). We will approach the goal of hardening a Windows small business environment as seen commonly in many SMB organizations in the industry today by leveraging existing technologies within that environment.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 757-807-245.

A sneak peak at what is to come:

• In May, Mark Stanislav is presenting
• In June, OWASP Detroit returns
• On June 7-8, BSides Detroit conference

OWASP Detroit. MiSec hosts OWASP on the last month of every quarter: March, June, September, and December. OWASP Detroit returns March 14th at 7 pm.

Getting this out a little later than I’d like, but there was good reason. This month we’ve got some hot topics that our presenter isn’t even able to talk about yet! Will Vandevanter will be presenting on some original research surronding Amazon’s S3 services. What he can say is:

“This presentation will discuss a recent research project analyzing Amazon S3 Bucket security. It will review common misconfigurations ultimately leading to large amounts of exposed data along with best practice for securing data in the Amazon S3 cloud.”

Will Vandevanter is a Lead Penetration Tester at Rapid7. He enjoys a good web app pen test and beers of the cold variety. He has previously spoken at Defcon, BSides, SOURCE, and local meetups. He’ll be going us over the magic of modern telecommunications. This event WILL NOT be recorded, so see it or regret it.

As always, the meeting starts at 7pm @ Royal Oak. For those that want to jump on the GoToMeeting …

https://global.gotomeeting.com/join/274060902

2. Use your microphone and speakers (VoIP) – a headset is recommended. Or, call in using your telephone.

Dial +1 (805) 309-0010
Access Code: 274-060-902
Audio PIN: Shown after joining the meeting

Meeting ID: 274-060-902

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec).

MiSec is kicking off the new year with a lightening strikes night. We have several speakers lined up for quick 15 minute presentations.

Why I Defend by Matt Johnson (@mwjcomputing). When you hear students or people who want to get into infosec, generally you hear that they want to be pentesters or be on the red team. Well I have news for you. Defense is harder, sexier and more satisfying. I don’t pwn shit. I own shit. I protect shit. I know that “enemy” is coming for my data and my network. I see you pen tester. Well I have two words. SUCK IT. I will explain why most people have it wrong when it comes to what team they play for.

Flashbacks to Nam: Security Monitoring by Derek Thomas (@dth0m). My heart is beating fast, I woke up with cold sweats … again. I really need to get a handle on this problem. The attackers are everywhere, and they are good.

I’m in, now what?: Recon and maintaining access in Linux systems by Mark (@Tech357). Pentesters going after Windows systems have the distinct advantage of using Meterpreter. They can install programs, clear logs, escalate privileges, to name a few. Unfortunately, there is no good Linux equivalent so we must do it all by hand. Attendees will learn how to map out the server and install a backdoor for later use. This talk will cover identifying key directories and files, noting additional services that may not have been immediately evident during initial Recon, using netcat combined with crontab to create a backdoor window, and selectively clearing logs. Some Linux / Minimal Pentesting experience required as this assumes you have already compromised the box.

Hack and Score: Weaponizing the Fundamentals by Konrad (@KonradV2). This talk explores some of MiSec’s ruCTFe 2012 offensive tactics, including automating flag stealing and submission. During the talk we’ll learn how basic tools like netcat, wget, bash scripting, regular expressions, and Unix pipes can all be used together to fully automate the “flag retrieval” and scoring process. Code will be available afterwards, including a hack-and-submit one liner that netted the team points in the closing hours of ruCTFe 2012.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 401-898-702.

OWASP Detroit. MiSec hosts OWASP on the last month of every quarter: March, June, September, and … December! OWASP Detroit returns December 13th at 7 pm.

Securing the Software Development Life Cycle. Adding security into your SDLC can be an intimidating task for a development team that is asking, “Where do we start?”

This talk will introduce some of the most beneficial security practices that can be added to an SDLC, how they can be implemented within a large or small development team, and describe their time footprint within a development schedule.

Kevin Poniatowski began his information technology career by working for over eleven years as an application developer in the defense industry. Focusing on safety of flight issues for pilots and navigators within our armed forces led him into the application security field where he has spent the last five years teaching application security to developers, testers, and project managers from some of the largest organizations in the world. Kevin is currently the Director of Instructor led Services for Safelight Security.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 591-159-086.

November’s MiSec meetup will be on Thursday, November 8th, at 7 pm. Keith Dixon (@tazdrumm3r) is giving a talk on honeypots in the cloud.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 913-366-262, Meeting Password: misec.

A sneak peak at what is to come:

• OWASP Detroit returns in December with Kevin Poniatowski covering SDLC
• In January, Raymond Lilly (@37point2) is presenting Intel Analysis – Twitter, Python, Data Mining
• Rapid7 presents on March 2013

October’s MiSec meeting will be on Thursday, October 11th, at 7 pm. Jack Crook is presenting a talk on forensics. Bring your own computer to follow along as Jack takes us into the details.

Abstract. Everyone has heard of targeted attacks. Detecting these can be challenging, responding to these can be even more challenging. This presentation will walk the participants through responding to this type of attack. By analyzing key points such as file times, memory and network traffic we will be able to answer the what, where, when and how of this compromised host. A Live image with all the tools and evidence files will be provided. The only thing you need to bring is a computer and some l337 S4uc3!

• Live image with the tools
• Challenge readme
• Questions

Bio. Jack Crook has been in the information security field for the past 12 years. He currently works as an Incident Handler performing incident response for one of the worlds largest companies. When Jack is not catching bad guys, he enjoys thinking of additional ways to catch bad guys.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 557-536-470, Meeting Password: misec.

A sneak peak at what is to come:

• In November, Keith Dixon (@Tazdrumm3r) is presenting on honeypots
• OWASP Detroit returns in December with Kevin Poniatowski covering SDLC
• In January, Raymond Lilly (@37point2) is presenting Intel Analysis – Twitter, Python, Data Mining
• Rapid7 presents on March 2013

September’s MiSec meeting will be an OWASP Detroit event on Thursday, September 13th, at 7 pm.  J Wolfgang Goerlich (@jwgoerlich) is giving a talk on Covert Channels and Controls in the Microsoft .Net Framework.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 253-829-318, Meeting Password: misec.

A sneak peak at what is to come:

• September 27-28, the GrrCon conference (http://grrcon.org)
• In October, Jack Crook is presenting on forensics and incident response
• In November, Keith Dixon is presenting on honeypots
• OWASP Detroit returns in December with Kevin Poniatowski covering SDLC
• Rapid7 presents on March 2013

August’s event is on Thursday, August 9th, 2012, at 7 pm. Jen Fox (@J_Fox) is presenting “The Moscow Rules for InfoSec Professionals: Achieve Détente to Secure the Enterprise”.

Abstract: Ever worked at a company with poor relations between IT and business? Ever been on the team that comes in for the second or third try at a failed project? Ever been a consultant or contractor at a company that is suspicious of outsiders? If you answered yes to any of these questions, this talk is for you. The Moscow Rules are said to be the rules used by spies operating in Russia during the Cold War to protect their lives and their missions. This talk adapts the Moscow Rules for the IT professional who needs to have ongoing interactions with the “other side” (business).

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 725-860-782, Meeting Password: misec.

A sneak peak at what is to come:

• August 11th, Chris J is leading a Linux hardening workshop
• In September, OWASP Detroit returns. J Wolfgang Goerlich (@jwgoerlich) is presenting on .Net security
• September 27-28, the GrrCon conference (http://grrcon.org)
• In October, Jack Crook is presenting on forensics and incident response
• In November, Keith Dixon is presenting on honeypots
• OWASP Detroit returns in December with Kevin Poniatowski covering SDLC

July’s event is on Thursday, July 12th, 2012, at 7 pm. Matt Johnson (@mwjcomputing) presents Breach Stains. Matt will walk us thru a major security incident and provide lessons learned.

For details and location, please either contact us through email (info@michsec.org) or log into our IRC channel (Freenode/#MiSec). This month’s meeting will also be streamed via Gotomeeting, Meeting ID: 792-558-614, Meeting Password: misec.

A sneak peak at what is to come:

• In August, Jen Fox (@j_fox) presents: The Moscow Rules for InfoSec Professionals: Achieve Détente to Secure the Enterprise
• In September, OWASP Detroit returns. J Wolfgang Goerlich (@jwgoerlich) is presenting on .Net security
• September 27-28, the GrrCon conference (http://grrcon.org)