Columbia's Information Security Group
A free and informal gathering of information security professionals and enthusiasts in Columbia, South Carolina at the Richland County Public Library on the 3rd Tuesday of every month at 6:00 PM (click on the YouTube bubble).
Founded 2014 (COVID can’t stop us)
Image credit: Zach Pippin
zachpippin.com
Pardon our dust for a moment. We are testing some automations. Please ignore.
We are testing using IFTTT to setup some automations around updates to our blog and calendar events. In the coming weeks any event on the calendar should generate a tweet and send a notification to our Slack channel.
I am an IT Security Administrator for the SC DMV for nearly 6 years. My latest project included migrating Exchange 2013 to Office 365. I have been a co-organizer with ColaSec for many years, and have presented Microsoft-related topics several times in the past. I also ride to #ENDALZ, an annual 252-mile bicycle ride fundraiser for the Alzheimer's Association.
We will discuss the struggle and strategy of implementing Microsoft best practices for Kerberos, LDAP, and DNS. Microsoft is notorious for supporting legacy protocols in favor of backwards compatibility, leaving your internal domain insecure and vulnerable to a myriad of attacks. Microsoft announced in February 2020 that they are changing their security posture and requiring LDAPS in the very near future. With an "assume breach" model, we work to secure as many existing communication protocols as we can with little to no impact on business operations.
Since 2005, Evans Duren has worked in the both the Fortune 15 and Tech Startup spaces as a high performing sales leader. In addition to owning his own speaking and coaching business, Evans works as a Senior Account Director for ROVE, a Veteran-owned IT Integrator based in the Carolinas. He believes in making an impact beyond the transaction and living a life that truly rEDefines success.
Hacking Demo presented by Mackenize Morris
Figured a hacking demo might be a good presentation for the stay at home meeting sessions. A few things, can share screen and run through a couple hacks that are common. This would be a slight change up from the typical defense talks. I can also run through Programmable logic controllers how they work and how easy it is to manipulate them.
Come share a brew and banter with the ColaSec crew. We will be sitting around casually having a few and shooting the breeze. All are welcome to join of course so feel free to invite as many people as you know!
Keep in mind that you can join us anytime on Slack or the email list (signup links below).
Slack: https://join.slack.com/t/colasec/shared_invite/zt-3to5byj5-jjyKHr1J~HucZR1gxYvKrg
Email List: https://groups.google.com/forum/#!forum/colasec
Presented at ColaSec on April 21st, 2020 by Jeff Lang.
Professional Faculty at Virginia Tech Masters of Information Technology from VT Director, Cyber Defense Operations I have been doing an Information Security talk for some college classes in the Library and Information Systems. This presentation needs to get a checkup from Security Minded folks and thought ColaSec would be a great resource for this. The presentation discusses 4 key areas in Information Security in general and then discusses their application to Libraries. The presentation discusses 4 key areas in Information Security in general and then discusses their application to Libraries.
Tim is the Manager of Security Assurance and Engineering at Premise Health in Nashville, TN. That means he’s the manager of security engineering and the pentesters, as well as the application security program which he built with bacon. He likes presenting hour long lunch and learns on the dark arts. According to the Enneagram Institute he’s a 61% enthusiast and a 60% achiever. Which means he has a love for dropping dope memes in work email and blasting Taylor Swift’s Shake it Off. He’s also grinded 1400+ levels in Overwatch (and counting).
https://twitter.com/TimothyDeBlock
Come share a brew and banter with the ColaSec crew. We will be sitting around casually having a few and shooting the breeze. All are welcome to join of course so feel free to invite as many people as you know!
Keep in mind that you can join us anytime on Slack or the email list (signup links below).
Slack: https://join.slack.com/t/colasec/shared_invite/zt-3to5byj5-jjyKHr1J~HucZR1gxYvKrg
Email List: https://groups.google.com/forum/#!forum/colasec
The changes in life right now are causing everything to go virtual! This includes our scheduled CTF event that was to take place on March 28. We scrambled around to find the best options we’d have for making this a 100% online virtual CTF and we found a partner in the Virginia Cyber Range. They have provided us a pro bono CTF infrastructure that we can use to have a little fun and learn a lot in the process.
We will run the CTF from 10 AM to 5 PM on Saturday March 28 as planned. Below is the link where you can go ahead and register for the CTF but you won’t be able to answer any challenges until it opens at 10 AM.
Please note that Team Name == display name. The CTF does not support creating teams but feel free to work as a group if you want.
We also intend to run a Google Hangout for the live demonstration where and so that we can chat, answer questions, etc. We’ll also utilize the #ctfchallange in our Slack channel to post official announcements.
Please see attachment for additional details about the Virginia Cyber Range and info about creating a Kali VM.
We will discuss the struggle and strategy of implementing Microsoft best practices for Kerberos, LDAP, and DNS. Microsoft is notorious for supporting legacy protocols in favor of backwards compatibility, leaving your internal domain insecure and vulnerable to a myriad of attacks. Microsoft announced in February 2020 that they are changing their security posture and requiring LDAPS in the very near future. With an "assume breach" model, we work to secure as many existing communication protocols as we can with little to no impact on business operations.
I am an IT Security Administrator for the SC DMV for nearly 6 years. My latest project included migrating Exchange 2013 to Office 365. I have been a co-organizer with ColaSEC for many years, and have presented Microsoft-related topics several times in the past. I also ride to #ENDALZ, an annual 252-mile bicycle ride fundraiser for the Alzheimer's Association.
@dguirl
linkedin.com/in/dguirl
http://act.alz.org/goto/guirl2020
Live Demonstration
Alex Cummings will be performing a live demonstration of the CTF. Everyone is welcome to gather around and watch as Alex walks through how to capture the flags!
System Requirements:
Laptop that can connect to wireless
Kali (Live/installed/VM)
If you do not have a laptop or ability to run a Kali VM please let us know so that arrangements can be made.
We have been working diligently to get this event setup. It has been a long time coming, we know. Hopefully everyone will be able to join us on Saturday, March 28th @ 6PM to take part in the festivities!
There are two pre-flight equipment check events that we would suggest attending. We will have people available to help get you connected to the wifi and make sure that your equipment is ready for the event.
If you haven’t done so already please join the Soda City Battleground Slack here: https://join.slack.com/t/sodacitybattleground/shared_invite/enQtNjUwMzg1NjAxOTcyLWM1ZDJkNDAxN2I1NTQ4ZDYyNmYyNzc4NDhkYTMwNDU1N2M0YTdmZGI1NTNlYjA0NDY3YjFmYWI0OTA1MDNhMDA
İrfan Simsar
In my previous post I covered reason and discovery of agile.
As I mentioned in my previous post, I moved to Nashville and started working with a development team. I quickly discovered that my Outlook task list wasn’t up to the task of (heyo!) tracking all the work I needed to do. I decided as part of my research and understanding of agile that I would setup a kanban board. I made a To Do, In Progress, Holding, and Done column. Three plus years later and I still have the same setup with different approaches for each area.
This being the genesis was simple. Create tickets and stick them in the To Do column. I didn’t really have a backlog because I was the only one doing them and I decided not to do sprints. Sprints are a defined period of time in which to complete work. Usually this is one to four weeks long. Meetings are setup to set what work would be done during this time. Shorter time frames help protect teams from shifting priorities. You want something new? Next sprint.
With the way security is we can’t really do that. I can’t tell my boss we’ll respond to an incident or research the latest vulnerability in the next sprint. It just doesn’t work. So, sprints are out and I decided to have work flow from left to right, with the exception of holding which tasks could be moved in and out of. We’ll get to that in a few sentences. In Progress seems fairly self explanatory. It’s what I’m working on. Ideally there’s one thing. At times I’ve had up to 12 things in the In Progress column. Again, being in security things tend to pop-up and sometimes tasks can take weeks at a time.
The Holding column is for when I have tasks that are waiting on another team. Once that team responds I move the task back to in progress or done. Done is done. The task is completed.
The application security board has morphed over the years. It used to be my task board. Now it’s just my appsec board as I’ve taken on other responsibilities. Epic’s is not something I’ve talked about yet. Those are used for categorization. They’re very helpful in showing what people are working on from a metrics standpoint (another post). For AppSec I have multiple teams and areas, so I have Epic’s broken out as team categorization.
Pointing is something we’ll talk about in a future metrics post. It allows us to gather effort level for workload. It’s typically used for planning sprints. I use it for monthly and yearly metrics. I don’t point on the appsec board because I’m the only one working it and I use maturity models for measuring appsec programs.
I grab a task from the backlog and move it to in progress. Then if I’m waiting on something from another team it goes in holding, otherwise it’s moved to done. Simple, which is how I like it.
Engineering has a lot of the work coming in from service desk requests, to projects, to random stuff that pops up. We follow the same flow. I expect people to have multiple things in progress regularly. We’ve integrated our kanban board with our ticketing system. When a ticket is put in our queue in the ticketing system it creates a ticket in the to do list. I or the team lead reviews it and if it needs to be worked by us we move it to the top of the priority list.
Tickets are in priority order in the To Do column. When new tickets are created I move them into the area I want them worked based on priority. The engineers once complete with a task will grab a new one from the top of the queue. They work it move it holding or done. Then they point the ticket for effort level. This is where I’m able to get monthly reports on how much work we’ve gotten done. Again, a future post to go more in-depth.
The pentesters are the opposite of the engineers. They usually only have one or two tasks. We point tickets before they are worked, because we can plan out their work more and funnel the pentest requests that come in. When you point doesn’t really matter. As long as you do it one way or the other. Either before or after. If you mix them it doesn’t provide a good reflection of effort level.
Metrics and effort.
AbsolutVision
These are the stories we talked about in 2019
This came out from Gizmodo in early 2019. This was a ruling in California that stated that the coppers can’t compel you to use finger prints or facial recognition (yay new iPhone “security”) to unlock your phone.
The largest conference in the south east, DerbyCon, decided to call it after nine years. The organizers cited a growing amount of drama and bullshit behind the scenes as the reason for calling it quits. What started as something around friends and community has devolved into a tiring and stressful exercise in planning the event. I get it and I don’t blame the organizers for calling it quits. What did come out of the final year was an announcement on communities. Which is similar to a CitySec type of meetup.
Upgrade soon. 2019 was the last full year of Windows 7 support. It stops January 14, 2020. That’s about a week away.
Another year; another set of named vulnerabilities. ZombieLoad is, “not something that will haunt us and it’s also not a meltdown…rather something that you suddenly discover maybe in a cellar, maybe some loads rising from the graves.” Hence the name.
A former Amazon employee stole more than 100 million consumer applications for credit from Capital One. The breach occurred because of a misconfiguration in the Web Application Firewall being used on AWS.
It was discovered that Google Cloud had a project with Ascension to process tens of millions of patient records. This making us one step closer to the dystopian future of companies replacing countries as far as our allegiances.
This was on the user not Disney+. It appears people were able to get into other people’s Disney+ accounts by using the same credentials that were compromised on another site. Like say…Netflix.
As we look forward to 2020 we hope that ColaSec can continue to grow its membership and provide value to the local information security community. We had solid attendance for each meetup and hope that we can continue that trend. Many thanks to each and every person that attended a meetup and spread the word about ColaSec. ColaSec would not be possible without the participation from the community.
As always, we welcome any feedback on how we can better serve the community and provide valuable content. If you have a suggestion, would like to present at ColaSec in 2020, or would like to see a presentation about something please reach out to us at: columbiainfosec@gmail.com
We have to do more with less. According to the 2019 ISC2 Cyber Security Workforce Study we will need an additional four million trained workers to close the skill gap in security. Four freaking million. That’s a lot of people. That’s a lot of money. Good luck getting funding for that at your organization. I propose that we could look at how we’re doing work and see if we can do it better.
Prior to discovering agile, I use Outlook for all my tracking. Oh, and a whiteboard. I used different symbols in front of task to prioritize work in my Outlook task list. The whiteboard had a variety of colors depending on task and prioritization. It wasn’t good. It was very frustrating to follow and I often forgot where I was with the task. Especially, when I came in the next day.
I needed a better system.
I moved to Nashville in 2016 to sit with a development group as their security liaison. I would bring concerns to the security team and vice versa. My first order of business was to understand the development team. Their goals; their frustrations; their process. One of the first groups I partnered with were the scrum masters. They oversaw the whole development process. I researched and studied agile.
Some of what I learned I didn’t agree with. I found their manifesto contradictory and I their rules often seemed a bit heavy for titling the process agile. Like whiskey or craft beer, though, there are many flavors of agile. No one really does true agile, they just do some form of it. I eventually landed on kanban.
It started with Toyota in the late 1940s. It was used to optimize the manufacturing of cars. In it’s simpliest form it has three columns for work to move through: To Do; In Progress; and Done. You have a bucket of, “To Do” prioritized for workers to grab and do from the top. They pull it into the, “In Progress” column and work that item until it’s, “Done.” I like simple and practical things and kanban fits that bill.
This works great for developers who have specific tasks that need to be accomplished before the next one. I’ve found it’s also great for pentesters, because that work can be planned out a little more. It’s not so great for blue team work. My security engineers often have several things in progress at once and can’t have only one task in progress at a time. Just today my work day was interrupted by two new tasks that took priority over everything else. I created two new tickets and put them in progress with my other eight tasks in the column.
I like reading short blog posts, so I plan to keep blog posts short. The next blog post will include the setups I have for my three different teams. Each one has a little different setup from the other.
Social Engineering 101: Scam School presented by Ralph Collum
Ralph Collum is an information security professional with over 13 years' experience. He currently holds many different industry certifications in security. Mr. Collum specializes in Information Security Training and Consulting for Training Concepts and Rapid Defense Institute with a focus on information assurance and infrastructure management.
Do you know what is the biggest security vulnerability within your organization today, people? Because of that, social engineering is one of the biggest security challenges facing organizations today. In this presentation you will learn about the latest threats, solutions, and how to defend against the threat of human hacking.
Unfortunately Google decided to end support for Hangouts Live Events. The video for this recap is cut short because of technical difficulties.
Detectors as Code Building Better Detectors presented by David Burkett.
David Burkett is the Threat Intelligence Manager at Soteria a Security Solutions and Advisory company.
Detectors as Code is a practice of applying traditional DevOps practices to the detector logic used by an organizations security tools.
