It was an exciting weekend for DC919 and other local cyber security enthusiasts alike.
On Friday and Saturday night we crammed ourselves into Basement Con ’18 where we worked hard to help prepare for the upcoming BSides RDU. It was great to see everyone working this weekend towards making our security community even more awesome.
That event is happening this Friday, October 19th, at the Carolina theatre in Durham, NC. For more information check out https://bsidesrdu.org/, registration is free, and it will surely be a great time.
We extended our enthusiasm for security into Sunday at the DC919 Digital Forensics and Incident Response class. The presenter was Michael Solomon who did a fantastic job leading the groups largest meetup to date. For this presentation the prerequisites included making sure you had two virtual machines packed with the tools necessary to work through the objectives. One virtual machine had SIFT Workstation which is a “group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings” according to the SANS website that hosts the download. The other virtual machine was to be windows 7 or higher and would need several items installed on it, including FTK Imager, AutoRuns, EDD, PE Studio, and more.
The 3 main topics intended to be covered were Host based Forensic Acquisition, Malware Persistence and Timeline Analysis. Due to the time constraints we were only able to cover the first two, but Michael did a great job of making the slides available to continue, and to offer his time for those that wished to continue or had further questions. We covered a lot of topics in this class, including chain of custody, avoiding evidence corruption, file system layers, windows timestamps, evidence acquisition, encryption, the registry, malware traits, persistent locations, and how to use the tools.
After going through the foundational concepts, we progressed to the hands-on portion of the presentation, and I must say, it was thrilling! After exploring and using the tools, we ultimately were able to analyze a malware sample using autoruns and PE studio. This was awesome!
As normal, we extended into social hour at the local ‘dive’, Bralies, where we spent more time socializing and discussing current events in security and around our community.
There are several cyber security events happening soon that some of the DC919 members will be involved with. As noted earlier in this article, BSides RDU is coming up THIS Friday at the Carolina Theatre. It’s free to register, so we hope to see you there. https://bsidesrdu.org/
On Friday October 26th, the Raleigh ISSA is holding Triangle InfoSeCon. DC919 will have a booth there so make sure to stop by and see us! https://www.triangleinfosecon.com
Also, ntropy-unc is still hosting meetings on Mondays at UNC between 8 and 9pm. For more information check out their website https://ntropy-unc.github.io/
Finally, the next DC919 meeting is also going to be awesome! Our lovely Ms. Mouse will be presenting a Capture the Flag instructional demonstration on November 11th. Feel free to RSVP on the meetup page. See ya there! https://www.meetup.com/DefCon919/events/254887427/