5.22.2019 Google Plaintext Passwords

News came out yesterday, May 21, that Google had stored passwords in plaintext.

DC919 received an email notification that 2 users had a password stored in plaintext.  “Google Planned Action: for your security, starting tomorrow Wednesday May 22, 2019 PT we will force a password change unless it has already been changed prior to that time.”

Admin checked the 2 users, they had only basic email access and Last Sign In: “Hasn’t signed in”  The passwords stored were Google’s own auto-generated passwords.  Previous to today, admin had the option to view the auto-generated password for a user after reset.  Today, this is no longer an option.  DC919 always forced the user to change their password on first login.  The 2 users have been suspended and the group members the accounts belonged to have been contacted.

Threat Hunting – May 19 2019

Def Con 919 Presents – Threat Hunting

https://www.meetup.com/DefCon919/events/254915320/

When:
Sunday, May 19, 2 PM

ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.  There are no memberships, dues, or fees.  If you want to contribute to the group, please volunteer your time and experience or you can donate $ via the paypal button at the bottom of the page.

This session is going to be longer than normal to get through all the content. Also if you already have an idea of what threat hunting is, you can skip the first hour and just attend the hands on lab.  Details to download the lab will be posted later.

2:00 – 3:00 Intro to Threat Hunting presentation
3:00 – 6:00 Hands on threat hunting lab
6:00 – 8:00 Open discussion at Raleigh Times Bar

 

Where:

 

Lightning Talks – April 14 2019

Lightning Talks!!

Sunday, Apr 14, 2019, 4:00 PM

34 Ethical Hackers Went

Check out this Meetup →

Prefetch Files: Program Execution by: Mr Forensics

Agenda:
ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.

Planning for upcoming conference shenanigans and doing lightning talks on tips for conference talks or whatever other topics come up.

• 4 PM Lightning Talks at Durham County Library – South Regional Library 4505 S Alston Ave, Durham, NC 27713
• 6 PM Open Discussion at Bralie’s Sports Bar 1725 Carpenter Fletcher Rd, Durham, NC 27713

Where:

CACKALACKY CON – MAY 31 – JUNE 2

CackalackyCon will take place May 31 – June 2, 2019 at The Sheraton Chapel Hill.

Tickets are available online now for $40, you can also buy a ticket for a student.

Tickets will also be available at the door for $50.  Show your student ID at the door for a student ticket while supplies last.

Many DC919 members will be in attendance supporting the community by volunteering for villages, giving presentations, showing off side projects, or simply attending.  Be sure to let the group or Bace16 know if there’s anything you want to do or get help with for the con.

Keep an eye on the official CackalackyCon website or Twitter for more details as they announced.

SIEM – February 10 2019

Def Con 919 Presents – Firewalls

Network Security – SIEM

Sunday, Feb 10, 2019, 4:00 PM

22 Ethical Hackers Attending

Check out this Meetup →

When:
Sunday, February 10, 4 PM

ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.

Network Security – SIEM
DC919 will be hosting an introduction class on network security including SIEM. It will give you an overview of how to secure a network and some hands on with a few tools to get started.

This class is open to anyone that would like to participate or observe. Additional details will be provided later for the requirements to participate.

Agenda:
• 4:00 Network Security – SIEM at Durham County Library – South Regional Library 4505 S Alston Ave, Durham, NC 27713
• 5:30 Clean up the library room
• 6:00 Open Discussion at Bralie’s Sports Bar 1725 Carpenter Fletcher Rd, Durham, NC 27713

Where:

Reverse Engineering – January 13 2019

Def Con 919 Presents – Reverse Engineering

Reverse Engineering

Sunday, Jan 13, 2019, 3:00 PM

17 Ethical Hackers Attending

Check out this Meetup →


When:
Sunday, January 13, 3 PM
We’re starting earlier to get through more material.

ALL levels of experience are welcome! It helps to have some knowledge of a high-level programming language like C, Python, or Java, but we’ll cover the basics if necessary. You do not have to be a “hacker” to attend.

Software reverse engineering is an incredibly valuable skill to have in your arsenal. From CTF competitions to vulnerability discovery, analysis, and exploitation, it’s often necessary to delve into the low-level inner workings of a software sample to get the job done. Knowing how software operates at a low level will also make you a better developer!

Software RE can be a daunting discipline to pick up for even experienced software and security professionals, simply due to the intimidating breadth of knowledge that can be required just to get started. This workshop aims to outline your foray into RE and focus on the foundational skills needed to learn quickly and be successful. We may even solve some crackmes! You didn’t think you’d get out of this without some hands-on practice, did you?

The examples in this workshop will require a 64-bit Intel Linux system (virtual, Windows with WSL, or native) to run. There is also a Docker image at 3pidemix/reveng with the necessary environment configured to run the examples. Labs and setup instructions can be found here: https://goo.gl/tcyZ3a Please review them prior to the workshop if you plan to participate in the hands-on labs.

Agenda:
3:00 Intro and announcements
3:10 Reverse Engineering Presentation
5:30 Clean-up the room
6:00 Drinking at Carolina Ale House

Main Meeting at 3 PM:

Bar Meeting at 6 PM:

Firewalls and IPS/IDS – March 10 2019

Def Con 919 Presents – Firewalls

Network Security – Firewalls and IPS/IDS

Sunday, Mar 10, 2019, 4:00 PM

58 Ethical Hackers Went

Check out this Meetup →

As requested, here are the slides from this event:

Bace16’s presentation on Firewalls/VPN

Wavelength’s presentation on IDPS/Security Onion

When:
Sunday, March 10, 4 PM

ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.

Network Security – Firewalls and IPS/IDS
DC919 will be hosting an introduction class on network security including Firewalls and IPS/IDS. It will give you an overview of how to secure a network and some hands on with a few tools to get started.

This class is open to anyone that would like to participate or observe. Additional details will be provided later for the requirements to participate. We will be using the latest version of Security Onion: https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Agenda:
• 4:00 Network Security and Firewalls at Durham County Library – South Regional Library 4505 S Alston Ave, Durham, NC 27713
• 5:30 Clean up the library room
• 6:00 Open Discussion at Bralie’s Sports Bar 1725 Carpenter Fletcher Rd, Durham, NC 27713

Where:

December 16 2018 – Social and Swag Swap

Def Con 919 Presents – Social and Swap

Holiday Social and T-Shirt Swap

Sunday, Dec 9, 2018, 4:00 PM

25 Ethical Hackers Attending

Check out this Meetup →


When:
Sunday, December 16th, 4 PM

Bring your unwanted conference T-shirt, socks, and other swag to give away and pick up something you like.

BSides RDU 2018 T-Shirts will be available.
BSides Raleigh 2017 and 2015 T-Shirts – Very limited sizes and supply.

Anything unclaimed at the end will go to the Durham Rescue Mission.

Meeting at The Cave
It’s in the small alley way next to Carolina Brewery down the flight of narrow stairs.
We’ll be meeting in the back room.

Parking at P1
Most nearby lots say permits are only enforced on weekdays, but some are 24/7.

10.15.18 Blog

It was an exciting weekend for DC919 and other local cyber security enthusiasts alike.

On Friday and Saturday night we crammed ourselves into Basement Con ’18 where we worked hard to help prepare for the upcoming BSides RDU. It was great to see everyone working this weekend towards making our security community even more awesome.

That event is happening this Friday, October 19th, at the Carolina theatre in Durham, NC. For more information check out https://bsidesrdu.org/, registration is free, and it will surely be a great time.

 

We extended our enthusiasm for security into Sunday at the DC919 Digital Forensics and Incident Response class. The presenter was Michael Solomon who did a fantastic job leading the groups largest meetup to date. For this presentation the prerequisites included making sure you had two virtual machines packed with the tools necessary to work through the objectives. One virtual machine had SIFT Workstation which is a “group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings” according to the SANS website that hosts the download. The other virtual machine was to be windows 7 or higher and would need several items installed on it, including FTK Imager, AutoRuns, EDD, PE Studio, and more.

The 3 main topics intended to be covered were Host based Forensic Acquisition, Malware Persistence and Timeline Analysis. Due to the time constraints we were only able to cover the first two, but Michael did a great job of making the slides available to continue, and to offer his time for those that wished to continue or had further questions. We covered a lot of topics in this class, including chain of custody, avoiding evidence corruption, file system layers, windows timestamps, evidence acquisition, encryption, the registry, malware traits, persistent locations, and how to use the tools.

After going through the foundational concepts, we progressed to the hands-on portion of the presentation, and I must say, it was thrilling! After exploring and using the tools, we ultimately were able to analyze a malware sample using autoruns and PE studio. This was awesome!

As normal, we extended into social hour at the local ‘dive’, Bralies, where we spent more time socializing and discussing current events in security and around our community.

 

There are several cyber security events happening soon that some of the DC919 members will be involved with. As noted earlier in this article, BSides RDU is coming up THIS Friday at the Carolina Theatre. It’s free to register, so we hope to see you there. https://bsidesrdu.org/

On Friday October 26th, the Raleigh ISSA is holding Triangle InfoSeCon. DC919 will have a booth there so make sure to stop by and see us! https://www.triangleinfosecon.com

Also, ntropy-unc is still hosting meetings on Mondays at UNC between 8 and 9pm. For more information check out their website https://ntropy-unc.github.io/

Finally, the next DC919 meeting is also going to be awesome! Our lovely Ms. Mouse will be presenting a Capture the Flag instructional demonstration on November 11th. Feel free to RSVP on the meetup page. See ya there! https://www.meetup.com/DefCon919/events/254887427/

 

November 11 – Capture The Flag

Def Con 919 Presents – November Meeting – Capture The Flag

Capture The Flag (CTF)

Sunday, Nov 11, 2018, 4:00 PM

47 Ethical Hackers Attending

Check out this Meetup →


ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.

MsMouse setup a CTF environment and steps us through the basics of how to play a CTF. Additional details and laptop setup recommendations to be posted later.

When:
Sunday, November 11, 4 PM

Agenda:

• 4 PM Capture the Flag Introduction at Department of Computer Science Sitterson 011, UNC Chapel Hill. Parking is usually available in Venable lot
• 6 PM Open Discussion at The Cave

Where:
Department of Computer Science, UNC Chapel Hill
201 South Columbia Street, Chapel Hill, NC

Park in the Venable Lot at 101 South Rd, Chapel Hill, NC 27514
Computer Science Building is up the stairs