The Charlotte ISSA chapter is committed to providing the Information Security professionals of Charlotte opportunities to grow both technically and professionally through training, meetings and summits.
OSINT for InfoSec: Red Team Recon, Threat
When: Thursday, Sep 27, 2018, 9:00 AM – Friday, Sep 28, 2018, 5:00 PM EDT
Where: TEKSystems 200 S College St Charlotte, Suite #1200, Charlotte, NC 28202
Cost: $200 for Active Members. $350 for Non-Members.
OSINT is amazing and scary! What can be found on the internet astounds me on a daily basis.
Just getting started in the field? This class is perfect for you. Being good at computers is simply knowing how to find an answer on the internet. Learn how to craft better search queries and expertly find answers to strange problems.
But I’m an expert blue teamer, how will OSINT help me? Every blue team should be doing OSINT against their organization to know exactly what their attack surface looks like. It’s surprising just what systems you can find on the public internet or what kind of information your employees are leaking on social media.
Red teamer? Perfect. Use OSINT during your recon phase to find the extra boxes your target forgot about (seriously though, passwords.client.com...) for an easy way in. Perhaps you need to dive deep on an individual to craft the perfect social engineering pre-text.
The main goal of this class is for each student to walk away with a basic understanding of OSINT topics critical to any InfoSec Pro. At the end of two days, you will be able to come up with your own creative ways of using OSINT to hunt for and gather detailed information about a target.
Day 1: Introducing OSINT
Creating Your OSINT Research Environment
Persona Creation / Management
Automating OSINT Collection
Existing Automation Tools
APIs / Scripting
Multiple Search Engines
Google customized search engines
Other Social Networks
All the Webs and Nets
Dark / Deep / Dirty
Day 2: Let's Go Hunting
Open source IOC sources
Hunting for Attribution (Russia, of course)
Hunting Domains / IPs
DNS and Whois
General Company Info
Determining a Company's Online Footprint
People Search Engines
Other Public Data
Students will need to bring their own laptops with the following requirements:
You must have admin rights on all of your systems in order to install/remove software, disable antivirus/firewall, etc.
VMWare Workstation/Fusion/Player or VirtualBox is highly recommended.
Laptops need a reasonable amount of processing power and RAM (4GB of RAM recommended minimum)
About the Instructor
Justin has worked in cyber security for 14 years in various engineering, architecture, and research roles. His day job involves using OSINT techniques to hunt bad guys on the internet. He is currently the Galactic Viceroy of Clicking & Scrolling and occasionally has a global thought. He created and maintains the OSINT Framework (http://osintframework.com) to help others find good free OSINT resources and tools to aid their investigations.
If you have any questions about the class content, please reach out to the teacher on twitter @jnordine
Annual Charlotte-Metro ISSA Summit 2018 Recap
The Charlotte Metro Information Systems Security Association (ISSA) is pleased to announce the ISSA Information Security Conference to be held on May 10th 2018 at the Charlotte Convention Center. This day-long event is designed to provide a forum in which industry leaders, policy makers, and regional peers can share information regarding emerging technologies, trends, and best practices within Information Security and related fields. The Conference features a full day of talks and presentations as well as educational opportunities with hands-on workshops, demonstrations of new technology, peer networking, and the opportunity to exchange the latest security information, strategies and techniques. A number of nationally acclaimed information security experts and media personalities are slated to deliver keynote addresses in addition to an array of technical presentations in areas such as: Audit / Compliance, Vulnerability / Risk Management, OS Security, Identity and Access management, Hands-on Attacks, Forensics / Incident Response, and Future Challenges.
Aaron Bedra is the Chief Scientist of Jemurai, where he works at the intersection of software, security, and business. He has served as a Chief Security Officer, Chief Technology Officer, and Principal Engineer/Architect. He has worked professionally on programming languages, most notably Clojure and ClojureScript. Aaron is the creator of Repsheet, an open source threat intelligence toolkit. He is the co-author of Programming Clojure, 2nd and 3rd Edition and a contributor to Functional Programming: A PragPub Anthology.
Carlos Perez is the Team Lead for Research at TrustedSec. He has won the Microsoft MVP award several years for his work on PowerShell and Enterprise Security. He is mostly known for his contributions to the Metasploit Framework and co-host in the Security Weekly podcast.
Jack Jones has worked in technology for over thirty years, and information security for over twenty-five years. He has ten years of experience as a CISO with three different companies, including five years at a Fortune 100 financial services company. His work there was recognized in 2006 when he received the ISSA Excellence in the Field of Security Practices award at that year’s RSA conference. In 2007, he was selected as a finalist for the Information Security Executive of the Year, Central United States, and in 2012 was honored with the CSO Compass award for leadership in risk management. Jack is an active member in ISACA, serving on the task force that created the RiskIT framework and playing a lead role in developing the CRISC certification. He is also the creator of the “Factor Analysis of Information Risk” (FAIR) framework adopted by the Open Group as an international standard. Currently, he is the EVP Research and Development of RiskLens, Inc., and is Chairman of the FAIR Institute, a non-profit organization dedicated to evolving risk management practices. He has also co-authored a book on FAIR entitled “Measuring and Managing Information Risk, a FAIR Approach” which was inducted into the Cyber Security Canon in 2016.
Dr. Galina Datskovsky, CRM, FAI and serial entrepreneur is an internationally recognized privacy, compliance and security expert. Galina is currently the CEO of Vaporstream®, a position where she applies her knowledge and strategic guidance in building businesses, product development, governance policies, as well as cyber security. Prior to Vaporstream, Galina served as CEO of Covertix, North America; Senior Vice President of Information Governance at Autonomy/HP; and as General Manager of the Information Governance Business Unit and Senior Vice President of Architecture while at CA. She joined CA in 2006 with the acquisition of MDY Group International, where she was the founder and CEO. In addition, Galina currently sits on the advisory board of the Executive Woman’s Forum and is part of the Voice Privacy Alliance. She is a champion of the entrepreneurial spirit as she has served on the board of multiple startups, assisting with strategy and continues to support the startup community. Galina served as Chair, President, President Elect and Director of ARMA International (2007-2013) and has been widely published in academic journals, speaking frequently for industry organizations such as AIIM, ARMA SINET, EWF, ILTA, IQPC and MER. Throughout Galina’s career she has been the recipient of numerous awards. Most notably she was designated a Distinguished Engineer while at CA (2006-10), was the recipient of the prestigious Emmet Leahy award (2013) and was named a Fellow of ARMA International (2014). Prior to founding MDY, Galina consulted for IBM and Bell Labs and taught at the Fordham University Graduate School of Business and the Graduate School of Arts and Sciences at Columbia University. She earned her doctoral, master’s and bachelor’s degrees in Computer Science from Columbia University.
Evil Mainframe Penetration Testing Recap
Instructors: Philip Young - Soldier of FORTRAN - @mainframed767 & Chad Rikansrud - Big Endian Smalls - @bigendiansmalls
Have you ever been mid pentest with mainframe credentials and thought ‘now what?’ Or were you ever asked to do a mainframe pentest and didn’t even know where to start? Maybe you’re a sysprog and think your systems are impenetrable. No matter your background this course is for you!
This course provides training on mainframe penetration testing using the most recent and up to date attack vectors. Walking through techniques for gaining system access, performing end-to-end penetration tests, and teaching you to ‘own’ the mainframe.
After a quick overview of how z/OS works and how to translate from Windows/Linux to “z/OS” the instructors will lead students through multiple real world scenarios and labs against a real live target mainframe brought on site for the training. The areas explored in this course include VTAM, CICS, TSO, Unix and Web. Students will be given access to this mainframe environment for the duration of the course where they will learn to navigate the operating system, learn some of the misconfiguration targets and privilege escalation techniques. They will get introduced to the open source tools and libraries available for all the steps of a penetration test including Nmap, python, kali, and metasploit as well as being able to write their own tools on the mainframe using REXX, JCL, C and CLISTs.
The majority of the course will be spent performing instructor led hands on mainframe testing with tools provided by the instructors. Goals for each segment will be laid out with appropriate time afforded to students to allow them the ability to gain a deep understanding of how a mainframe pentest could and should be performed. Exercises will be based on real world attack scenarios.
While this class is outlined as a beginner class to mainframe hacking the attendee should have knowledge of IT security, penetration testing and very basic Python.
Students must bring their own laptop to class. This device should be capable of running VMware player/Fusion or Virtualbox. A virtual machine image will be provided prior to class.
If students wish to build their own here’s the required software:
Linux (Ubuntu, CentOS, Arch)
Nmap – current SVN version
Metasploit – Current nightly
X3270 Compiled from source
BIRP - with x3270 patches installed
Git client (to install tools discussed in the class, the virtual image has these tools pre-installed)