- Let's work on OSCP and pentesting skills with Vulnhub images
• What we'll do Follow thru some writeups of solving OSCP like images (Kioptrix) per https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms.html • What to bring Laptop with VMWARE (some problems with virtualbox were reported on some sites) Download the VMs per the links above beforehand! • Important to know We're charging $7.50 just to cover some food costs.
- [Social] Let's go AFK - on a hike!
In coordination with some other InfoSec folks, we're planning a local hike just to get some sun and socialize. Bring water, a snack, some sunscreen and some comfortable shoes. If it rains heavily, event is cancelled. Oh, also, bring $5 or $10 for parking fee. See https://www.mass.gov/locations/purgatory-chasm-state-reservation
- Coin wallet /Blockchain & Crypto wallet Security Primer
CIC Boston - 5th floor, Meridian Conference Room$5.00
• What we'll do We're going to be exploring some of the practical aspects of cryptocurrency and blockchains. 1st up - we'll be looking at the pros and cons of some popular wallets and discussing the differences between software, hardware. and paper wallets. • What to bring OPTIONAL: Bring your hardware wallet! • Important to know We're charging $5 just to cover some food costs.
- CTF opportunity - 2017 SANS Holiday Hack Challenge w/ Ori!
CIC Boston - 5th floor, Meridian Conference Room$5.00
• What we'll do: Did you find yourself out of time to try the SANS 2017 Holiday Hack Challenge? Wasn't sure where to start? Bring your laptop, signup at the URL below and get some advice from Ori Zigindere on how he worked through some of the challenges. Can't make the meetup? Then read thru https://duo.com/blog/sans-holiday-hack-2017-writeup when you have time (but its more fun when we try things together)! • What to bring: Laptop, curiousity, and a smile • Important to know: Sign up before the meetup at https://holidayhackchallenge.com/2017/ We're charging $5 to just to cover some food costs!
- Malware Lab Setup Writeup Review & Dry Run
We're planning on reviewing the Malware Analysis writeups and doing a quick dry run. This is a planning event to try the Malware Analysis instructions before our October Full Day Hackathon. Come help plan our Malware Analysis Full Day Lab - coming in October!
- Presos on OSCP experience & research into Malware Labs/IoT hacking
Part1: One of our members will provide their experience on attempting to take the OSCP. Part 2: Some members will dive into their research into what we plan on working on in the next few meetups: - Malware Analysis - setting up a lab (safely), how to get samples (safely), and how to analyze (did we mention safely?) - IoT hacking - looking at various devices we can tackle as a group & document our findings We're trying to ensure that Cyber Study Group focuses on real world skills, in a supportive community setup, where we all learn together!
- OSCP? CEH? Reverse Engineering? Pentesting sessions? Planning session!
Come help plan the next few sessions. Folks have expressed interest in building skills toward: Exploitation Post-Exploitation Scripting Reverse Engineering Pentesting Networks Pentesting Websites To that end, bring your ideas on resources for us to focus on. Here is a preliminary list of sources to get you started in thinking of what we should all work on next! FREE OR LOW COST SOURCE https://www.youtube.com/watch?v=blAxTfcW9VU https://www.offensive-security.com/metasploit-unleashed/ https://www.udemy.com/ethical-hacker/ https://www.vulnhub.com/ http://opensecuritytraining.info/ https://ringzer0team.com/challenges http://www.securitytube.net/video/2556 https://securedorg.github.io/RE101/ CLOSED SOURCE https://www.cybrary.it/course/advanced-penetration-testing/# http://www.pentesteracademy.com/ (http://www.pentesteracademy.com/members) http://chrissanders.org/training/ BOOKS http://carnal0wnage.attackresearch.com/2015/05/answers-on-how-to-get-started-in.html https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442/ref=pd_sim_14_1?_encoding=UTF8&pd_rd_i=0124116442&pd_rd_r=007FR667ZMSENJBMR1JA&pd_rd_w=LYkia&pd_rd_wg=zF89d&psc=1&refRID=007FR667ZMSENJBMR1JA https://www.corelan.be/index.php/2015/10/13/how-to-become-a-pentester/ https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441 https://www.amazon.com/Metasploit-Penetration-Testers-David-Kennedy/dp/159327288X https://www.amazon.com/Kali-Linux-Penetration-Testing-Cookbook/dp/178439291X https://www.amazon.com/Network-Forensics-Tracking-Hackers-Cyberspace/dp/0132564718/ref=sr_1_1?ie=UTF8&qid=1486090128&sr=8-1&keywords=network+forensics https://www.amazon.com/Kali-Linux-Revealed-Penetration-Distribution/dp/0997615605/ref=sr_1_1?s=books&ie=UTF8&qid=1500496878&sr=1-1&keywords=kali OTHER IDEAS https://room362.com/start/ http://www.dafthack.com/blog/pentestingwithbacktrackoscpreview The $5 is just to cover basic costs of running the meetup. This gets expensive without help!
- AWS Cert Study Session #2
Study session #2 towards the AWS Certified Solutions Architect - Associate exam. On a minimum level come learn a little about AWS, which will be helpful towards building labs for other work down the line. Exam details: https://aws.amazon.com/certification/certified-solutions-architect-associate/ If you want to prepare to take the certification, buy or borrow or otherwise obtain this book and read Chapters 5 - 8: https://www.amazon.com/Certified-Solutions-Architect-Official-Study/dp/1119138558/ref=sr_1_1?ie=UTF8&qid=1490061151&sr=8-1&keywords=aws+solution+architect+book Sign up for a free account and start poking around AWS! https://aws.amazon.com/s/dm/optimization/server-side-test/free-tier/free_np/
- Mock Incident Response Tabletop Workshop
Hi Folks, Let's meet and run through a mock table top exercise together where we pretend we're a company, assign roles and on paper, and map out what might happen if our mock company were hit with ransomware. How would you respond? Who would be notified? How? How would you go thru responding to customers and media requests? What roles have what responsibility? Let's work through a mock exercise together!