What we're about

South Bay WASP - Web Application Security Pen-Testers. Gain career changing experience with hands-on web application exploitation and network penetration testing training.

South Bay WASP is a laboratory meetup similar to lab portions of technical classes at a community college or technical school. A laptop computer is required. See the meetup description for required software which may have some additions depending upon the week's topic.

For people who are new, the CompTIA Security+/A+ certifications are a recommended starting point. Computer Information Systems and Computer Science courses from a community college are useful.

The next level of certification for penetration testers is the ECCouncil Certified Ethical Hacker. For a more administrative certification look up CISSP from (ISC)².

For advanced certification look up OSCP from Offensive Security.

There are numerous other certification programs available.

Technical topics for this group are maintained at: https://pentest-meetup.marengosystems.org/

Upcoming events (5+)

2018 SANS Holiday Hack Challenge

Bobaloca Manhattan Beach

The 2018 SANS Holiday Hack Challenge (https://holidayhackchallenge.com/2018/) was a hot topic for the SWBASP Slack Channel: "Greetings, holiday travelers! Welcome to the North Pole for KringleCon, the first-ever cyber security conference hosted by Santa and his elves." With SANS prizes the competition was intense for Holiday Hackers. Attend this meetup for all the trials and tricks of this contest. • What we'll do General lab requirements: Reconnaissance Tools: In your browser install extensions 1)IP Address and Domain Information; 2)Wappalyzer; 3)Cookie Manager; 4)Tamper Data. Install nmap (Zenmap) on your desktop (https://nmap.org/download.html). Monitoring: Install Wireshark on your desktop(https://www.wireshark.org/download.html). Virtual Machine: Install VMware Player (https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/15_0). Mac OS X use Oracle Virtual Box (https://www.virtualbox.org/wiki/Downloads). Kali: Download a Kali VM or ISO (https://www.kali.org/downloads/). Target: Download the OWASP Broken Web App (https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project).

Stack Overflows 101

Bobaloca Manhattan Beach

Binary exploitation, corrupting memory, stack overflows, and hijacking the CPU are the most common type of exploitation. n00bie mistakes made by programmers in C/C being the easiest. This presentation will cover the basic concepts and some simple exercises. Come Saturday 1/26 to learn the basics of stack overflows and buffer overflows. General lab requirements: Reconnaissance Tools: In your browser install extensions 1)IP Address and Domain Information; 2)Wappalyzer; 3)Cookie Manager; 4)Tamper Data. Install nmap (Zenmap) on your desktop (https://nmap.org/download.html). Monitoring: Install Wireshark on your desktop(https://www.wireshark.org/download.html). Virtual Machine: Install VMware Player (https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/15_0). Mac OS X use Oracle Virtual Box (https://www.virtualbox.org/wiki/Downloads). Kali: Download a Kali VM or ISO (https://www.kali.org/downloads/). Target: Download the OWASP Broken Web App (https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project).

Topic Not Assigned

Bobaloca Manhattan Beach

• What we'll do General lab requirements (update 10/18/17): Here are tools to help get you started in your Cyber-Security Career. There are many other tools both commercial and open-source, but this is an excellent place to begin: Essential: VMware Workstation Player: Download and install VMWare Player (free) 64bit and Kali 64bit. Download VMWare Player. https://my.vmware.com/web/vmware/downloads Kali Linux: Download a copy of Kali Linux. https://www.kali.org/downloads/ Wireshark: Install Wireshark on you laptop. https://www.wireshark.org/download.html Zenmap(Nmap): Install Zenmap on your laptop: https://nmap.org/zenmap/ Useful. Check if required for this lab above. OWASP Broken Web App Download the OWASP “Broken WepApp.” Go to https://sourceforge.net/projects/owaspbwa/files/ and download OWASP_Broken_Web_Apps_VM_1.2.7z. Optional. Check if required for this lab above: 7) Create a Windows 10 VMWare Installation. Download a Windows 10 64k home/pro ISO from https://www.microsoft.com/en-us/software-download/windows10. Browser Extensions: Here are some useful extensions. NOTE that Mozilla is changing the developer API in Version 57 so "Legacy" extensions will no longer work. Some will still work in Chrome. There are many useful extensions in addition to these. This list is simply meant to get you started. IP Address and Domain Information Wappalyzer Web Developer* WIFI Finder* *Mozilla Legacy • What to bring • Important to know

Topic Not Assigned

Bobaloca Manhattan Beach

• What we'll do General lab requirements (update 10/18/17): Here are tools to help get you started in your Cyber-Security Career. There are many other tools both commercial and open-source, but this is an excellent place to begin: Essential: VMware Workstation Player: Download and install VMWare Player (free) 64bit and Kali 64bit. Download VMWare Player. https://my.vmware.com/web/vmware/downloads Kali Linux: Download a copy of Kali Linux. https://www.kali.org/downloads/ Wireshark: Install Wireshark on you laptop. https://www.wireshark.org/download.html Zenmap(Nmap): Install Zenmap on your laptop: https://nmap.org/zenmap/ Useful. Check if required for this lab above. OWASP Broken Web App Download the OWASP “Broken WepApp.” Go to https://sourceforge.net/projects/owaspbwa/files/ and download OWASP_Broken_Web_Apps_VM_1.2.7z. Optional. Check if required for this lab above: 7) Create a Windows 10 VMWare Installation. Download a Windows 10 64k home/pro ISO from https://www.microsoft.com/en-us/software-download/windows10. Browser Extensions: Here are some useful extensions. NOTE that Mozilla is changing the developer API in Version 57 so "Legacy" extensions will no longer work. Some will still work in Chrome. There are many useful extensions in addition to these. This list is simply meant to get you started. IP Address and Domain Information Wappalyzer Web Developer* WIFI Finder* *Mozilla Legacy • What to bring • Important to know

Past events (295)

Exploring the OSI Network Stack

Bobaloca Manhattan Beach

Photos (30)