• IBM and Blockchain Security

    Online event

    Our next meetup is official, and Anne Leslie from IBM is joining the party. She'll be giving us a talk about blockchain, so stay tuned for more information!

    Credits to our core member Faith for setting this up!

    Blockchain: From the Basics to Beyond the Hype
    This talk includes the following topics:
    - Where it all started with the cypherpunks and why that's important
    - How Blockchain has evolved and why context matters
    - Examples of projects
    - A look at an architectural blueprint and things to keep in mind
    - Insight on crypto markets and how not to get burned

    Speaker:
    Anne Leslie is a Senior Managing Consultant for Threat Management (SIOC) in the EMEA Centre of Competency (CoC). Prior to joining IBM Security, her career spanned the intersection of financial services, European regulatory policy, blockchain and IT in leadership roles in both sales and advisory. Bilingual in French and English, she holds an Executive MBA from HEC Business School in Paris and the CCSP in Cloud Security from (ISC)² in addition to multiple technical platform certifications. Today at IBM, her focus is on accompanying international enterprises in uplifting their IT/OT/IoT security operations to keep pace with a volatile business and threat landscape.

    6
  • WICCA & Chill

    Online event

    This is one of our events where we get together virtually with wine and beers and spend the time remembering the times we had physical meetups.
    We'd like to invite all who will attend to either talk about their cat, do a live cooking show, or share some inspiring stories with us. WICCA is not only a classroom, but it's also a community, and this meetup is to get together and just talk.
    Let's WICCA & Chill and have some fun together!

    PS: If you're not a member yet, this is the perfect occasion for you to get to know WICCA.

    1
  • Follow the Unicorn

    Online event

    The date is CONFIRMED!

    It is with immense pleasure that we announce that Amanda Rousseau, or Malware Unicorn on Twitter, has agreed to give the ladies of WICCA one of her 101 workshops.
    (This workshop is women-only)

    Before we can get started, there are two VMs to download. You can find them here: https://malwareunicorn.org/#/downloads
    You need both VMs, which may take up to 50GB of space.

    This is what this workshop is about:
    Provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques. Attendees will be introduced to RE terms and processes, followed by basic x86 assembly, and reviewing RE tools and malware techniques. It will conclude by attendees performing a hands-on malware analysis that consists of Triage, Static, and Dynamic analysis.

    Prerequisites: Basic understanding of programming C/C++, Python, or Java

    Provided: A virtual machine and tools will be provided. They must be downloaded in advanced.

    Features: 6 Sections in 3 hours:
    ~15 min Fundamentals
    ~15 min Tools/Techniques
    ~30 Set Up
    ~30 min Triage Static Analysis + Lab
    ~1hr min Dynamic Analysis + Lab

    EQUIPMENT NEEDS & SPECIAL REQUESTS:
    At least 8 GB of RAM
    At least 20 GB of storage
    Internet connection

    DETAILS:
    What you’ll do
    You will be setting up your own malware analysis environment. You will learn to install virtual machine software and set up networking.

    What you’ll learn
    Setting up a safe virtual malware analysis environment.
    Going over operating system and assembly concepts.
    Typical Attack Flow, Malware Classes, and Malware techniques.
    Disassembler, Debuggers, & Information Gathering.
    Narrow down specific information and indicators before moving on to deeper static and dynamic analysis.
    How to jump into code in static disassembly then rename and comment on interesting assembly routines that you will debug.
    Deeper analysis of the program to understand hidden functionality not understood statically.

    Find Amanda's website here: https://malwareunicorn.org/#/
    She has a ton of resources available, and even an online workshop already out there!

    Amanda is one of the top cybersecurity specialists in the world, so it is a great honour to have her share her knowledge with us.

    5
  • WICCA Holidays Edition

    Online event

    Great news! To conclude this challenging year, we're hosting our first WICCA Holidays Edition! For this occasion, we will do something special and ask our own members to do awesome presentations.

    The event is open to everyone.

    Presentations:

    Tactical SIEM 101 by Jaq Morrison
    101 on tactical SIEM, the SOC's swiss army knife. SIEM can be and is a complex topic with a lot of acronyms and buzz words. This presentation breaks down the consistent fundamentals that exist across different tactical SIEM deployments in a fun, digestable format.

    Cybersecurity Careers in the World of AI, Bigdata, Mobility and Social Media by Sarba Roy
    The threat landscape is constantly evolving along with the rapidly changing technical and business innovations. The rise of AI, BigData, Mobility and Social Media has given way to the need for the rise of the next generation of digital defenders who will be equipped to battle the on-going global Security pandemic and protect individuals and businesses. I will present the Cybersecurity career options, skills and pathway for anyone who wants to shine as a digital defender of the future.

    The Shallow End of Threat Hunting by Faith Opiyo
    This introductory talk explores the Why, What and How of Threat Hunting. It also covers some of the frameworks used and possible hunting tools.

    Speakers:

    Jaq Morrison
    Senior Cyber Defence Specialist at KPMG with 10+ years of experience in Cyber Defence.

    Sarba Roy
    Sarba Roy is an infosec professional, a passionate advocate for women’s empowerment, writer and mentor dedicated to helping individuals and organizations become more compassionate, curious and cybersmart.

    Faith Opiyo
    Faith Opiyo is a Threat Hunter at IBM. Previously, she held a couple of roles in Networking and Network Security.
    Her current role involves developing analytics to drive hunts and proactively searching for possible advanced or persistent threats that may have evaded automated security controls. She aims to raise the defensive posture of an organization by detering or stopping cyber threats before they can cause irrevocable damage.
    In her personal time, Faith is an active participant in the InfoSec Community by volunteering her time as an organizer for various security events and conferences, participating in CTFs or teaching Network Security.
    To unwind, Faith appreciates a good board game or puzzle, enjoys running, immersing herself in books, traveling and just doing nothing.

    2
  • Workshop WICCA & WoSec: Remote Code Execution

    Online event

    WoSEC Montreal (https://www.womenofsecurity.com/) is teaming up with WICCA for a Blue Team and Red Team virtual workshop on Remote Code Execution.

    This workshop requires some preparation, like installing a Kali Linux VM and making a tryhackme account! Here are all the steps you need to do:
    https://drive.google.com/file/d/1cAKHOXuymIUJYIuVyNSNF7vc78jIWS36/view?usp=sharing
    Please complete these steps before the workshop.

    The workshop is designed for beginners and is women-only.

    We will use WoSec's platform for the Meetup. More information coming soon.

    6
  • WICCA & McAfee: From the Underground to Autonomous Cars

    Online event

    WICCA is teaming up with the ladies of McAfee Advanced Threat Research and Advanced Programs Group teams for a special meetup!
    Three women from both these teams will be presenting their research to our community, and everyone is welcome to join.

    Talks:

    MuddyWater, the APT that targets the Middle East
    Covering Threat Intelligence from a nation state perspective, and going over some Muddywater examples that have encoding.

    Fooling Autonomous Cars with Model-Hacking
    Adversarial machine learning (AML) refers to exploiting underlying vulnerabilities present in intelligent systems by deliberately crafting malicious inputs at various stages of learning. Such inputs, often referred to as adversarial perturbations, result in compromised or misleading outcomes which may have dangerous effects. Although research in this field has been conducted since the past two decades atleast, AML gained immense attention when researchers demonstrated that deep learning based systems often have a blind spot which makes them easily fooled by imperceptible functions. The rise of Generative Adversarial Networks (GANs) played an important role in further pushing the barriers of research. We at McAfee leveraged such existent weaknesses in classifiers and applied it to autonomous cars that rely on AI to recognize and classify traffic signs. We developed physical adversarial stickers on a speed limit sign to cause a targeted misclassification of our custom classifier.

    How Chinese Cybercriminals Use Business Playbook to Revamp Underground
    This research centers on the emerging threats and trends from the Chinese cybercriminal underground and analyzes the current business models and techniques used by the Chinese cybercriminals. It also highlights drastic changes in operations of Chinese cybercriminals, including the tactics and strategies they are borrowing from Russian cybercriminals.

    Presenters:

    Jessica Saavedra-Morales – Analyst – Major Campaigns – Advanced Threat Research
    Jessica focuses on threat intelligence in the Middle East and Latin American region where she focuses on applying new techniques to tracking threat actors. With a degree in networking and a degree in information technology, Jessica has a background in the tech field for almost two decades. Being fluent in Spanish has steered her to Latin America where she worked with various businesses in the private sector, hunting IOCs and monitoring the threat landscape for any new variants. Jessica thrives on being detailed and thorough in all aspects of life, and is well aligned with McAfee’s mission and future.
    https://www.mcafee.com/blogs/author/jessica-saavedra-morales/

    Shivangee Trivedi
    Shivangee Trivedi is a machine learning researcher working at the cross roads of AI and security for McAfee’s Advanced Threat Research team. She has an active interest in adversarial machine learning, deep learning, computer vision and natural language processing. She obtained her Master’s degree in computer science with a focus on data science from the University of Texas at Dallas and has been with McAfee ATR since 2017. She has worked on sentiment analysis and various supervised classification problems pertaining to computer vision.
    https://www.mcafee.com/blogs/author/shivangee-trivedi/

    Anne An
    Anne An is a senior security researcher for McAfee Labs, where she performs in-depth research on advanced attacks, cybercriminal threats, geopolitical intelligence, risk analysis, as well as cyber campaigns and threat groups in the Asia-Pacific region. Prior to joining McAfee, An held a variety of research positions in advanced threat research and strategic threat intelligence, and delivered regular briefings to senior executives in the cybersecurity field.
    https://www.mcafee.com/blogs/author/anne-an/

  • Software Security Testing

    Online event

    And we're back!

    A few weeks ago, we were contacted by the r2c team (https://r2c.dev/) who would like to present for WICCA!

    The theme is Software Security Testing.

    Presentation:

    Detect complex code patterns using semantic grep

    Colleen Dai will discuss a program analysis tool r2c is developing called Semgrep (https://github.com/returntocorp/semgrep). It's a multilingual semantic tool for writing security and correctness queries on source code (for Python, Java, Go, C, and JS) with a simple “grep-like” interface. The original author, Yoann Padioleau, worked on Semgrep’s predecessor, Coccinelle (http://coccinelle.lip6.fr/), for Linux kernel refactoring, and later developed Semgrep while at Facebook. He is now fulltime with r2c.
    Semgrep is a free open-source program analysis toolkit that finds bugs using custom analysis and OSS code checks. Semgrep is ideal for security researchers, product security engineers, and developers who want to find complex code patterns without extensive knowledge of ASTs or advanced program analysis concepts.
    For example, find subprocess calls with shell=True in Python using the query:
    subprocess.open(..., shell=True)
    This will even find snippets like:
    import subprocess as s
    s.open(f'rm {args}', shell=True)
    Or find hardcoded credentials using the query:
    boto3.client(..., aws_secret_access_key=”...”, aws_access_key_id=”...” )

    Source code: https://github.com/returntocorp/semgrep
    Test in your browser: https://semgrep.dev/

    Speaker bio
    Colleen Dai is a security software engineer at r2c, a startup working on building static analysis tools that focus on precision and being custom-fit to the consumer. At r2c, Colleen has worked on the language parsing along with AST matching. She is also writing rules to find security vulnerabilities in open source code. Colleen recently received her B.S. in Computer Science and M.S. in Statistics from Stanford. She regularly enjoys Brazilian Jiujitsu, drawing, and trying (and failing) not to eat everything in her fridge.

    Agenda:

    18:00 - 18:30: call-in
    18:30 - 19:30: Detect complex code patterns using semantic grep
    19:30 - 19:45: Q&A / break
    19:45 - 20:45: Surprise!
    20:45 - 21:00: call-out

    1
  • Offensive Security 101 with Div0

    Online event

    Div0, the Singapore Cybersecurity Community https://www.div0.sg/ has asked WICCA to give our Offensive Security 101 training to Singapore's women in cybersecurity members. WICCA members are also welcome! The workshop will be on 2 days, 4 hours each day.

    The goal of the Offensive Security 101 training is to introduce security-enthusiastic ladies to ethical hacking and penetration testing. We will cover the basics of hacking, including an introduction to infrastructure and web applications, offensive security tools, and common vulnerabilities such as the OWASP top 10.

    The session will include plenty of hands-on exercises for attendees to get first-hand experience with how hackers commonly break into things. The target audience is beginners, preferably with some understanding of web application and coding.

    Timeslots
    Singapore
    Saturday and Sunday: 3-7pm
    Netherlands
    Saturday and Sunday: 9am-1pm

    Who should attend
    Anyone who is interested to learn how to get started in penetration testing.

    Key learning objectives
    - Understanding of web applications and organisational networks
    - Overview of common weaknesses and how they can be exploited
    - Understanding how to defend against these vulnerabilities

    Topics Covered
    - Basic infrastructure and web application introduction
    - Web application hacking
    - Offensive Security tooling
    - Privilege escalation and lateral movement
    - Kernel exploits
    - Binary exploitation 101
    - Hands-on exercises

    What attendees need
    - Kali Linux (or enough hacking tools)
    - Get Metasploitable (https://sourceforge.net/projects/metasploitable/) working in VirtualBox or your favourite virtualisation software.

    Speakers bio's
    Valentine joined the McAfee Advanced Threat Research team in May 2020 as an operational intelligence analyst. With experience in both red and blue teaming, she uses her acquired skills to analyse and evaluate threat intelligence and build graphical representations that change the way we approach problems. After working hours, Valentine is a fiction writer and a self-proclaimed Sci-Fi nerd.
    Anneloes is a criminologist with a passion for ethical hacking. She has over 5 years experience in IT security and performed multiple security tests on web-applications, mobile apps, software and hardware. In her spare time, she loves playing CTF events. Since 2018 she is facilitator of multiple hacking courses and would like to help and learn together with security-enthusiastic women!

    13
  • Personal Journey and Insider Threats - Elsine van Os

    Online event

    Elsine van Os is the founder and CEO of Signpost Six, Insider Risk Management consultancy firm and Signpost Film Productions which released a documentary about Edward Snowden in 2018.

    She is a clinical psychologist and intelligence and security specialist who has integrated her skills in Insider Risk Programme training and consultancy to both the public and private sectors. In that domain she works on the nexus between (cyber) security and social sciences.

    Elsine will take you on her journey of establishing her own business but will also give insights into the heart of her work: the way in which people can 'derail' and commit acts of theft, sabotage or violence within organizations.

    Don’t miss this!

    AGENDA
    -----------------------------
    19:30 - Call-in
    20:00 - Start
    Elsine will take you on her journey of establishing her own business but will also give insights into the heart of her work.
    21:30 - End
    -----------------------------

    No prior knowledge is required.

  • Virtual InfoSec Q&A

    Online event

    Ever wondered why we talk about SSL when we're actually using TLS? Or how you can pop a shell on a machine that will bypass the AV or IDS/IPS? Or maybe you'd like to know what your opportunities are if you have no technical background? Or something about all that quantum stuff... Or you just want to know the WICCA Fun Facts!

    This virtual Meetup is organised to answer most (if not all!) your questions about anything InfoSec. We want to collect all the questions you may have and we'll do everything we can to provide you with the best information or the best sources! And if we cannot answer your burning question, then someone in de community most definitely can!

    To keep this organised, we'd like to ask you to submit any questions you have here: https://forms.gle/6SPQ225iuhiHLzs8A
    Take your time, gather at most 10 questions, and we'll see you on June 30!

    Link to online event:
    https://us02web.zoom.us/j/81606019235?pwd=WU9tTGU0eGlXN015dFZuTFpQalQ0QT09

    Meeting ID:[masked]
    Password:[masked]