meeting notes
October 2008 meeting
Posted on Jun.09, 2009 at 11:59 pm
October 17, 2008 – DC509, a Tri-Cities group of technology and security professionals are putting on their second community education event to promote National Cyber Security Awareness Month. Adam Baldwin and Aaron Howell of nGenuity Information Services will be speaking, along with two other DC509 members (Lynda True and Thomas Feduk).
When: 6:00PM – 8:00 PM
Where: Mid-Columbia Library (Union), 1620 S. Union, Kennewick, WA 99336
Adam Baldwin: WebSite Security
Aaron Howell: Phishing, Don’t take the bait
Lynda True: Information sharing and social networks
Thomas Feduk: Internet Security Basics
March 2008 meeting
Posted on Jun.09, 2009 at 11:26 pm
Date: Saturday March 15th 2008
DDNG (Russ is going to provide the link to this)
Utility that provides DD functionality but adds checksums and integrity checks that traditional dd lacks. While we’re waiting for the link, here’s a similar tool:
http://dcfldd.sourceforge.net/
Charon – http://www.project2025.com/charon.php
a proxy tester to check anonymity – and a fully functional search engine crawler to find lists of posted proxies. Included within the kit is a php checker which can be uploaded to your own webspace to spread the processor load and bandwidth of the actual testing. This is fully integrated into Charon where it will simply send your pages lists of proxies and harvest the results.
SQLNinja – http://sqlninja.sourceforge.net/
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Demo included using SQLninja to exploit a custom web application, uploading nc (netcat) and opening a reverse shell. SQL ninja can upload any text file. For binary files sqlninja uses a slick trick of uploading MS debug script and then recreating the binary on the server by running the uploaded text file containing the script through MS debug.
Metasploit – http://www.metasploit.org/
The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide.
February 2008 meeting
Posted on Jun.09, 2009 at 11:19 pm
Date: Saturday February 16th 2008
DC509 Presents: “Is Your Wireless Network Secure?”
DC509, a group of Tri-Cities security professionals, presented their inaugural community outreach presentation at the Kennewick Branch of the Mid-Columbia Library on February 16th at 6:00 PM. Adam Baldwin discussed wireless security options for home and business networks, and methods to secure those wireless networks. The DC509 group also provided brief demonstrations of just how easily criminals (or your neighbor) could access wireless networks.
The slides from the presentation are available in PDF format.
January 2008 meeting
Posted on Jun.09, 2009 at 11:16 pm
Date: Saturday January 19th 2008
Our inaugural meeting was held on Saturday, January 19th, 2008, at the Espresso World on Clearwater, in Kennewick.
The topic for January was Forensics . Since we had no local experts in the group (other than the possible use of EnCase/FTK by the local police departments), there was no demonstrations of tools. We covered various toolkits, and procedures for collecting evidence.