Thursday, December 20, 2007

IndySec 14 - Introduction to lockpicking - tonight

Meeting tonight at the Abbey Coffeehouse @ 7 PM

Brian Carter presents: Introduction to lockpicking

Location:
825 N. Pennsylvania St
Indianapolis, IN 46204
(317)663-4739

see you there.
-S

Saturday, December 08, 2007

IndySec 14 - Introduction to lockpicking

Brian Carter will be our presenter for IndySec 14 :

Subject :
Introduction to lockpicking

Outline :
  • Basic overview of the different types of locks
  • Lock picking tools
    • what to buy
    • where to get them
  • Sources of information
  • Non-Destructive Entry Techniques for:
    • Warded locks
    • Combination padlocks
    • Disc locks
    • Tubular locks
    • Pin tumbler locks
      • raking
      • single-pin picking
      • bumping
Brian will have several cut-away locks, padlocks and at least one mounted
deadbolt for practice.

Event location TBD.

thank you,
Steve

Tuesday, November 20, 2007

IndySec 13 Summary

The last meeting had a couple new faces and quite a few new ideas for future events. It seemed like the general consensus was that we should have more constructive meetings (presentations, demos, etc) than bar ramblings (where we can't even hear each other). If anyone has any suggestions please let the group know.

About five of us from IndySec are planning on attending Shmoocon in February. If anyone is interested let the group know by commenting to this thread or the mailing list. I know I'm planning on buying at least two tickets and I think a couple people mentioned buying more than one. Last year quite a few tickets were on ebay and dsp mentioned how you could have your trip nearly paid for by selling your extras. ;-)

So the next meeting in December is going to have a couple presentations, one on Lock Picking, and another on ossec. I'm planning on talking about ossec, but there is always the chance I may be on the road.

Two months out for the January meeting we're planning on a IndySec CTF type of game, we will create a post shortly discussing the details. So far Stephen and I will be the judges and creating the flags/challenges, monitoring device/service status, and displaying the attacks live with a inline honeywall on a projector. The competition will consist of two attacking teams (so we hopefully have two different groups working on two different attack methods) and one defending team.

Monday, November 12, 2007

IndySec 13

Date: November 15th
Time: 7:00 PM
Location: IT building at Michigan and West street (535 W. Michigan St.) IUPUI campus.
Room: We've got the lounge on the first floor from 7pm-9pm
Food:
We will be ordering some Hotbox pizza - yum.

Please send me an email (moore.steve at gmail.com) if you plan on attending and want pizza. I will order before the event begins.

thanks,
Steve

Tuesday, October 16, 2007

IndySec 12


It's happening. 10/18/07

Location:
Broad Ripple Brewpub. Meeting there sometime between 6:45-7:00pm.

Homework:
If you like, please share the most interesting and/or recent technology book you've read. I am currently reading Network Warrior and have the Pragmatic CSO (Rothman) on the way.

Saturday, October 06, 2007

IndySec 11 - thank you

Just wanted to post a quick note about IndySec 11.

First, a big thank you to Landon (and roommates) who hosted the event.
We had eight/nine people in attendance. A good time was had by all.

For those curious, we had speeches/labs on VoIP security and the [in]security of cable internet/modems.

I am still working in IndySec 12.

thanks,
Steve

Wednesday, August 29, 2007

BBQ Details 09/16

(Landon Speaking)
So the BBQ is also a celebration of our first year of IndySec. woohoo. The colts start playing at noon so the rig with HD will have the colts on (no exceptions) and the other tv will have another NFL game on if anyone prefers (dares).

The schedule is going to be something like this:

* Grill/Food Prep | 10:30-12:30
* Game/Eat/GeekTalk | til-half-time
* Half-time Show and Tell (Presentation) | half-time
* Game/GeekTalk | half-time - EoG
* More Presentations | EoG or Landslide

I'll give a presentation on something of interest and I encourage a few others to give some type of presentation. Ideally it would be nice to have four presentations with a decent variety of security topics, but anything will do. After all it's not everyday that you get to stand in front of a few guys you know and a few you don't know and practice talking in front of people (something most geeks have trouble with).

As far as gear for the presentation and connectivity to the interwebs, I'll have an access point setup off a DMZ for basic web connectivity. I also have a projector in the basement where my lab is setup, we will give the presos here. I may also setup a wall of sheep =) or generate some statistics to maybe show at our next meetings (any ideas)?
If you want directions to my place email me or Stephen.
As far as bringing your families, lets keep this event technical... no significant others plz kthx. ;-)


(Steve Speaking)
So as far as food. I don't know how else to do it. Landon and I will cover it and we will GLADLY accept donations and may even just count heads, look at the receipt and tell you what an acceptable donation may be. We're going to buy meat, cheese, condiments, napkins, plates, silverware, and buns/bread. Please bring a side like chips, beans, dips, sodas, greens, 40s, and whatever else you like.

So in terms of meat we're going to buy some chicken and steaks. Bring lawn chairs.

Post a comment if you plan on attending. Sean, this means you.

Sunday, August 26, 2007

IndySec 11 - Cookout

September IndySec means cookout at Landon's house (Thank you Landon).

The date is the afternoon / evening of the 16th. More information to come.

Also, this commemorates the 1 year anniversary of IndySec.

Thanks again for the great participation in August (11 people).

-Steve

Wednesday, August 15, 2007

IndySec 10

IndySec 10
Date: Thursday August 16th
Time: 7:00 PM
Location: The Broad Ripple Brewpub
842 E 65th St
Indianapolis, IN 46220

More information here.
Map here.

Monday, August 13, 2007

Information Security Decisions - Chicago

IndySec,

Please take a moment to read my post about my future trip to Chicago here.

Hit me up if interested.
-S

Friday, July 20, 2007

Thank you

IndySec 9 was great. We had 9 people attend. Good nerd networking and conversation.

Notes:
... we are starting to plan an IndySec cookout. Reply with ideas and dietary needs. Ryan Birk doesn't dig on swine. (edit ... Steve, yes I do. I love Pig's!)

... Phreaknic is still going to happen (currently 4 of us going)

Monday, July 16, 2007

IndySec 9

IndySec 9

Date: Thursday July 19th
Time: 7:00 PM
Location: The Broad Ripple Brewpub
842 E 65th St
Indianapolis, IN 46220

More information here.
Map here.

Tuesday, June 19, 2007

IndySec Number 8 Update - Thursday June 21st

IndySec 8




Date: Thursday June 21st
Time: 7:00 PM
Location: The Rathskeller (downstairs restaurant and bar)
401 E Michigan St
Indianapolis, IN 46204

Map here.
Downstairs photo here.

Thanks,
Steve

Thursday, June 14, 2007

IndySec 8

IndySec Friends,

IndySec 8 is one week away!

For a meeting location, how does the the Rathskeller Biergarten sound?
Information here and here.
It seems they have live music starting at 7. Feedback please.

Can we get some suggested meet up locations for the broad ripple area too?
my votes:
- Netheads
- Conners Pub

News:

Ryan Birk is smart. He will be teaching a class for the Purdue CIT department this fall.

Sean Krulewitch is helpful. Sean took the time to help me through a vulnerability / misconfiguration disclosure issue with a certain state web system. Thank you.

SANS is coming to Indy
Monday, September 24, 2007 - Saturday, September 29, 2007
Hacker Techniques, Exploits & Incident Handling
Information here.

IndySec Group Events:

Going to PhreakNIC? Birk and I are going. Hit me up for details.
PhreakNIC is an annual gathering in Nashville, TN, for hackers, makers, security professionals, and general technology enthusiasts.
Friday, October 19, 2007 through Sunday, October 21,2007
Information here.

Going to ChiSec? It would be good to visit our friends to the north.
Let's plan something.
Information here.

Anything else? Let me know.

Thanks,
Steve

moore.steve at gmail.com

Thursday, May 17, 2007

IndySec 7 tonight (5-17-2007)

What - IndySec 7
When - tonight (5-17-2007) @ 6:30PM
Where - Corner Coffee. Directions here and here.
Food - Corner Coffee has soups and sandwiches. So no Hotbox Pizza tonight.
Topic - Skills challenge by Tom Liston / Ed Skoudis. No, they will not be attending. : -)

Thanks,
Steve

Thursday, April 26, 2007

IndySec 7 - 5/17/2007

Just a reminder:
IndySec will now be meeting the third Thursday of each month.
This makes our next event May 17th.

Thanks,
Steve

Tuesday, April 17, 2007

IndySec 6 - 4/18/2007 - MITM

Get your MITM learn on, care of Andrew and Sean.
Not only were they kind enough to let us use their meeting room, they are also going to share a presentation they gave last week at Educause. Thank you!

Abstract from the Educause page:
Although monkey-in-the-middle (MITM) attacks are well-known, little is done to prevent them. We'll give examples of MITM attacks against SSL Web sites, Kerberos, and SSH, all using free tools in a typical campus computer lab, then we'll show how vendors, sysadmins, and even end users can protect against these attacks.
Check out their presentation here.

My talk on Backtrack2 is postponed until our next meeting.

Date:
April 18th
Time: 7:00 PM
Location: IT building at Michigan and West street (535 W. Michigan St.) IUPUI campus.
Room Number: IT303, however everyone will need to meet in the lobby so we can get the up to the room. Room phone number will be provided at the security desk for those who are late. Someone will come down and get you (probably me).
Food: Pizza (will order there)

IndySec 6 WHERE

Ok just kidding!

I guess we've tried to see if IUPUI would lend us a room for IndySec 6 on the 18th, but haven't received a reply for some days now. I'm sure Sean and co. are pretty busy and that's completely understandable.

As it stands we can meet up at Panera Bread on 96th Street. Or someone can reply with a comment of a better location. Tomorrow at 8-9pm-ish I will make another post announcing the official location stay tuned.

Friday, April 13, 2007

Tux500

I thought this was an interesting article.

LINUX IS GOING TO THE INDIANAPOLIS 500

This is indeed a historic moment for Linux and the Linux Community. Bob Moore, A Linux Administrator, enthusiast and Advocate understands completely the need for Linux-At-Large to gain recognition in the market place. While the Boxset distros such as Xandros and RedHat are marketed by their respective corporate entities, the "One-Man" distros and the smaller projects are left to word of mouth fate. That works fine to a point, but has proven to fall short of getting the word of Linux "Out There".

Lobby4Linux has been a critic, and a sometimes harsh critic of the community in this area. For good reasons. Efforts to gather the talent for commercials, the pre and post production assets and the logistical headaches have all been gathered and done by L4L. Now all they are gathering is dust. It seems the "let-the-other-guy-do-it mentality has won out within the community and so all the efforts thus far have sat in the corner, waiting for someone to dust them off and put them to work.
http://tux500.com/geeklog/article.php?story=20070410075726379

Tuesday, April 10, 2007

IndySec 6

We have a tentative date for IndySec 7, minus 1 ---- April 18th @ 7:00pm

As for topics, I will be speaking a little on BackTrack 2.0 (and their online training) and I believe Chad and Landon will be sharing stories from ShmooCon... maybe even some gibber gabber about Vista.

More information to come.

- Steve

Tuesday, March 13, 2007

8th Annual CERIAS Information Security Symposium

Introduction from Professor Eugene Spafford

The 8th CERIAS Symposium will be held March 20 & 21, 2007. In the 8 years we have been hosting this event, many aspects of information security and privacy have changed dramatically. Yet, our computer systems are still under attack, bad software continues to be marketed, and "the bad guys" are seldom apprehended.

How have things changed in 8 years? What has gotten better? Where do we need to focus the majority of our efforts? And what do we expect the world of IT to be like in another 8 years?

Join us as we reflect on the current state of information security, as well as the evolution and progress of CERIAS. With panels on various aspects of information security, including infosec education, commercial vendors, forensics, and privacy and trust, we will delve into the current state of the field and explore how it will evolve in light of recent events.

Speakers will include Major General Dale W. Meyerrose, USAF (Ret.), the CIO of the Office of the Director of National Intelligence, Yalkin Demirkaya, President of Cyber Diligence, Inc., and Dr. Dan Geer of Verdasys, the former president of USENIX and CTO of @Stake.


Anyone interested in car pooling or sharing a hotel room to this event?

Sunday, March 11, 2007

Idea's for IndySec 6?


It is that time of the month again. I wanted to start a thread and see if anybody had any idea's for IndySec 6. Feel free to post here or send something out on the email list.

After Landon's meetup @ Buca's last month, I am sure we will have a few new people join us this time around.

To pass time, I will leave you with a thrilling video recorded in the early 90's about the internet.

Saturday, February 24, 2007

IndySec 5 - Notes

Thirteen people showed up altogether and three of them were new people. I know of atleast five that canceled at the last minute, but that's understandable.

Some random surveys were tossed around like. Favorite O/S, first O/S, etc.

So the favorite O/S amongst the group was any flavor of BSD.

The first O/S seemed to be Red Hat 5.2-7.

Conversations ranged from RFID, to wireless security (mainly deauths with WPA), to sebek, ruby on rails, and a pretty large discussion on USB.

A couple folks talked about disabling USB mass storage devices, by vendor and then later a talk sparked about pam_usb which I blogged about earlier. There is a new version out now that is available via SVN that provides a lot of fixes to the last version.

I did my part by trying to introduce as many people as possible and I think everyone got to know each other alittle more.

What topics is everyone interested in discussing next time?

Wednesday, February 07, 2007

IndySec 5 - Mingling

Do you [Work|Consult|Research] in [Cyber|Data|Information] Security around the Indianapolis area?

Are you looking to get into this field or just have a interest on some of the topics?

Come to this meeting, eat some food, grab some drinks, talk some geek, and get to know the other people who have similar interests and jobs as yourself.

I'm personally inviting over twenty (maybe more) folks to come to this event. Over the past year I've met way too many people in the area who don't seem to know how many talented people and opportunies surround them.

Make arrangements and join us for fun at Bucca!

When: Thursday, February 22nd, 6:30-8:30PM
Where: Downtown - Buca di Beppo



Buca di Beppo
35 North Illinois Street
Indianapolis, IN 46204

Update:
Meet near the bar, we'll count how many people show up and grab some tables to have dinner.

Thursday, January 25, 2007

IndySec4 Notes

I will clean this up later. From the meeting discussion. . .

Files are uploaded here:
Graphical information from VirusTotal (29 vendors):
Underlying Tabular Data:
Castle Cops supports the site.

Wednesday, January 24, 2007

IndySec4 is Tomorrow Night!

This is a reminder post for IndySec4

Ryan Birk will be discussing full hard disk encryption, in particular a third party product called PointSec for PC. Ryan recently played a very large role in deploying PointSec in a large corporate environment with 2,500 laptops in 19 different sites across the world. After deployment, the enterprise is secured by pre-operating system authentication, full disk encryption, and a centrally managed password reset system.

PointSec has recently gained market share and Checkpoint has just announced its intention to purchase Protect Data, the parent company of PointSec Mobile Technologies.

If time permits, Ryan would also like to have an open discussion about VoIP, IVR hacking and Trixbox formerly known as Asterisk@Home.

Date: January 25th
Time: 7:00 PM
Location: IT building at Michigan and West street (535 W. Michigan St.) IUPUI campus.
Room: We've got the lounge on the first floor from 7pm-9pm - per Sean (Thanks man!)
Food: We will be ordering some pizza. We really need a pizza rsvp system. Seriously.

Wednesday, January 03, 2007

IndySec 4 - Birk

Ok. It is IndySec Cuatro time.

Let us start by talking about a recent development in information security news -- full disk encryption. On 12/28 /. had an article about a new Presidential Mandate "requiring all agency laptops to fully encrypt data on the HDD". Find the /. article here.

So - let's talk about it.

Ryan Birk will be discussing full hard disk encryption, in particular a third party product called PointSec for PC. Ryan recently played a very large role in deploying PointSec in a large corporate environment with 2,500 laptops in 19 different sites across the world. After deployment, the enterprise is secured by pre-operating system authentication, full disk encryption, and a centrally managed password reset system.

PointSec has recently gained market share and Checkpoint has just announced its intention to purchase Protect Data, the parent company of PointSec Mobile Technologies.

If time permits, Ryan would also like to have an open discussion about VoIP, IVR hacking and Trixbox formerly known as Asterisk@Home.

It's gonna be fantastic!

Date: January 25th
Time: 7:00 ish
Location: We've got the lounge on the first floor from 7pm-9pm - per Sean (Thanks man!)
Food: Pay your own way Pizza! Seriously though, we will get something ordered up and figure it out day of.