March 2012 Meeting

A few folks in town are interested in setting up a mesh network based on 802.11g. I have invited them to the meeting tomorrow night, and will have some info to share. It will probably operate on FCC Part 97 rules (meaning it will be limited to amateur radio operators) but we'd like to build on some stuff rsaxvc showed off at a recent KC2600 meeting as well. As always, it's an open discussion, so bring your projects, questions and topics for discussion.

February 2012 Meeting

It's that time again! Bring your questions, projects, interesting topics of discussion, war stories and conspiracy theories. As a reminder, the official 2600 meeting start time is 5:00 PM local time, but the Greater Kansas City folks tend to start trickling in at 5:30 or so.

If people are interested, I'll go over some of the common complaints of this lock and how so many people manage to lock themselves out of it forever. I might live stream it on uStream. I might actually lock myself out of this lock forever, too, but hopefully not.

Great turn-out!

By my count, there were 12 people at the meeting last night. Not nearly a record, but the most we've seen at one meeting in quite a few months. I think there were three first-timers, too. It was great meeting you and we look forward to crossing paths again. As always, there were many good discussions on everything from encryption, steganography and programming to economics and geology.

I gave a quick demo on javascript malware analysis with some coding help from Andrew.

There are many places to find live samples of malware. I was using Malware Domain List. Use common sense, here. I can't stress enough that you should know what you are doing if you use any information on this page. I'd suggest using a virtual machine, the NoScript (or similar) plugin and/or a non-Windows operating system. Even still: no guarantees. Play safe, kids!

JSunpack can help you shake down certain kinds of packed javascript, and extract embedded files from it. Doesn't always work too well on heavily-obfuscated code, but can usually make better sense of it after you've got it looking more like javascript than a big array and a janky decode/eval function.

Most of the entry-level javascript malware de-obfuscation stuff I showed off at the meeting is covered in this round-up article on SANS ISC. You usually have to improvise, and obfuscated code is getting uglier and sneakier by the day, apparently.

Our next meeting will be on January 6th, and we may have a post-meeting chili supper at Chez ax0n, if I can get the misses to sign off on it.

December Meeting - Tonight!

I've been playing with some fun and easy tricks for getting one's feet wet in malware analysis the past few weeks. I've descended down a bizarre rabbit-hole of exploit kits, botnets and javascript obfuscation. Maybe I can show off a few fun things if anyone's interested this month. Otherwise, bring interesting topics to discuss, projects to show off, or an open mind.

Some of us may be running a bit late, as usual. The work schedule's not always conducive to leaving before 5:00 PM.

October meeting - Friday, Oct. 7th.

SecKC's kick off last month went great, and BSidesKC is in a few weeks. We'll discuss these local events and anything else that comes up. There's not really anything specific on the agenda. Hope to see you all there!

SecKC, Kansas City's CitySec meetup

For those of you in Kansas City who find yourselves doing information security work as part of the day-to-day (be it consulting, penetration testing, internal compliance or just being the netadmin or sysadmin that has to mind the patches, firewalls and whatnot), I suggest trying to make it to SecKC. This should have a different vibe than KC2600 (which is more geared towards tinkerers and hackers of all stripes), as they're shooting to get on board with the CitySec movement. What the heck is CitySec? Glad you asked. From one of the movement's founders:

CitySec meetups are gatherings of information security professionals. Are you an information security professional? You are if you (ever) write firewall rules, read log files, apply patches, follow Bugtraq, help select products, rack and stack security appliances, find vulnerabilities, write secure code, test other people’s code, write policies, manage people who do any of these things, assist people who do any of these things, or just want to one day do any of these things.

CitySec meetups are like any other professional society meeting, except:

There’s no professional society
There’s no membership
There’s no dues
There’s no cover charge
There’s no corporate sponsorshop
There’s no vendor pitches
There’s no requirement to RSVP
There’s no fixed agenda
They’re publically announced and open to all comers

The rule of thumb is, no more structure than is absolutely necessary to get people into a room (where “room” usually means “bar”): if structure (like “name tags” or “surveys”) would even possibly prevent one person
from attending the meeting, don’t use it.

So, basically, it's a lot like 2600, except the entire meeting happens at the bar (instead of simply ending there) and there is a narrower focus on information security. I'm not organizing this, but I will try to make it. Details are unfolding on the SecKC website, but for the time being, it looks like these meetings will be happening at Coach's Bar & Grill just north of I-435 and Wornall (near 103rd street) at 6:30 PM on the second Wednesday of every month, starting in September.

KC2600 Meeting Tonight

Topics for discussion: Maker Faire, Google+, and anything else you feel like bringing up.