Saturday, December 3, 2011

Great turn-out!

By my count, there were 12 people at the meeting last night. Not nearly a record, but the most we've seen at one meeting in quite a few months. I think there were three first-timers, too. It was great meeting you and we look forward to crossing paths again. As always, there were many good discussions on everything from encryption, steganography and programming to economics and geology.

I gave a quick demo on javascript malware analysis with some coding help from Andrew.

There are many places to find live samples of malware. I was using Malware Domain List. Use common sense, here. I can't stress enough that you should know what you are doing if you use any information on this page. I'd suggest using a virtual machine, the NoScript (or similar) plugin and/or a non-Windows operating system. Even still: no guarantees. Play safe, kids!

JSunpack can help you shake down certain kinds of packed javascript, and extract embedded files from it. Doesn't always work too well on heavily-obfuscated code, but can usually make better sense of it after you've got it looking more like javascript than a big array and a janky decode/eval function.

Most of the entry-level javascript malware de-obfuscation stuff I showed off at the meeting is covered in this round-up article on SANS ISC. You usually have to improvise, and obfuscated code is getting uglier and sneakier by the day, apparently.

Our next meeting will be on January 6th, and we may have a post-meeting chili supper at Chez ax0n, if I can get the misses to sign off on it.

Friday, December 2, 2011

December Meeting - Tonight!

I've been playing with some fun and easy tricks for getting one's feet wet in malware analysis the past few weeks. I've descended down a bizarre rabbit-hole of exploit kits, botnets and javascript obfuscation. Maybe I can show off a few fun things if anyone's interested this month. Otherwise, bring interesting topics to discuss, projects to show off, or an open mind.

Some of us may be running a bit late, as usual. The work schedule's not always conducive to leaving before 5:00 PM.

Thursday, October 6, 2011

October meeting - Friday, Oct. 7th.

SecKC's kick off last month went great, and BSidesKC is in a few weeks. We'll discuss these local events and anything else that comes up. There's not really anything specific on the agenda. Hope to see you all there!

Thursday, August 11, 2011

SecKC, Kansas City's CitySec meetup

For those of you in Kansas City who find yourselves doing information security work as part of the day-to-day (be it consulting, penetration testing, internal compliance or just being the netadmin or sysadmin that has to mind the patches, firewalls and whatnot), I suggest trying to make it to SecKC. This should have a different vibe than KC2600 (which is more geared towards tinkerers and hackers of all stripes), as they're shooting to get on board with the CitySec movement. What the heck is CitySec? Glad you asked. From one of the movement's founders:

CitySec meetups are gatherings of information security professionals. Are you an information security professional? You are if you (ever) write firewall rules, read log files, apply patches, follow Bugtraq, help select products, rack and stack security appliances, find vulnerabilities, write secure code, test other people’s code, write policies, manage people who do any of these things, assist people who do any of these things, or just want to one day do any of these things.

CitySec meetups are like any other professional society meeting, except:

There’s no professional society
There’s no membership
There’s no dues
There’s no cover charge
There’s no corporate sponsorshop
There’s no vendor pitches
There’s no requirement to RSVP
There’s no fixed agenda
They’re publically announced and open to all comers

The rule of thumb is, no more structure than is absolutely necessary to get people into a room (where “room” usually means “bar”): if structure (like “name tags” or “surveys”) would even possibly prevent one person
from attending the meeting, don’t use it.

So, basically, it's a lot like 2600, except the entire meeting happens at the bar (instead of simply ending there) and there is a narrower focus on information security. I'm not organizing this, but I will try to make it. Details are unfolding on the SecKC website, but for the time being, it looks like these meetings will be happening at Coach's Bar & Grill just north of I-435 and Wornall (near 103rd street) at 6:30 PM on the second Wednesday of every month, starting in September.

Friday, July 1, 2011

KC2600 Meeting Tonight

Topics for discussion: Maker Faire, Google+, and anything else you feel like bringing up.

Friday, April 1, 2011

KC2600 - April Fools' 2011 Edition

We're still having our meeting. Be prepared to talk about high-tech shenanigans and network pranks :D

I also have a fun project to show off, if there's time. Afterwards: Delicious food and beverages. We'll decide where to go during the meeting.

I may be running a bit late today, so I'll see you all when I get there.

Monday, February 28, 2011

March KC2600 Meeting

bandy and I have a bunch of work to do on our laptops. We'll have all kinds of tools, spudgers, and parts. Ever seen open-part surgery in the middle of a bookstore coffee shop?

Also up for discussion: Amateur radio stuff, and potentially some info about APRS and packet radio.

Bring any other fun stuff you've been working on, or just come, hang out, watch and ask questions.

As usual, there'll be a migration afterward for food and drinks. See you all starting at 5pm on March 4th!

Thursday, February 3, 2011

February KC2600 Meeting

Just a quick reminder. Tomorrow is the monthly Greater Kansas City 2600 meeting. Bring your projects and questions, or just come to brainstorm and geek out with us. Supper and drinks afterward.

Tuesday, January 4, 2011

January Meeting

This Friday, January 7, 2011. I have no clue what we'll be talking about, but I'm certain most of us have some new hardware to show off. I got a preview of it during my New Year's Eve party. Afterward: dinner and drinks.