July 2012 Meeting and after-party

This is the week. I'll be there at about 5pm. After the meeting, participants are invited to head back to casa de ax0n for nutriment, libations, high-tech shenanigans and several mundane forms of entertainment (movies, gaming [console or table top], etc.)

As seen in Union Station Kansas City

March 2012 Meeting

A few folks in town are interested in setting up a mesh network based on 802.11g. I have invited them to the meeting tomorrow night, and will have some info to share. It will probably operate on FCC Part 97 rules (meaning it will be limited to amateur radio operators) but we'd like to build on some stuff rsaxvc showed off at a recent KC2600 meeting as well. As always, it's an open discussion, so bring your projects, questions and topics for discussion.

February 2012 Meeting

It's that time again! Bring your questions, projects, interesting topics of discussion, war stories and conspiracy theories. As a reminder, the official 2600 meeting start time is 5:00 PM local time, but the Greater Kansas City folks tend to start trickling in at 5:30 or so.

If people are interested, I'll go over some of the common complaints of this lock and how so many people manage to lock themselves out of it forever. I might live stream it on uStream. I might actually lock myself out of this lock forever, too, but hopefully not.

Great turn-out!

By my count, there were 12 people at the meeting last night. Not nearly a record, but the most we've seen at one meeting in quite a few months. I think there were three first-timers, too. It was great meeting you and we look forward to crossing paths again. As always, there were many good discussions on everything from encryption, steganography and programming to economics and geology.

I gave a quick demo on javascript malware analysis with some coding help from Andrew.

There are many places to find live samples of malware. I was using Malware Domain List. Use common sense, here. I can't stress enough that you should know what you are doing if you use any information on this page. I'd suggest using a virtual machine, the NoScript (or similar) plugin and/or a non-Windows operating system. Even still: no guarantees. Play safe, kids!

JSunpack can help you shake down certain kinds of packed javascript, and extract embedded files from it. Doesn't always work too well on heavily-obfuscated code, but can usually make better sense of it after you've got it looking more like javascript than a big array and a janky decode/eval function.

Most of the entry-level javascript malware de-obfuscation stuff I showed off at the meeting is covered in this round-up article on SANS ISC. You usually have to improvise, and obfuscated code is getting uglier and sneakier by the day, apparently.

Our next meeting will be on January 6th, and we may have a post-meeting chili supper at Chez ax0n, if I can get the misses to sign off on it.

December Meeting - Tonight!

I've been playing with some fun and easy tricks for getting one's feet wet in malware analysis the past few weeks. I've descended down a bizarre rabbit-hole of exploit kits, botnets and javascript obfuscation. Maybe I can show off a few fun things if anyone's interested this month. Otherwise, bring interesting topics to discuss, projects to show off, or an open mind.

Some of us may be running a bit late, as usual. The work schedule's not always conducive to leaving before 5:00 PM.

October meeting - Friday, Oct. 7th.

SecKC's kick off last month went great, and BSidesKC is in a few weeks. We'll discuss these local events and anything else that comes up. There's not really anything specific on the agenda. Hope to see you all there!