ISSessions Meeting on 2019/11/29

Date: 2019-11-29
Time: 19:00 – 20:35
Location: Room J102, Sheridan Trafalgar Campus, Oakville

Rough Agenda:
19:00 – Announcements with Louai
19:05 – News Roundup with Nick and Adam
19:25 – Rick’s Random Repo Rundown
19:35 – Project Den: Beginnings of a Home Lab by Talah Javaid
20:00 – Guest Speaker Anton Ovrutsky on Windows Security
20:35 – Wrap and refreshments (across the street at the pub)

Time to explain what’s in this meeting.

What do you get when you mix a burning desire to be lazy with some tools? Talah Javaid (aka @Pure Harami (Talah))! Talah Javaid will be running our #projectden for that evening and he will be talking about setting up a home lab to make your life a whole lot easier. Learn how to set up a network wide ad blocker, automatic downloader of new shows and a home camera system!

In the closing of our meeting, we have Anton Ovrutsky coming in to talk about a gentle introduction to Windows Security. Anton Ovrutsky is a senior security specialist at Equitable Life Insurance. Anton is also a previous BSides Toronto speaker, C3X volunteer, and a OSCE, OSCP, CISSP, CSSP certificate holder. Anton holds interest in Windows security; mainly from a defensive standpoint. His talk will focus on the main attack surfaces and methodology to help you get started in this awesome field.

For those of you still interested in workshops, Jason Hong and Kenan Onuralp’s ‘Introduction to Malware Analysis Part Two’ will be held on Sunday. The workshop was originally scheduled for this Wednesday, November 27th but we have decided to push it to the Sunday.

We hope you enjoy the last ISSessions of the year with us. See you there!

Limited Space Workshop Soon!

This is a reminder that our next workshop is “Introduction to Red Teaming” by Mr. Benjamin Mahar who is the Director of Advisory at Security Compass. Ben will delve into a series of hands-on exercises that walk students though the red teaming process from initial access to full network compromise on a practice environment.

As per our usual meetings, it will take place at…
Location: Room J102
Time: Saturday, Nov 23, 9:30AM – 5:30PM

Prerequisites:
This is an advanced workshop. While the tools themselves are not complex, the underlying concepts can be quite daunting for beginners. You will need to have a good understanding of:

  • Networking (TCP/IP, IP routing, VPNs, network scanning, OS fingerprinting, proxies)
  • Windows (RDP, Scheduled Tasks, Registry, CMD, DLLs, WMI, etc.)
  • Basic JavaScript (Event Listeners, XMLHTTPRequest, Browser Profiling)
  • Basic Cryptography (Public & Private Keys, Certificates, etc.)
  • nmap
  • Metasploit, Meterpreter, Searchsploit
  • OpenVPN

Requirements:

  1. Download and Install Kali Linux in a VM
  2. Open a terminal and run:
  3. sudo apt-get update && sudo apt-get upgrade
  4. (Optional) I also strongly suggest you play with nmap and Metasploit before the workshop. Cheatsheets may be provided to the best of our ability.

IMPORTANT NOTES:

If the prep work is not completed, you will NOT be allowed to participate. As such, please come prepared.

We will be opening up 40 seats for this workshop. Given the amount of knowledge required, we will be restricting the number of tickets allocated to first year students to 8. Tickets will be available (for free) on Eventbrite. If you are a first year student, ensure you select “First Year Admission”. Otherwise, select “Upper Year/Alumni Admission.” We will be checking OneCards/IDs at the door to verify your year. Tickets are first come, first serve. They will be released at 11:30AM Monday morning.

Please use the following link to sign up for the workshop.
iss-redteam sign up

November to Remember

Today is a day we remember those who gave their lives in the first world war. As we remember their sacrifice, we must also remember that we have a meeting and workshop this week. Please scroll down to the next post for details on the workshop as this post will cover the meeting details.

Our rough agenda is as follows:
19:00 – Announcements with Louai
19:05 – News Roundup with Nick and Adam
19:25 – Rick’s Random Repo Rundown
19:35 – Feature Story with Adam and Louai
19:55 – Guest Speakers Tas and Avneet on LOLBAS
20:25 – Wrap up and refreshments (across the street at the pub)

We have ISSessions on Friday (as well as a workshop this coming Wednesday!). We’ll be doing our usual script followed by a feature story with Adam and Louai and a sweet presentation on LOLBAS by our guest speakers Tas and Avneet!

As attackers, you know it’s hard to bring all the scripts and tools from the outside to the victim network. Modern networks often protected with numbers of (working) security solutions. IDS/IPS, 24/7 Security Analysts, and Advanced Endpoint Protection are some of the example. One of the solutions for this particular problem is to use what is already there, LOLBAS!

LOLBAS or Living Off the Land Binaries And Scripts is numbers of Windows binaries and scripts that can be leveraged by adversary and red team to perform certain tasks, for example code execution or downloading files. These LOLBAS are signed by Microsoft and often whitelisted! This talks will cover LOLBAS in general and we will also try to create a full chain of attack using mostly LOLBAS!

Avneet and Tas are Threat Hunters for Bell Canada Security Operation Center (SOC). They are both located in Mississauga. Their daily tasks, which is hunting, involved researching the use of offensive tools, trying it against on their network while also creating documentations and detections for it. Their team also often involved in major incident response operation and providing training for other team within SOC. Besides their daily job, Avneet and Tas both have strong interest in Malware Analysis and CTF. Tas is also alumni of Sheridan College ISS program graduated in 2018.

We hope to see you all there.