SecDSM, a monthly meetup providing the opportunity to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No sales pitches. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor neutral environment. No registration is required.

Schedule

We meet monthly, on the 3rd Thursday starting at 6pm at The Forge By Pillar Technology in Downtown Des Moines.

Permission to record
Permission to stream
Permission to publish recording
SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

Brandon Murphy - Tool Talk Verification of HTML document subresources6:30 PM

Subresource Integegrity (SRI) is a method of validating the integrity of third-party code, such as jquery, on your website. This quick talk will show you how to implement SRI and when it does and doesn't work well.

Matthew White and Nicholas Starke - Tool Talk Introduction to PFSense7:00 PM

PFSense is a popular open source firewall project available freely. Many information security professionals use PFSense as their home firewall due to its inexpensive nature. In addition to being used in home settings, it is also used in corporate settings. We will briefly demonstrate the features available out of the box, as well as how to configure a basic setup.

Arden Meyer Privilege Escalation in Mechanical Master-Keyed Systems 7:30 PM

The mechanical pin and tumbler locks we use on our homes, schools, and businesses have not changed much in over 100 years. Sure, there have been some exotic new designs but most are just not fiscally feasible compared to their relatively minor improvements (if any) in security. A feature desired on large scale deployments is called Master Keying, which allows for many unique key/lock combinations while supporting multiple permission levels commonly referred to as 'janitor keys' or 'security keys' that can open multiple locks. While these systems are still in use around the globe in medium-to-large scale businesses, schools, and government buildings, they are also susceptible to what some consider to be the original privilege escalation attack. We will talk about an optimization attack against the most common master keyed lock systems in use today, reducing the potential attack surface from 1,000,000 permutations for an SC4 keyway system down to 42 steps to find the highest privilege key.

TOOOL Des Moines Locksport

A side room will be dedicated to locksport.


Sponsored by

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

TOOOL Des Moines Locksport

A side room will be dedicated to locksport.


Sponsored by

Merchandise and Donations

Shirts (and other items) are for sale at each meeting and online.

T-Shirt

Upcoming Events

The following events might be of interest to the SecDSM community.

Be sure to check out Des Moines Web Collective for updated list of local user groups

If you'd like to see an event listed, please email us at events@secdsm.org

SecICMay 15
SecICJun 19
SecICJul 17

Upcoming cons

Some members are anticipating attending the following conferences, reach out on slack to coordinate travel.

Venue

We meet in The Forge by Pillar Technology. Enter on the west side of the building and then procede up to the 2nd floor.

More info about Pillar Technology

The Forge by Pillar Technology

1420 Locust St, Des Moines, IA 50309

Sign up for Slack!