The Archives

Ben Schmitt DNS Tunneling with dnscat2
Tom Pohl and Nick Starke WeevBot - Browser Based DNS Exfiltration
Aaron Tekippe Finding a needle in a haystack: Utilizing DNS to detect threats
Matthew White Look at all the Phish!
Sean Flattery Sudoers and Auditd!
James Stumme Updating SecDSM Website
Michael Jackson NextGen Vendor Risk Management: How to Raise the Bar on <>aaS Providers.
Nicholas Starke Binary Ninja
Gadi Evron Threat Hunting with Cyber Deception Tools
Gadi Evron The OPSEC evolution of APT threat actors
James Beal Cyber Deception

CYBER! CYBER! CYBER! Now that everyone is 3 shots deep, I plan to discuss info sec deception tools from Black Hills Info Sec and Cymmetria. These are, at their core, a software suite or tool to make honeypots and honeytokens, along with several other methods, actually functionally usable to setup and run. I will be doing a basic review of the Active Defense Harbinger Distribution(BHIS) and Mazerunner from Cymmetria. To follow on from Gadi's discussion of using "cyber deception" tools for threat hunting, I will also show a demo of Mazerunner.

Brandon Murphy Getting an A+ on SSLlabs.com
Ben Schmitt Consuming SSLLabs.com API
Aaron Tekippe Security Onion – A quick start guide

Security Onion (https://securityonion.net/) is a Linux distro for intrusion detection, network security monitoring, and log management. This talk will cover design considerations, tools included in the distro, and deployment tips.

Aaron Tekippe is a security practitioner in Des Moines, IA. Currently, he touches all areas of InfoSec, including engineering, operations, and compliance. Recently he has started scripting in Powershell in a quest to automate all the things.

James Beal Moloch

I will be discussing Moloch, an open source tool developed by a small team at AOL, to handle scalable indexing of PCAP's into a backend database. First I will cover general architecture and basic/standard network configurations. Moloch is composed of three parts, the capture component, the elasticsearch database, and the webGUI Viewer. Then we will move on to a "live" demo of the software components, with a look at the actual packet capture and info available in the Viewer app. Wrapping up with search functions and if there is time, a quick look at the pcap in Wireshark as a comparison.

Nate Subra and Brandon Murphy An Intro to Bro

Bro (bro.org) is becoming a very popular network security monitoring tool. This talk will cover the basics of running a bro instance, integration with external threat intelligence (via critical stack) and analyzing the logs with elastic search.

Brandon Murphy is a network security practitioner in Des Moines, Iowa. Nate Subra is an Infosec practitioner with a love for automation. He doesn't believe in a silver bullet solutions, he believes in silver clips loaded by the right people. PowerShell, threat emulation, and breaking into the internet of things are his current hobbies. Nate currently works out of Des Moines, Iowa.

Open Discussion SecKC and DEFCON trip recap

A small group of SecDSM attendees are headed out to Kansas City on Augh 9th! While we're there, we'll be giving a short talk about how SecDSM became economic threat actors for the lulz.

Ben Schmitt Spider Chart: the one chart to rule them all?

In security, sometimes we are selling something people don’t want to “buy”. Other times, we are trying to explain complex information to people in puffy chairs and without crayons or a whiteboard, how do we get our point across? Sure, robust business cases work but at the board level, how do you graphically communicate your request in its most simple and powerful form? I present to you the “Spider Chart” - a tool born in Denmark which I have continued to refine and use effectively over the years. This isn’t a technical tool, it is not an elite zero day or even a shiny new threat intelligence kernel module forensic canary token however it is a colorful and simple way to show leadership the maturity of a security program and perhaps more importantly, where to invest. I’ll show variations of the chart and provide the shell .xlsx document - use it wisely!

Brandon Murphy Network Flows - Generation

This talk will cover how to generate network flows using tools such as yaf, bro, argus, ntop, switches and routers, etc. Collecting and Analyzing will be covered in later discussions.

Ben Schmitt Archive/Analyze/Alert OpenDNS data using an S3 Bucket
Open Discussion Incident Response Tools
Nate Subra Gophish

Gophish is a phishing framework that makes the simulation of real-world phishing attack dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to everyone.

Nicholas Starke Exploiting IP Cameras

A presentation on hacking web based interfaces on IP cameras.

Tom Pohl THOTCON 0x07 Review

everal SecDSM attendees made the trip to Chicago to attend THOTCON this year. Tom will be discussing his experience at THOTCON 0x7. Tom participated in the THOTCON CTF, coming in second place by a single point.

Ben Schmitt and Atoninette Stevens Web Development frameworks

In recent years, web development has become more accessible for less experienced developers thanks to frameworks. Frameworks provide a simple method to build complex and dynamic websites and applications in a reasonably short amount of time. Many frameworks advertise the idea of ‘built-in security’ as a feature, meaning the framework takes care of protecting the app from vulnerabilities without the developer having to think about it. So, what are framework developers doing to make security a default for the applications that are built on top? This talk will explore ‘built-in security’ in framework development. We’ll look at what guidelines have been set forth when designing a framework that is secure by default and what vulnerabilities often still exists in a framework.

David Lindner WASP Mobile Top Ten Security Risks - iOS

With over 3.1 million applications in the Apple AppStore and Google Play Store, and more than 7.5 billion mobile subscribers in the world, mobile application security has been shoved into the forefront of many organizations. Mobile application security encompasses many facets of security. Device security, application security, and network security all play an important role in the overall security posture of a mobile application. Part of being a pen tester of mobile applications is understanding how every security control works and how they all interact. The Open Web Application Security Project (OWASP) has aimed to help organizations understand the most prevalent mobile risks with their released OWASP Mobile Top Ten Risks of 2014. Join Dave as he walks through the Top Ten, provides spot the bug code snippets, and explains the typical vulnerabilities found in doing penetration testing and code review of mobile applications.

David Lindner is the Director of Mobile and IoT Security at nVisium. David is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, David has worked within multiple disciplines in the security field, from application development, network architecture design and support, IT security and consulting, security training, and application security. Over the past 8 years, David has specialized in all things related to mobile applications and securing them. David has supported many different clients including financial, government, automobile, healthcare, and retail. In his spare time, David hones his Mobile and IoT testing skills by participating in numerous bug bounties.

Nicholas Starke Bettercap

Bettercap is a Ruby rewrite of Ettercap that strives to make usability as simple as possible. In this presentation, we will see how to use Bettercap to MITM a host, as well as inject and examine traffic. We'll discuss the internal mechanism of such functionality, and then talk about some use cases as it applies to penetration testing and security research in general.

Nicholas Starke is a security researcher based in Des Moines, IA who will be presenting on Bettercap.

Ben Schmitt Crypto Update 2016

With crypto almost always in the news, the recent vulnerabilities in TLS and the fact that crypto is something which is (unfortunately) very easy to get wrong, let's touch on current leading practices (for example, Authenticated Encryption) and leave with common understanding of the basics, some pitfalls and be able to ask our vendors and/or colleagues the right questions when evaluating or implementing data protection.

Ben Schmitt is the InfoSec/Risk Manager for Dwolla. Prior to this role, Ben held the position of Global Director, IT Security & Compliance at the Danfoss Group responsible for Network and Application security (including ERP systems). Ben is a Wisconsin native hailing from Manitowoc, WI (yes, he has watched Making a Murderer) and started his InfoSec career with TDS Telecom in Madison covering ISP and Enterprise security as a Security Architect.