1

Sorry this is so late – Attempted to predate a meeting, found out you can’t do that, put it off to retype it again. If there is anything you want to contribute let me know. I am going to make a poll for the next meeting time and then a discussion board to see topics of interest.

Just updating the thread to include the happenings from the meeting, apologies on the confusion – I just wanted to have it listed on here.

Host: Anthony Linder

Attending In person: WesHB, and AnthonyLinder

Attending Virtually: Naomorte, Richard Wright and Jeff10413

Time Used: Four Hours.

  • Introductions

    • All audience Participants
    • Hobbies/things done for fun
    • Career path – How did you get to where you are now?
    • Scope of current job/role
    • Likes/Dislikes from current field.- Host Introduction

  • IT/Other Interesting News

  • Covered Crispr news article

  • Covered cybersecurity insurance policy updates/what to look out for

    • Beware disqualification items – Sufficient user training, not enough/incorrect audits, improper data handling techniques/improper setup overall, etc…
    • How the process normally goes/what is needed for claims

  • Covered different ATM items

  • Chips in cards can be placed (in a very precise way) into other cards/in a card of your making and still function (all they need is the chip to function).

  • ATM Functionality/vulnerability

  • Card skimming- Covered a methbot actor being taken down

  • “Botnet Ad Revenue” actor that was dealing some damage to ad campaigns.

  • Not sure if this is the last we will see of them or not (there may have been another adversary involved that they didn’t get).- Covered Ransomware Infection

  • Covered an infection that happened on a personal server.

  • Covered remediation steps (simple wipe and replace – including firmware updates, nothing important on it).

  • Covered what it looked like (0XXX ransomware)

  • Dropped a cryptominer utilizing 50% CPU or half the available cores at 100%

  • Used a library called libprocesshider.so (find it on GitHub, interesting description) to remove access to any portions of the Linux system it would seem (it would call libprocesshider.so whenever you tried to run any Linux command and error out). There is more to it, but that is about as far as I got with it.- Initial infection vector was a public open SAMBA share, server was brute forced via open/non-locked down SSH.

  • Ransomware focuses NAS type servers, more specifically seemed to focus on SAMBA based on initial investigation- Looked Briefly at USB Rubber Ducky and what it can do. Didn’t go to in-depth though, just showed off a quick screen lock script.

  • Topics needing to be talked about/touched on more so at future meetings.

    • Onprem vs. Cloud storage.
    • OSINT - Primarily Investigation Items
    • OSINTFramework
    • Virustotal
    • URLscan.io
    • Shodan.io
    • Fortiguard webfilter
    • Google Dorking – look this one up if you aren’t sure – Focused google searches
    • Normal Google Searches- Blogs
    • Slashdot.org
    • TalosIntelligence blog
    • IOT-Inspector
    • Humansecurity (whiteops)
    • Bleepingcomputer
    • Phishlabs
    • darkreading
    • Skopenow- Security Onion (free/open source automated malware analysis+more)
    • O.MG Cable (fun things to do with it, limitations)
    • USB Rubber Ducky – Actually make scripts to run with it.
    • Pick a single incident and go into detail on it.
    • Ransomware updates, putting up barriers to help fight it
    • Reporting/Risk assessment help/Advice
1 Spice up