This one time at ShmooCamp … I had an urge to start a blog. Well long story short … I came home after a late night at ShmooCon, setup a blog and posted the following article.

Welcome to the NovaInfosecPortal – Security News, Events, and Resources for Infosec Professionals in NoVA

We’ve been planning to start a site dedicated to information security for a long time but just never got around to doing it. Tonight, however, after the excitement of Saturday at ShmooCon in Washington, DC, we finally decided on a good niche – centralizing security news, events, and resources for infosec professionals in Northern Virginia (NoVA) – and took the first step into making this idea a reality. Enjoy!

Ok … maybe the title was a little too long but with those 66 words I started this site. I actually did end up returning to ShmooCon the following morning but since I had been up until 5:00 AM or so, I obviously missed the first few talks.

Thanks to the WayBack Machine I can even get a snap-shot of what this post actually looked like as you can see above. The first actual snap-shot didn’t show up in the WayBack Machine until the following month on March 26th.

(click to enlarge)

You’ll see some favorites there … mentions of ShmooCon as well as the OWASP DC and CapSecDC meetups. The Sections area on the right still pretty much maps to our current menu. If you would like to navigate the old site, check it out on the WayBack Machine.

History

Over the years we’ve added numerous updates with the goal of helping bring together the growing infosec community. First there were several design updates … thank goodness. Of course being a blog we’ve always had an RSS feed … not sure if anyone uses that or not. At some point Twitter started playing a big role so we created the @novainfosec account. This also started the NovaBloggers feature, where we let the community know of some of our local bloggers.

One of the original features we added was our popular calendar. We started on Google and used it through this January. But we wanted more flexibility and so it was time to roll our own. Two of the improvements included a more customizable iCal feed that you can subscribe to and event comments. We are hoping the comments feature helps form more community interactions in that people can summarize what they thought of the event afterwards.

And of course a huge portion of our content are blog posts. You may remember “paques” from a few years back. She was influential in trying to turn many of my original ideas into reality. We currently have @nathiet‘s standard “Where You Want to Be this Week” (WYWTBTW) and “Top 3 NoVA Infosec Blog Posts of the Week” posts. There were my Grecs’ Infosec Ramblings post, which have since morphed into the Weekly Rewind. Periodically I’ve been known to put out news commentary or some simple how-to’s. Also @judykavuo just started posting commentary on news as well as managing job posts.

We’ve had several external contributors over the years as well. There are too many to mention here but you know who you are. And with permission, we’ve cross-posted numerous articles from some of the local websites. Many of these same individuals not only offered their words but also helped get the word out about the site. On a similar note we also started a localized version of Andrew Hay’s Security D-List Interviews. So far we’ve had two posts but if you’d like to nominate someone let us know. And overall we are always looking for more blog contributors. So if you are interested in putting out a weekly or monthly “column” … or even just a one-off rant … contact us!

Recent Updates & the Future

More recently we’ve been trying to push our content out more to make it accessible elsewhere. We finally updated our FaceBook page to be more than just a placeholder. The Wall includes all our blog posts and tweets and the Calendar pulls in our iCal events feed. Our event listing was also incorporated on DcTechEvents.com. This is another site to not only find our events but also other tech activities around town.

Going forward we have even bigger plans. I’ve thought of many ideas including more community-based offerings such as a mailing list (another one?), a meetup, a forum, an IRC channel, a wiki, etc. Others included a weekly or monthly newsletter or some member-only services (e.g., consolidated list of local CFPs). That’s nice but what really matters is what YOU want. If any of the ideas above look good or if you have other suggestions you’d like to see, please let us know.

We have a small budget and a platform so by letting us know what you want, we can better spend it to help improve the community. And of course we’re always looking for more funding sources (besides my rapidly depleting bank account) so we can offer even more. One way you can help here is to download our Media Kit and pass it along to your company’s marketing/advertising people.

How You Can Help

Lots of people have asked over the years how they could help. Well … all that we ask is that if you find this site useful, review the following suggestions and do as many as you feel are appropriate.

• Subscribe to our RSS or iCal feeds.
• Add summary comments to events you attended.
• Follow @novainfosec.
• Write a blog post if you have an idea that you want to get more exposure.
• Friend/Like our Facebook page and subscribe to that page’s calendar.
• Nominate people for the NovaInfosec D-List.
• Ask to join the NovaInfosec Twits.
• Tell us what else YOU want!
• Download and email our Media Kit onto any contacts you have in your company’s marketing/ad department.
• Contribute a one-time donation or subscribe to be a $2/mo or $20/yr contributor.

To close this post out I wanted to again thank you … the local community … for continuing to support our site through the years. Every once in a while someone will approach me at an event and compliment the site. It’s little things like that that keep me going … that inspire me to continue on through the next 1000 posts.

NovaHackers met this past Monday on the 13th and I was there to watch several amazing talks and mingle with the local novahackerati. For those that don’t know … NovaHackers an informal group of security professionals from around the NoVA and DC areas that coordinate one or two monthly events. You can get a better description of this group over on our meetups page where we list all the pertinent info.

This past week local hacker/videographer extraordinaire Georgia “@vincentkadmon” Weidman from GRM n00bs was there to record some of the talks. Below are the presentations that she posted this afternoon.

Reverse Space Update

The meeting started off with Richard Harman providing a quick 5 minute on the happenings over at Reverse Space. Most pertinent is that they are reorganizing and looking for people willing to serve on their new board. For those that don’t know, Reverse Space is a local hackerspace out in Herndon, VA. Find out more about them over on our meetups page.

802.11 Basics

Dakahuna followed up with an in-depth look at the 802.11 series of wireless protocols. Being a preview of the first part of a talk he plans on giving at DefCon’s Wireless Village, it was quite detailed. It covered everything from packet structures to overall security advice.

Metasploit & SET on the iPhone

In his debut talk at NovaHackers, Anthony Korzan showed how he got Metasploit and SET working on the iPhone. He followed it with a live demo. Now, it wasn’t the quickest demo in the world given the iPhone’s limited resources but very impressive nonetheless.

Seamlessly Backdooring JAR & WAR Files

Nicholas Berthaume is a regular presenter at NovaHackers and he was back for a good one this time. In his talk he discussed what JAR and WAR files are and detailed how to add malicous payloads to existing ones. I’d be careful about downloading those Java-based meeting tools after watching this talk. There may be a meterpreter hidden somewhere in there.

Somewhere Over the Rainbow Tables

Bob Weiss from Password Crackers, Inc. gave a very detailed look into what rainbow tables are and how to create them. A lot of the technical details were over my head but at the end he provided some great resources on how you can use them and become involved in creating new ones.

Here’s part 1.

And finally part 2.

There were several other sessions but you had to be there to see them. Why not head over to the meetup next time? All you need to do is check out our full calendar for the next meeting or get on the invite-only NovaHackers mailing list. See ya!

NovaHackers met this past Monday on the 9th and I was there to watch six amazing talks and mingle with the local novahackerati. For those that don’t know … NovaHackers an informal group of security professionals from around the NoVA and DC areas that coordinate one or two monthly events. You can get a better description of this group over on our meetups page where we list all the pertinent info.

This past week local hacker/videographer extraordinaire Georgia “@vincentkadmon” Weidman from GRM n00bs was there to record some of the talks. Below are the first two that she posted this afternoon.

How to Break Disassemblers

In the first recorded talk Nick Harbour provided a very technical presentation on techniques that could be used to “confuse” the disassembly process and ultimately encumber reverse engineering. He started out with a basic discussion of how disassemblers work and then proceeded to detail several armoring techniques to “confuse” them. Of course the good news is that these techniques only trip up the static disassembly process. Reverse engineers can still dynamically step through the program to deobfuscated its true inner workings. Here’s Nick’s 27 minute talk in all its glory at NovaHackers.

Armitage and Metasploit Collaboration

Raphael Mudge was back to discuss enhancements he’s been developing over the past few months to Armitage. If you haven’t heard of it, Armitage is a free GUI frontend to Metasploit. Raphael’s presentation focused on using Armitage at hacking competitions to facilitate collaboration amongst team members. Raphael explained the design and then discussed the initial implementation and subsequent updates in order to get it to work as intended. Got someone good at popping boxes? Let them focus on that. Your “popper” can then share these sessions out to one or more other “specialists” to do their specific tasks (e.g., automated enumeration & review, detailed manual analysis, etc.). Get ready for a great ride and sit back to enjoy 34 minutes of “synergy.”

There were several other recorded sessions and hopefully Georgia will be getting them out soon. In the meantime I hope you enjoy these ones and … see ya!

#####

Hey, want to find out about more great local infosec events like NovaHackers? Check out our full calendar!

Last night I attended the NoVA Hackers Association monthly dinner meetup. Instead of having one or two longer talks, this meeting had four shortened 15 minute presentations … often called fireside talks Firetalks. The talks were great and there was plenty of time to catch up with some of the local infosec pros. Approximately 15 people attended the event hosted at ICF International‘s corporate headquarters in Fairfax, VA.

After a bit of networking, @elwing started off giving an overview of CACert. This is an open source-styled certificate authority (CA) where your assurance is vouched for through points given by assuruers who check identification documents. There is a basic level certificate you can get with no points similar to the old Thawte-style certificates. Each assurer can give up to 35 points and with 150 points you can also apply to become an assurer. CACert’s root certificate is already present by default in several Linux OSs and the group is working on Firefox and Safari. Getting its root certificate into IE may be a bit harder due to the processing costs of approximately $150,000. They are also looking for volunteers to help out in different roles, e.g., policy writing, developing website workflows, and obtaining placement by default in browsers. Contact @elwing if you’re interested in helping out or what to be assured.

Next, Rob “@mubix” Fuller presented on his frustrations of completeness in doing pen tests and offered some interesting solutions via DNS foo in his talk titled “IP Contra.” Unfortunately, I (or anyone else at the meeting) can’t talk about the details as we had to sign a NDA before he presented. But what I can say is that DNS is not geographic!

We all have done a lot of NMAP scans at some point and have been overwhelmed in trying to make sense of all the data you collect over time. Enter Chris “@carnal0wnage” Gates and his talk “Nmap XML Ruby Stuff.” The general idea was a way to push the XML scan results into a database that can be searched. Back in January he started piecing things together and posted some of his initial ideas and code. Since then he’s experimented with several frameworks but ended up just writing his own Ruby implementation. The end result was a fairly complete database for NMAP results with command line searching. Chris continues to evolve his implementation and is looking for help. He’s especially looking for anyone with GUI development experience to write a frontend. Contact @carnal0wnage if you’d like to help or want to try his updated implementation.

Finally, Terrence “@kingtuna” Gareau pulled in a little late but presented and demoed a USB attack on a fully patched Windows computer. He created a Metaspoit module that returns a shell to an attacker by simply inserting a USB drive into a victim computer. Although this is not new, the demo was against a fully patched Windows box. The trick was to add the attack code on the USB drive so it looks like a CD. By default, Windows still autoplays CDs! Enterprises can help protect against this attack by configuring their policy to not autoplay ANY media.

Anyway, that was it for the official talks. There were plenty of great side conversations or “round table talks” (RTTs) as well. NovaHackers may even incorporate this RTT idea into future meetings. Thanks to Lucus and Jonathan of ICS International for setting the facility up, providing refreshments, and organizing dinner. And for future events, check out the NoVA Hackers Association blog. Also, we setup up the @novahackers Twitter account that pushes out tweets whenever Rob and Chris put out new blog posts. This is another great way to keep up with what’s going on with this group.

///

There are a lot of other infosec events going on around DC. If you are the sponsoring group or attended one of these meetups or conferences and would like to submit a summary to be posted on this site, please send us a message from our Contact Us page or mention @grecs on Twitter. See ya!

Hey everyone. Just want to shoot out a quick blog post announcing the new Who is @nathiet? page. You may have noticed him as the author for several of our standard posts. Well, I don’t want to give away too many details here so I encourage you to check out his contributor page and follow him on Twitter at @nathiet. And if you want to find his info in the future, look no further than the Contributors area in the right-hand column.

Speaking of contributors … NovaInfosecPortal.com is always looking for articles from locals that want to get something off their chest. Even if you already have a blog, reposts of an existing article will help expose your meanderings to a wider audience.

Additionally, contributing an article is a great way to help keep this site going if you can’t afford to contribute in another way. It lets us focus on adding new features (and regularly patching so we don’t get hacked) for the rest of the community to enjoy.

If you’d like to contribute an article, let us know via our Contact Us page or mention @grecs in a tweet.

Some folks over at a new group called the DC Organization of Hackers  (DoH) contacted us about a last minute meetup and asked if I could pass it along. They are attempting to bring Austin’s AHA to DC. People discuss current security issues and research to get feed back on early work or to get help. Be ready though … everyone is required to talk for at least 5 minutes on a topic of their choice.

• Who: DC Organization of Hackers
• What: Normal Meeting
• When: 11/25, 7:00 – 10:00 PM EST
• Where: George Washington University, Phillips Hall (801 22nd Street NW; Washington, DC 20052)

This group will definitely be something to watch come the new year. Anyone interested can show up or contact the organizer at mjw(the_at_sign)cyberwart.com. Also be sure to check out our Calendar for a complete list of infosec events in and around the NoVA area.

Notice anything different on our calendar? Well it’s a lot more easy to look at. We made the tough decision earlier this week to cut out two of the hacker spaces – HacDC and Baltimore Node – from the calendar as they just have so many events, it sort of overtook the entire calendar. We are not going to forget them completely though. In our “Where You Want to Be this Week” posts, we’ll be reminding everyone about all the wonderful events they coordinate and to check out their sites for more details.

Well maybe not a totally new group … but one that @mubix and @carnal0wnage finally brought live. It looks like the site itself was created over on Blogger in April of 2008. But just just as we thought the site was going to wither away, our fearless NoVA leaders recently started kicking each other into shape … and about 2 weeks ago seemed to have morphed the NoVA/DC Luncheon into this new association and created a related Google Group.

Not much has happened on the their Blogger site yet but the discussion on Google immediately took off with over 400 posts and 64 members as I write this. Since this group is in the “forming” phase, most of the discussion is all about how this association is going to work, everyone doing introductions, and of course ShmooCon tickets. Currently, it looks like they are going to try to hold two events each month. One will be the traditional luncheon that @mubix has been organizing for the past year. The second event may be a more formal evening meetup with presentations and all.

Joining seems to be pretty similar to the Freemasons. You have to be invited by a current member or a current member has to invite you. Additionally, there seems to be a requirement to be active. @mubix and crew will be skimming membership every few months and deleting lurkers. I think these two controls will go a long way to helping stem the prevalence of spam. But please remember that they are still in the development stages of putting this thing together so the “rules” may change over time.

You can find out more information on the NoVA Hackers Association on our NoVA Meetups page. Also keep up to date and help morph this group into what it will be by visiting them over at their Google Group!

Much like the ISSA – DC Chapter meetup this week, the ISSA – NoVA Chapter meetup on August 20th will be a social/networking event instead of a traditional meetup.

In addition to getting the opportunity to hang out with your fellow security professionals, there will also be free refreshments provided. But as the ISSA – NoVA Chapter site notes, “cash bar for beverages of the harder variety.”

If you’d like additional information about this meetup, look no further than below.

• Who: ISSA - NoVA Chapter
• What: “Annual Social Event”
• When: 08-20, 5:30 PM EST
• Where: Gordon Biersch Restaurant (900 F St NW Washington, DC 20004-1404)

For more information on the ISSA – NoVA Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the page with information on this meetup.

o o o o o

Speaking of networking… have you heard about the NovaInfosec Twits yet?

Whether you belong to the ISSA – DC Chapter or want to learn more about it, the ISSA – DC Annual Social Event on August 18th promises good food and even better networking.

Free for members and $10 for non-members, the ISSA – DC Annual Social Event staff encourage you to invite a colleague and bring a copy of your CV because a number of tech sector recruiters have been invited. This chance only comes around once a year, so be sure to take advantage of it.

You must RSVP by Friday, August 14th at the latest , so be sure to do that now if you can. Keep reading for additional details.

• Who: ISSA – DC Chapter
• What: “Annual Social Event”
• When: 08-18, 6:30 – 9:00 PM EST
• Where: Gordon Biersch Restaurant (900 F St NW Washington, DC 20004-1404)

For more information on the ISSA – DC Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. See this page for more information.