September's SecKC Meeting

 

Eventbrite - SecKC | 2016

WHEN: Tuesday, September 12, 2017 from 6:00 PM to 9:30 PM (CST)
WHERE: Kanza Hall - 7300 W 119th St. Overland Park, KS 66213

6:00 -* SecKC 101 — Intro to SecKC
6:30 - - SecKC Open Source Intel Briefing

7:00 - Digital Apiaries - [@ax0n]
Using tools like MHN, HPFeeds and a variety of honeypot software, turn an army of Raspberry Pi and virtual machines into a firehose of attack data to help catch bots and attackers before they get to your production network. Learn how some honeypots can be abused as agents of evil. A community honeynet and data feed for interested SecKC members will be debuted.

[SUBJECT TO CHANGE] 8:00 - Threat Intelligence Framework - Cory Kennedy [@CoryKennedy]
Come see Cory's Threat Intel Framework. More info after the lawyers approve the talk.

 

 

Schedule below this line is in flux for the next few days and is severely subject to change.

OCTOBER's SecKC Meeting

WHEN: Tuesday, Oct 10th, 2017 from 6:00 PM to 9:30 PM (CST)
WHERE: Kanza Hall - 7300 W 119th St. Overland Park, KS 66213

7:00 - SMB Cyber Security without Senior Management Backing or Funding

Nathan Maxwell

Rule 1 of cyber security is have senior management support. In a small business, this can be lacking. What can you do in an SMB environment to move forward the state of information security without C-level support and funding - while not being subversive or insubordinate.

 

8:00 - HNSM On the Cheap

Aaron J. Scantlin [@sysaaron]

Think home network security monitoring is a costly and time-consuming effort? Think again!  With about $50 and a few hours of your time, you can log network events just like your favorite three-letter agencies.  This talk will go over the required hardware and software, go through the setup and configuration process process, and provide some starting ideas for events to alert on (with template scripts).

November's SecKC Meeting

WHEN: Tuesday, November 14th, 2017 from 6:00 PM to 9:30 PM (CST)
WHERE: Kanza Hall - 7300 W 119th St. Overland Park, KS 66213

7:00 - I used the reasonably-secure Qubes OS for 6 months and survived

Matty McFatty [@themattymcfatty]

Qubes OS sounds cool, but it's a little intimidating to use it as your day-to-day OS. Let me show you around Qubes OS a little and take away some of the mystery. I'll show you the basics of using Qubes OS and discuss some of the pros and cons.

 

8:00 - Occupational Fraud Trends

Steven Haenchen [@sysaaron]

Occupational Fraud Trends per the ACFE Report to the Nations on Occupational Fraud 2016 with a discussion of what they mean to us and what we can do to help prevent occupational fraud.

 

January's SecKC Meeting

WHEN: Tuesday, January 10th, 2017 from 6:00 PM to 9:30 PM (CST)
WHERE: Kanza Hall - 7300 W 119th St. Overland Park, KS 66213

7:00 - OWASP SAMM and other Software Security Assurance Frameworks

August Johnson

Software is cruddy.  These tools help to make it better.  This will be a review of various software security assurance tools, and a more in-depth look at the OWASP SAMM, what you can adopt, and how it can benefit coders, and really, anyone who uses the software.

8:00 - Occupational Fraud Trends

rsaxvc [@sysaaron]

Occupational Fraud Trends per the ACFE Report to the Nations on Occupational Fraud 2016 with a discussion of what they mean to us and what we can do to help prevent occupational fraud.

 

 

Attacking Active D - A Hacking Series

Ryan Preston [@h3xg4m3s]

This will be the first in a series of talks explaining and demonstrating modern attacks on Active Directory. During this presentation I will further cover Powershell Empire, picking up after davehull's presentation, and its functionality to a pentester. This will set the stage for the next few talks where we will learn about crackmapexec, responder, ntlmrelayx, Inveigh, and Bloodhound. Finally we will explore new tools that put all this together like DeathStar, AngryPuppy, Dogspawn, and GoFetch that automate domain takeovers.

 

Why (and how) we phish our users and why you should too

Julie Fugett & Shane Fonyi

After a phishing incident that resulted in direct deposit theft, we realized we needed to take a more aggressive approach to educating our users about social engineering and phishing. With the expenditure of some political capital and a cash outlay of less than $10, here's how and why we did it.

Twitter