20160914-YDTL0121[1].jpg

Welcome to SecKC

Kansas City's Hacker Hive

e201806121941-IMG_1756_1920_1280.jpg

OCTOBER’s SecKC Meeting

Eventbrite - SecKC | 2016

WHEN: Tuesday, October 9th, 2018 from 6:00 PM to 9:30 PM (CT)
WHERE: Kanza Hall - 7300 W 119th St. Overland Park, KS 66213

6:00-6:30 -* SecKC 101 — Welcome to SecKC & - SecKC Open Source Intel Briefing

 

6:35-6:50 - Mark Bayley - @dispareo

Getting started in a security career

For budding hackers - how to go from 0 IT experience to being a security practitioner

 

6:55-7:30 - The Big Security Short - @kpshek

It wasn't that long ago when hackers and security researchers publicized 0-day vulnerabilities, much to the chagrin of the companies whose software they were testing. After several years, the two communities have largely reached an accepted compromise in the form of coordinated disclosure. Google's Project Zero is a one of the most prominent groups in which their security researchers follow a 90 day coordinated disclosure policy.

However, there are some within the security research community that are pushing back against the notion of responsible disclosure, arguing that research is being undervalued by the very companies that directly benefit from their hard work. These researchers argue that the security research community not only needs to command a higher profit for their work, but that they need to demand companies take a stronger stance to improve their security posture.

Leading the forefront of this controversial movement is a security research firm that is focused on improving security in a particular field: healthcare. Join me as we examine a retrospective of their security research and the legal and financial repercussions...as well as a broader analysis to see if this is an isolated event or indicative of a much larger trend...

 

7:40-8:10 - Andy Nelson - @Anelson425

Injection Attacks: Defending an Application Takedown

With the release of the OWASP (Open Web Application Security Project) Top 10 for 2017, injection is again at the top of the list. As software engineers, most of us are aware that injection attacks exist. However, we are rarely aware of how easy they are to perform or what it takes to defend them. In this talk, I will create a simple test application that has some injection vulnerabilities that you might find in applications you work on today. Then I will show you how easy they are to exploit both manually and with “h4ck3r t00lz”. Lastly, I will show you how to change your code to defend against these attacks. If you are a software engineer that wants to have a better understanding of how easy it is to defend your application, then this talk is for you.

 

November's SecKC Meeting

WHEN: Tuesday, November 13th, 2018 from 6:00 PM to 9:30 PM (CT)
WHERE: Kanza Hall - 7300 W 119th St. Overland Park, KS 66213

6:00-6:30 -* SecKC 101 — Welcome to SecKC & - SecKC Open Source Intel Briefing

 

7:00-8:30 - MMFml - Abusing Memory Mapped Files

Parker Crook, Ben Holder

A new way to execute arbitrary code from memory without the need to load libraries of other techniques in PowerShell.

MMFml utilizes memory mapped files to directly allocate heap memory, assign execute permissions on that memory, and get an addressable memory location, and then pass execution to that location in memory without the artifacts generated by similar techniques in the .NET framework.

 

6:??-7:?? - 

Submit to speak at https://talk.seckc.org!

 

 

 

 

January's SecKC Meeting

WHEN: Tuesday, January 8th, 2018 from 6:00 PM to 9:30 PM (CT)
WHERE: Kanza Hall - 7300 W 119th St. Overland Park, KS 66213

6:00-6:30 -* SecKC 101 — Welcome to SecKC & - SecKC Open Source Intel Briefing

 

6:??-7:?? - ?

Submit to speak at https://talk.seckc.org!

 

7:??-7:?? - ?

Submit to speak at https://talk.seckc.org!

 

 

Eventbrite - SecKC | 2016

Twitter