Security/Hackers' Night - December 2, 2015

December is our annual Hackers' Night.  

Eric Kornau has been putting together something special for you this year.  Details bellow.

Other items of interest for December:

In recognition of the season and nearing the close of the year and start of a new one we usually have a little finer fare than the pizza snack the rest of the year.  You don't have to dress formal for this but it should be fun.

Elections for 2016 CINPA Board Members will be held.  The slate as it stands presently:

Allen Miller - President
(vacant) - Vice President
Kevin Royalty - Development Director
Ron Schuermann - Treasurer
Brad Green - Membership Director
Chad Claussen - Public Relations, Social Media


·         Matt Schuerer will be doing a talk titled:  Surveillance Using Spare Stuff.  This talk focuses on building your own robust surveillance system using items you either already own or may purchase inexpensively. The information presented demonstrates how to build full featured security systems on a shoestring budget. Topics covered include video and audio surveillance, configuring motion detection alarms, monitoring defined hot zones, remote notification and alerting, recording archival, and more. 

·         Brad Stroeh will be presenting Network Access Control (NAC) Attacks and Mitigation.  This talk will focus on the techniques that attackers use to bypass NAC and will offer tips on prevention and detection.

·         Jack Gerbs will be doing a presentation on NIST’s CyberSecurity Framework (CSF) and the use of Security Onion.   Since releasing the Framework in February 2014, NIST has been educating a broad audience about the Framework's use and value. The Framework is being employed across the country, in a host of sectors, and by organizations ranging from multinationals to small businesses.  Recently, NIST has focused its outreach efforts on the international, regulator, and small and medium business (SMB) communities. Jack will explain what the CSF means to you.  He will address the Framework’s emphasis on continuous monitoring and how Security onion can be used to address Framework categories and detect intrusions and anomalies on your network.

·          Eric Kornau will do a short presentation (time permitting) on “Stealing plain-text Passwords from Windows Memory”.  This talk addresses techniques that attackers use to steal Windows Credentials.  Microsoft has issued a patch for Windows 7, 8 2008r2 and 2012 which can mitigate many of the credential theft attacks, but the patch (KB2871997) requires additional configuration via a registry key to be effective.  Security audits show that many admins are unaware of this requirement.    A handout will be provided with step by step instructions for deploying the needed registry entries via group policy.