HackMiami has been able to obtain exclusive discount codes for registration to the 2010 Hacker Halted conference in Miami, FL for students! This conference normally costs over $1000, however students will be able to access the conference on October 13 & 14 for the early bird price of $100! Hurry up and register now, because the price will go up to $200 on 9/15/2010.

The conference will be taking place at the InterContinental Hotel in downtown Miami, and will feature multiple tracks of presentations on infosec topics, as well as a great exhibition area that will feature some of the worlds most talented  hackers showing off research projects, as well as the Samurai CTF game! You will also be able to network with potential future employers.

You do not want to miss out on this great conference! The underground will meet the above-ground, and much learning will be had by all!

CLICK HERE TO REGISTER FOR HACKER HALTED 2010 USING THE DISCOUNTED STUDENT CODE

Join us Saturday September 4, 2010 for an afternoon of h4x1n6 and lulz.

The first meeting of September will be jam packed with three great talks, and will be our first meeting in the new warehouse.

CSRF Attacks - We will be going over various uses and methods for this very useful web application attack, as well as discussing ways to prevent it.

Buffer Overflows - Jason Malley will be presenting on the principles and methodology of buffer overflow attacks.

Milking Lol-Cows - Obtain sweet nectar of lulz from Lol-Cow Facebook Kid. Take the test for the Lol-Cow Farmer certification. See Pete for details.

FREE CPE CREDITS
Did you know you can feed your certs by attending HackMiami meetings? Earn free credits by showing up and participating in the hands on h4x0ring.

Time: 1pm – 5:30pm
Location: HackMiami Space @ Sun Electronics Warehouse
690 NW 14th Street
Miami, FL, 33136

Join us Saturday – 8/21 – for an afternoon of pizza, beer, and h4x0ring.

We will be reviewing the ISSA CTF contest that took place last week, as well as hosting a showcase/contest for XSS attacks. Bring your javascript skillz, because there will be a prize for the person who is able to pull off the funniest XSS attack.

FREE CPE CREDITS!

Did you know you can earn FREE CPE credits by attending HackMiami Hack-A-Thons?! Don’t miss out!

Date: Saturday 8/21/2010
Time: Doors open @ 1pm,  doors close at 5:30pm
Location: Pizza Mansion
6917 W Flagler Street
Miami, FL 33144

Note: Air conditioner has been fixed, w00t!

Hack Miami will be running the “Samurai CTF” at this years Hack the Flag.  This is a brand new aspect to the SFISSA’s HTF event.   This contest is intended for those that are either complete newbies or have a moderate level of experience, but aren’t quite ready for the bloodshed of the Ninja CTF.

The word samurai is somewhat analogous to European knight: they were considered nobility, worked for noble higher-ups, and were renowned for their great bravery and code of honor.  Ninja, on the other hand, were well-disguised mercenary assassins governed by no code save secrecy.

One of the benefits of this contest is that you will be using a bootable “live CD”.  What this means to you, is that aside from having all the great tools that you need for the contest, you most likely not have to worry about your computer being hacked while it is running the Samurai live CD.   All you will need to do is put the Samurai live CD into your CDROM drive and power up!

This contest is focused on web hacking, something that is a very hot topic in infosec today.  While this competition is intended to be a friendly contest, it is also going to be an educational experience.  Guidance will be provided by the members of Hack Miami.  So, if you get stuck, there is a helping hand nearby.

Join us for a Defcon 18 review and a speech on Social Engineering.

Poison Apples: Physical Media Social Engineering

By: David Martinez

As more and more workplaces become increasingly aware of both their physical and digital security needs, one factor remains a weak link; Human curiosity. As a result, Social Engineering attacks and techniques have become common-place and well known; but they can be improved. Using simple physical media, entry-level scripting techniques, and a bit of planning and common sense, a malicious individual could infiltrate a corporate infrastructure without doing ANY remote penetration, and with little, to no risk of being caught. Topics covered will include batch scripting the media, planning out the attack and distribution, and how a physical media attack could be used in different situations and environments.

Other talks TBA

Date: Saturday 8/7/2010

Time: Doors open @ 1pm, speech begins at 1:30pm, doors close at 5:30pm

Location: Pizza Mansion

6917 W Flagler Street

Miami, FL 33144

Did you miss Defcon? Were you unable to go? Did you go and not see all the talks you wanted?

Check out the CD-ROM from the conference, chock full of PDF’s and tools from all the presentations.

http://thepiratebay.org/torrent/5725586/Defcon_18_CD_tar_gz

Join us this Saturday 7/24/2010 for a joint HackMiami / South Florida OWASP event!

We will feature a presentation by DIckson Kwong that will outline several vulnerabilities in Citrix servers, as well as an analysis of their architecture and configurations.

DIckson Kwong is a local security researcher who is employed as a vulnerability analyst for a financial firm.

We will also be reviewing The Next Hope conference that took place last week, and will be discussing plans for the upcoming Defcon conference.

FREE CPE CREDITS!

Did you know you can earn FREE CPE credits by attending HackMiami Hack-A-Thons! Don’t miss out!

Date: Saturday 7/26/2010
Time: Doors open @ 1pm, speech begins at 1:30pm, doors close at 5:30pm
Location: Pizza Mansion
6917 W Flagler Street
Miami, FL 33144

HackMiami has arrived at the Hotel Pennsylvania and is setting up a table at the Hackerspace Village. Follow the events on Twitter on @hackmiami and @thenexthope.

Here is a list of the talks that will include members of HackMiami -

Botnet Resistant Coding: Protecting Your Users from Script Kiddies

Friday 1500 Lovelace

Peter Greko, Fabian Rothschild

Zeus botnets are trojans accountable for a large percentage of all trojan infections. Zeus’s availability and ease of use make it popular amongst malicious individuals with low technical sophistication. Better social engineering scams, coupled with consistent levels of victim unawareness and carelessness on the part of software vendors, have created a need for greater web security. Using a standard LAMP stack and web programming techniques, a guideline was developed to mitigate and reduce the exposure of sensitive information from compromised clients. Because of the resultant confusion, attackers have either given up and moved on to an easier target, or have spent significant amounts of resources undoing damage to harvested POST data. The immediate objective of implementing these new techniques is to reduce the efficacy of Zeus and its counterparts and ebb cybercrime and identity fraud. Future use of these techniques will provide better chances against the compromising of users and web applications.

Hackerspaces Forever: A Panel Presented by Hackerspaces.org

Friday 2100 Tesla (2 hours)

Nick Farr (HacDC, Washington DC, USA), Mitch Altman (Noisebridge, San Francisco, USA), Sean Bonner (Crashspace, Los Angeles, USA / HackspaceSG, Singapore), Johannes Grenzfurthner (hackbus.at, Vienna, Austria), Markus “fin” Hametner (Metalab, Vienna, Austria), Alexander Heid (HackMiami, Miami, FL, USA), Nathan “JimShoe” Warner (Makers Local 256, Huntsville, AL, USA), Matt Joyce (NYC Resistor, Brooklyn, NY, USA), Carlyn Maw (Crashspace, Los Angeles, CA, USA), Far McKon (Hive 76, Philadelphia, PA, USA), Psytek (Alpha One Labs, Brooklyn, NY, USA)

We called your excuses invalid at The Last HOPE and you proved us right! Since launching hackerspaces.org at The Last HOPE, there’s been phenomenal worldwide growth in the hackerspaces movement. Continuing to build on progress, this panel discussion brought to you by Hackerspaces.org will focus on strategies to help avoid drama, grow your hackerspace, and connect with your community.

Modern CrimeWare Tools and Techniques: An Analysis of Underground Resources

Saturday 1500 Bell

Alexander Heid

This talk will highlight the features, functions, availability, and impact of modern crimeware tools. The talk will have a specific focus on the Zeus payload and command/control application, and will touch upon other leading banking malware. In addition to detailed technical information, the talk will highlight the history and evolution of this particular trojan and the underground economy that drives it. Furthermore, there will be discussion of other tools that are often used in conjunction with the payload, such as remote exploit kits. The talk will also highlight mitigation techniques and basic design principles for web applications and server configurations that can help reduce the impact of crimeware on individuals and organizations.

Hacking Terrorist Networks Logically and Emotionally

Sunday 1000 Bell

Hat Trick, Mudsplatter

This presentation will touch upon broad aspects of forensics, encryption, and social engineering, and how they relate to the tracking of extremists.

Hat Trick has over seven years of experience in this very unique field, and has put together one of the world’s largest open source databases of extremist multimedia. Topics covered include common vulnerabilities of extremist sites, the unique behaviors of extremists, how to get terrorist IPs and passwords, and what to do with them when you’ve got them.

Mudsplatter will discuss the psychology of manipulation, and how to gain access to even the most secure networks using simple tricks of social engineering. Topics include how to lie with confidence, getting the paranoid to trust you, using trolling to your advantage, and some of the most common liabilities of social networking.

Join us Saturday 7/10/2010 at 1:00pm for a HackMiami Hack-A-Thon revolving around  the various types of MITM attacks!

Presenting  is Pert Trepi aka TipSc on how to perform Man-in-the-Middle attacks using  various tools currently available.  A simple overview of the tools and various techniques being presented are as follows:

Types of Attacks:
ARP Poisoning
SSH and SSL MITM attacks
802.11 attacks
DNS spoofing
Rogue DHCP-Server
Bonus: IPv6 RA MITM

List of tools used to perform the attacks:
Metasploit
Ettercap
Backtrack 4
and other Custom Tools and Scripts:

Time: 1:00pm-5:30pm
Location: Pizza Mansion
Address: 6917 W Flagler Street   Miami, FL 33144

Metasploit Express places first in the HackMiami 2010 penetration testing competition

Jun 30, 2010 | 06:33 PM

BOSTON–(BUSINESS WIRE)–Rapid7′, the leading provider of unified vulnerability management, compliance and penetration testing solutions, today announced that Metasploit Express™, its new penetration testing product, placed first in the HackMiami 2010 penetration testing competition held this month between Rapid7 Metasploit Express, Core Impact Professional and Immunity CANVAS. As a result of its many impressive features, including ease-of-use and advanced reporting capabilities, Metasploit Express ranked highest overall with a total score of 4.5 out of five available stars.

HackMiami is an organization made up of a variety of professionals that provide innovative technical and social collaboration through regular meetings, presentations, labs and competitions that serve to develop all fields of modern technology. During the 2010 HackMiami penetration testing face-off, products were scored on a variety of characteristics, including interface, exploits, reporting, value and additional features.

Rapid7’s Metasploit Express ranked in the lead or tied for the highest ranking in four out of the five sub-categories, beating out both Core Security and Immunity who received total scores of 3.5 stars and three stars, respectively. Testers commented that compared to other applications, Metasploit Express had a cleaner interface, single-click evidence collection, a greater of number of penetrated systems via multiple methods and was the most affordable with a list price of $3,000.

“These results are extremely exciting for Rapid7, and reinforce our firm belief that the industry needs to keep advancing its penetration testing solutions,” said Mike Tuchen, president and CEO for Rapid7. “As the threats that enterprises face continue to evolve, there has been a fundamental shift in the need for pen testing integration into enterprise security systems and companies are increasingly looking for easy-to-use, powerful solutions that automate common functions. Our goal with Metasploit Express was to create a product that would offer all of this, and more, and we look forward to continuing to enhance our research and development in the future.”

Leveraging its 2009 acquisition of the Metasploit Framework, Rapid7 launched Metasploit Express as an affordable, easy-to-use penetration testing solution that delivers a full graphical user interface, automated exploitation capabilities and reporting for enterprises. Known for releasing some of the most technically sophisticated exploits to the public, Metasploit Express provides full network penetration testing capabilities and is backed by the world’s largest, fully tested and integrated public database of exploits.

About Rapid7

Rapid7 is the leading provider of unified vulnerability management, compliance, and penetration testing solutions, delivering actionable intelligence about an organization’s entire IT environment. Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, the United States Postal Service, Carnegie Mellon University and Red Bull to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC. Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world’s largest database of public, tested exploits. For more information, visit www.rapid7.com.

http://www.darkreading.com/vulnerability_management/security/intrusion-prevention/showArticle.jhtml?articleID=225702019