Join us at our next meetup where we will welcome guest speaker, Bryce “bonzoesc” Kerley giving a primer on Ruby on Rails framework and OAuth. Bryce ended a proud tradition of second-place finishes at DEF CON by using Ruby and Team Distraction to win the inaugural DEF CON Crash & Compile event. Prior to this, he worked on-and-off in the information security and web application development fields, founded the Whitehatters club in Tampa, and found an XSS hole in Twitter once too.

Picking up where we left off last meeting, we’ll continue onto OWASP’s WebScarab framework for analysing protocol contents (Get WebScarab here) and introduce new concepts for speaker presentation sessions.

Date: 3/12/2011
Time: 1:00PM
Location:

AIU Campus.
2250 North Commerce Parkway
Weston, FL
Room #108

When you arrive to the school, call or text message 305-735-9018 and a HackMiami representative will tell you the room number.

We would like to thank American Intercontinental University South Florida Campus for the generous usage of the space.

http://www.aiuniv.edu/South-Florida

The next HackMiami Hack-A-Thon will take place on 2/26/2011 at 1pm.

The location is AIU Campus.
2250 North Commerce Parkway
Weston, FL
Room #108

We will be playing with the OWASP WebGoat application attack training framework.

Check it out and download it here: http://www.owasp.org/index.php/Webgoat

We would like to thank American Intercontinental University South Florida Campus for the generous usage of the space.

http://www.aiuniv.edu/South-Florida

When you arrive to the school, call or text message 305-735-9018 and a HackMiami representative will tell you the room number.

Claudio is the new Education Czar for Hackmiami!!

 Everyone feel free to welcome him to the new position at Claudio(at)hackmiami(dot)org.  If you want to speak for a hackathon you can email him and he will review your topic.  

For the hackathons we currently are looking for people to give primers on Python, Ruby on Rails, and PHP.  If you feel like you have a desire to share your knowledge drop him an email.

Join us for the first Hack-A-Thon of 2011. We will be examining some web applications in an attempt to execute arbitrary code on the server using identified vulnerabilities.

We will also be charting the course for the next year, so show up and be heard!

We will be meeting at a new location this time, unfortunately the Pizza Mansion closed it’s doors permanently in December.

Time: 1:30pm – 5:30pm

The new meeting location is at:

Sweet Times Gourmet and Cafe
3451 Northeast 1st Avenue, Ste #104,
Miami, FL 33127

Join us for our Holiday / End of the Year Hack-A-Thon Party on December 11, 2010!

This will be the last Hack-A-Thon of the year, so make it count!

We will be showcasing the latest incarnation of the Samurai CTF Hacking simulation, with all new levels and challenges.

There is no cost to participate. Everyone is welcome to play the game. Be sure to bring a laptop and ethernet cable. Wireless play is available but for best results we suggest bringing a cable.

We will also be joined by members of the Association for Computing Machinery from FIU.

The event is taking place at the one and only Pizza Mansion, where the pizza is always hot and the beer is always cold:

Time: 1pm – 5:30pm
Location: Pizza Mansion
6917 W Flagler Street
Miami, FL 33144

This weekend’s HackMiami event will take place in Tampa, FL as we get together with the Whitehatters Security Club for an afternoon of CTF and live hacking demonstrations.

Rod will present a method of owning a domain controller through a web app vulnerability using the BeEF framework + metasploit.

Pete, Fabian, and Loli will also be running the Samurai CTF game that walks through the steps of hacking web apps.

Jason will present methods of AntiVirus evasion and some cool WiFi tricks.

Edit: Detailed information pertaining to this event:

When: 11AM – 5PM
Where: MSC 2702 (Marshall Student Center, 2nd floor), University of South Florida, Tampa, FL 33620

Whitehatters have also provided campus maps to help us find the Marshall Student Center.

check out the WCSC website for details.

Hackmiami researchers are featured in 3 articles about their work with botnets. They also recently spoke at OWASP AppsecDC 2010 conference in Washington DC.

Threatpost.com article

arstechnica.com article

darkreading.com article

Last meeting we beat the crap out of a popular IT automation software package, this meeting we intend to finish it off. Join us as we go through the various vulnerabilities we have discovered over the last two weeks.

IT Automation software is used by enterprise networks to manage large swaths of machines.

They function with a client/server relationship where an administrator can remotely access systems within the network in order to work with them.

In other words, they function a lot like botnets, and for the most part, are botnets.

This Saturday we will continue examining IT automation software packages for vulnerabilities in both the client and server software.

Place: HackMiami Space @ Sun Electronics Warehouse
690 NW 14th Street
Miami, FL

(Miami, FL) – HackMiami researcher Jason of n00bz.net revealed a 0day muti-vendor AntiVirus bypass vulnerability at the Hacker Halted conference in Miami last Thursday.

After disclosing the vulnerability to vendors and awaiting a patch release by McAfee, Jason presented the proof of concept methodology at the conference by successfully executing malicious code on target machines that were fully protected by anti virus ‘resident shield’ software.

The principle behind the vulnerability is that although AV software is supposed to alert a user when malicious code is detected and block its execution, the tested AV products only detected the malicious code AFTER it had been executed and loaded to memory. This will result in successful infection of the target machine using any known payload, such as a Zeus trojan.

The flaw resides in the way AV products deal with protocol handlers. A full write up by Jason can be found here.

Vulnerable Anti-Virus Products

CVE-2010-3496 – McAfee – patch available
CVE-2010-3497 – Symantec/Norton – recommends purchasing additional Firewall software (this is like putting a band-aid on a severed limb)
CVE-2010-3498 – AVG – no reply from vendor
CVE-2010-3499 – F-Secure – Working fix into next release

Read Complete Proof of Concept Methodology by Jason at n00bz.net

IT Automation software is used by enterprise networks to manage large swaths of machines in a single go.