Welcome, and what's the plan?

InfoSecNI ’s aim is to foster a community of security students, amateurs and professionals who can learn from each other and ensure the sector is welcoming, supportive, and passing on skills. We aim to have transparent governance, and a tone of kindness and collaboration.

This is where we post meeting updates, and talk about any issues arising. You are welcome to comment!

1 Like

At the inaugural meeting (12 Mar 2020) we discussed the following:

The core collaborative group spans a wide range of infosec companies, government and charities. We hope this will ensure no one place has any over-riding influence, and will prevent the organising burden resting precariously on only one or two people. If you’d also like to be more involved please do reach out.
(Our current group is: Andrew, Art, Claire, David, Glenn, Louise, Susan, Tristan, Angie)

A ‘transparent governance’ model was agreed, making meeting issues/discussion available to the public and open for comment, and talking through any arising issues as openly as possible – we want everyone to feel like they understand and can comment on what is being planned.

A tone of kindness and collaboration being a key priority to facilitate fearless community learning.

We’ve opted for primarily forum-based communications, so that they can be easily organised and are accessible in the longer-term.
There will also be a mailing list option if you would prefer event alerts delivered to you directly, and a landing-page website (infosecni.net).
There may also be other comms channels opened (perhaps in one of the NI slacks, or Twitter), but we’d like to encourage you to use the forum so other people can benefit from the conversations.

Planned youth education and outreach (Cyberskillz) to be discussed.

In light of the current Covid19 issue, we discussed how to have initially online events. In the coming weeks and months you can look forward to;
• “Getting started with launching and securing CTF VM’s”
• And maybe other skills building how-tos to get you ready for tackling…
• Online meetups/hangouts for collaborative CTF challenges, and also competitive CTFs.
(CTF platforms discussed included JuiceBox, HackTheBox and Boot2Root, as well as a custom solution for our own challenges, but other suggestions would be welcomed!)
• General infosec online meetups/hangouts, with a speaker and then general chat.

Ways you can help:
• Join in on the forum! We want your security news/project updates, and help replying to comments.
● Help keep the discussion welcoming and kind so we foster a good atmosphere for all.
● Can you be a Technical or Non Technical mentor, speaker or workshop leader?
● Can you contribute workshop learning materials to a central “Resource Pack”?

Later we will need:
● Financial Sponsorship for Refreshments at events
● Financial/Equipment sponsorship for hardware resources (particularly laptops etc) to minimise barriers to entry from disadvantaged backgrounds
● Event Venue Hosts

Do you like the plan?
Have you ideas to contribute?
Do you have preferred ways to receive info?
Post your comments below!

1 Like

@Angie great summary on the discussion! So I shamelessly stole the good stuff for the initial content of the single page site https://infosecni.net

This is a very simple MD based site on Github, collaborations/improvements and content very welcome

1 Like

Now that we’re settling into the warm pressure blanket of cabin fever, do we want to get another (possibly more public?) call going? I can put together an ‘agenda’ and publish it here in advance.

Shouldn’t be longer than half an hour ‘officially’, and then we can just chill out and chat randomness :slight_smile:

  • 2020-03-28 Saturday 10:00
  • 2020-03-28 Saturday 13:00
  • 2020-03-28 Saturday 18:00
  • 2020-03-29 Sunday 10:00
  • 2020-03-29 Sunday 13:00
  • 2020-03-29 Sunday 18:00
  • 2020-03-30 Monday 10:00
  • 2020-03-30 Monday 13:00
  • 2020-03-30 Monday 18:00

0 voters

I was actually just thinking of getting in touch about that and to clarify expectations of the VM share session.

1 Like

Hangout Link

Proposed Agenda:

  • Review previous minutes
  • Are we ready to start making more public noise about this? https://infosecni.net/ (And who’s going to take on what PR tasks?)
  • Are we happy with discorse as a primary comms tool?
  • Are we ready to set a date for the first session (Getting started with launching and security CTF VMs)?
2 Likes

Claire and I would also like to discuss an online InfoSec movie night, as a bit of a social/community building thing during this stressful time.

1 Like

Draft poll, don’t vote, a new version will be released after the meeting

[poll type=regular results=always public=true chartType=bar]
* Hackers
* Sneakers
* War Games
* Swordfish
* Johnny Mnemonic
[/poll]

2nd meeting 30 Mar 2020
(Andrew, Angie, Claire, Louise, Susan, Tristan)

Discussion as follows:
Are we ready to bring the group to the attention of the public now? At least a week lead time for the first event was suggested in order to give time to get the word out and hype it up. If you can help hype the events, please do!

Intro to VMs event:
There was a discussion about how in-depth this should be and what level it should begin at. The group consensus was that it should begin at the basic ‘What is a CTF/VM/Kali?’ and ‘Why would you want to use it?’ level. This would then proceed on to how to set it up and how to try and secure it. While there was a debate about using VulnHub in the end it was decided that JuiceBox is better set up to hand-hold people, and would therefore be better for newbs. We will aim for 20-25 minutes, and end with a complete VM setup, hopefully also including a complementary ‘attacker VM’. Tristan will discuss the preliminary draft at the next steering meeting.
Questions were raised about how to handle numbers, and so we have decided to try and have a sign-up process here on Discourse, in order to prevent message dilution across other media. If a handful of people turn up we can handle everyone on one call, but otherwise the suggestion is to ask for mentors and split into collaborative groups so that people have a cluster they can turn to for help, questions and shared encouragement. If you can help with mentoring please let us know!
The event date and time have been set for 15th April at 6.00pm-7.30pm, with a 20-25 min presentation + Questions & Answers.

Questions arose about how the steering group could communicate during the event, and transparency was highlighted as important. The Farset Slack was vetoed in deference to our aim of having no single place over-riding everything, and the Discourse is already hosted there. Other platforms were suggested. Everyone thought it might be a fun idea to make it a mini-CTF challenge to find our meeting room, with some social hints beforehand, thus getting in a bit of OSINT practice. For this reason the meeting location is deliberately vague here, though anyone is welcome to participate in the conversation if they find it.

We talked about three main streams of objectives for the group:

  1. onboarding new people into the security industry itself.
  2. Continuing Professional Development (CPD) and technical deep-dives for the more experienced.
  3. Public outreach about ways to improve their personal security.

Cyberskillz for younger members was not discussed at this time. Comments and suggestions from you about the objectives would be welcomed!

Susan and Andrews suggested several key people to be in touch with both for spreading awareness of the group, and for collaboration and help with events.

Susan also gave a run down on the PSNI Protect & Prevent programme(s); educating people on ways to protect themselves and their business, and ensuring that hackers understand what exactly constitutes an offence and funnelling them into using their skills for good, respectively.

Andrew suggested something the group could look at in future was setting up some attackable infrastructure in order to offer practice within a legal setting. Bug Bounties were also highlighted as a key outlet. Cute millionaire BB hackers may or may not have been mentioned, I couldn’t possibly comment.

Finally, Claire and Angie’s suggestion of an online movie night event was discussed. Points were raised about it being an accessible film for as many people as possible, platform-wise, and this needs further investigation for any suggested titles. We are, of course, not advocating torrenting any films. The suggestion was made that follow-along could happen simultaneously on multiple-platforms (Twitter/Slack/a group call), as there would hopefully be enough people to support that. Although weekdays were posited, some felt a weekend would suit them better as mid-week is tiring with work, so the decision was made to throw that out to the forum as well. Ideally the movie night would happen ASAP in order to try and maintain roughly 2 weeks between events, but there is no set rule. Tristan suggested a lighthearted conversational tear-down of the film afterwards to highlight what was/wasn’t realistic about the hacking. Please tell us what film you’d like to see, and when!

Andrew will put the VM event on Discourse and link to it on the website.
Claire will put the movie poll on Discourse.
Angie will write up the discussion notes onto Discourse.
Tristan will continue working on the VM event.
Everyone will spread the word as much as possible about the next event, and encourage forum participation where possible.

The movie night is TBD
The next steering meeting is Monday 13th April at 6pm in order to discuss event preparations and feedback any public comments to the group.
The VM event is 15th April.

1 Like

I would also personally like to suggest;
Objective stream 4. Social events to establish a cross-pollinating community in a more relaxed setting

and to ask if there is an existing logo, as I’d like to make a social media flyer for the movie night.

1 Like

3rd meeting, 13 April 2020
(Andrew, Angie, Susan, Tristan - apologies from Claire)

Acknowledgement and apologies that the VM & movie event details had not been set up, and we had all failed to promote them as planned. In line with the ‘tone of kindness and collaboration’ priority, understanding from the group that these are difficult times for everyone and that things are going to slip, that it’s more important to focus on moving forward with how to manage the situation, and mitigate any recurrance of issues.

Tristan broke the good news that he has presentation/demos for the VM event ready for review, and briefed us on some of the details. It was agreed that in the spirit of transparency it would be made available on discourse for encouragement and peer review, rather than a private review by the steering group.

Agreement from the group to push the event dates back by at least a week in order to give some time for review and proper hype. Discussion of suitable dates and times ensued (see end of post).

Group agreement on a date for the movie night, and an acknowledgement that film was likely to be Hackers. Continued concensus that this is a good social event. No particular solution proposed for the film availability due to legal issues. Andrew suggested a Twitter->IRC mirror for the Tweet-Along.

Final discussion about breadcrumbs to the steering group comms for VM event; suggestions redacted for the purposes of maintaining the challenge.

Tristan will make the VM event presentation available on discourse for review.
Andrew will put the VM event on Discourse and link to it on the website, by a particular date.
Andrew will create the comms channel for the VM event.
Claire & Angie will work together ASAP on putting together the Movie Night event details for promotion.
Angie will follow-up that both events have details posted by Wed 15th, in case of any arising issues.
Angie will look at a Twitter/IRC mirror for the movie night during the week if time permits.
Angie will come up with some clues for breadcrumbs, though anyone is welcome to contribute ideas.
Susan will be the ‘guinea pig’ for how understandable the VM videos are to newer folks.
Everyone will spread the word as much as possible about both events, and encourage forum participation where possible.

The VM event is: 24th April 6pm-7:30pm
The movie night is: 25th April 7pm

The next steering meeting is: 27th April at 6pm for a debrief of both events, and suggestions for what’s next (hangout link)

1 Like

Great notes! One modifier is I got an apology from @Louise_Croft

Also, VM Event post here Virtual Meetup: Virtual Machine Crash Course

1 Like

Hi Guys, I did a run through of the powerpoint yesterday, and can report back that it was easy for me to follow - despite never having seen the movie Godzilla (is that a sharp intake of breath I hear?!)

I have a little prior knowledge by way of training designed to bring investigators up to speed regarding investigating cyber crime, and VM’s were a small part of it. To be honest I had forgotten some of the detail from the course (it’s been a while since my laboured brain has had to think of that particular area!!) and the powerpoint brought it all back!

Importantly, the installation instructions were clear and easy to follow.

Thanks for sharing the powerpoint.

2 Likes

4th meeting, 2nd May 2020
@Angie @bolster @ClaireB @tee apologies from @Susan_Moody

Reflected that both the VM workshop and the Movie night was very well received and went quite well.

Next step re ‘workshops’ would be an Informal ‘JuiceShop’ virtual meetup, speculatively Wednesday 13th. This would be a peer-learning approach with an opportunity at the beginning to get all attendees up to speed with their VM’s (if anyone had any trouble).

Action on @bolster to put together an introduction to the JuiceShop, potentially walking through a couple of the :star: challenge solutions, and the importance of buliding ‘curiosity’, and post/promote the event.

Following on from the previous movie night poll, decided on WarGames for the next Movie session (Action on @ClaireB to post/promote)

Next steering group hangout on Monday 25th May

1 Like

Hey! I’ve been having difficulty getting OWASP Juice shop running on Kali on my RPi, not sure if it’s an issue with Kali, docker or Pi!

I’ve installed docker and can run the hello world container successfully, but running the following command:

docker run -e "NODE_EVN=ctf" -p 3000:3000 bkimminich/juice-shop

I get the following error:
standard_init_linux.go:211: exec user process caused "exec format error"

From a search online it looks like the most common issue relates to the Dockerfile running a script that’s missing a shebang, but I can’t see the juice-shop Dockerfile doing that.
Anyone else able to run juice shop with docker in kali? Any tips?

I have not tried that particular setup before, do you have a dockerfile you can share? The only other common cause of the error you are getting I can find is related to trying to run x86 code on an arm system.

Thanks Tristan, that sounds about right, running x86 code on an ARM machine, for now I’m just running juice shop in docker on my mac but I’ll figure out the issue with the Pi later on this week!

1 Like

This image was referenced from this thread, but it’s 2 years old so YMMV

Thanks Bolster! I found there’s a section on running juice shop on the raspberry pi in the documentation, definitely should have looked there first!

https://pwning.owasp-juice.shop/part1/running.html

Sorry about that!

1 Like

Just putting this here so I remember to put things on the agenda for the next steering meeting:

  • Discord CoC
  • Discord Admins/Mods