Proposed Agenda:
Claire and I would also like to discuss an online InfoSec movie night, as a bit of a social/community building thing during this stressful time.
Draft poll, don’t vote, a new version will be released after the meeting
[poll type=regular results=always public=true chartType=bar]
* Hackers
* Sneakers
* War Games
* Swordfish
* Johnny Mnemonic
[/poll]2nd meeting 30 Mar 2020
(Andrew, Angie, Claire, Louise, Susan, Tristan)
Discussion as follows:
Are we ready to bring the group to the attention of the public now? At least a week lead time for the first event was suggested in order to give time to get the word out and hype it up. If you can help hype the events, please do!
Intro to VMs event:
There was a discussion about how in-depth this should be and what level it should begin at. The group consensus was that it should begin at the basic ‘What is a CTF/VM/Kali?’ and ‘Why would you want to use it?’ level. This would then proceed on to how to set it up and how to try and secure it. While there was a debate about using VulnHub in the end it was decided that JuiceBox is better set up to hand-hold people, and would therefore be better for newbs. We will aim for 20-25 minutes, and end with a complete VM setup, hopefully also including a complementary ‘attacker VM’. Tristan will discuss the preliminary draft at the next steering meeting.
Questions were raised about how to handle numbers, and so we have decided to try and have a sign-up process here on Discourse, in order to prevent message dilution across other media. If a handful of people turn up we can handle everyone on one call, but otherwise the suggestion is to ask for mentors and split into collaborative groups so that people have a cluster they can turn to for help, questions and shared encouragement. If you can help with mentoring please let us know!
The event date and time have been set for 15th April at 6.00pm-7.30pm, with a 20-25 min presentation + Questions & Answers.
Questions arose about how the steering group could communicate during the event, and transparency was highlighted as important. The Farset Slack was vetoed in deference to our aim of having no single place over-riding everything, and the Discourse is already hosted there. Other platforms were suggested. Everyone thought it might be a fun idea to make it a mini-CTF challenge to find our meeting room, with some social hints beforehand, thus getting in a bit of OSINT practice. For this reason the meeting location is deliberately vague here, though anyone is welcome to participate in the conversation if they find it.
We talked about three main streams of objectives for the group:
Cyberskillz for younger members was not discussed at this time. Comments and suggestions from you about the objectives would be welcomed!
Susan and Andrews suggested several key people to be in touch with both for spreading awareness of the group, and for collaboration and help with events.
Susan also gave a run down on the PSNI Protect & Prevent programme(s); educating people on ways to protect themselves and their business, and ensuring that hackers understand what exactly constitutes an offence and funnelling them into using their skills for good, respectively.
Andrew suggested something the group could look at in future was setting up some attackable infrastructure in order to offer practice within a legal setting. Bug Bounties were also highlighted as a key outlet. Cute millionaire BB hackers may or may not have been mentioned, I couldn’t possibly comment.
Finally, Claire and Angie’s suggestion of an online movie night event was discussed. Points were raised about it being an accessible film for as many people as possible, platform-wise, and this needs further investigation for any suggested titles. We are, of course, not advocating torrenting any films. The suggestion was made that follow-along could happen simultaneously on multiple-platforms (Twitter/Slack/a group call), as there would hopefully be enough people to support that. Although weekdays were posited, some felt a weekend would suit them better as mid-week is tiring with work, so the decision was made to throw that out to the forum as well. Ideally the movie night would happen ASAP in order to try and maintain roughly 2 weeks between events, but there is no set rule. Tristan suggested a lighthearted conversational tear-down of the film afterwards to highlight what was/wasn’t realistic about the hacking. Please tell us what film you’d like to see, and when!
Andrew will put the VM event on Discourse and link to it on the website.
Claire will put the movie poll on Discourse.
Angie will write up the discussion notes onto Discourse.
Tristan will continue working on the VM event.
Everyone will spread the word as much as possible about the next event, and encourage forum participation where possible.
The movie night is TBD
The next steering meeting is Monday 13th April at 6pm in order to discuss event preparations and feedback any public comments to the group.
The VM event is 15th April.
I would also personally like to suggest;
Objective stream 4. Social events to establish a cross-pollinating community in a more relaxed setting
and to ask if there is an existing logo, as I’d like to make a social media flyer for the movie night.
3rd meeting, 13 April 2020
(Andrew, Angie, Susan, Tristan - apologies from Claire)
Acknowledgement and apologies that the VM & movie event details had not been set up, and we had all failed to promote them as planned. In line with the ‘tone of kindness and collaboration’ priority, understanding from the group that these are difficult times for everyone and that things are going to slip, that it’s more important to focus on moving forward with how to manage the situation, and mitigate any recurrance of issues.
Tristan broke the good news that he has presentation/demos for the VM event ready for review, and briefed us on some of the details. It was agreed that in the spirit of transparency it would be made available on discourse for encouragement and peer review, rather than a private review by the steering group.
Agreement from the group to push the event dates back by at least a week in order to give some time for review and proper hype. Discussion of suitable dates and times ensued (see end of post).
Group agreement on a date for the movie night, and an acknowledgement that film was likely to be Hackers. Continued concensus that this is a good social event. No particular solution proposed for the film availability due to legal issues. Andrew suggested a Twitter->IRC mirror for the Tweet-Along.
Final discussion about breadcrumbs to the steering group comms for VM event; suggestions redacted for the purposes of maintaining the challenge.
Tristan will make the VM event presentation available on discourse for review.
Andrew will put the VM event on Discourse and link to it on the website, by a particular date.
Andrew will create the comms channel for the VM event.
Claire & Angie will work together ASAP on putting together the Movie Night event details for promotion.
Angie will follow-up that both events have details posted by Wed 15th, in case of any arising issues.
Angie will look at a Twitter/IRC mirror for the movie night during the week if time permits.
Angie will come up with some clues for breadcrumbs, though anyone is welcome to contribute ideas.
Susan will be the ‘guinea pig’ for how understandable the VM videos are to newer folks.
Everyone will spread the word as much as possible about both events, and encourage forum participation where possible.
The VM event is: 24th April 6pm-7:30pm
The movie night is: 25th April 7pm
The next steering meeting is: 27th April at 6pm for a debrief of both events, and suggestions for what’s next (hangout link)
Great notes! One modifier is I got an apology from @Louise_Croft
Also, VM Event post here Virtual Meetup: Virtual Machine Crash Course
Hi Guys, I did a run through of the powerpoint yesterday, and can report back that it was easy for me to follow - despite never having seen the movie Godzilla (is that a sharp intake of breath I hear?!)
I have a little prior knowledge by way of training designed to bring investigators up to speed regarding investigating cyber crime, and VM’s were a small part of it. To be honest I had forgotten some of the detail from the course (it’s been a while since my laboured brain has had to think of that particular area!!) and the powerpoint brought it all back!
Importantly, the installation instructions were clear and easy to follow.
Thanks for sharing the powerpoint.
4th meeting, 2nd May 2020
@Angie @bolster @ClaireB @tee apologies from @Susan_Moody
Reflected that both the VM workshop and the Movie night was very well received and went quite well.
Next step re ‘workshops’ would be an Informal ‘JuiceShop’ virtual meetup, speculatively Wednesday 13th. This would be a peer-learning approach with an opportunity at the beginning to get all attendees up to speed with their VM’s (if anyone had any trouble).
Action on @bolster to put together an introduction to the JuiceShop, potentially walking through a couple of the 
challenge solutions, and the importance of buliding ‘curiosity’, and post/promote the event.
Following on from the previous movie night poll, decided on WarGames for the next Movie session (Action on @ClaireB to post/promote)
Next steering group hangout on Monday 25th May
Hey! I’ve been having difficulty getting OWASP Juice shop running on Kali on my RPi, not sure if it’s an issue with Kali, docker or Pi!
I’ve installed docker and can run the hello world container successfully, but running the following command:
docker run -e "NODE_EVN=ctf" -p 3000:3000 bkimminich/juice-shop
I get the following error:
standard_init_linux.go:211: exec user process caused "exec format error"
From a search online it looks like the most common issue relates to the Dockerfile running a script that’s missing a shebang, but I can’t see the juice-shop Dockerfile doing that.
Anyone else able to run juice shop with docker in kali? Any tips?
I have not tried that particular setup before, do you have a dockerfile you can share? The only other common cause of the error you are getting I can find is related to trying to run x86 code on an arm system.
Thanks Tristan, that sounds about right, running x86 code on an ARM machine, for now I’m just running juice shop in docker on my mac but I’ll figure out the issue with the Pi later on this week!
Thanks Bolster! I found there’s a section on running juice shop on the raspberry pi in the documentation, definitely should have looked there first!
https://pwning.owasp-juice.shop/part1/running.html
Sorry about that!
Just putting this here so I remember to put things on the agenda for the next steering meeting:
Moar Agenda things for Monday:
6th meeting, 27 July 2020
(Andrew, Angie, Claire, Seamus, Tristan)
Debrief of last week’s Study Group event for Sec+. Very happy with progress but work is cut out for us to get it all done in the time. Will re-assess content and pacing after the first Deep Dive event.
Movie Nights still important - next one is anime Ghost in the Shell on 8th Aug - Andrew will handle main tweets, Angie to help.
Code of Conduct and extra mods agreed to be needed for Discord - Claire to handle
Line to be added about us not being able to help you hack your mates, etc…
Twitter and Discord links to be added to the website - Andrew
Forensics Hack idea seems good, but could be unexpectedly dodgy. Tristan suggested using a communal image from a repo might help. Date to be set once we find someone a bit more experienced to come along, and when suits them.
The calendar is getting a little complicated. Sticking with ical for now until we investigate/try other options to see what works - Andrew to continue handling ical.
ELI5 Farset events are restarting and may be of community interest to contribute something. Everyone to spread word if possible.
Also, Angie to do graphics for Movie Night