Who: Ted, Michael, YOU...
What: New Year Show and Tell
Where: 5500 SW Dosch Rd, Portland
When: Thursday, February 1st, 2024 at 7pm
Why: The pursuit of technology freedom

Ted: Bandwidth monitoring OpenWRT and DD-WRT routers with MRTG

Michael: Managing Windows from FreeBSD Environments

You: What have you been working on this last few months?

Rules and Requests:

Masks are encouraged but not required. CCC in Germany sent a LOT of people home with COVID-19. 19 as in 2019 and please people, it's not something we want to hang on to.

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings

Do not leave valuables in your car

Presented by Ryan Wright, Founder, thatdot.com Abstract

This talk will introduce Quine: a brand new open source “streaming graph interpreter” meant as a new fundamental infrastructure component to address major challenges in data engineering and simplify enterprise data pipelines.

Quine fits in between the world of databases and stream processing systems. As data streams in from Kafka, Kinesis, etc., Quine builds it into a graph. Then using “standing queries”—queries that live inside the graph and efficiently propagate—it finds matches to complex patterns in the graph and streams the results out right away. Quine maintains a stateful representation of all data streamed through (like a database) so that complex results are built from the combination of new streaming data and potentially very old data—all without having to manage any time windows. Since the graph is fully versioned, you can always query for what the data used to be, at any historical moment. Quine is meant to be a complete package of everything that lives between two Kafka topics: high-volume events stream in, and highly-meaningful interpreted results stream out.

In this talk, we will explain the how Quine works under the hood, discuss some of the interesting and brain-bending challenges we had to confront in order to create it, and show some uses cases to illustrate why it’s important for modern data pipelines. Quine implements a property-graph data model on top of an asynchronous graph computational model. It’s like Pregel with Actors. Each node is capable of performing arbitrary computation, so we can bake in some powerful capabilities deep in the graph; and then package it up for easy use into user-contributed “recipes” available in the Github repo. Quine is free and open and the repo will be publicly available in February, and actively supported by thatDot and the community.

What You Will Learn This talk will introduce Quine: a brand new open source “streaming graph interpreter” meant as a new fundamental infrastructure component to address major challenges in data engineering and simplify enterprise data pipelines.

RSVP for Google Meet or Zoom link

Cost Free! (suggested donation $5-15 for non-members)

If you’ve paid any Data PDX/DAMA membership dues during 2019-2021 or are an employee of a corporate member, please choose Member RSVP.

Where

RSVP for Google or Zoom link

Date – Thursday, March 10th

Time – 4:30pm – 5:30pm

Portland Linux/Unix Group General Meeting Announcement

Who: Ben Koenig
What: Pipewire Audio Server
Where: https://meet.jit.si/pdxlinux
When: Thursday, December 2nd, 2021 at 7pm
Why: The pursuit of technology freedom

Who: Ben Koenig What: Pipewire Audio Server Where: https://meet.jit.si/pdxlinux When: Thursday, December 2nd, 2021 at 7pm Why: The pursuit of technology freedom

Sound is a major part of the Linux desktop and now there's a new project to make your audio experience even better! Or maybe not. This talk will explore the features and changes involved in switching a system from Pulseaudio to Pipwire for audio device management.

The new Pipewire daemon promises to improve the state of audio playback on Linux but with this change comes questions regarding the impact to different users and use cases. In this talk I'll go over the impact Pipewire can have for various different users and provide a basic configuration for those brave enough to give it a try. I will also outline some of the history surrounding the audio stack in Linux with a focus on how Pipewire plans to implement new features while maintaining compatibility with older applications.

About Ben I am a QA Test Technician with a background in tech support for Mac/Windows/Linux desktop users. When not talking to customers I can be found customizing Linux distros and building systems that solve problems before they occur.

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Portland Linux/Unix Group Online Meeting Announcement

Who: Glenn Dufke
What: Object Pascal Development with Lazarus and Free Pascal
Where: https://li584-253.members.linode.com/PLUG
When: Thursday, May 6th, 2021 at 7pm Pacific
Why: The pursuit of technology freedom

When developing software for multiple platforms, designing a functional user interface can often be a challenge.

Often C/C++, C# or even Python is used, but an overlooked, full-fledged IDE and development tool is Lazarus / Free Pascal.

Using Object Pascal, a strongly typed, easy to read, learn and modern compiled programming language, you can quickly write advanced applications and design beautiful user interfaces with the strong component based model and form designer.

It has its inspiration from Delphi, a commercial development tool which also can target multiple platforms, though the IDE itself runs on Windows only.

The underlying Free Pascal compiler has a high degree of compatibility, which means you can share code between Delphi and Free Pascal fairly easy.

In this presentation I will touch on the versatility and benefits of using this development tool for your next open source project and how easy it is to get started.

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

PLUG Page with information about all PLUG events: https://pdxlinux.org/ Follow PLUG on Twitter: http://twitter.com/pdxlinux

Please join us with a former founder who has seen the ups and downs of the economy for insights on what to suspect — and some guidance that may help you navigate this new normal.

Elia Freedman was founder and CEO of Infinity Softworks, which he started in 1997 as a senior in college, leveraging both his business training and programming ability. The company has helped more than 20 million professionals and students in real estate, financial services, math and science who use calculation every day to solve problems and generate proposals, both in the field and at their desk.

The company's primary app, PowerOne, has been in existence as apps for iOS, Android, BlackBerry, Windows Mobile, Palm OS, and Windows computers for more 20 years, Infinity Softworks re-launched PowerOne as a web and mobile service in 2018.

As a founder, Elia weathered both the dotcom bust and the mortgage crisis. Which is sure to inform a unique vantage on our current state of existence within a pandemic ravaged economy.

RSVP: https://www.crowdcast.io/e/founder-ama-elia-freedman-powerone

Big thanks to Accelebrate (https://www.accelebrate.com/) and New Relic (https://newrelic.com/about/culture) for sponsoring us this month!

Come join us downtown at New Relic for Pythonic talks!

We've got two great talks this month!

TALK 1: Python >= Super Glue How Python was used to integrate various hardware and programs into a free and open source music center that can even be run on the Raspberry Pi.

By Athan Spathas

This talk will discuss the development of the Glass Beatstation, a modular interface for making music on Linux

Athan Spathas makes music, is involved with Snowdrift.coop, teaches robotics, and works to support Free / Libre / Open source software: particularly Linux-based music production. He is a self taught Python programmer, it is by far his favorite programming language.

TALK 2: What PHP learned from Python

By Adam Harvey

In 2015, the PHP project released version 7.0 of the PHP language. An advantage PHP had was that Python had gone through a similar process with Python 3 seven years earlier. I’ll discuss the lessons taken from the Python 2-3 transition, and how they were applied.

Adam is a software developer who has worked on a number of interesting and occasionally even useful things in his two decade career. These include prototyping the worst mesh network of all time (based on Android phones), discovering how to reliably lock up a Windows computer by writing an in-browser video editor, and (most usefully) removing the original mysql_* API from PHP.

Today he works at New Relic on their PHP and C language support.

Join us on our python.org mailing list (http://mail.python.org/mailman/listinfo/portland) and on #pdxpython on Freenode. All are welcome!

Janis Griffin HiHo! HiHo! SQL Server on Linux, we go!

Are you being forced to the ‘Cloud’ to reduce costs? SQL Server 2017 now runs on Windows, Linux, and Docker containers.

Now SQL Server can be installed on Linux in order to provide a consistent database platform across Window and Linux servers, as well as on-premises and in the cloud. This presentation will discuss the advantages of using SQL Server on Linux, comparing architecture, cost and performance. Several demonstrations on installing and maintaining SQL Server on different Linux distributions and Docker will be shown, as well as best practice considerations for production/development environments. Also, several useful Linux commands for monitoring, managing and backing up SQL Server will be demonstrated. Finally, client connectivity and tools will be discussed – plus the new Azure Data Studio UI with the ability to add monitoring widgets will be demonstrated.

Janis Griffin

HiHo! HiHo! SQL Server on Linux, we go!

Are you being forced to the ‘Cloud’ to reduce costs? SQL Server 2017 now runs on Windows, Linux, and Docker containers.

Now SQL Server can be installed on Linux in order to provide a consistent database platform across Window and Linux servers, as well as on-premises and in the cloud. This presentation will discuss the advantages of using SQL Server on Linux, comparing architecture, cost and performance. Several demonstrations on installing and maintaining SQL Server on different Linux distributions and Docker will be shown, as well as best practice considerations for production/development environments. Also, several useful Linux commands for monitoring, managing and backing up SQL Server will be demonstrated. Finally, client connectivity and tools will be discussed – plus the new Azure Data Studio UI with the ability to add monitoring widgets will be demonstrated.

Alfred Burnett

Simplify Database Performance and Management

Database management is complex. Database professionals are increasingly being asked to manage not only larger numbers of database instances, but multiple database platforms. Open source and NoSQL databases along with cloud adoption are all having a major impact, and DBAs are now expected to ensure the best performance and stability of this cross-platform database environment. But what if you could meet growing demands faster and with less risk? This means you’d get more time to innovate and focus on important projects. In this session, you’ll learn how to proactively manage all your database platforms from end to end. Items of discussion include: · Scoring optimal availability and performance out of Enterprise and Standard edition databases · Managing hundreds of database instances with ease · Maintaining databases both on-premises and in the cloud · Decreasing overhead by managing databases with little to no impact on performance

Attacks always get better, so your threat modeling needs to evolve. Learn what's new and important in threat modeling in 2019. Computers that are things are subject to different threats, and systems face new threats from voice cloning and computational propaganda and the growing importance of threats “at the human layer.” Take home actionable ways to ensure your security engineering is up to date.

Speaker: Adam Shostack Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

Join our August meetup, which is all about tools! Hosted by Apptio Cloudability, and sponsored by Windocks.

1st Preso: Windows SQL Server containers with Kubernetes.

Windocks is a Seattle-area firm that supports the complete SQL Server product family, with database cloning using Windows VHDs and storage arrays. The session will focus on SQL Server containers and Kubernetes, and on how organizations are modernizing full stack dev/test, as well as how SSRS containers are applied for scalable support for AWS RDS and SQL Azure.

Presented by Ramesh Parameswaran, founder and CEO of Windocks.

2nd Preso: Digital Ocean Cloud Controller

docc is Digital Ocean's internal wrapper to simplify the Kubernetes experience for our engineers so they can focus on getting work done instead of the complexities of Kubernetes. It's also open source: https://github.com/digitalocean/digitalocean-cloud-controller-manager

Presented by Billie Cleek

Using Graph Theory to Understand Security

Information security is hard. It must be, because we keep getting hacked. One aspect that makes it so difficult is the level of complexity that exists in even a modestly-sized digital infrastructure. Humans can consider only so many security relationships, trust boundaries, and attack scenarios at once. This complexity makes it hard to decide where to focus our defensive resources and we're regularly led astray by the latest shiny tool or security advisory. Remarkably, our adversaries actually have a similar challenge: once a digital intruder gains a foothold in an environment that is completely new to them, how do they know what next steps they should take to efficiently achieve their goal? The environments they attack are not only complex, they are also unexplored landscapes that must be mapped out.

This is where graph theory can lend a hand. Several open source tools, such as BloodHound and Infection Monkey, provide intruders (whether that be your friendly neighborhood pentester or your adversaries) with easy ways to map out infrastructures and identify the quickest path to your crown jewels. While this is certainly alarming, we can also use these tools ourselves to find out what our infrastructures look like in the eyes of an attacker.

In this talk, Tim will provide a brief introduction to graph theory, show some demos of the free tools that use it, and discuss how he is using these techniques to build automated threat models "at scale" to make defenders' lives easier.

Speaker: Timothy Morgan

After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University) and spending a short time as a software developer, Tim began his career in application security and vulnerability research. In his work as a consultant over the past 14 years, Tim has led projects as varied as application pentests, incident response, digital forensics, secure software development training, phishing exercises, and breach simulations. Tim has also presented his independent research on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP's AppSec USA, BSidesPDX, and BlackHat USA.

For the past three years Tim has been building an innovative new risk-based vulnerability management product (DeepSurface) that helps his customers gain a much deeper understanding of the complex relationships present in their digital infrastructures. Visit kanchil.com to learn more about Tim's latest R&D effort.

Join the Wacom Inkathon to build new or existing apps that unlock digital ink for your users. Wacom is calling on developers, designers and all other hackers to build great apps that enable digital ink for their users.

Integrate the Wacom's digital ink solution, the WILL SDK, into an existing app OR a new application to compete for the $15,000+ prizepool. The three challenge tracks are: Ink for Education, Extended Reality (VR/AR), and Blank Canvas (open challenge, not category-specific).

Following up Ryan Krause's talk on breaking into the cybersecurity industry, May's chapter meeting hosted by Zapproved will offer attendees an opportunity to hear from hiring managers and InfoSec/AppSec leaders on what they look for in hiring for their roles and thoughts on career progression. Attendees will have ample opportunity to ask questions and engage our panel.

Panel:

Zefren Edior - Umpqua Bank

Zefren currently works at Umpqua Bank, and he is the Information Security Assurance Lead. He has 10 plus years of experience in IT operations, information security, risk management, compliance and audit. He mentors and advises students, who have worked at public accounting firms, big tech companies, and startups. He is passionate about technology, cybersecurity, and helping people align their knowledge, skills, and abilities to achieve personal and professional growth.

Patterson Cake - Haven Information Security / PeaceHealth

Patterson has been in information technology for over 20 years, focusing on security for the past several years in offensive, defensive and leadership roles. He is the founder of Haven Information Security, an instructor for SANS, and the Principal Cybersecurity Engineer for PeaceHealth.

Josha Bronson - Bronsec

Josha is a founder at bronsec, working with clients big and small on all aspects of security. Former security team founder at yammer.

Sam Harwin - Salesforce

Sam leads a technical team of security engineers that assess a wide variety of Enterprise facing infrastructure for the organization. They focus on performing technical security testing, risk assessments, and providing business risk guidance on a wide variety of infrastructure technologies such as operating systems (Mac, Linux, Windows, iOS, Android), devices (mobile, embedded technologies, IOT), networks (wired, wireless, cloud), and applications (endpoint, mobile, public cloud).

Philip Jenkins - Zapproved

Philip is director of compliance and IT at Zapproved. He has over 20 years’ experience in IT security, network management, system engineering, and IT processes. His past experience includes Director of Security at Jama Software and CISO at Strands Finance. Philip holds his CISSP and CISM certifications and is a recognized leader in information security. He is active in (ISC)2, ISACA, OWASP, InfraGard, and ISSA.

Some Teams are Red, Others are Blue, I Play Defense, and So Can You!

An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.

Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.

Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.

Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other nix's like OpenBSD & Qubes.

Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)

This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.

Some Teams are Red, Others are Blue, I Play Defense, and So Can You!

An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.

Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.

Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.

Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other nix's like OpenBSD & Qubes.

Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)

This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.

Some Teams are Red, Others are Blue, I Play Defense, and So Can You!

An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.

Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.

Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.

Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other nix's like OpenBSD & Qubes.

Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)

This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.

Some Teams are Red, Others are Blue, I Play Defense, and So Can You!

An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.

Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.

Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.

Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other nix's like OpenBSD & Qubes.

Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)

This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.

Hack2Learn: Hackers, Assemble! (Part 2)

Hack2Learn is a bi-monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to all the various types of challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this meetup at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!

For the next few Hack2Learn workshops, we will be taking a crack at Assembly-focused CTF (Capture The Flag) and reversing challenges. MrDe4d will be walking everyone through these challenges, step by step (pun!) so that everyone in attendance will gain theoretical as well as applicable knowledge.
Being able to gain control of system memory is a powerful skill, and is a gateway to understanding memory structure, how data is accessed and processed, how the OS, CPU and programs interface with one another and ultimately how to pwn. A lot of people find Assembly intimidating..and while it may seem daunting and complicated at first glance but, as with any programming language, a grasp of logic as well as dedication to learning are all that are required. In addition to walking you through every step in each challenge, a relatively quick
intro to Assembly will be given, hopefully demystifying it a bit for everyone. MrDe4d will cover basic syntax, instructions and conditions. As we dive deeper into each aspect of the challenges, we will continue to reiterate what has been covered with Assembly- we expect questions to be frequent and recurring. It is absolutely OK to ask the same thing more than once; PASCAL Hack2Learn is a friendly learning environment!
H2L has two major goals: for everyone to capture the flags, and to learn to reverse. This is not a workshop focused on learning a tool (though we do use Cutter often), rather it is designed to get attendees thinking logically, critically & to get everyone accustomed to being uncomfortable and not knowing the answer.
In order to participate, attendees will need a computer and an install of Cutter 1.7.4 (a Radare2 GUI that can be used with Linux, Windows or Mac).

Note: Running Linux is not absolutely necessary when using Cutter. Both Windows and Mac are suitable and Cutter will run fine. Cutter still definitely has a learning curve to it.. the tutorial/intro on Megabeets.net is recommended.

Questions? Email [masked] or get on the PASCAL Discord and interact with other PDX hackers (ask for invite).

Some Teams are Red, Others are Blue, I Play Defense, and So Can You!

An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.

Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.

Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.

Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other nix's like OpenBSD & Qubes.

Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)

This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.

Hack2Learn: Hackers, Assemble! (Part 2)

Hack2Learn is a bi-monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to all the various types of challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this meetup at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!

For the next Hack2Learn workshop (yes, we are finally getting this event rolling again!), we will be taking a crack at Assembly-focused CTF (Capture The Flag) challenges: specifically, the PICOCTF2018
Assembly 0-2. MrDe4d will be walking everyone through these challenges, step by step (pun!) so that everyone in attendance will gain theoretical as well as applicable knowledge.
Being able to gain control of system memory is a powerful skill, and is a gateway to understanding memory structure, how data is accessed and processed, how the OS, CPU and programs interface with one another and ultimately how to pwn. A lot of people find Assembly intimidating..and while it may seem daunting and complicated at first glance but, as with any programming language, a grasp of logic as well as dedication to learning are all that are required. In addition to walking you through every step in each challenge, a relatively quick
intro to Assembly will be given, hopefully demystifying it a bit for everyone. MrDe4d will cover basic syntax, instructions and conditions. As we dive deeper into each aspect of the challenges, we will continue to reiterate what has been covered with Assembly- we expect questions to be frequent and recurring. It is absolutely OK to ask the same thing more than once; PASCAL Hack2Learn is a friendly learning environment!
H2L has two major goals: for everyone to capture the flags, and to learn to reverse engineer. This is not a workshop focused on learning a tool, rather it is designed to get attendees thinking logically, critically & to get everyone accustomed to being uncomfortable and not knowing the answer.
In order to participate, attendees will need a computer running either Linux (distro of choice though for this workshop Debian flavors are recommended) or Windows with a VM for Linux, & an install of Cutter 1.7.2 (a Radare2 GUI).

Note: Running Linux is not absolutely necessary when using Cutter. Both Windows and Mac are suitable and Cutter will run fine. Cutter still definitely has a learning curve to it.. fortunately, there is an excellent tutorial/intro on Megabeets.net!

Questions? Email [masked] or get on the PASCAL Discord and interact with other PDX hackers (ask for invite).

Overview

This four day workshop unlocks the mysteries behind ‘Put it in the cloud’ by showing students the main tools used for AWS provisioning and resource management, and showing them how to host their own website ‘in the cloud’. If you are intersted in getting the AWS certification, this workshop will certainly help you prepare to take it. This is the first in a series of Alchemy Master Workshops designed to share deep technical expertise here in our Portland tech community.

Instructor Karvari Ellingson - Software Engineer, Ops at Jama Software Karvari draws from her education in Fine Art, and her history as a contractor, to create, organize, and analyze infrastructure systems, built on borrowed hardware. She has been an ops focused software engineer at Jama Software for nearly three years, and was previously a release engineer at Thetus. She has assisted with numerous migrations from in-house servers, to AWS hosted resources, and is currently becoming a subject matter expert on distributed systems monitoring.

Class Dates and Times Class Times: 10am - 2pm on Saturdays (The first Saturday, November 10th, will start at 9am for those who need help setting up their machine.)

Online availability during the week for questions and prep work

Class Dates: November 10th, November 17th, December 1st, and December 8th

Price $240 per person. Limited to 30 people. Limited scholarships available, please email us at [email protected]

Summary This class is designed to give you a working skillset with AWS services. We will start with the most commonly utilized services, and learn how to use and manage them from day one. You will know how to deploy websites (perfect if your are looking to develop a personal website to promote yourself to employers or clients) and the ability to deploy any application you write into a virtual machine in the cloud! Did I mention that this is all just day one? By the end of the four-week session, you will have explored scalability, serverless computing, networking, and the scripting tools most used to accomplish these goals.

Prerequisites and Requirements You need to have basic programming knowledge, with the basics of either Python or JavaScript, and have created at least one full stack application.

You will be required to create an AWS account, a Github (or equivalent) account, and be able to use an code editor. (Existing accounts are fine, no need to create new ones for this workshop!)

You will need to use a credit card to setup your AWS account. You will likely accrue very small charges for using AWS during the class (likely less than $1 - $20, depending on what type of use your site receives). We will cover this during the first class

You will also need a laptop (Linux, Mac, or Windows) with administrator access to install the necessary tools. Provided scripts and applications will be written in Python and JavaScript using NodeJS. You will need to have one or other installed.

On the first Saturday, we will be available from 9am - 10am to help with any computer setup related issues.

Curriculum Outline Day 1 (November 10th) - Developer’s Perspective Learn how to manage AWS resources through the console and the AWS CLI. By the end of the day, you will have deployed a static website to an s3 bucket and an application in an EC2 instance, Amazon’s most commonly used virtual machine. You will be able to create simple command scripts to update and manage your resources. You will also understand how to create a domain name and how to request a certificate from Amazon to provide secure access to your sites.

Day 2 (November 17th) - Deployment and Security Now that you have an application in the cloud, this week you will learn how to use troposphere and boto3 to define cloud formation template and create them. Then, add git hooks using lambda functions to grab merges and create your continuous deployment pipeline! It is also time to lock it down. We will apply our amazon signed certificates, and create security groups, IAM roles, and User Policies to make sure our sites are secure.

Day 3 (December 1st) - Ops and Scaling Architecture In week three, we’ll get into the joys of networking in virtual environments. You will learn about Virtual Private Clouds, Subnets, Gateways, Autoscaling, and Load Balancing. We will touch on the pitfalls of containerization (Hello, Docker!) in a virtual world as well. I will also try to point out common issues and gotchas when you are trying to connect, and scale your environments.

Day 4 (December 8th) - Exploring AWS (Event Driven Development) In our last week, we will dive into the less common, but most interesting services Amazon provides. We’ll dabble in Machine learning, Data pipelines and refine our knowledge of Lamba (AKA serverless computing) with an image recognition function.

Overview

This four day workshop unlocks the mysteries behind ‘Put it in the cloud’ by showing students the main tools used for AWS provisioning and resource management, and showing them how to host their own website ‘in the cloud’. If you are intersted in getting the AWS certification, this workshop will certainly help you prepare to take it. This is the first in a series of Alchemy Master Workshops designed to share deep technical expertise here in our Portland tech community.

Instructor Karvari Ellingson - Software Engineer, Ops at Jama Software Karvari draws from her education in Fine Art, and her history as a contractor, to create, organize, and analyze infrastructure systems, built on borrowed hardware. She has been an ops focused software engineer at Jama Software for nearly three years, and was previously a release engineer at Thetus. She has assisted with numerous migrations from in-house servers, to AWS hosted resources, and is currently becoming a subject matter expert on distributed systems monitoring.

Class Dates and Times Class Times: 10am - 2pm on Saturdays (The first Saturday, November 10th, will start at 9am for those who need help setting up their machine.)

Online availability during the week for questions and prep work

Class Dates: November 10th, November 17th, December 1st, and December 8th

Price $240 per person. Limited to 30 people. Limited scholarships available, please email us at [email protected]

Summary This class is designed to give you a working skillset with AWS services. We will start with the most commonly utilized services, and learn how to use and manage them from day one. You will know how to deploy websites (perfect if your are looking to develop a personal website to promote yourself to employers or clients) and the ability to deploy any application you write into a virtual machine in the cloud! Did I mention that this is all just day one? By the end of the four-week session, you will have explored scalability, serverless computing, networking, and the scripting tools most used to accomplish these goals.

Prerequisites and Requirements You need to have basic programming knowledge, with the basics of either Python or JavaScript, and have created at least one full stack application.

You will be required to create an AWS account, a Github (or equivalent) account, and be able to use an code editor. (Existing accounts are fine, no need to create new ones for this workshop!)

You will need to use a credit card to setup your AWS account. You will likely accrue very small charges for using AWS during the class (likely less than $1 - $20, depending on what type of use your site receives). We will cover this during the first class

You will also need a laptop (Linux, Mac, or Windows) with administrator access to install the necessary tools. Provided scripts and applications will be written in Python and JavaScript using NodeJS. You will need to have one or other installed.

On the first Saturday, we will be available from 9am - 10am to help with any computer setup related issues.

Curriculum Outline Day 1 (November 10th) - Developer’s Perspective Learn how to manage AWS resources through the console and the AWS CLI. By the end of the day, you will have deployed a static website to an s3 bucket and an application in an EC2 instance, Amazon’s most commonly used virtual machine. You will be able to create simple command scripts to update and manage your resources. You will also understand how to create a domain name and how to request a certificate from Amazon to provide secure access to your sites.

Day 2 (November 17th) - Deployment and Security Now that you have an application in the cloud, this week you will learn how to use troposphere and boto3 to define cloud formation template and create them. Then, add git hooks using lambda functions to grab merges and create your continuous deployment pipeline! It is also time to lock it down. We will apply our amazon signed certificates, and create security groups, IAM roles, and User Policies to make sure our sites are secure.

Day 3 (December 1st) - Ops and Scaling Architecture In week three, we’ll get into the joys of networking in virtual environments. You will learn about Virtual Private Clouds, Subnets, Gateways, Autoscaling, and Load Balancing. We will touch on the pitfalls of containerization (Hello, Docker!) in a virtual world as well. I will also try to point out common issues and gotchas when you are trying to connect, and scale your environments.

Day 4 (December 8th) - Exploring AWS (Event Driven Development) In our last week, we will dive into the less common, but most interesting services Amazon provides. We’ll dabble in Machine learning, Data pipelines and refine our knowledge of Lamba (AKA serverless computing) with an image recognition function.

Overview

This four day workshop unlocks the mysteries behind ‘Put it in the cloud’ by showing students the main tools used for AWS provisioning and resource management, and showing them how to host their own website ‘in the cloud’. If you are intersted in getting the AWS certification, this workshop will certainly help you prepare to take it. This is the first in a series of Alchemy Master Workshops designed to share deep technical expertise here in our Portland tech community.

Instructor Karvari Ellingson - Software Engineer, Ops at Jama Software Karvari draws from her education in Fine Art, and her history as a contractor, to create, organize, and analyze infrastructure systems, built on borrowed hardware. She has been an ops focused software engineer at Jama Software for nearly three years, and was previously a release engineer at Thetus. She has assisted with numerous migrations from in-house servers, to AWS hosted resources, and is currently becoming a subject matter expert on distributed systems monitoring.

Class Dates and Times Class Times: 10am - 2pm on Saturdays (The first Saturday, November 10th, will start at 9am for those who need help setting up their machine.)

Online availability during the week for questions and prep work

Class Dates: November 10th, November 17th, December 1st, and December 8th

Price $240 per person. Limited to 30 people. Limited scholarships available, please email us at [email protected]

Summary This class is designed to give you a working skillset with AWS services. We will start with the most commonly utilized services, and learn how to use and manage them from day one. You will know how to deploy websites (perfect if your are looking to develop a personal website to promote yourself to employers or clients) and the ability to deploy any application you write into a virtual machine in the cloud! Did I mention that this is all just day one? By the end of the four-week session, you will have explored scalability, serverless computing, networking, and the scripting tools most used to accomplish these goals.

Prerequisites and Requirements You need to have basic programming knowledge, with the basics of either Python or JavaScript, and have created at least one full stack application.

You will be required to create an AWS account, a Github (or equivalent) account, and be able to use an code editor. (Existing accounts are fine, no need to create new ones for this workshop!)

You will need to use a credit card to setup your AWS account. You will likely accrue very small charges for using AWS during the class (likely less than $1 - $20, depending on what type of use your site receives). We will cover this during the first class

You will also need a laptop (Linux, Mac, or Windows) with administrator access to install the necessary tools. Provided scripts and applications will be written in Python and JavaScript using NodeJS. You will need to have one or other installed.

On the first Saturday, we will be available from 9am - 10am to help with any computer setup related issues.

Curriculum Outline Day 1 (November 10th) - Developer’s Perspective Learn how to manage AWS resources through the console and the AWS CLI. By the end of the day, you will have deployed a static website to an s3 bucket and an application in an EC2 instance, Amazon’s most commonly used virtual machine. You will be able to create simple command scripts to update and manage your resources. You will also understand how to create a domain name and how to request a certificate from Amazon to provide secure access to your sites.

Day 2 (November 17th) - Deployment and Security Now that you have an application in the cloud, this week you will learn how to use troposphere and boto3 to define cloud formation template and create them. Then, add git hooks using lambda functions to grab merges and create your continuous deployment pipeline! It is also time to lock it down. We will apply our amazon signed certificates, and create security groups, IAM roles, and User Policies to make sure our sites are secure.

Day 3 (December 1st) - Ops and Scaling Architecture In week three, we’ll get into the joys of networking in virtual environments. You will learn about Virtual Private Clouds, Subnets, Gateways, Autoscaling, and Load Balancing. We will touch on the pitfalls of containerization (Hello, Docker!) in a virtual world as well. I will also try to point out common issues and gotchas when you are trying to connect, and scale your environments.

Day 4 (December 8th) - Exploring AWS (Event Driven Development) In our last week, we will dive into the less common, but most interesting services Amazon provides. We’ll dabble in Machine learning, Data pipelines and refine our knowledge of Lamba (AKA serverless computing) with an image recognition function.

Overview

This four day workshop unlocks the mysteries behind ‘Put it in the cloud’ by showing students the main tools used for AWS provisioning and resource management, and showing them how to host their own website ‘in the cloud’. If you are intersted in getting the AWS certification, this workshop will certainly help you prepare to take it. This is the first in a series of Alchemy Master Workshops designed to share deep technical expertise here in our Portland tech community.

Instructor Karvari Ellingson - Software Engineer, Ops at Jama Software Karvari draws from her education in Fine Art, and her history as a contractor, to create, organize, and analyze infrastructure systems, built on borrowed hardware. She has been an ops focused software engineer at Jama Software for nearly three years, and was previously a release engineer at Thetus. She has assisted with numerous migrations from in-house servers, to AWS hosted resources, and is currently becoming a subject matter expert on distributed systems monitoring.

Class Dates and Times Class Times: 10am - 2pm on Saturdays (The first Saturday, November 10th, will start at 9am for those who need help setting up their machine.)

Online availability during the week for questions and prep work

Class Dates: November 10th, November 17th, December 1st, and December 8th

Price $240 per person. Limited to 30 people. Limited scholarships available, please email us at [email protected]

Summary This class is designed to give you a working skillset with AWS services. We will start with the most commonly utilized services, and learn how to use and manage them from day one. You will know how to deploy websites (perfect if your are looking to develop a personal website to promote yourself to employers or clients) and the ability to deploy any application you write into a virtual machine in the cloud! Did I mention that this is all just day one? By the end of the four-week session, you will have explored scalability, serverless computing, networking, and the scripting tools most used to accomplish these goals.

Prerequisites and Requirements You need to have basic programming knowledge, with the basics of either Python or JavaScript, and have created at least one full stack application.

You will be required to create an AWS account, a Github (or equivalent) account, and be able to use an code editor. (Existing accounts are fine, no need to create new ones for this workshop!)

You will need to use a credit card to setup your AWS account. You will likely accrue very small charges for using AWS during the class (likely less than $1 - $20, depending on what type of use your site receives). We will cover this during the first class

You will also need a laptop (Linux, Mac, or Windows) with administrator access to install the necessary tools. Provided scripts and applications will be written in Python and JavaScript using NodeJS. You will need to have one or other installed.

On the first Saturday, we will be available from 9am - 10am to help with any computer setup related issues.

Curriculum Outline Day 1 (November 10th) - Developer’s Perspective Learn how to manage AWS resources through the console and the AWS CLI. By the end of the day, you will have deployed a static website to an s3 bucket and an application in an EC2 instance, Amazon’s most commonly used virtual machine. You will be able to create simple command scripts to update and manage your resources. You will also understand how to create a domain name and how to request a certificate from Amazon to provide secure access to your sites.

Day 2 (November 17th) - Deployment and Security Now that you have an application in the cloud, this week you will learn how to use troposphere and boto3 to define cloud formation template and create them. Then, add git hooks using lambda functions to grab merges and create your continuous deployment pipeline! It is also time to lock it down. We will apply our amazon signed certificates, and create security groups, IAM roles, and User Policies to make sure our sites are secure.

Day 3 (December 1st) - Ops and Scaling Architecture In week three, we’ll get into the joys of networking in virtual environments. You will learn about Virtual Private Clouds, Subnets, Gateways, Autoscaling, and Load Balancing. We will touch on the pitfalls of containerization (Hello, Docker!) in a virtual world as well. I will also try to point out common issues and gotchas when you are trying to connect, and scale your environments.

Day 4 (December 8th) - Exploring AWS (Event Driven Development) In our last week, we will dive into the less common, but most interesting services Amazon provides. We’ll dabble in Machine learning, Data pipelines and refine our knowledge of Lamba (AKA serverless computing) with an image recognition function.

Hack2Learn is a monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to all the various types of challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this workshop at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!
For the October edition of Hack2Learn, we will be focusing on web and binary challenges. First we will make sure everyone is set up with a virtual machine and the OS of their choice (though Kali is recommended, specifically for the web challenges). For the binary challenges we will install Cutter which is something of an intro to Radare2. You are encouraged to familiarize yourself with Cutter and R2 prior to the workshop; take a look--> https://github.com/radareorg/cutter (note: downloading a VM and/or installing a new OS is not necessary for using Cutter when working on the binary challenges, unless you're using Mac OS in which case you will need to spin up a VM for either Windows or Linux).
Basic understanding of at least one programming language and/or security concepts is helpful, but not necessary. Honestly, when we say all you need is a desire to learn, we mean it!
Cylon is setting up a wireless hacking station for October H2L as well, and will be offering some hands-on experience to anyone interested in the wonderful world of wireless hax!
If you have a laptop, bring it. We have a handful of loaners for those who need them, as well as a few desktop PCs for use at the hackerspace. So, brush off your social anxiety, leave your impostor syndrome at the door, and let your inner hacker take a crack at capture the flag!

Questions? Send an email to [masked], or leave a comment on the meetup page (though we tend to not check that as often.)

Portland Linux/Unix Group General Meeting Announcement

Who: Michael Dexter
What: Open Source and POSIX Environments for Windows
Where: PSU, 1930 SW 4th Ave. Room FAB 86-01 (Lower Level)
When: Thursday, October 4th, 2018 at 7pm
Why: The pursuit of technology freedom
Stream: http://pdxlinux.org/live

Windows has a hard-earned reputation for appalling security and reliability but, better late than never, has matured into a relatively stable and secure desktop and server problem. Windows can run many popular open source desktop applications and has an incredibly-long history of on-again and off-again supporting Unix/POSIX environments such as Interix/SFU and Cygwin, and now ships with Linux emulation. These tools vary wildly in their depth of frustration to Unix users but do provide a gateway to some extremely-interesting yet intentionally-vague open source opportunities that will be demonstrated.

Many will head to the Lucky Lab at 1945 NW Quimby St. after the meeting.

Rideshares to the Lucky Lab available

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Windows 10 - Today and Tomorrow

Scott Hanselman will discuss many of the less well known but useful features of Windows 10. He will also discuss features he expects to see in upcoming releases.

Agenda:
6:00--6:20 Networking
6:20--7:00 No-host dinner
7:00--7:30 Introductions and announcements
7:30--8:30 Main Presentation (followed by Q&A)

Presented by:
Scott Hanselman. Scott works from his home in Oregon for the Microsoft Web Platform Team. He is a teacher. He speaks widely. He has written code that you've used. He's been blogging for over a decade, coding for twice that, and podcasting for over half that. He codes, writes, speaks, empowers, promotes, braids, learns and listens, usually not in that order.

Join ISACA and the Salem IIA on April 18, 2018 as we present an in-depth seminar on Incident Response and Vulnerability Management

4 CPE

Two industry practitioners, Russ McRee from Microsoft and Ousàma Lakhdar-Ghazal from Umqua Bank, will be sharing their experiences and best practices for prevention, detection and responding to critical incidents, as well as discussing managing vulnerabilities.

Russ McRee is the principal security group program manager of the Blue Team for Microsoft’s Windows & Devices Group. He writes toolsmith, a monthly column for information security practitioners, and has written for other publications including Information Security, (IN)SECURE, SysAdmin, and Linux Magazine. Russ has spoken at events such as DEFCON, Derby Con, BlueHat, Black Hat, SANSFIRE, RSA, and is a SANS Internet Storm Center handler. He serves as a joint forces operator and planner on behalf of Washington Military Department’s cyber and emergency management missions. Russ advocates for a holistic approach to the practice of information assurance as represented by holisticinfosec.org.

Ousama Lakhdar-Ghazal is currently the technology risk officer for Umpqua Bank, managing risk and coordinating risk coverage for technology. Prior to joining Umpqua, Ousama was a compliance manager for Nike Inc., and prior to that a manager at Deloitte in their Cyber Risk Services group.

Pricing: $45 members (ISACA or IIA) $55 non-members and guests

Details: Afternoon Refreshments will be provided. Parking: Free Parking at the venue. No pass required.

SSH is a fundamental tool used in networking outside of Microsoft Windows, such as Cisco routers or Linux computers. By the end of this class, you will be able to be able to connect via the SSH tool to computers for administration, enabling you to make remote commands and file transfers.

Some command line experience recommended.

Join us at the next Azure User Group on November 9th to learn and see how you can leverage the power of Azure and Citrix to deliver virtual desktops to any device and any location while maintaining security and flexibility.

Agenda • Intro to Citrix • Citrix Cloud and with Azure • Demo • Q&A