226 SE Madison St

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults, security through proper configuration, and small/medium scale distribution and management.

********

DefSec 0x05: Ansible, Part 1

Dive deep into the Dirac Sea...of security automation!

Let's talk about Ansible (the RedHat automation/configuration management tool, not the scifi FTL machine). To quote a different introductory course, "Ansible is an automation and configuration management technology used to provision, deploy, and manage compute infrastructure across cloud, virtual, and physical environments." This initial session will focus on:
- a high-level overview of what Ansible is
- how it works
- beginning to use Ansible via ad-hoc commands
- reasoning + planning about tasks -> playbooks -> roles
- how you might deploy it at scale
- and finally, as time permits: hands on with playbooks!

Part 2 of this talk (coming soon!) will focus on a practical application of Ansible, namely deploying the Ubuntu Linux CIS benchmark against multiple virtual machines for hardening purposes.

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant. Probably.) He does security analysis and automation for profit, and systems thinking and other security-related things for fun. Uses obtuse prose. Talks fast and loud. Dreams of eliminating sleep. Protoypes the future.

**NOTE**

While we will continue to work on the microcorruption CTF for the next several Hack2Learn workshops, the next meetup we are going to take a side quest and focus on a very special challenge involving hardware. It will be our first crack at embedded device security as a group. For more details- come see PASCAL next Thursday!

For the second part of this hardware challenge, we will be taking an indepth look at the device ROM and MCU. We will be using the MiniPro chip reader, and again working with TTL converters.

END NOTE

Hack2Learn is a bi-monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to various types of reverse engineering and binary challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this meetup at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!

For the next several Hack2Learn workshops, we will be taking a crack at Assembly-focused CTF (Capture The Flag) and reversing challenges, specifically microcorruption. MrDe4d will start by giving a short presentation on a particular aspect of the theory behind ASM (last time we talked about ISRs in MSP430 MCUs). The goal of the presentation prior to the challenge is to (hopefully) help everyone in attendance to gain theoretical as well as practical knowledge.
Being able to gain control of system memory is a powerful skill, and is a gateway to understanding memory structure, how data is accessed and processed, how the OS, CPU and programs interface with one another and ultimately how to pwn. Throughout the series we will cover basic syntax, instructions, conditions, and more! As we dive deeper into each aspect of the challenges, we will continue to reiterate what has been covered with Assembly- we expect questions to be frequent and recurring. It is absolutely OK to ask the same thing more than once; PASCAL Hack2Learn is a friendly learning environment!
H2L has two major goals: for everyone to capture the flags, and to learn to reverse. This is not a workshop focused on learning a tool (though we do use Cutter), rather it is designed to get attendees thinking logically, critically & to get everyone accustomed to being uncomfortable and not knowing the answer.
As we will be focusing on microcorruption CTF challenges for the next several workshops, it is not necessary to have Cutter or any other debugger installed. Microcorruption has its own web based debugger that is very easy to learn and use!

Questions? Email [masked] or get on the PASCAL Discord and interact with other PDX hackers (ask for invite).

**NOTE**

While we will continue to work on the microcorruption CTF for the next several Hack2Learn workshops, the next meetup we are going to take a side quest and focus on a very special challenge involving hardware. It will be our first crack at embedded device security as a group. For more details- come see PASCAL next Thursday!

END NOTE

Hack2Learn is a bi-monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to various types of reverse engineering and binary challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this meetup at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!

For the next several Hack2Learn workshops, we will be taking a crack at Assembly-focused CTF (Capture The Flag) and reversing challenges, specifically microcorruption. MrDe4d will start by giving a short presentation on a particular aspect of the theory behind ASM (last time we talked about ISRs in MSP430 MCUs). The goal of the presentation prior to the challenge is to (hopefully) help everyone in attendance to gain theoretical as well as practical knowledge.
Being able to gain control of system memory is a powerful skill, and is a gateway to understanding memory structure, how data is accessed and processed, how the OS, CPU and programs interface with one another and ultimately how to pwn. Throughout the series we will cover basic syntax, instructions, conditions, and more! As we dive deeper into each aspect of the challenges, we will continue to reiterate what has been covered with Assembly- we expect questions to be frequent and recurring. It is absolutely OK to ask the same thing more than once; PASCAL Hack2Learn is a friendly learning environment!
H2L has two major goals: for everyone to capture the flags, and to learn to reverse. This is not a workshop focused on learning a tool (though we do use Cutter), rather it is designed to get attendees thinking logically, critically & to get everyone accustomed to being uncomfortable and not knowing the answer.
As we will be focusing on microcorruption CTF challenges for the next several workshops, it is not necessary to have Cutter or any other debugger installed. Microcorruption has its own web based debugger that is very easy to learn and use!

Questions? Email [masked] or get on the PASCAL Discord and interact with other PDX hackers (ask for invite).

Some Teams are Red, Others are Blue, I Play Defense, and So Can You!

An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.

Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.

Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.

Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other nix's like OpenBSD & Qubes.

Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)

This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.

**NOTE**

While we will continue to work on the microcorruption CTF for the next several Hack2Learn workshops, the next meetup we are going to take a side quest and focus on a very special challenge involving hardware. It will be our first crack at embedded device security as a group. For more details- come see PASCAL next Thursday!

END NOTE

Hack2Learn is a bi-monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to various types of reverse engineering and binary challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this meetup at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!

For the next several Hack2Learn workshops, we will be taking a crack at Assembly-focused CTF (Capture The Flag) and reversing challenges, specifically microcorruption. MrDe4d will start by giving a short presentation on a particular aspect of the theory behind ASM (last time we talked about ISRs in MSP430 MCUs). The goal of the presentation prior to the challenge is to (hopefully) help everyone in attendance to gain theoretical as well as practical knowledge.
Being able to gain control of system memory is a powerful skill, and is a gateway to understanding memory structure, how data is accessed and processed, how the OS, CPU and programs interface with one another and ultimately how to pwn. Throughout the series we will cover basic syntax, instructions, conditions, and more! As we dive deeper into each aspect of the challenges, we will continue to reiterate what has been covered with Assembly- we expect questions to be frequent and recurring. It is absolutely OK to ask the same thing more than once; PASCAL Hack2Learn is a friendly learning environment!
H2L has two major goals: for everyone to capture the flags, and to learn to reverse. This is not a workshop focused on learning a tool (though we do use Cutter), rather it is designed to get attendees thinking logically, critically & to get everyone accustomed to being uncomfortable and not knowing the answer.
As we will be focusing on microcorruption CTF challenges for the next several workshops, it is not necessary to have Cutter or any other debugger installed. Microcorruption has its own web based debugger that is very easy to learn and use!

Questions? Email [masked] or get on the PASCAL Discord and interact with other PDX hackers (ask for invite).

Some Teams are Red, Others are Blue, I Play Defense, and So Can You!

An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.

Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.

Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.

Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other nix's like OpenBSD & Qubes.

Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)

This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.

Hack2Learn is a bi-monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to various types of reverse engineering and binary challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this meetup at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!

For the next several Hack2Learn workshops, we will be taking a crack at Assembly-focused CTF (Capture The Flag) and reversing challenges, specifically microcorruption. MrDe4d will start by giving a short presentation on a particular aspect of the theory behind ASM (last time we talked about ISRs in MSP430 MCUs). The goal of the presentation prior to the challenge is to (hopefully) help everyone in attendance to gain theoretical as well as practical knowledge.
Being able to gain control of system memory is a powerful skill, and is a gateway to understanding memory structure, how data is accessed and processed, how the OS, CPU and programs interface with one another and ultimately how to pwn. Throughout the series we will cover basic syntax, instructions, conditions, and more! As we dive deeper into each aspect of the challenges, we will continue to reiterate what has been covered with Assembly- we expect questions to be frequent and recurring. It is absolutely OK to ask the same thing more than once; PASCAL Hack2Learn is a friendly learning environment!
H2L has two major goals: for everyone to capture the flags, and to learn to reverse. This is not a workshop focused on learning a tool (though we do use Cutter), rather it is designed to get attendees thinking logically, critically & to get everyone accustomed to being uncomfortable and not knowing the answer.
As we will be focusing on microcorruption CTF challenges for the next several workshops, it is not necessary to have Cutter or any other debugger installed. Microcorruption has its own web based debugger that is very easy to learn and use!

Questions? Email [masked] or get on the PASCAL Discord and interact with other PDX hackers (ask for invite).

Some Teams are Red, Others are Blue, I Play Defense, and So Can You!

An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.

Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.

Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.

Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other nix's like OpenBSD & Qubes.

Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)

This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.

Some Teams are Red, Others are Blue, I Play Defense, and So Can You!

An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.

Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.

Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.

Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other nix's like OpenBSD & Qubes.

Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)

This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.

Hack2Learn: Hackers, Assemble! (Part 2)

Hack2Learn is a bi-monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to all the various types of challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this meetup at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!

For the next few Hack2Learn workshops, we will be taking a crack at Assembly-focused CTF (Capture The Flag) and reversing challenges. MrDe4d will be walking everyone through these challenges, step by step (pun!) so that everyone in attendance will gain theoretical as well as applicable knowledge.
Being able to gain control of system memory is a powerful skill, and is a gateway to understanding memory structure, how data is accessed and processed, how the OS, CPU and programs interface with one another and ultimately how to pwn. A lot of people find Assembly intimidating..and while it may seem daunting and complicated at first glance but, as with any programming language, a grasp of logic as well as dedication to learning are all that are required. In addition to walking you through every step in each challenge, a relatively quick
intro to Assembly will be given, hopefully demystifying it a bit for everyone. MrDe4d will cover basic syntax, instructions and conditions. As we dive deeper into each aspect of the challenges, we will continue to reiterate what has been covered with Assembly- we expect questions to be frequent and recurring. It is absolutely OK to ask the same thing more than once; PASCAL Hack2Learn is a friendly learning environment!
H2L has two major goals: for everyone to capture the flags, and to learn to reverse. This is not a workshop focused on learning a tool (though we do use Cutter often), rather it is designed to get attendees thinking logically, critically & to get everyone accustomed to being uncomfortable and not knowing the answer.
In order to participate, attendees will need a computer and an install of Cutter 1.7.4 (a Radare2 GUI that can be used with Linux, Windows or Mac).

Note: Running Linux is not absolutely necessary when using Cutter. Both Windows and Mac are suitable and Cutter will run fine. Cutter still definitely has a learning curve to it.. the tutorial/intro on Megabeets.net is recommended.

Questions? Email [masked] or get on the PASCAL Discord and interact with other PDX hackers (ask for invite).

Some Teams are Red, Others are Blue, I Play Defense, and So Can You!

An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux

Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.

Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.

Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.

Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other nix's like OpenBSD & Qubes.

Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)

This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!

This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.

That's right, watch some guy stand up in front of a room of people and go full commando! Whoa, don't get too excited there. I will be wearing clean...ish undergarments. By "going commando", I am referring to conducting any and all of your everyday computing tasks from the command line! Everything from being productive in an office environment to posting the twitters and streamin' the youtubes! Why, you ask? We are all hackers here aren't we? And what hacker doesn't want to look as cool in real life as we do in the movies? So come and enjoy all the typie-typie carpal tunnel goodness!

Joe Cathell (that's Ca-THELL, not cat+hell..even though Joe is something of a crazy cat man) is an infosec professional at the Washington University in St. Louis. When he's not defending our next generation of doctors from Russian hackers (true story, ask him!), he can usually be found at the Arch Reactor Hackerspace. Joe is both a founding member of Arch Reactor and serving as the current president of the board of directors. He is also a co-organizer of the monthly STL2600 and DC314 meetup, as well as a regular presenter. He likes blue raspberry Icees, building robots and competitive butter sculpting.

Hack2Learn: Hackers, Assemble! (Part 2)

Hack2Learn is a bi-monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to all the various types of challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this meetup at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!

For the next Hack2Learn workshop (yes, we are finally getting this event rolling again!), we will be taking a crack at Assembly-focused CTF (Capture The Flag) challenges: specifically, the PICOCTF2018
Assembly 0-2. MrDe4d will be walking everyone through these challenges, step by step (pun!) so that everyone in attendance will gain theoretical as well as applicable knowledge.
Being able to gain control of system memory is a powerful skill, and is a gateway to understanding memory structure, how data is accessed and processed, how the OS, CPU and programs interface with one another and ultimately how to pwn. A lot of people find Assembly intimidating..and while it may seem daunting and complicated at first glance but, as with any programming language, a grasp of logic as well as dedication to learning are all that are required. In addition to walking you through every step in each challenge, a relatively quick
intro to Assembly will be given, hopefully demystifying it a bit for everyone. MrDe4d will cover basic syntax, instructions and conditions. As we dive deeper into each aspect of the challenges, we will continue to reiterate what has been covered with Assembly- we expect questions to be frequent and recurring. It is absolutely OK to ask the same thing more than once; PASCAL Hack2Learn is a friendly learning environment!
H2L has two major goals: for everyone to capture the flags, and to learn to reverse engineer. This is not a workshop focused on learning a tool, rather it is designed to get attendees thinking logically, critically & to get everyone accustomed to being uncomfortable and not knowing the answer.
In order to participate, attendees will need a computer running either Linux (distro of choice though for this workshop Debian flavors are recommended) or Windows with a VM for Linux, & an install of Cutter 1.7.2 (a Radare2 GUI).

Note: Running Linux is not absolutely necessary when using Cutter. Both Windows and Mac are suitable and Cutter will run fine. Cutter still definitely has a learning curve to it.. fortunately, there is an excellent tutorial/intro on Megabeets.net!

Questions? Email [masked] or get on the PASCAL Discord and interact with other PDX hackers (ask for invite).

Hack2Learn is a monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to all the various types of challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this workshop at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!
For the October edition of Hack2Learn, we will be focusing on web and binary challenges. First we will make sure everyone is set up with a virtual machine and the OS of their choice (though Kali is recommended, specifically for the web challenges). For the binary challenges we will install Cutter which is something of an intro to Radare2. You are encouraged to familiarize yourself with Cutter and R2 prior to the workshop; take a look--> https://github.com/radareorg/cutter (note: downloading a VM and/or installing a new OS is not necessary for using Cutter when working on the binary challenges, unless you're using Mac OS in which case you will need to spin up a VM for either Windows or Linux).
Basic understanding of at least one programming language and/or security concepts is helpful, but not necessary. Honestly, when we say all you need is a desire to learn, we mean it!
Cylon is setting up a wireless hacking station for October H2L as well, and will be offering some hands-on experience to anyone interested in the wonderful world of wireless hax!
If you have a laptop, bring it. We have a handful of loaners for those who need them, as well as a few desktop PCs for use at the hackerspace. So, brush off your social anxiety, leave your impostor syndrome at the door, and let your inner hacker take a crack at capture the flag!

Questions? Send an email to [masked], or leave a comment on the meetup page (though we tend to not check that as often.)

Hack2Learn is a monthly CTF (capture the flag) meetup hosted at PASCAL in Portland, OR. PASCAL is an organization of equal opportunity hackers, and we will be introducing you to all the various types of challenges that you might face at any level, and at any time in the fields of information security and technology as a whole, for fun or profit.
Hacker/Tech culture and community can sometimes be a bit (or a byte ^_^) off-putting, especially to those trying to figure out what exactly it is, what we are and what we do. During this meetup at PASCAL, we welcome n00bs with open arms! Never competed in a CTF challenge before? Never even heard of CTFs? Do you have a strong desire to learn & teach alongside peers? GOOD!! You will fit right in at Hack2Learn!
For the first Hack2Learn meetup, we will walk you through the setup process, starting with installing a virtual machine and setting up a beginner friendly Linux environment (Kali counts as beginner friendly, right?), followed by a lightning lesson on command line. Once everyone is ready, we will dive right in to a STEMCTF challenge created by MITRE Cyber Academy. Basic understanding of at least one programming language and/or security concepts is helpful, but not necessary. Honestly, when we say all you need is a desire to learn, we mean it!
If you have a laptop, bring it. We have a handful of loaners for those who need them, as well as several desktop PCs for use at the hackerspace. So, brush off your social anxiety, leave your impostor syndrome at the door, and let your inner hacker take a crack at capture the flag- PASCAL edition!

Questions? email [masked], or leave a comment on the meetup page (though we tend to not check that as often.)