03/23/2022
The longest running monthly cybersecurity user group in the Southwest!
Next Meeting - April 4th, 2022
Back at H.O.P Central again due to popular demand
Our second SWCSF hybrid meeting with on-site presenters.
🍕 🍻 💻
Feb 7th, 5:30 - 9:00 pm MST (UTC -07)
H.O.P. Central Brewery and Taproom
https://hopcentralbrewery.com/
5055 W. Ray Rd. (Suite 2)
Chandler, AZ 85266
See below for a virtual option & schedule
Free drink tickets to the first 30 people to sign in.
Presentation 1:
PCI is Easy, Right?
2022 updates to PCI DSS 4.0 Standard
by Rob Wayt Director of Governance and Compliance Structured Communication Systems. Rob will present on the difficulties of becoming and staying compliant with Payment Card Industry (PCI) requirements.
Presentation 2:
How Automating CVE Analysis
Led to Dozens of New DLL Hijacking Flaws
by Tim Morgan, Founder and CTO of Deep Surface. Tim will present an overview of DLL sideloading, the variety of ways it can be exploited, and just how big of a problem it is, based on the analysis of several customer environments.
Free pizza will be provided to all attendees. If you have other preferences, H.O.P Central allows you to bring your own food in, and there are a variety of restaurants within walking distance that provide take out. Drinks must be provided by the H.O.P Central Brewery and Taproom.
🥗 🌮 🍜
LinkedIn
YouTube
Website
Email
When: Meetings run from 6:30 PM ~ 9:00 PM the first Monday of every month with optional happy hour for on-site meetings.
5:30 PM - Networking / happy hour starts
6:00 PM - Food is served
6:15 PM - Virtual happy hour starts
6:30 PM - Meeting starts (Virtual / Physical)
Physical Meeting:
~ 5:30 pm - 9:00 pm
H.O.P. Central Brewery and Taproom
https://hopcentralbrewery.com/
5055 W. Ray Rd. (Suite 2)
Chandler, AZ 85266
Virtual Option:
~ 6:15 pm - 9:00 pm
Join Zoom Meeting
https://us02web.zoom.us/j/3913516624
Virtual session will start early so attendees can network & enjoy the atmosphere.
Zoom Meeting ID: 391 351 6624
One tap mobile
+16699009128,,3913516624 # US (San Jose)
+12532158782,,3913516624 # US (Tacoma)
Purpose: To stay current with new cyber threats, explore new security technologies, share experiences, and network with your peers. Meetings are free & open to the world.
For CPE credits, send an email to [email protected] during the meeting with your real name and contact details and/or use the sign in sheet at the meeting location.
MONDAY
April / 2022
4th
Click here to manage your subscription or add yourself to our mailings:
Manage Email Subscription
Meeting Sponsors:
Structured and DeepSurface are flying in for the meeting and sticking around Tuesday to take interested parties to lunch in the East Valley. More to come on that at the meeting. Please RSVP to Rob Werlinger (below) if you are interested:
Rob Werlinger | Select Accounts
[email protected] | C: 503.936.6465
Agenda:
5:30 - 6:30 pm
Networking
• Pizza, Drinks and Vendor Demos! 🍕 🍻 💻
• We will start the Virtual session a little early at 6:15 pm to allow the remote attendees to participate in the Happy Hour
6:30 - 6:40 pm
Announcements
• Housekeeping & agenda
• Review of community news and cyber events
6:40 - 7:00 pm
Cyber Threat Updates by Erik Graham
• Erik will cover all cybersecurity news of note since the last meeting with his uniquely entertaining style.
7:10 pm - 8:00 pm
PCI is Easy, Right?
2022 updates to PCI DSS 4.0 Standard
By Rob Wayt,
Director of Governance and Compliance,
Structured Communication Systems
(Presenting on-site)
Rob Wayt has over 30 years of experience in IT security, compliance and network/systems infrastructure. His background includes security management, security program development and assessment, enclave compliance, and comprehensive pe*******on testing.
Rob has worked extensively with the U.S. Department of Defense, state and municipal governments, school districts and commercial entities in retail, entertainment, legal, healthcare and power generation. He has designed and implemented comprehensive security programs across enterprise networks, designed and implemented security systems, and performed compliance assessment and audits. Rob has 6 years of experience in pe*******on testing for enterprise clients
Payment Card Industry Compliance: Becoming compliant in 2022
This presentation will discuss the difficulties of becoming and staying compliant with Payment Card Industry (PCI) requirements. Although currently in version 3.2.1, the updated Data Security Standard (DSS) 4.0 is coming soon and there are numerous changes and enhancements that must be complied with. Whether you are just beginning with PCI for your organization or have many years of experience, there are many challenges, both old and new that can create roadblocks to compliance. With emerging technologies such as zero-trust architecture ready for implementation, find out how to best use these controls for your organizational goals. The presentation will cover the requirements, trouble areas to be aware of, and how you can utilize specific technology in your compliance effort.
About Structured:
Structured is an award-winning solution provider delivering secure, cloud-connected digital infrastructure and managed services. For 30 years, we’ve helped clients through all phases of digital transformation by securely bridging people, business and technology.
We provide design guidance, engineering assistance, and product recommendations that adhere to best practices, boost ROI, and – most importantly – maximize information security. Customers trust us to provide valuable insight throughout the process of selecting and implementing secure and scalable IT strategies, platforms, and processes that meet modern expectations and drive measurable improvements throughout the enterprise.
For more information, visit https://www.structured.com or call (800) 881-0962.
8:00 pm - 8:45 pm
How Automating CVE Analysis Led to Dozens of New DLL Hijacking Flaws
By Tim Morgan,
Co-founder and the CTO,
DeepSurface Security
(Presenting On-Site)
Tim Morgan is the founder and CTO of DeepSurface Security, where he designed an innovative risk-based vulnerability management product that helps security teams gain a much deeper understanding of the complex relationships present in their digital infrastructures.
After beginning his career as a software developer, he transitioned to application security and vulnerability research and, over the last 24 years has worked as a pe*******on tester, digital forensics researcher, and application security expert.
In addition to his day-to-day work, Tim has presented his independent research on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP's AppSec USA, BSidesPDX, and BlackHat USA.
Title: How Automating CVE Analysis Led to Dozens of New DLL Hijacking Flaws
As any seasoned security professional knows, many published security vulnerabilities and attacks are over-hyped. What makes something newsworthy is not always that it poses a significant risk to most organizations. One type of attack technique that often fails to receive enough attention is DLL sideloading (or DLL hijacking). Due to their widespread nature and the ease of exploit development, these flaws are unappreciated gems for digital adversaries.
The DeepSurface research team regularly performs analysis of thousands of CVEs to help understand how these impact customer environments. In order to save ourselves time analyzing a certain class of flaw, we developed a tool to automatically identify Windows services that are vulnerable to DLL sideloading. What we were surprised to find was that a shocking number of Windows services are vulnerable to these attacks in real-world deployments.
In this talk, we provide an overview of DLL sideloading, the variety of ways it can be exploited, and just how big of a problem it is, based on our analysis of several customer environments. We conclude with a discussion of how to detect and defend against these issues.
8:45 to ~ 9:30 pm
Wrap Up and Networking
Hop Central is open till 10 PM so stay longer if you like.
Announcements:
The CPE process
Note that the SWCSF Forum does NOT send you CPE's. Attendees can download the PowerPoint Form, complete it with your name / date, and submit it to your organization your self and the Forum will validate your attendance if you follow the protocol below:
Updated link: https://www.swcsf.org/cpe
As our meetings are open, and do not require registrations Zoom does not provide us with a report on attendees. So to obtain CPE credits, either complete the sign-in sheet, or privately email [email protected] during the meeting with your contact info including: full name, organization, title, email, and phone, that will make it easier for us to maintain our documentation process. This information will be held in confidence (as it has for the last 10+ years) and will stand as proof you attended the meeting for auditing purposes.
Be advised we have seen an uptick in the request for CPE auditing by (ISC)2 and other organizations so help us help you by following protocol for validating attendance!
Pending Web Site Change
We have purchased a new domain for an undisclosed amount of money from a mysterious organization ($35 from GoDaddy) so the public web site will be moving to swcsf.org, which will become the one-stop shop for all content and announcements. Hopefully soon.
Collaboration on KeyBase.io
We now have a common place to securely interact and share files and chat as a group on KeyBase.io with team . (Thanks Elio) Keybase.io is about as secure as it gets with FOSS end-to-end encryption. Note that while secure, we are treating it as an open platform. The common message board is basically public to anyone on KeyBase.io, since we are keeping the board open, but member-to-member stuff will be private. Many SWCSF members are already there. It looks like it will be easy enough to create sub-groups for various technologies interests there.
Find the Typo Contest:
Are you one of those people that notice every typo in an email, web page, or billboard? (Well, we're not). If you are, and are the first to point them out in any of our emails (there's almost always at least one, so just reply with corrections), then we will immortalize you by giving you props on the subsequent email as the winner of the Find the Typo Contest and a shout-out at the next meeting.
This Months Winner:
Volunteers Needed
In order to ensure the longevity of the group, we are looking to expand our volunteer line-up to take on more of the responsibilities of the existing Advisory board. Please reach out to John or Erik with any interest in helping out.
The Formal Stuff:
We are a forum and strive not to be a lecture group. We encourage all attendees to ask questions and share your experiences and expertise with the group so we can all improve our security skills. We do require all attendees to respect other's opinions, whether they agree or not, and keep the language and content appropriate for a business environment. The moderator will work to ensure that everyone who wants to gets a chance to speak, and that the environment remains orderly and civil.
If you have any questions about CPEs, contact John Nash.
Management: The group is managed by an advisory board for the benefit of the cyber community, and consists of the following unpaid volunteers who pin down presenters, corral sponsors, manage meetings and generally keep things on track.
Advisory Board
• John Nash, Forum Facilitator / VP of Tech, Phreedom
• Erik Graham, Cyber Threat Moderator
• Advisor-3
• Advisor-4
• Paul M. Schaaf - Dallas FBI
Forum Contributors & Operations
• Barry Wade, operational support
• Jerry Crow, cyber community event announcements
• Leo Hauguel, Mentor and sponsorship coordination
• Cynthia Figueroa, Treasurer & Administration
• Prasad Falke: Volunteer
Credits & Thanks:
Special thanks Leo Hauguel, founder of SDSUG, for his ongoing friendship and mentoring of our group.
Copyright © 2022 Phreedom Technologies, All rights reserved.
Southwest CyberSec Forum (Previously SouthWest Security Professionals Forum)
Physical & Mailing Address :
SWCSF
5700 W Chandler Blvd
Suite 6
Chandler, AZ 85226
Add us to your address book
update your preferences or unsubscribe from this list.
The SWCSF currently only provides CPE credits for attending our Monthly meetings, Attendees can manually download the CPE certificate (see below) and complete it with their name/date of the meeting and provide that to their employer or organization for proof of attendance.
![🔒[SWCSF] Meeting October 4th - The Future of Cybersecurity + Risk Profile vs Cyber Insurance - https://mailchi.mp/swspf/...](https://img4.yasteq.com/126/875/4454550761268755.jpg)
