From allan at nblug.org Sat Oct 11 10:39:13 2014 From: allan at nblug.org (Allan Cecil) Date: Sat, 11 Oct 2014 10:39:13 -0700 Subject: [NBLUG/Announce] General meeting October 14th: Open Conferences Message-ID: <54396B41.30500@nblug.org> When: October 14th, 2014 7:30 pm Speaker: Kevin Ablett Location: O'Reilly Media at 1005 Gravenstein Hwy N, Sebastopol, CA in the Tarsier conference room past the metal statue and to the right (http://nblug.org/locations) Description: I just spent the last 2 days at Agile Open Northern California. This talk has nothing to do with Linux directly. I intend to talk some about the sessions I attended, but more about the concept of Open Conferences in general. From allan at nblug.org Tue Nov 4 10:47:06 2014 From: allan at nblug.org (Allan Cecil) Date: Tue, 04 Nov 2014 10:47:06 -0800 Subject: [NBLUG/Announce] 2014-11-11 meeting: Secure Server Deployments in Hostile Territory Message-ID: <54591F2A.1040308@nblug.org> When: November 11th, 2014 7:30 pm Speaker: Kyle Rankin Location: O'Reilly Media at 1005 Gravenstein Hwy N, Sebastopol, CA in the Tarsier conference room past the metal statue and to the right (http://nblug.org/locations) Title: Secure Server Deployments in Hostile Territory Description: It's easy to secure your servers when they are in the safe confines of your own data center, but deploying servers in the cloud is like dropping them from a helicopter into a jungle across enemy lines without so much as an IP address. This talk will cover how to use Puppet to harden cloud servers including certificate and key management, protecting secrets on your hosts, managing dynamic IPs, and overall security best practices. While a few tips will be specific to Puppet and Amazon AWS, most of the techniques would apply in just about any environment. From allan at nblug.org Fri Dec 5 17:30:01 2014 From: allan at nblug.org (Allan Cecil) Date: Fri, 05 Dec 2014 17:30:01 -0800 Subject: [NBLUG/Announce] 2014-12-09 meeting: Anatomy of an Arbitrary Code Execution Exploit Message-ID: <54825C19.70508@nblug.org> When: December 9th, 2014 7:30 pm Speaker: Allan Cecil Location: O'Reilly Media at 1005 Gravenstein Hwy N, Sebastopol, CA in the Tarsier conference room past the metal statue and to the right (http://nblug.org/locations) Title: Anatomy of an Arbitrary Code Execution Exploit Description: This talk is all about dissecting exactly what happens when a program stops doing what the designers designed it to do and starts doing what an attacker (or in this case, the presenter) wants it to do. I'll cover using a virtual machine environment of a simple system under Linux to step through all phases of an arbitrary code execution (ACE) exploit, including corrupting a data structure, out-of-bounds memory manipulation, pointer manipulation, and ultimately execution of arbitrary code. I'll be demonstrating memory viewer and disassembly tools to show the exact instructions being processed as they happen. The simple system in question? A Zilog Z80 processor, running inside of a Super Game Boy. Come for the dissection, stay for some entertaining abuse of a live SNES console. This will largely be a no slides, full demo presentation and should have something of interest for everyone. See you there!