[Owasp-austin] Study Group Today

David Hughes david.hughes at owasp.org
Wed Jul 25 14:28:09 UTC 2012

Sorry, I also forgot to mention the time:


Sorry for all the email traffic.


On 07/25/2012 09:22 AM, David Hughes wrote:
> All,
> For study group today, I'd like to have a brainstorming session to
> discuss the direction of the group. I had planned to do this last week
> but instead decided that the time would be better served letting Josh
> present on something he's working on for a conference. It fit perfectly
> into what we think the study group should look like from now on. 
> I'd also like to talk a bit about technical challenges. How best to
> create a good lab environment, etc.
> Here's some talking points we are going to discuss:
> 1. The study group should be participant-led. Remember, it's not a
> class, it's a study group. We in the OWASP leadership want to be there
> to help where we can, but we do not lead or proctor the class. We are
> participants like you and lead, like you, when we are presenting or
> piloting discussions.
> 2. Topics. I'd like everyone to start thinking about topics you'd like
> to bring to the table. Do we want to do another series? I've had a LOT
> of requests it seems for Metasploit. Last week we brought up the book
> Practical Malware Analysis. I think both topics would allow for lots of
> hands-on experience.  But maybe we want to steer away from longer series
> for a time.  But when we do a series, the group should lead. Each week a
> different person should be serving as somewhat of a guide. (Not
> necessarily a teacher).
> 3. We'd like everyone to be involved. I think we have a lot of smart
> people who have something to contribute.
> 4. Got a problem? Bring it to the group. 
> I think I can express how we'd like the study group to work best by
> painting a fictional "picture" as an example (The names have been
> changed to protect my poor recollection of actual names. :-) )
> ***********************************
> Week One: Mike does a presentation on using a debugger in reverse
> engineering. The topic stirs a lot of conversation and runs long so we
> decide to extend it for another week. Doug's presentation on cross-site
> scripting is moved to week three.
> Week Two: More debugging. A side discussion on using Metasploit to
> generate shell code pops up for the remainder of the hour. We decide to
> do a future lab session where we get hands-on experience creating shell
> code with MSF.
> Week Three: Doug, having had more time to prepare XSS has set up a
> vulnerable server application to demonstrate XSS.
> Week Four: We had a discussion planned regarding XSRF led by Phil. He
> decided he needed more time, so instead we had a group discussion about
> various topics such as good Security Podcasts, recent books, and future
> plans to do a series on the book Practical Malware Analysis.  We also
> discussed helping each prepare resumes for job searches.
> Week Five: Phil does a presentation on XSRF. This was followed by a lot
> of questions and good discussion.
> Week Six: Linda presents on the topic: Writing Ruby modules for
> Metasploit. Good discussion. We decided that maybe we also needed
> something to help us with our scripting skills. A series perhaps? Some
> good Ruby resources were shared.
> Week Seven: We decide to do a short "basics of Ruby" series to help
> provide us some basic scripting skills. A friendly debate breaks out
> regarding Ruby vs. Python vs. Perl. We decide on Ruby and the book
> "Programming Ruby"
> Week Eight thru Twenty-One, we cover the Programming Ruby book. Each
> person in class chooses a chapter in the book to lead.
> Week twenty-two: We decide to create a project based on our new Ruby
> skills.
> etc.
> Bring your thoughts and ideas!
> David H.

More information about the Owasp-austin mailing list