As of this week, Claire Southwell is joining the board of PA Hackers as Project Manager. The Project Manager is responsible for organizing security-focused open source projects and contributions. The first project on the agenda is the Ubuntu CVE tracker. 

Now, what is the Ubuntu CVE tracker? It’s a system for determining which releases of Ubuntu are affected by a given vulnerability. 

You can see the CVE number on the left, followed by the software package in question, then columns for each release of Ubuntu. Anywhere it says the release “needs triage”, that indicates that the presence of the vulnerability has not been confirmed either way. Ubuntu needs contributors to investigate and *triage* the CVE. There are over 11,000 vulnerabilities in this list and over 13,000 instances of “needs-triage.” There’s a lot of work to do, and every little bit helps. 

As stated in the PA Hackers Charter, our mission scope includes providing mentorship, enabling networking, and organizing contributions to open source projects. If we can build a team of individuals who are dedicated to spending even a few hours a month on CVE triage, we can accomplish those goals and make a major contribution to Ubuntu security. 

Claire plans to begin weekly meetings for this project in the near future. If this sounds like something you’d like to get involved with, or if you have any questions about the project, please connect with her on Discord: @thehinkydonut.

In an effort to foster the growth of the PA Hackers community and the individuals therein, PA Hackers is introducing Subject Matter Experts (SMEs). By appointing SMEs, we aim to give the members of PA Hackers access to knowledgeable, helpful experts in a variety of cybersecurity subject areas. SMEs will provide guidance and mentorship to members when called upon, and work towards the betterment of all members of the PA Hackers community.

PA Hackers aims to provide members with access to SMEs in the following subject areas:

• Pentesting/Ethical Hacking – @Gek
• OSINT – @the_wondersmith
• Linux – @ThunderHorse
• Programming and Secure Coding – @ThunderHorse
• Network Security – TBD
• Malware Analysis and Reverse Engineering – @clixo
• Governance, Risk and Compliance (GRC) – @zer0uid
• Digital Forensics & Incident Response – @MattM
• Privacy – TBD
• Cryptography – TBD

The members named above as SMEs have continually demonstrated their commitment to PA Hackers and their passion for their subject area. 

Responsibilities and Expectations

The goal of PA Hackers Subject Matter Experts (SMEs) is to facilitate the growth of small sub-communities within PA Hackers by providing guidance and mentorship to members. 

SMEs are not expected to know all of the answers. SMEs are not necessarily experts within the industry; they are experts within PA Hackers. They are expected to be community-minded individuals with deep knowledge of a subject area that are capable of quickly finding, understanding, and sharing answers to difficult questions. SMEs are expected to behave professionally, make new and existing members feel welcome in their channel, and serve as a leader in their sub-community

The responsibilities of each SME are as follows: 

1. Moderate the discord channel for their subject area. 
2. Ensure all questions receive a response within 24 hours. 
3. Frequently share articles, videos, a short write-up, or other media about their subject area in their discord channel.
4. Once per year, SMEs are expected to propose a presentation topic for PA Hackers meetups. The SME’s proposal may or may not be accepted.
5. For subject areas with a large interest from the community, SMEs will work with the vice president of PA Hackers to establish a semi-formal mentorship program.

SMEs are appointed by the PA Hackers Board of Leadership. This appointment may be revoked at the discretion of the board if the SME fails to meet any of these criteria.

Next Steps

Starting today, a number of new discord channels will appear. Please use these channels as a place to ask and answer questions, improve your skills, and engage with other members of PA Hackers who have similar interests. Introduce yourself to the SME and discuss what you’d like to learn or how you may be able to enrich the PA Hackers community.

You may have noticed that SMEs for all subject areas have not yet been named. If you’d like to take on the role of SME in one of these areas, or suggest another subject area, please reach out to @Thunderhorse.

The PA Hackers organizers have been busy over the past couple weeks finalizing our Charter. Today, we are pleased to announce it’s available for our community.

Please take a second to read our Charter. More information about SMEs and open-source projects will be announced shortly.

SARS-CoV-2 (aka Covid-19, aka the big isolate, aka the big sad, aka no more meetups) update – April 2020

Without stating the obvious, we have been unable to physically meetup since January. Just this past month, we held our first virtually isolated meetup! Big shout out to our members who made this a possibility. I understand it was a pretty chill time had by all.

Our slack is still as strong as ever! Drop by, say hi, post up what you’ve been doing to stay sane (or insane).

Later this week, look forward to our interview with @taters. If you haven’t had the pleasure of meeting this esteemed member of the community, just wait!!

Our first “getting to know our community” volunteer recently presented at one of our meetups: Rae “thewondersmith” Baker! Rae is an OSINT-ologist and was gracious enough to volunteer as our first victim. So without further ado, let’s get to know Rae..

1. What is your name (can be handle, real, pseudonym, whatever)?
   Rae / @the_wondersmith_rae
2. What should we call you?
   Wondersmith or Rae
3. What is your current position/title (if applicable – omitted if not)?
   OSINT Analyst
4. What is your origin story?
   I started out at a Graphic Design Manager and remained in that role for 15 years. In 2019, I decided to shift gears and go back to school for Security and Risk Analysis at Penn State part-time. At the same time, I was persuaded to revive a dormant college club with a few other people and quickly became the President of the Penn State World Campus Technology Club. The club allowed me to effectively network with leaders in the security field and grow my “personal brand”. A project with the club had me travel with a few other officers to the Layer 8 Convention in Rhode Island to take part in a Trace Labs Missing Person CTF. That CTF and conference supercharged my focus into OSINT and along with my blogging, helped me land my very first position in OSINT. Additionally, to hone my OSINT skills I started volunteering with Operation Safe Escape, a non-profit aimed at keeping abuse victims hidden from their abusers where I now act as Project Manager.
5. What is your infosec/personal alignment (https://dnd5e.info/beyond-1st-level/alignment/) and why?
   LG? This seems like a trick question
6. What is your professional/lifelong passion?
   Well, my lifelong passion since last year has been Open-Source Intelligence. I love it, I love finding threads to pull and new information to pivot on. I love writing articles about it and learning everything I can. I am waiting for the burnout to hit me but right now I am all in.
7. What brought you to PA Hackers?
   I came to PA Hackers because there is very little security related socializing in the central PA area. What I didn’t expect was to find such a fantastic and supportive group of people. Without PA Hackers I would not have given my very first presentation at BSides Harrisburg which gave me the confidence to submit to places like ShmooCon (and get accepted!) and for that I will be forever grateful.
8. If you could provide one piece of [leet-hacky] information to teenage you, what would it be and why?
   I have no leet suggestions for my younger self but I would tell me to stop being so scared of everything and stop pretending you are too cool to care. You don’t need to shoot low so you can avoid failure.
9. What is one thing you want to learn in 2020?
   In 2020 I would love to learn python and get better at Linux because I am still relatively new to both.
10. If you had to choose one movie to remake, keeping 1 member of the original cast and the rest replaced by muppets, which would you choose?
    True Romance

2019 has been… interesting to say the least. I think most of us will agree on that. While it’s been personally challenging for a number of us, PA Hackers has exploded through 2019. Our group is larger than ever, and our meetups are reaching more people by the week.

Given that our group is getting bigger, we are going to start streamlining our agenda’s for meetups. Since our meetings run 2 hours, our presenters are volunteering to make very intense training exercises for us or an overwhelming amount of content. To help them out, prevent burnout, say thank you, etc. PAH meetings will follow this outline:

• 5-15 minutes: Introductions, housekeeping, announcements, shout-outs!
• 10-15 minutes: past months news, events, sponsor time, follow-ups
• 1+ hours: Meetup topic meat and potatoes (or tofu and kale for our vegan hackers)
• Final 30 minutes: Q&A, networking, socializing, etc.

Times will obviously be flexible based on content and activities. The shout-out portion is a new thing we’re trying. This is for community members to brag about their accomplishments. We don’t care how entry level or uber-l33t-prosauce-hacker-ish the accomplishment is, we want to hear about it and celebrate! Please send one of our organizers a message in slack to be added to our shout-outs! Additionally, since Brandon has been working so hard on finding sponsors that feed us, we’ll be offering our sponsors a couple minutes to say something about their company.

Here’s hoping everyone has a safe and happy holiday season! See you all next decade! 😀 …. sorry I had to

Join us for our December meetup December 18th from 6:30pm to 8:30pm!

Potentially doing a SANS Holiday Hack Challenge group walk-through || a similar but different CTF! In addition to just chilling since its Christmas-time! This event is sponsored by Dataquest Inc

Since this is our Christmas get-down, we will not be streaming or recording this meetup.

Welcome to the new PA Hackers community site! There are still a few things labeled as “work in progress”; however, we’re mostly finished!

So what can we look forward to?
A number of our community members have expressed interest in contributing write-ups, how-to’s, and general informational doc’s on various domains within the infosec sphere.

How soon will we see it?
Great question! Who knows?! All jokes aside, this is a volunteer run community. All of our volunteers have families, jobs, jobs, and hobbies. So pinning down a release date can be tough. But check back frequently and I’m sure you won’t be disappointed.

Where’s the previous twitch stream?
This is a touchy subject… A certain individual, who shall remain nameless at this time, may have forgot about twitch’s retention policy and allowed the video to be removed before saving. Good news though! Our recording process is changing so this never happens again 😀 Our video section, for the meantime, will have links to previous presentations provided by our volunteers. Enjoy!