Summaries

Past meeting summaries from our security community catchups

About SecurityMonkeys Catchup

SecurityMonkeys Catchup is a weekly virtual meetup for security professionals, researchers, and enthusiasts. We discuss the latest security trends, vulnerabilities, tools, and techniques. Our community is open to everyone interested in cybersecurity, from beginners to experts.

These summaries serve as a record of our discussions and a resource for those who couldn't attend. Each summary includes the topics discussed, projects showcased, and a list of attendees.

SecurityMonkeys Catchup #1

Date: 06-04-2025
Duration: 4 hrs 10 mins
16 Attendees

Topics Discussed

  • General Introductions
    • The session kicked off with a quick introduction to the Security Monkeys community, followed by participant introductions. We set the context for the session, outlining objectives and goals.
    • Introduced the Security Monkeys community, highlighting our mission to learn, collaborate, and share knowledge around cybersecurity and modern security tools like MCP.
  • Team Collaboration & Idea Implementation
    • Participants then divided into 8 teams, each focusing on a different idea related to MCP and security. The teams worked hands-on, experimenting with various ideas and tools.
    • After a brief break, the teams continued refining their ideas, implementing solutions, and testing concepts in the second phase.
    • Each team then presented their findings and ideas, followed by an open discussion where everyone shared their experiences, challenges, and feedback.

Projects Showcased

  • Kubernetes enumeration and OSINT for red teaming using dorks to identify vulnerabilities
  • SSH recon and cloud breach expansion, focusing on host, container, and cloud configurations
  • Integrating GitHub repositories and organizations to identify misconfigurations for OSINT and pentesting
  • Scanning WordPress vulnerabilities, automating remediation with the WordPress API, and generating reports
  • Building a web crawler using headless Chrome to detect vulnerabilities across websites
  • Developing an Nmap-based solution to scan endpoints for vulnerabilities and understanding system setups
  • Building an MCP server for subdomain enumeration and identifying subdomain takeover risks
  • Creating a Secure Prompt Guard to detect and replace insecure code with safer alternatives

Meet Screenshot

Meeting screenshot

SecurityMonkeys Catchup #2

Date: 13-04-2025
Duration: 3 hrs
11 Attendees

Topics Discussed

  • MCP-powered Kubernetes Security
    • We explored how to leverage Model Context Protocol (MCP) for Kubernetes security assessments.
    • Discussed Auto-Pilot mode (LLM-driven security assessments), Semi-Auto Pilot mode (with tools and command references), and the associated dangers of using automation for security assessments.
    • We also discussed the importance of human oversight and the potential security risks when automating security processes.
  • Backdoors and Breaches: IR War Room Simulation
    • We simulated a real-world security breach incident from start to finish.
    • The group brainstormed various steps in the Incident Response (IR) process, such as detection, containment, eradication, and recovery.
    • Each participant shared their knowledge from different security domains, enriching the group’s understanding of cross-domain knowledge.
    • By the end of the simulation, participants gained incident response skills and were exposed to different tools and techniques for handling real-world security incidents.

Meet Screenshot

Meeting screenshot