Presentations 2015


image description

Chris Roberts

Subject matter to be determined by the number of federal agents present in the audience. – Day 1 Keynote
Subject matter to be determined by the number of federal agents present in the audience.
 
 
 
 
image description

Kellman Meghu

The Hitch Hikers Guide to Information Security – Day 2 Keynote
Kellman has a penetration testing towel, it’s an important tool in an infosec hitchhikers backpack, but it’s not the most important tool these days. How he got started in infosec is an interesting tale that will illuminate how, for all the things that change, we are still fighting the same challenges. It’s time to stop depending on our towels, and take a new look at the reoccurring problem of finding the answer, just in time to discover the question has changed.
 

 

 

image description

Mark Kikta

Shitty Pentesting: A Rant in D minor
Whether you are getting test for compliance, better security, or syphilis it helps to know how you will be tested and (in the first two cases) how to tell if you’re being screwed. This rant will go over actual pentest reports delivered to actual companies. You will laugh, you will cry, but mostly you’ll probably want your pentest fee back.
 
 
 
 

image description

Jayson E Street

Breaking in Bad (I’m The One Who Doesn’t Knock)
’ve come to realize that while I may not do a lot of social engineering engagements I do a quite a few weird ones. I also seem to have three main roles I play (all adorably) to try to get into my target. I thought it would be cool to share at least a story from each one of these roles. Some have pictures, some with just witty comments. Though all three will come more importantly with ways that would have stopped me from being successful. The goal is not to show how ‘L337’ I am or these attacks are! Far from it this talk is to show how EASY these attacks were done and how every single attack has one common thread connecting all of them! Though you’ll have to see my talk to find out what that is!


 
 
 

image description

Mark Stanislav

The Hand That Rocks the Cradle: Hacking Baby Monitors
Every couple of months, the news covers some prankster yelling at an infant or an unsuspecting nanny through a baby monitor by hijacking its RF signal or abusing vendor-default credentials over the web. As the rapid growth of the Internet of Things (IoT) continues, the capabilities of a predator or prankster to abuse baby-monitoring devices is increasing due to the usage of a complex mixture of platforms, protocols, and hardware. With many high-end baby monitoring devices on the market, how is the never-ending expansion of must-have features for parents being weighed against the threats posed by continually increasing attack surface to provide them?

This presentation will discuss security research performed against nine of the most highly-regarded IoT baby monitors on the market today. Details of research methodologies and vulnerability findings will be presented to give attendees insight into what security flaws were found within the intricate combination of mobile applications, protocols, services, and hardware running these devices. Examples of potential remediations for identified flaws will be conveyed to help attendees learn the right way to handle similar situations in their own engineering efforts. Lastly, a custom scoring system will be used to help provide an apples-to-apples view of how each device faired in holistic security versus other assessed devices.

Curious about how well your privacy and safety are being taken care of by IoT vendors? Interested in IoT security research and want to understand what flaws are being found in devices today? Want to spin your own IoT research but need a methodology and tools to get you started? Attend this presentation and become more aware of the risks facing your family and from the technologies powering our lives.


 
 
 

image description

Nathan Dragun

The Safety You Think You Have is Only a Masquerade
Forget theoretical random possibilities on paper, we are going to get real life for you and I on issues that matter TODAY. Think disasters, guns, TSA, and the ignored fragility of the world we live in.



 
 
 

J Wolfgang Goerlich & Nerdy Beardo

Punch and Counter-punch Part Deux: Web Applications
Applications today account for 75% of all attacks on corporate resources. Whether injection, XSS, poor crypto or the general ignorance of secure coding techniques, applications need our help! In “Punch and Counter-punch Part Deux”, Wolfgang and NerdyBeardo present a poorly secured application and how to properly utilize secure coding techniques to defend it. Our attacker demonstrates active attacks against the application including using SQL Injection, Cross Site Scripting, CSRF, and Broken Crypto. Our Defender will walk through a threat model utilizing STRIDE and show how threat model mitigation’s translate to code. Demonstrations will be written in C# however concepts will work with any programming language. All code will be made available on github.


 
 
 

image description

Arron ‘Finux’ Finnon

The wrong side of history – everything that is old is new again
Snowden shocked the world, but few were surprised. Many were amazed by the scale and complexity of the infrastructure . How could so many people be involved in such a massive system without the secret getting out? Surely something that big didn’t need a whistle blower to come forward for everyone to know! The truth of the matter is, looking back in our modern history books you need not look too far before seeing similar operations of magnitude being undertook. Just as secretive, just as wide reaching, and with the pursuit of ensuring ‘freedoms’ the Manhattan Project showed what can be achieved. Its hard on initial inspection to see the similarities between the pursuit of nuclear weapons and how global interception of communications have anything in common, but they do! By inspecting our past it becomes less surprising and shocking that something of this size can be undertook with few people ever realising it or questioning it.

An inspection of Manhattan Project and the recent disclosures have found many interesting and yet surprising recurrences. It is the speaker’s hope by highlighting these recurrences and drawing parallels from our pasts people can start to see where, why, and who are the catalysts for these systems. As the Russians say; Keep one eye on the past and your blind in one eye, keep both eyes on the future and your blind in both!



 
 
 

image description

Duncan Manuts

This Is All Your Fault
Infosec and IT professionals are tasked with protecting networks and customer data. Despite this clear accountability, you have shown that you are not interested enough, not capable enough, or not smart enough to get the job done. Time to take your lumps as we explore how you’re doing it wrong. Once again, no one is safe from Duncan’s brilliant insight and scornful derision. Just like how your customers’ data isn’t safe from hackers due to your incompetence.


 
 
 

image description

NinjaSl0th

Through The Wire
In this presentation, I will go through a journey of infiltrating an extreme group that functions through social media. I will talk about what tactics I used. Including which tactics worked..and which ones failed. From my methods used in this talk, I went from a no one to knowing everyone.


 
 
 

Mike Kemp

Poking the Bear
Greetings Komrade. In this talk, Mike Kemp shall illuminate and illustrate the glorious motherland for reasons of education and entertainment. The technician and proletarian classes shall be guided through glorious history until the new dawn of the workers republic is opened to all. This abstract is probably as funny as it will get as the talk will also focus upon the current state of Putin net and the weird world of RUNET. State security will not be breached in this transmission however it is the sincere hope that the author will not sufficiently annoy the FSB to end up in Siberian detention. Godless Communists and fellow travellers are welcomed to attend however it should be noted that subject matters maybe be contentious and trained by bourgeoisie constraints. I suppose if you’ve made it this far, an actual description would be good? Okay. Fine. Spoil my fun. How joyless of you. This talk will look at the history of computing, the Internet (and a bit of espionage) and Russia (or the USSR, or the Soviet Union). It will highlight the development of computing, a history of the Internet, and also examine some deficiencies which have been discovered. Basically rather than picking on poor defenceless North Korea, or Iran, I am to steal a phrase; escalating. Given the topic there will probably be less humor than usual. I will however swear. Probably frequently. Also I shall almost certainly use inappropriate language that is neither big nor clever.


 
 
 

image description

Joel Cardella

No One Cares About Your Data Breach Except You … And Why Should They?
2014 was declared the “year of the data breach” and yet we will have deaf executives, board rooms without infosec agendas and a lack of infosec prioritization with management. You need to face it: no one is really concerned but you. Welcome to the blue team. The hours suck, the work is hard and there’s no recognition. Still, you are in it to win it, and in some ways you can.


 
 
 

image description

Kyle ‘Chaoticflaws’ Andrus

Is it EVIL?
Maybe it was a random blue screen or a weird glitch that just happened to have occurred after viewing a viral video of “Cats on Bicycles Volume 3” but you definitely feel that your machine just got hacked. So, what do you do? Reload and re-install everything? Run anti-virus and call it a day? Or how about we bust out some sexy forensics and find out if there’s some evilness installed on your system because that’s exactly what we are going to do in this talk. This talk will focus on finding evil on a system. I will cover some of the basics of acquiring forensic images for analysis, narrowing down what files are good/evil, some common places malware likes to hide, Malware evasion/persistence/detection techniques, build your own Indications of compromise, scan your network with custom IOCs and do it all using some free tools from the internet (Volatility, Redline, SIFT, Bulk_extractor, Log2Timeline, Autorunsc.exe, dumpit, FTK-Imager, Malwr.com, and many more!). If you have ever been interested in where to even begin to look for Evil running on your system then this talk is for you!


 
 
 

image description

atlas 0f d00m

On the Care and Feeding of CyberNinjas
More info to be announced shortly


 
 
 

image description

Dr. Phil Polstra

Shell scripting live Linux Forensics
This talk will present a series of shell scripts that can be used for live analysis as part of Linux incident response. These scripts can be used to collect large amounts of information with minimal disturbance to the subject system. Using the results from these scripts the investigator can determine if an incident occurred and dead analysis is justified.


 
 
 

image description

Thomas “G13″ Richards

Software Security IWR
Writing secure software and designing secure systems is very difficult. In this talk, attendees will gain insight into the day-to-day life of a software security consultant. We will go over common bugs found as well as architecture design flaws. Security practitioners as well as consumers will benefit from this talk when we cover topics such as report writing, remediation advice, and interacting with clients.


 
 
 

image description

Infosystir

Shooting Phish in a Barrel and Other Terrible Fish Related Puns
We all know that the end user is the weakest link. With all the talk around how broken user education is, I’d like to offer my two cents on it. I’ll be going over the user education by phishing and rewards program I put into place in an enterprise environment. The metrics I tracked were:
1. users targeted
2. users sucessfully phished
3. phishes reported

I’ll share what I did, learned, screwed up on, and would change. I’ll also have all of my material for the program available for anyone to use.


 
 
 

image description

David “HealWHans” Schwartzberg

Hacking the Next Generation
More info shortly


 
 
 

image description

John “geekspeed” Stauffacher

This title intentionally left blank
So, you want to be a security consultant? Think its fun to hop on a plane every week jet setting off to such exotic locales as Phoenix, Az and Columbus, OH. Pay close attention as I outline some of the tips and tricks of the trade that got me through 3 years in Accuvant’s Professional Services division.
* Learn how to jump to the front of the line in loyalty programs
* Use Social Engineering techniques to take over and have control over your customer
* Utilize biology to affect how people perceive you, and your work
All of these methods are tried and true and were executed in my years in the field. I took copious notes and can say that these tips and techniques can help all of us no matter what our day job is.

This is a GRRCon exclusive for the first time, one night only…Don’t miss it.


 
 
 

image description

Matthew “Mattrix” Hoy & David “deltaflyer” Khudaverdyan

Phones and Privacy for Consumers
TIt seems that we are doomed to use “consumer grade” smartphones with little choice between phone operating systems. Android OS and iOS are the clear market leaders.
This is not a hardware talk and we are open to having a panel with others that might be hardware or reverse experts. Our talk aims to help a consumer secure either device and provide some guidance and caveats to working with each operating system. The talk will provide “consumer” hardening steps for each platform for the general public (e.g. parents or non tech friends). The talk will also investigate shrink wrapped Tailored Access Operations (TAO) and provide some general guidance to ensure that you have a clean operating system to start with.

Matt will cover applications and cloud use since we are going to be “connected”.
David will also rant about end user stupidity, which is the obvious reason why we can’t have nice things.


 
 
 

image description

Scott ‘secureholio’ Thomas

Can you patch a cloud?
The Sans 20 tells us that to protect our companies, we should have a vulnerability management program. Some companies may think they’re good enough with their current patching process. Some companies may take the SANS advice and implement a vulnerability management program for their on-prem devices. This is a good first step. What happens when you extend your infrastructure to “The Cloud”? When you add the complexity of cloud computing how does this change your Vulnerability Management program? Do you just point the scanner at the cloud provider and “let ‘er rip”? Your provider may be less than pleased with this method. So what needs to change? Scan discovery, frequency, and methods all need to be part of the equation! To the cloud!


 
 
 

image description

Dariusz Mikulski, Ph.D.

Understanding and Improving the Military Cyber Culture
Despite dominating in all physical domains of warfare, the U.S. military continues to struggle with “cyberspace.” And the reasons for this may have more to do with its culture than with technology. In this talk, we’ll explore the military culture and how what made it successful in land, sea, and air actually holds it back in the cyber domain. Through this, we’ll gain insights into why the military behaves the way it does to cyber and what it can (realistically) adopt from the hacker culture to break out of its regimented, bureaucratic box.


 
 
 

image description

Tony Miller

Application Recon – The Lost Art
Tools for conducting application penetration tests have become increasingly advanced over the past decade. Yet with all this focus on bigger, badder and more specialized tools, it seems we’ve lost sight of the most effective tool in our arsenal, our own eyes. Performing reconnaissance on target applications is one of those concepts that many know exists but few seem to actually employ as part of an application penetration test.

In this presentation, we’ll discuss how intelligence gathering can not only improve application assessments but in many cases can be the difference between a sparse report and pwn’ing the app. We’ll look at some common and some less than common methods for gathering intelligence on your target application. We’ll see some examples of how good reconnaissance techniques turned seemingly trivial applications into smoking piles of wreckage that left their owners dazed and confused.


 
 
 

image description

Arlie Hartman

Medical Devices, the Flat Network of Unknown Risks
The ratio of networked medical devices in modern hospitals is 2.4 devices per bed. These devices range in use from nuclear medicine to glucose monitoring and can have operating systems from Windows 98 to RTOS. Much like industrial control systems, availability and integrity trump confidentiality. These devices may behave like traditional computers on the network but the operational, regulatory, and personal safety risks are very different. Healthcare providers need to implement acquisition processes to mitigate the new risks and solve unique challenges that existing healthcare technology infrastructures present. Clinical Engineering and Information Technology organizations need to work together to ensure delivery of care.

What Attendees Will Learn in This Session:
-The current state of enterprise healthcare networks and their denizens
-List some of the operational, regulatory, and personal safety risks
-Overview of CE modalities and how they integrate with traditional HIT systems
-Identify opportunities in business process to inject medical device security
-Review of traditional information security controls, why they fail, and what can be done



 
 
 

image description

Patrick Fussell

Harness the Force for Better Penetration Testing
The process of collecting evidence during a penetration test is rife with pitfalls, but when done effectively greatly increases the effectiveness of the testing itself and communication of the results to the customer. In fact, careful notation can sometimes illuminate the foothold needed to compromise a network that would otherwise have gone unnoticed


 
 
 

image description

Charles Parker, II

AV is not dead!
Over the last few years, the trumpet has sounded loudly by industry leaders that AV is dead and should be ignored. On the contrary, there are certain uses for AV at its current stage of development for users. Also, unfortunately for the AV engineers, as the AV is updated, be it via signatures or methodology for finding malware, the attackers evolve the malware to evade the AV. The mechanics of the current AV searches will also be explored.


 
 
 

image description

tehEx0dus

Adding +10 Security to Your Scrum Agile Environment
A good pentester knows how to interact with most systems like a boss. A vast majority of ‘hacking’ these days comes from misconfigurations, or giant oopsies with the code. We will take you through some of the common pentesting ‘tricks’ that we use on a day to day basis that lead to massive win. This talk will cover network, webapp, and physical/social pentesting and reveal such tricks as RID cycling – username acquisition – auth attempts with each username and the password of the season to get a valid account on the domain.


 
 
 

image description

Chris J

Wireless Intrusion Detection Systems with the Raspberry Pi
This talk covers a distributed Wireless Intrusion Detection System using multiple Raspberry Pi boards. While there are more polished solutions on there, this solution works as a good proof of concept, or in house solution for small to medium businesses.


 
 
 

image description

Tom McKowen

My boss is our biggest vulnerability
More info to be announced shortly


 
 
 

image description

Zee Abdelnabi

The art of hacking a human
This talk is going to focus on being successful interacting with others in your work space. People have their own firewalls and we setup the interaction rules. Do we want to allow or block this person in our comfort zone? I will go over security techniques on how navigate different personalities using traditional hacking techniques.
– Determine what “operating system” they are running
– What patches are in place
– What vulnerabilities you can exploit
– What configuration issues does this person have?
Which then result in being able to work with different personalities based on what the hacking results tell you?


 
 
 

image description

Keven Murphy

Findings Needles in a Needlestack: Enterprise Mass Triage
Monitoring the health and sanctity of an enterprise environment requires skilled analysts with visibility throughout. While all eyes are watching for the hordes beyond the gate, there is almost no care to the individual health of each of the thousands of endpoints within. Beyond IOC and alert-driven analysis, security teams must use methods of proactively monitoring for that single compromised host before it becomes a tunnel for exfil. RSA will discuss its methods in quickly and accurately assessing the risk of advanced threats within an enterprise including establishing the immediate scope of the adversary’s reach.
 
 
 
 

image description

Alex Fernandez-Gatti

Physical – Internal – Remediation
This isn’t just another “story time” talk with another consultant on stage, Alex is here to show you how to actually break in to your clients physical properties. Tools and methods will be presented to the audience. However getting past the door is only the beginning. Alex will then show you tools and methods to get data akin to the Ashley Madison dump. After all has been said and done, Alex will go over remediation steps for your enjoyment and education.


 
 
 

image description

Tom Holt

But Can They Hack?: ExaminingTechnological Proficiency in the US Far Right
Research surrounding radicalization to and use of violence among extremist and terror groups has expanded over the last decade. These studies have improved our understanding of the potential process of radicalization and identified differences between lone wolf and group-based extremist threats. There are still fundamental questions that must be addressed, particularly regarding the role of the Internet in radicalization and recruitment as well as general technological skill of extremist groups. Few studies have considered this issue, especially among Far Right groups which have been identified as one of the top threats to public safety within the United States. This exploratory study addresses these issues using a comparative analysis of threads from multiple widely-used web forums in the U.S. dedicated to the white nationalist and white power movement. The findings demonstrate that there are distinct differences in the nature of conversations within these sites, particularly in their use of radical or race-based messages and their proficiencies with technology generally. The implications of this study for computer security professionals and the intelligence community will be examined in depth.


 
 
 

image description

Justin Whitehead & Chester Bishop

Spanking the Monkey (or how pentesters can do it better!)
In today’s mainstream penetration testing and Red Team environments we feel that the teams are relying too much on noisy scanners. In part making for a large group of scanner monkeys. This talk is bringing back old school ways with a new flavor, a new flair to prove that those techniques still work in the majority of engagements that many of us are involved in. The problem with many tools is not only how noisy they can be, but also the amount of logic and decision making that goes on under the hood without any human input.

 
 
 

image description

Ben Johnson

Modern Threats Require Modern Defenses: 3 Security Concepts for 2016
As our cyber defenses continue to be less than sufficient, we are realizing we must tailor them more to the attacks that face us. While the problem isn’t necessarily in the security technology stack itself, the overall strategy of your the stack, the team, and overall resource utilization must be revisited. We’ll explore three advanced cyber defense concepts that you should be applying or at least considering as we head into 2016: analytics, orchestration, and risk hunting.
 
 
 

image description

John Menerick

Backdooring Git
Join John Menerick for a fun-filled tour of source control management and services to talk about how to backdoor software. We will focus on one of the most popular, trendy SCM tools and services out there – Git and GitHub. Nothing is sacred. Along the way, we will expose the risks and liabilities one is exposed to by faulty usage and deployments. When we are finished, you will be able to use the same tools and techniques to protect or backdoor popular open source projects or your hobby project.
 
 
 

image description

Nathaniel ‘Dr. Whom’ Husted

There is no perimeter: Lessons from historical fortresses on how to defend our organizations
Castles were the central power structure in the medieval landscape. In many ways castles share similarities with our modern day organizational networks. While castle’s had clear perimeters, they also required adequate access to enable trade. Our organizational networks also have clear perimeters but we must keep a number of ports accessible for common every day interaction. Given the clear similarities this talk dives into a discussion of what we can learn about securing our modern networks based on what was learned from building military fortresses in the past. We will look at fortress architecture, layout, and defense technologies. We will also talk about common attacks faced during siege warfare and how they compare to modern information security attacks. For example, in many ways the Medieval Sapper is very similar to a stealthy intruder in a modern network. Unlike other talks we will not take the military analogy as gospel (“Hacking Back” is not routinely acceptable) and will also study aspects of where the analogy breaks down when discussing modern information security. The talk also won’t be focused solely on a traditional European viewpoint as castles built in Europe had very different needs than those in the Middle East or the Far east. Not only will this talk provide an interesting view on information security but will also provide some insight into the historical art of defense. As with any other area of information security, there are always lessons we can learn and improvements to be mad from past mistakes and technologies since forgotten.
 
 
 

image description

Johnny Deutsch

Cyber 101 – Upstarting your career in a leading industry
The Cyber security industry is currently one of the most developing industries around and a lot of people want to get into it, for many varuis reasons. The problem that many of these people face is that they dont really know from where to start, and what is it that people working in cyber are actually doing. This is not a technical talk, but it is definitely a security talk.
In our talk, I will provide you with a 101 course on how large organizations run their cyber security operations, and I will provide you with some background of the various roles that are involved in each and every part of the operation, so you will get to understand what is someone doing if he tells you he’s a SOC or IR analyst or any other parts of today’s large operations that support keeping organizations safe. This is a talk to help you start your career within the cyber security industry, whether you are an experienced IT person, or fresh out of college.
 
 
 

image description

Jonathan Curtis

Attacks Against Critical Infrastructures Weakest Links
Increased information and intelligence causes new operational requirements for making critical decisions on blocking traffic, so this talk will examine how blocking can be deployed, what the thresholds are within the network, and where blocking should be deployed for the most impact with the least amount of collateral damage and highest return on investment.
 
 
 

image description

Kerstyn Clover

Footprints of This Year’s Top Attack Vectors
Many of the year’s breaches and most-publicized attacks share the same attack vectors that consistently yield results on red-team engagements. Despite their commonplace nature, many of their indicators are not on the radar of defensive or responsive teams. The goal of this presentation is to outline these attack vectors and suggest techniques and ideas so that monitoring, alerting and response can be brought up to speed.


 
 
 

image description

Derek Milroy

Security Incident Response
The framework presented has been used in both SMB and Enterprise environments. Its focus is on ensuring Security Incidents are handled in a standardized, repeatable, manner. The focus of this presentation is on how to effectively assess and enhance an existing process or implement and maintain a new one. This presentation if focused on the IR portion of the DFIR acronym. It is typically the most neglected part and the most difficult to try to outsource. Put another way, your organization needs to have its act together in advance of a security incident so the process is not being invented during an incident. It is also important to make sure lessons learned during a security incident are put to use.


 
 
 

image description

Nick Jacob

Path Well-Traveled: Common Mistakes with SIEM
SIEM is a powerful tool in the world of security. It is also, however, more than just an investment of money. It is an investment of time, manpower, and ability. In the course of managing a variety of environments, there are many common issues that various organizations have all had in common. Presented here are some common issues and how to avoid them.


 
 
 

image description

Marius Nepomuceno

Quick-Start your Burp Suite extensions (Jython) and automation
Burp Suite’s true power comes from its extensive API which permits testers to tailor it perfectly to any web application. Having learned the API and created a full extension for in-house testing of a custom serialization format, I’ll be sharing important points of consideration, caveats and useful tips.
If you’ve considered but never delved into using the Burp Suite API, love Python, and want a boost so as to not start from zero, this presentation is for you.


 
 
 

image description

Shea Nangle

Attack Patterns Across Time And Space (Sorry, No TARDIS)
As a security engineer for a managed hosting provider the speaker sees a large volume of attacks every day. An exploration of attack information revealed some interesting patterns, both in terms of attacks made by attackers in specific geographic regions and in terms of attacks that are made at certain times of year. Additionally, this analysis can uncover any patterns of what types of attacks are used against specific types of targets.


 
 
 

image description

Jeff Foresman

Are You Really PCI DSS Compliant? Case Studies of PCI DSS Failure!
Many organizations have achieved PCI DSS compliance but as past breaches have shown, some companies are not really compliant. This presentation is a case study covering many years of assessing companies that thought they were compliant, but did not meet the requirements, as they believed. We will review failures in scoping, segmentation, storage of cardholder data, security testing, logging and development. Each case study will include what should have been done to meet compliance.
What Attendees Will Learn in This Session
1. Identify common failure points in PCI DSS compliance
2. How to correctly segment and scope a PCI environment
3. How to achieve PCI DSS compliance



 
 
 

image description

Charles Herring

Process – The Salvation of Incident Response
Skilled incident responders are in rare supply. InfoSec tools fall short of automated detection. Sophisticated, targeted attacks are on the rise. In short, the attackers are winning. In a 2014 survey conducted by the Ponemon Institute, most respondents said that the best thing their organization could do to mitigate future breaches is improve their incident response capabilities. However, most respondents also said that less than 10 percent of their security budget is used for incident response.

Under these circumstances, what can be done to turn the tide against cyber-attacks? The (un-sexy) answer is process. This session will examine how to maximize existing personnel and tools to more effectively identify and quantify security risks. At the end of the session, attendees will have a better understanding of incident response, and how they can implement a more effective IR process without starting from ground zero.


 
 
 

image description

Greg Foss

Honeypots for Active Defense
InfoSec analysts are all somewhat familiar with Honeypots. When they are given the proper attention, care and feeding, they produce invaluable information and can be a critical asset when it comes to defending the network. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor, right? Not exactly; when deployed and monitored properly, Honeypots and Honey Tokens are a simple way to alert on anomalous activity inside the network. But how can an organization that is not focused on research gain valuable threat intelligence using Honeypots and actively defend their network using indicators generated from an internal Honeynet?

The answer is Honeypots for Active Defense. There are currently many open source security tool distributions that come pre-loaded with Honeypots among other useful tools, however the honeypot software is often not deployed in an effective manner. This session will discuss techniques to leverage Honeypots in ways that will not overburden the security team with massive logs to sift through and focuses efforts on correlating active threat data observed in the Honeypots with the production environment. When deploying Honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network before they become the next headline.
 
 
 

image description

Jen Fox

How I Got Network Creds Without Even Asking: A Social Engineering Case Study
On a professional pen testing engagement,why is one call or phish pretext selected over another? Why does it work (or not)? This case study describes how an SE pen testing engagement used a combination of exploits – phishing, vishing, and a spoofed site to successfully gain network credentials without even asking for them. Learn why the pretexts and exploits were selected for the engagement and how and why they worked. See the email! Hear the calls! See the site!

This presentation is ideal for attendees who understand some social engineering basics but want to learn more about how an SE engagement works


 
 
 

image description

Andy Mansfield

Securing Todays Enterprise WAN
Today, local internet services are providing higher speeds at a lower cost than ever before. Due to this, many enterprises are moving away from routing internet traffic over leased lines and moving towards the data center, where they have monolithic security services. Instead, only traffic for hosted services is routed over the leased lines, and Internet traffic utilizes these cost effective local options. There is a growing need to provide a means to secure this traffic from a central point with low overhead.


 
 
 

image description

Chandler Howell

Welcome to the Internet of (Insecure) Things
I’ll be discussing business drivers which explain why IoT is such a mess security-wise, the reasons why people should care, the ways that IoT security is failing, provide some examples and lastly discuss ways that security practitioners can both protect their environment as well as improve the overall security posture of IoT.


 
 
 

image description

Juan Cortes

Ticking me off: From Threat Intel to Reversing
At Palo Alto Networks we see millions of binaries on a weekly basis. A good portion of them are identified as malware via static analysis, dynamic analysis and work done by our threat team. Once in a while we come across samples that evade these detections, which is when my job gets fun.
This is when I grab my favorite cup, pour myself a tasty beverage and do some reversing. In this talk I will walk through the usage of our new platform Autofocus and how I go about selecting the binaries that fill my cup with reversing joy. Secondly, I will show a high-level overview of my process of reversing a binary and determining what caused our systems to miss it, and how we fixed it. Pour yourself a tasty beverage and join me.


 
 
 

image description

Brian Wrozek

Security Frameworks: What was once old is new again!
CISOs are being overwhelmed by the explosion of data, vanishing perimeter and the increase in sophisticated threats. Add to this volatile mix the increase in oversight from a host of constituents and you have chaos in the making. Your security strategy should be more than a laundry list of technology investments or the act of closing audit issues. Adopting a framework provides a more structured way to create your strategy roadmap, identify areas that need investment and report on progress. Frameworks provide much needed focus and increased credibility to your security program. Come learn tips on how to make effective use of security frameworks to elevate your security program.


 
 
 

image description

Robert Carson & Bradley Stine

How compliance doesn’t have to suck….at least totally
How many times do we hear compliance sucks and being compliant doesn’t mean you are secure? In a debate format we are going to discuss the key failures and successes of compliance explaining how a “compliance guy” and “security guy” can work together to make compliance successful in the modern environment. Compliance should not be a destination but a starting point for all organizations to ensure all domains of security are being addressed.


 
 
 

image description

Tom Doane

What is a cloud access broker and do I need one?
Gartner predicts the Cloud Access Security Broker (CASB) market will reach $500M in revenue by 2017, making it the fastest growing security tech in history…but how are companies actually using CASBs today? CASBs deliver four pillars of functionality that differentiate them from existing cloud security technologies. These are visibility, compliance, data security and threat protection for the enterprise consumption of cloud services. But, there are many ways to leverage the power of a CASB, so it can be useful to see how they are leveraged by organizations in a variety of industries. In this session we’ll share some of the advanced use cases that IT Security organizations at forward-leaning companies like Aetna, Comcast, HP, Western Union are pioneering in the CASB space.


 
 
 

image description

Mark Nafe

Targeted Attacks and the Privileged Pivot
Analysis of the latest attacks on large enterprises has determined that one of the most common patterns is the commandeering of privileged accounts to gain access to an intended target, then escalating privileges to move laterally throughout the network to higher value targets. This presentation will examine primary attack vectors, such as privileged accounts and credentials, and provide insight into the code that is launched, including snippets that enable access to more devices (lateral movement). The session will explain common weaknesses in enterprise security defenses and provide advice for remediating and closing these vulnerabilities. The discussion will put recent breaches in context of broader cyber-attack patterns, and provide lessons learned based on attackers’ typical timeline of activities.