BSides Atlanta 2016
Event Details:
When: Saturday November 12, 2016
Where:
ATLANTA TECH VILLAGE http://atlantatechvillage.com/
3423 Piedmont Road, NE Atlanta, GA 30305
https://www.google.com/maps/place/Atlanta+Tech+Village/@33.848556,-84.373398,17z/data=!3m1!4b1!4m2!3m1!1s0x0:0xaeeb9796e65b24d0
Directions & Parking: Details from their website.
http://atlantatechvillage.com/about-us/
Cost:FREE!!
Booze:FREE!!!
Food: FREE!!!!
Award Winning Smiles: - PRICELESS
Event Schedule
Time |
Speaker and Title |
Village and Contests |
9-10am |
Registration and Coffee/Breakfast |
10-11am |
Jim Nitterauer - DNS – Don’t Neglect the Signs! |
All Day |
11-12pm |
Marina Krotofil - Do as I say not as I do: Hacking Industrial Processes with PLC Rootkit |
All Day |
12-1pm |
LUNCH |
1-2pm |
Justin Massey - Agile Developers Beware |
All Day |
2-3pm |
Erich Kron - Put up a CryptoWall and Locky the key |
All Day |
3-4pm |
Zack Allen - Security Considerations for Designing a Secure Cloud Solution with Google Cloud Platform |
All Day |
4-5pm |
Stefan Stephenson - How to not SOC at life
|
All Day |
5-6pm |
Jon Creekmore - Walking in the Dark: Counter-Deception and CHOps |
All Day |
6-8pm
|
AFTER PARTY! OPEN BAR AND FOOD! |
|
AFTER PARTY
WHEN: 6pm-8pm – cocktail tables reserved – you’ll see the signs!
After this day of thought-provoking talks and conversations, get ready to relax and unwind… with a little fun along the way.
Join us for the official Security B-Sides Atlanta After-Party at Gordon Biersch Buckhead (just around the corner from ATV and ample FREE parking).
We’ll be passing complimentary food and drinks (first two drinks are on us – well, technically they on our amazing sponsors who we appreciate so much!).
Thanks again for making Security B-Sides Atlanta what it is today – and for making us so proud to be part of this incredible community.
Village and Contests
In addition to the amazing talks we have on the schedule, there will also be a village area for hands on hacking and fun. We'll also be holding a few contests throughout the day with prize giveaways from our awesome sponsors.
Augusta Locksports will be hosting a Lockpick Village where folks can come by to talk about physical security, learn to pick locks or talk about advanced picking techniques and tips. Plenty of locks and spare picks to play with, so be sure to stop by!
In conjunction with the Lockpick village, we'll have some hands on SDR/hardware to play with. If you have any gear you want to bring along to play with, please pack it!
Special thanks to August Locksports for bringing their gear and people from Augusta to help support our event. And thanks to Jeff (@InfoSec208) for the hardware and SDR fun!
Abstracts and BIO's
Zack Allen
Security Considerations for Designing a Secure Cloud Solution with Google Cloud Platform
"The major cloud vendors (Amazon, Microsoft, and Google) all provide different security features for their platforms to support the common security goals (identity management, patching, network security, audit logging and monitoring, secure communications, etc.).
Google Cloud Platform is the relative newcomer to the cloud space, and their security features have some significant gaps compared to Amazon.
This presentation will discuss the gaps in GCP's security features, their roadmap for trying to achieve parity with Amazon, as well as other security considerations when architecting a cloud solution such as a cloud computing policy and network security reference architecture."
Bio
Zack Allen is an Associate Managing Consultant at Cigital with over 10 years of experience in information security. He has worked with a number of Fortune 250 companies including financial institutions, government agencies, healthcare providers, retailers, telecommunications firms, and security firms to provide services such as penetration testing, static analysis, remediation consulting, security architecture, and instructor led training.
LinkedIn Profile: https://www.linkedin.com/in/zack-allen-470796a
Marina Krotofil
Do as I say not as I do: Hacking Industrial Processes with PLC Rootkit
Input/Output (I/O) mechanisms of embedded systems are used to interact and control the mechanics and physics of the outside world. Particularly when employed in mission critical systems, ensuring the reliability and integrity of process data and control commands flowing through I/O of embedded systems is paramount.
This talk addresses hardware security of Programmable Logic Controllers (PLC). Embedded system’s I/O is controlled by a pin based approach. An attacker can tamper with the integrity and availability of an embedded system’s I/O by exploiting certain pin control operations and the lack of hardware interrupts associated with them.
The first part of the talk will present the fundamental flaw of the runtime design which allow for such an attack, specifically how to circumvent current host-based detection mechanisms applicable to PLCs by avoiding typical function hooking or modifying kernel data structure. The second part of the talk will detail the risks and implication of such an attack in a context of the operational process. On the specific examples, the presentation will explain the meaning of input validation in the context of industrial control systems and outline validation considerations."
Bio
Marina Krotofil is Lead Cyber Security Researcher at the Honeywell Cyber Security Lab. Previously she worked as a Senior Security Consultant at the European Network for Cyber Security. Her research over the last few years has been focused on discovering unique attack vectors, design vulnerabilities, engineering damage scenarios and understanding attacker techniques when exploiting control systems. Marina authored more than 20 papers on cyber-physical security. She gives workshops on cyber-physical exploitation and is a frequent speaker at the leading security events around the world. She holds MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems.
@marmusha
www.linkedin.com/in/marina-krotofil
Stefan Stephenson-Moe
How to not SOC at life
Many large and medium size companies have come to realize they need human beings to monitor the logs their security devices generate, but many companies still believe that all that's required for good defense is investing large amounts of money in solutions that correlates large amounts of logs and hiring employees to look at those logs. The reality is there's a lot more to planning and running a SOC then devices, budgeting, tools, and metrics. Special consideration needs to be taken into account that a SOC is a special kind of team with humans playing a central role. This presentation will address the team and procedure building aspects of running a SOC as well as go into some ways SOCs can be improved internally without having to rely on outside contractors and vendors for support. This presentation will discuss tried and true strategies for correlation monitoring, tuning, hunting, intelligence gathering, and internal tool development. This presentation will also discuss common pitfalls that SOCs can run into that can have seriously deleterious effects on their monitoring without the manager realizing it.
BIO
Stefan is a Security Researcher with several years working for a major power utility in the southern United States (take a guess which one). As one of their first four members of their internal SOC he had the task of building up Security Operations inside the company from nothing to a team of proactive threat hunters, which is no easy feat in a company with over 25,000 users. With virtually no precedent to go on almost anywhere else in the industry he and his team tried lots of different strategies that provided the most security to the network while attempting to maintain the sanity of the analysts. Some of the strategies worked and some didn’t. As a side project Stefan would go out into the field with Transmission Engineers and Protection and Controls engineers to learn more about the Transmission SCADA systems used to automate the grid.
Jon Creekmore
Walking in the Dark: Counter-Deception and CHOps
One of the newest security trends in both the public and private sector today for defenders, is to deploy counter-deception campaigns. With access to deception tools and techniques such as honeypots, honeynets, honey-tokens, and more becoming easily available, the challenge to pen testers and red team professionals will increase. Counter-Deception is one of the core principles of the Counter Honeypot Operations (CHOps) Open-Source Framework and this presentation will inform, educate, and generate discussion on what the ethical hacker needs to know in order to safely and effectively "Walk in the Dark" during deception enabled engagements.
Bio
I am Jon. I like charity, infosec, and hacking life to a better place. I consider myself a father, hacker, friend, and hopeful for a better community tomorrow than that of today :-). I has credz at https://www.linkedin.com/in/mrcreekmore and check some cool charities at www.DiscoverCyber.org, www.AugustaLocksports.org, and www.BsidesNights.com <3
Jim Nitterauer
DNS – Don’t Neglect the Signs!
DNS is the engine that makes the Internet work, converting recognizable names into IP addresses behind the scenes. Only recently has the InfoSec community recognized the importance and value of logging and analyzing DNS traffic. The development of a variety of open source tools has given network and security admins amazing resources for investigating DNS traffic for signs of improper configuration as well as tell-tale signs of compromise. This discussion will examine the common ways that DNS can be used to compromise networks including DNS Amplification, data exfiltration and Botnet C&C communication. We will then review some of the available open source tools including Graylog, Elasticsearch, Kibana, Packet Beats and NXLog that can be used to proactively log and monitor DNS and other traffic. The discussion will conclude by covering some practical solutions you can implement to enhance the security of your own network.
Bio
Jim is currently a Senior Security Specialist at AppRiver, LLC. His team is responsible for global network deployments and manages the SecureSurf global DNS infrastructure and SecureTide global SPAM & Virus filtering infrastructure as well as all internal applications. The team also manages IT security for the entire company.
Jim has over 20 years' experience in the IT industry. He currently holds a CISSP certification in addition to a Bachelor of Science degree with a major in biology from Ursinus College and a Master of Science degree with a major in microbiology and biochemistry from the University of Alabama. He is a 2000 graduate of Leadership Santa Rosa and a 2001 graduate of Leadership Pensacola.
Jim has presented at many conferences both locally and nationally including BSides Las Vegas, NolaCon, ITEN Wired and other smaller events. He is regular contributor to the Tripwire Blog and Peerlyst, is a member of the ITEN Wired Planning Committee and in involved in the Florida Panhandle (ISC)2 Chapter. He served as President and CEO of GridSouth Networks, LLC, a joint venture between Creative Data Concepts Limited Inc. and AppRiver, LLC. Jim is also the founder and President of Creative Data Concepts Limited, Inc., a well-known Web services provider that has been located in Pensacola, Florida since 1998.
In addition to his work at AppRiver, he devotes his time to advancing IT security awareness and investigating novel ways to implement affordable security controls.
@JNitterauer
https://www.linkedin.com/in/JNitterauer
Justin Massey
Agile Developers Beware
Agile Software Development (v): The act of pushing code to production faster than security can review it. Application Security Teams are constantly plagued with dealing with developers who reintroduce the same vulnerabilities into the code base time after time. This presentation covers some automation tools to help application security departments and pentesters specifically. Sample scripts will be released to help kick start your automation security framework.
BIO
Justin Massey is a security researcher and his background in managing the technical operations of a small MSP led him to discovering weaknesses in many businesses’ networks and applications. Curiosity chaperoned Justin along the way from building potato rocket launchers in his early years to breaking web and mobile applications today.
@jmassey09
Erich Kron
Put up a CryptoWall and Locky the key
Erich Kron will leverage his years of experience in IT and security to give the session attendees tips and tricks on avoiding or minimizing ransomware and malware infections. He will discuss defense-in-depth, detection, recovery and user training strategies. Attendees will leave the session with a better understanding of real-world ways to battle the ransomware epidemic.
BIO
Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 18 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. He has managed the technical integration and functional testing of multi-million-dollar enterprise level technology projects within the Department of Defense, as well as large military security programs. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in the InfoSec industry.
Follow Erich @KB4Erich
SPONSORS:
THANK YOU! THANK YOU! THANK YOU!
We couldn't have done this without our sponsors so please take a moment to recognize them and show some appreciation at the event for all that they have done.
THANK YOU TO:
Event Planners
-
Nick Owen
-
Eric Smith
-
Mary Catherine Petermann
-
Martin Fisher
-
Mike Rothman
-
Tony UcedaVelez
Volunteers
CPEs
Your attendance at BSides Atlanta is valid toward the CISSP continuing education credits (CPEs). If you are a CISSP, please print a copy of this form and bring it to the meeting. Give it to the meeting moderator or one of the BSides Atlanta Staff members to sign, after which you can submit it to (ISC)2 as needed.
Hashtags
Please use the tag #BSidesATL for content related to this event.
After this day of thought-provoking talks and conversations, get ready to relax and unwind… with a little fun along the way. Join us for the official Security B-Sides Atlanta After-Party at Gordon Biersch Buckhead (just around the corner from ATV and ample FREE parking).
WHEN: 6pm-8pm – cocktail tables reserved – you’ll see the signs!
We’ll be passing complimentary food and drinks (first two drinks are on us – well, technically they on our amazing sponsors who we appreciate so much!).
Thanks again for making Security B-Sides Atlanta what it is today – and for making us so proud to be part of this incredible community.
Augusta Locksports will be hosting a Lockpick Village where folks can come by to talk about physical security, learn to pick locks or talk about advanced picking techniques and tips. Plenty of locks and spare picks to play with, so be sure to stop by!"
Augusta Locksports will be hosting a Lockpick Village where folks can come by to talk about physical security, learn to pick locks or talk about advanced picking techniques and tips. Plenty of locks and spare picks to play with, so be sure to stop by!"
Comments (0)
You don't have permission to comment on this page.