Humans are the weakest link in any organization...especially when it comes to security. She'll discuss why and how to help improve your "human security"
Shannon Sistrunk is an expert in human communication, nonverbals, & social engineering techniques. She has her Bachelors and Masters degrees in Communication. Shannon owns and operates Bayou Communications.
Title: Vendor abandoned – vulnerabilities in consumer devices
Abstract:
In this talk Will presents his experience finding vulnerabilities in consumer network devices. Many vendors build these devices reusing open source software with no regard to any support lifecycles. Common examples of such products are network attached storage and home security cameras, which are used by both consumers and small businesses. Product support is frequently discontinued as soon as new models are released, and devices stay in production for years without any software maintenance.
This presentation goes over the methodologies that can be used in discovering these vulnerabilities and developing them into exploits. This presentation looks specifically at the Seagate NS440 NAS as a case study. Its replacement model received security advisories in March 2015 when BeyondBinary.io published a writeup about RCE vulnerabilities they discovered. This presentation was inspired by their work but the vulnerabilities discovered between the two are separate.
Bio:
Will Showalter (@willshowalter) is a Computer Science graduate student researching at Mississippi State University. Will is originally from Palmer, Alaska and received his B.S. in Computer Science from the University of Alaska Fairbanks before coming to Mississippi. While at UAF he ran the Cyber Security Club, organizing training exercises and UAF’s teams for CTF and CCDC events. Now he participates in and helps out with the MSU-CTF club. Areas of his interest include exploit writing, reverse engineering, and causing trouble.
Leonard Isham (@LenIsham)
Title: Privacy 101: An introduction with Tradecraft Light
Abstract:
An introduction to privacy that aims to leave the audience with questions… Including an overview of todays world, basic tools and a light introduction into Tradecraft AKA OPSec
Bio:
Leonard's start in life is lost in the mists of antiquity. He began as a nerd, maybe nerdling is a better description… Eventually evolving into a geek and entered the workforce in, the then yet unnamed, information technology field. Leonard moved into information security over 12 years ago. He is a self-proclaimed con rat that has lived on a floating hacking lab. In his declining years he started rambling in front of con attendees and eventually slipped into dementia as a sales engineer…
Wesley Riley (@wesleyriley)
Title: Response-Focused Defense with OCOKA
Abstract:
"Traditional information security defense strategies have relied heavily on prevention and detection to protect networks. However, in recent years it has become readily apparent that these strategies have done little to effectively combat threats as well as allowing organizations to accept a false sense of protection that is all too commonly shattered once an intrusion occurs. When the intrusion does occur, so much time, effort, and money has been dedicated to prevention and detection strategies that organizations find themselves ill-equipped to adequately respond to the actors within their borders. In this talk, we will adapt a proven military terrain analysis methodology known as OCOKA to discuss a defensive strategy that starts by gaining a true understanding of the threat profile of an organization and how to use that understanding to appropriately respond should the worst happen, as well as adjust current security methods to more rapidly address threats."
Bio:
"Wes Riley is an Advisory Practice Consultant for the Netwitness Incident Response and Discovery (IR/D) at RSA. In this capacity, Wes is responsible for delivering holistic incident response services and rapidly identifying threats as part of tactical response to intrusions involving sophisticated adversaries that target intellectual property and other critically sensitive data. He previously served as a member of the U.S. Army Corps of Engineers CIRT, as well as working as Information Assurance Officer for DoD Supercomputing in Vicksburg, MS. Wes has a Bachelor's in Software Engineering and a Master's in Computer Science from Mississippi State, where he worked for the National Forensics Training Center during his graduate studies."
Wesley McGrew (@mcgrewsecurity)
Title: Enough Reverse Engineering to Get You in Trouble
Abstract:
This workshop is designed to give the attendees exposure to how software, operating systems, and the hardware they run on work at a low level. The focus will be on user-land software and processes, but we will discuss the environment it executes in as-needed to get the bigger picture. The goal is to give attendees a starting point to reverse engineer binary software for the purposes of malware analysis and vulnerability research. Where we leave off, your personal research and drive will be able to pick up. Attendees are guaranteed to be able to understand more articles in POC||GTFO after this session, or their money will be refunded. Attendees should show up with a VMWare or VirtualBox installation on their laptops, at a minimum. I'll have more detailed instructions on what should be brought and what will be provided as the date for this draw near.
Bio:
Wesley McGrew (@McGrewSecurity) is an assistant research professor at Mississippi State University's Distributed Analytics and Security Institute. At DASI, he is involved in malware and vulnerability research. In the spring 2013 semester, he began teaching a self-designed course on reverse engineering to students at MSU, using real-world, high-profile malware samples, as part of gaining NSA CAE Cyber Ops certification for MSU. Wesley has presented at Black Hat USA and DEF CON on forensics, malware, and penetration testing topics, and is the author of security and forensics tools that he publishes through his personal/consultancy website, McGrewSecurity.com.
Art Conklin (@ArtConklin)
Title: why infosec is like being in the military
Bio:
Art Conklin is an associate professor at the University of Houston
Comments (0)
You don't have permission to comment on this page.