Event Schedule

Talks

• Speaker: Amol Sarwate

• Title: SCADA Security: Why is it so hard?

• Abstract: This talk will present technical security challenges faced by organizations that have SCADA, critical infrastructure or control systems installations. It will provide examples of attacks and examples of security controls for the same. The talk will introduce an open-source tool to help identify and inventory SCADA systems.The presentation will begin by introducing SCADA systems under the hood including RTU, IED, PLC, FEP, PCS, DCS, HMI, sensors, data historians and other SCADA components. The presenter will categories these components into distinct groups based on the functionality that each component provides. The presenter will review the security implications on each of these groups and identify where most of the threats lie. The presentation will take a packet level dive into SCADA protocols like MODBUS and DNP3 and study their security implications. The presentation will give example of attacks that can be carried out against each group and component. The presenter will release an updated version of an open-source tool to identify and inventory SCADA systems using the protocols discussed in this presentation. The presenter will then focus on real world examples of successful and not-so-successful implementations of security controls with SCADA systems. This will include examples of what some large organizations have done, and a discussion about why SCADA security cannot be deciphered just by tools or technical solution. The presentation will conclude with guidance on how control system owners can start implementing additional measures to get to an acceptable security.Attendees who are in charge of control system infrastructure will get insight on what worked and what did not for other organizations. Engineers who are in-charge of security for control systems will get a better technical insight of SCADA protocols and components and can use the open source tool that is introduced. Attendees who are new to control systems will get an excellent overview of security complexities of control systems.

• Speaker: Jack Daniel

• Title: Storytelling, PowerPoint, and Disarmament

• Abstract: Humans are storytellers, but we load up PowerPoint (and Keynote, etc.) with bullets and shoot to kill the imagination and interest of our audiences.  In this conversation Jack will discuss how to use storytelling techniques to improve your communication and presentation skills; how to safely disarm your slide decks by removing bullets, and what to replace them with; when storytelling is appropriate- and when it isn't.  Jack will share insights, tips, and tricks gained through years of study, personal experience (successes and failures), and practice.  And, he will tell a story or two- just don't ask to sit on his lap while he tells them, that is just awkward.

• Speaker: Prutha Parikh

• Title: Attacking Apache Reverse Proxy

• Abstract: This talk will discuss the Apache Reverse Proxy vulnerability (CVE-2011-4317) that I discovered while developing vulnerability signatures for Apache. Depending on the reverse proxy configuration, the vulnerability allows access to internal systems from the Internet.

  The presentation will start with discussion on reverse proxies and look at some older reverse proxy vulnerabilities and patches. It will go into the thought process behind bypassing the latest patch to discover a new vulnerability to remotely gain access to the internal network. It will also describe the tools, techniques and ideas that went behind discovering the new variant of the vulnerability and constructing a proof of concept to exploit the issue. Along with exploring the root cause of the issue, it also talks about the issue from an attacker’s perspective and finally recommends protection mechanisms against the attack. The talk will also give the audience a peek into the process of vulnerability signature creation and discovering new vulnerabilities.

• Speaker: James Kegel

• Title: The Myth of WiFi Security

• Abstract: This talk will aim to inform the user about the risks associated with the convenience of operating a wireless network in the 802.11 spectrum. The presentation will briefly cover the different types of attacks, the different types of WiFi encryption schemes, and the associated attack vectors currently being used in the wild to exploit them. The presenter will cover the different tools needed to perform the attacks manually, and give a brief explanation of the commands associated and about what is going on in the background to accomplish the goal of the attack, with examples of how this would take place in a real world scenario. The presenter will brief the audience of what would motivate a potential attacker, and offer them a chance to get inside of the head of a wireless hacker, whether they be whitehat or blackhat. At the conclusion of the presentation the presenter will give a checklist to determine how safe your wireless network is, and a few criteria to decide if one would actually need a wireless network for their network deployment, as well as a few simple steps to take in securing your network. Some of the topics, terms and tools discussed will be: WEP, WPA, Tkip, PSK, Cisco Leap, Rainbow Tables/Time Memory Tradeoff, Brute Force, Arp Replay, Arp Poisoning/Man in the Middle, Rogue Access Points, Packet sniffing with TCPDump and Wireshark, Automated attacks with WiFite, Manual attacks with Aircrack-ng suite, Network Disruption with MDK3, Network Mapping with Nmap. A few prerequisites would be a basic familiarity with the command line, and a basic understanding of 802.11 Wireless technology.

• Speaker: Matt Presson

• Title: Building a Database Security Program

• Abstract: In today's world of Information Security, we implement technical controls almost everywhere. As such, you would probably be hard pressed to find an up-to-date InfoSec department that didn't manage firewalls, IDS/IPS systems, Web Application Firewalls, HIDS/HIPS, AV for clients and servers, and full disk encryption for laptops. While these types of systems can be useful, in most cases they fail to prevent a company's IP and customer data from being stolen by attackers.

  This talk will present a model that can be used by companies to effectively detect and prevent such breaches by implementing a database security program focused on business integration, proactive security controls, and continuous monitoring and alerting. Examined will be the key focus areas of the program along with how each provides greater visibility to security and the business, and makes it possible to respond quicker to potential security incidents - potentially preventing a breach altogether.

• Speaker: James Ruffer

• Title: Attacking Corp America using Social Media

• Abstract:James F. Ruffer III is well-known ethical hacker with a special interest in social engineering and social media hacking. He is a regular presence on the USA weekly (Chicago NBC radio), Memphis NBC TV, and Memphis Clicks and Coffee, where he talks on security issues. Also, James has published widely on security topics, includingsocialmediasecurity.com, FBI Infragard, and connectedcops.net. James has spoken at several security events, including Phreaknic, Infosec Chicago, Memphis CyberExpo. Extending his expertise into the app world, James has publish apps for datalossdb.org,ihackcharities.org, and exoticliability. James is currently on the board of Memphis OWASP and Memphis ISSA, and he serves as VP of IT for a financial institute. His past experience also includes CTO social media/mobile development, Encryption Engineer for fortune 500, and forensics engineer for fortune 50 company.