Event Details:

When: Friday, November 4, 2011

Where: Think Inc World HQ, 1375 Peachtree St. Suite 600, Atlanta, Ga (The Earthlink Bldg).

The venue is located on the 6th floor. Front Desk will instruct attendees on which elevator bank to use to reach the secured floor.

Parking: Parking can be found in several locations near the venue.

• Before 9:30, parking in the building is $6/day
• After 9:30, $8/day (mention BSides)
• $3 Early Bird 1/2 block south and nearby

Cost: Free of course!

Videos of BSides Atlanta 2010 and 2011: http://vimeo.com/user5089985

Sponsors

To make the very most of this event, we need your help! We currently are looking for sponsors. If you are interested in sponsoring, please contact Nick Owen at nowen at wikidsystems.com or Mary Catherine Petermann at mc at barracuda.com.

We would like to thank the sponsors that have contributed to this year's event. Without you these events are not possible. THANK YOU! Our current sponsors include:

	We’re a curious bunch that makes digital things — and not just apps or banners or sites. We bring digital to life with integrated solutions that make sense — for the companies that need them, the users that demand them and the digital world that consumes them.
	Amidst the growing noise of polarizing security topics, hacking vs compliance religious warfare, and misunderstood risk phobias, VerSprite provides tailored security guidance that supports technology and operational objectives.  VerSprite reflects a fresh take on understanding and managing risk around people, process, and technology.  Focusing on GRC, AppSec, and BCM solutions, VerSprite's hybrid approach to InfoSec navigates beyond the super-hyped to a more balanced approach to functional security. Discover more at www.versprite.com.
	Milton Security Group LLC (a certified VOSB) was started in 2007 with the basic principle to make Network Security within reach of all businesses. From this basic principle, Milton Security Group has designed and developed a growing suite of security solutions. These solutions are adaptive and tailored to each customer. Milton Security Group approaches security from many angles to bring protection to the core assets of your network. This approach is flexible and allows for a quick response to the latest threats.
	Rapid7 is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management http://www.rapid7.com/products/vulnerability-management.jsp  and penetration testing http://www.rapid7.com/products/penetration-testing.jsp  products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,700 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies worldwide by Inc. Magazine and is backed by Bain Capital Ventures. For more information about Rapid7, please visit http://www.rapid7.com
	LARES is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.   We are committed to identifying the key assets of your unique business and creating a customized strategy to protect you in today's volatile business environment and beyond. Our approach allows our clients to make informed decisions about their information security programs and effectively "secure what matters most".
	Founded twenty seven years ago, Sayers has grown into an industry-leading IT services and solution provider, offering the latest and most sophisticated technologies. Over the past three decades, we have established a powerful track record of success, highly personalized service and lasting client relationships.   Companies stay with Sayers because we deliver. We create customized, thoughtful solutions to meet their needs ­ not off-the-shelf approaches, or technology companies do not need. We partner with world-class vendors.   Our senior professionals are focused, customer-driven and among the most experienced in the business. Sayers is an independent, minority-owned business committed to our core values and to producing exceptional results for our customers.
	The WiKID Strong Authentication System is a patented dual-source, software-based two-factor authentication system designed to be less expensive and more extensible than hardware tokens.  The WiKID Strong Authentication Server comes as a software appliance, an ISO or in RPM format and works in conjunction with software tokens running on PCs (Windows, Mac, Linux) or smart phone to securely deliver one-time passcodes.  WiKID uses public key cryptography allowing greater extensibility and cross-enterprise two-factor authentication without requiring multiple tokens.  A trial version of the server is available for download.
	Barracuda Networks Inc. offers industry leading products for three distinct markets. As the worldwide leader in content security appliances, Barracuda Networks offers products that protect organizations from threats over email, Web, and IM. With a strong security heritage, Barracuda Networks offers networking products that improve application delivery and network access with SSL VPN, Internet link load balancing, and server load balancing product lines. Finally, Barracuda Networks offers world-class solutions for backup and data protection that include message archiving, backup software and appliances, and offsite backup services.
	NopSec automates cutting-edge hacking tools and techniques to simulate targeted attacks performed by hackers in the real world, and deliver to enterprises an integrated on-demand SaaS platform from the cloud to effectively identify, manage and remediate “real” exploitable security vulnerabilities.  In 2011, NopSec launched the first three modules of VRM solutions, which truly differentiates from existing solutions in multiplicity of attacks, false positive verification and unified vulnerability management framework.   NopSec delivers security values to its customers via three main service lines:  Risk and Security Assessment Services,  NopSec VRM on-demand Vulnerability Risk Management Solution, Security Solutions Implementation Training and Human Component Security Training.
	Stach & Liu provides IT security consulting services to help companies secure their business, networks, and applications. Our team is comprised of industry experts and thought leaders with over 100 years of combined experience.
	Dell Inc. (NASDAQ: DELL) listens to customers and delivers worldwide innovative technology and business solutions they trust and value. Recognized as an industry leader by top analysts, Dell SecureWorks provides world-class information security services to help organizations of all sizes protect their IT assets, comply with regulations and reduce security costs.
	NT OBJECTives (NTO), based in Orange County, California, brings together an innovative collection of top experts in information security and software engineering to develop and provide a comprehensive suite of industry-leading technologies and services to solve the application security challenges of today's global organizations.

Schedule

Speaker Abstracts

The following CFPs were accepted for this year's event.

Andy Green

Keynote Speaker

The keynote will cover important topics such as:

• importance of education in today's economy
• academia's role in providing that education
• the importance of B-Sides, and events like it, to the educational process
• how academia can capitalize on conferences like B-Sides
• beliefs and theories on where all of these elements will grow and change in the coming years

Andy Green has been involved in information security for ten years, offering consulting services that focus primarily on the needs of small and medium-sized businesses. Prior to becoming a full-time information security consultant, Green worked in the health care IT field, where he developed and supported transcription interfaces for medical facilities throughout the United States. Andy is currently a faculty member at Kennesaw State University, where he teaches classes in information security.  He is also pursuing his PhD at Nova Southeastern University, where he is studying Information Systems, with a focus on Information Security.  Andy has also co-authored an academic textbook on perimeter defense, and has forthcoming academic texts on web security and IR/DR.  Green is known to be frequently sleep-deprived, as well as grouchy and ill-tempered, unless the Crimson Tide is playing winning football.

Russell Eubanks
A Small Business No Budget Implementation of the SANS 20 Security Controls

A consensus of defensive and offensive security practitioners developed the SANS 20 Security Controls. In their implementation of this program, the United States Department of State demonstrated  an 85 percent reduction in vulnerabilities in the first year alone. Small businesses can use practical and often no cost ways to leverage existing security and administration tools to bolster their information security posture. Each control is paired with pragmatic ways for small business to rapidly deploy a continuous monitoring program at little to no cost. By leveraging and leaning into existing tools, the small business can develop a robust continuous monitoring program that is positioned to better recognize and respond to threats.

Russell Eubanks (russelleubanks) is the Director of IT Security for Priority Payment Systems and a security blogger at www.securityeverafter.com. Russell is enrolled in the SANS Technology Institute and a SANS Mentor. He is the past President of the Southeast Tennessee InfraGard chapter and was instrumental in helping it grow by developing meaningful programs for the community.
Twitter: @russelleubanks

Erik Peterson
Building your own Zombie Horde - Dynamic Web Scanning at Massive Scale

In the 12 years since automated dynamic application scanning tools have been available, DAST has gone from something a few in the know were doing to something everyone is doing, but are we really all scanning our web applications? The number of hacks would suggest either the tools are broken or we really are not scanning enough. To understand what was really going on I met with dozens of fortune 100 security and learned that on average only the top 1% of web applications at a fortune 100 company are being aggressively tested both manually and using automated tools but the rest are often going without any security testing at all. Reasons given were that it was just too cumbersome of a task, scanning that number of sites would be impossible and at the current pace would take years to assess everything. Clearly a better solution is needed.

In my talk I'll discuss the modern enterprise challenges that stand in the way of assessing thousands of web applications rapidly in parallel, the trade off's that have to be made as well as those that don't and why you have no excuse to be scanning everything. I'll detail why I selected amazon's EC2 as my platform to run from and the key things to consider when attempting to do anything at scale. Finally I will review the results of a project I ran for a client that started with over 30,000 hosts and ultimately ended with a fully automated assessment of close to 3000 sites in less than a weeks’ time.

Erik Peterson is the Director of Product Strategy for Veracode with 16 years of security industry experience, including senior leadership and technology roles for HP, SPI Dynamics, GuardedNet and Sanctum.

Erik has also held InfoSec roles at Moody’s and SunTrust Bank and IT roles for the U.S. Embassy in Vienna, Austria and the UN IAEA. Erik has spoken at numerous events including OWASP, ISSA, ISACA, InfraGard and BSides and is a member of the Cloud Security Alliance
http://www.linkedin.com/in/erikpeterson

Tony UcedaVelez
Making your own Web Security P.A.S.T.A

Process for Attack Simulation & Threat Analysis is an asset centric (or risk based) threat modeling methodology that connects the security dots within a given SDLC, those dots being how to discover vulns, attack them, apply the right countermeasures and more.  Today’s application assessment options are both misunderstood and misapplied when assessing web applications or any application environment. Often times, traditional security tools and testing methods seem to compete with one another instead of supporting a common goal, especially when trying foster a’ build security in’ doctrine.  This concept of building security in has been spoken of for some time and no real traction has taken place amongst various adopters, even with the information and support around frameworks such as the Software Assurance Maturity Model (SAMM) and Building Security-In Maturity Model (BSIMM), adoption is slower than anticipated.

The outlined process will provide a way in which BSIMM or SAMM can be sustained, via an anchored and repeatable threat modeling process.  Audience members will be introduced the P.A.S.T.A process, go through key exercises that related to application decomposition including but not limited to data flow diagramming, attack tree build outs, and countermeasure development.

In the realm of application security, Tony is a threat modeling evangelist and has provided numerous talks domestically and globally on its many benefits and application.  He has served as a guest mentor to teams participating in Kennesaw State University’s annual Cybercrime capture the flag event as well as a Cybercrime speaker for Southern Polytechnic University in Atlanta (2009).  He has also served as a guest speaker on the subject of application threat modeling during ISACA’s annual Geek Week event and has also served as a keynote speaker on the subject for ISACA’s Global Symposium web cast series.  Additional articles include articles related to CoBIT and the ValIT model (ISACA’s Journal), application threat modeling within the SDLC (InSecureMagazine), and security process engineering for a ROSI (return on security investment) (Journal of Finance).  He’s currently finalizing a book with Wiley Life Sciences on the Process for Attack Simulation and Threat Analysis due out in 2012.  Tony current leads an Atlanta based security consulting firm that provides a hybrid approach to InfoSec by maintaining strong duality and expertise across both AppSec and GRC.  He has consulted numerous global Fortune 500s organizations in both the private and public sector across a myriad of security disciplines ranging from security architecture and design to secure application development.

Tony currently leads the OWASP Atlanta Chapter, where he manages monthly workshops and events for the Atlanta web application security community.  He is also serves on the OWASP Global Membership Board and regularly provides talks to other chapters nationwide, primarily on the topic of application threat modeling.

Ben Feinstein
Morto Kombat: Understanding the Morto Worm

In late August 2011, a new worm dubbed "Morto" began spreading using the Remote Desktop Protocol (RDP). Morto spreads by making RDP connections to other hosts and then attempts to brute force a successful authentication using a short list of common usernames and weak passwords. The worm uses an innovative command-and-control mechanism based upon encoded DNS TXT resource records.

This presentation will cover the "stub and implant" architecture of the Morto Worm and its capabilities. The worm’s propagation mechanism will be explained in detail, including its use of a "stub" DLL and Windows drive mapping over an RDP channel. Morto's persistence mechanism leveraging Windows service hijacking will be explained. The worm's command-and-control mechanisms will be presented in depth.

The audience will be shown network and host indicators of compromise that can be used to reliably detect the presence of Morto within an environment, as well as a Windows registry trick to prevent the malware on an infected system from executing.

Next, real world, in-the-wild observations of Morto Worm incidents at several impacted Dell SecureWorks customers will be presented. In addition to the publicly known command-and-control DNS records, Dell SecureWorks researchers uncovered hundreds of additional encoded DNS TXT resource records from as early as June 2011 that shed light on the development and evolution of the Morto Worm.

Finally, the presentation will attempt to connect some of the dots around Morto and offer some speculation as to motivation and attribution.

Ben Feinstein is Director of CTU Operations & Analysis with the Dell SecureWorks Counter Threat Unit (CTU). Ben is an author of RFC 4765 and RFC 4767, and has over a decade of experience designing, implementing and operationalizing security-related information systems. His major areas of expertise include network IDS/IPS, digital forensics and incident response, and security operations. Ben has previously presented at Black Hat USA, DEF CON, ToorCon, DeepSec, the U.S. Department of Defense Cyber Crime Conference, and many other events. He is active in his local DEF CON group, DC404.

Chris Gates
Pentesting from “LOW” to “PWNED”

Ahhhhh the standard penetration test where I fire up vulnerability scanner X, cross reference it with Pentest Framework Tool Y and if I can’t get a shell it’s not possible unless you are “APT”.  On the other side are all those lowly low and medium vulnerabilities, I know the title said low but if you lump it in with “SSL Medium Strength Cipher Suites Supported”..., commonly ignored during your vulnerability scan and report.  Real opportunities exist to locate that kink in the organization’s armor and these vulnerabilities regularly allow testers (who can break away from the automated tools for a second) that foothold into the soft chewy center.

Rough Outline: We very rarely run across remote exploits allowing us entry into the network. Typically we have to use low to medium vulnerabilities chained together to achieve access.  The talk will discuss how automated pentesting misses key entry points an give examples of how low to medium vulns have been used for full compromise.  The audience should come away with a new way of thinking about pentesting where we don’t fully rely on our automated scanners to find and exploit vulnerabilities.

Chris has extensive experience in network and web application penetration testing as well as other Information Operations experience working as an operator for a DoD Red Team and other Full Scope penetration testing teams (regular pentesting teams too). Chris holds a BS in Computer Science and Geospatial Information Science from the United States Military Academy at West Point and holds his... redacted...no one cares anyway. In the past, he has spoken at the United States Military Academy, BlackHat, DefCon, Toorcon, Brucon, Troopers, SOURCE Boston, OWASP AppSec DC, ChicagoCon, NotaCon, and CSI. He is a regular blogger carnal0wnage.attackresearch.com and is also a regular contributor to the Metasploit and wXf Projects.
Twitter: @carnal0wnage

Martin Fisher
Hacking the CDLC

Too many InfoSec folk don't understand how the Career Development Life Cycle works...  They create inputs and write scripts based on faulty assumptions, bad data, and wrong attitudes and don't get the outputs they want.  We'll discuss how the CDLC *really* works and how you can, if you want, hack it to have the best chance to get the output you really want.

I'm a 20 year veteran of the IT Wars, a CISO, a podcaster, and someone who does what he can to ensure that people know what they need to know in the community. @Armorguy

Anirudh Ramachandran
Tracking Data Provenance to prevent Data Breaches

The prevailing "best practice" to prevent data breaches is limited to (a) scanning content that goes out, or (b) throwing more rules to stop attacks that cause breaches. These approaches have shortcomings, including not being able to prevent breaches over encrypted or steganographic channels, and not being able to defend against a new or zero-day attack that infiltrates an organization and subsequently causes a breach. What might be a future-proof solution is to remain agnostic to the attacks that lead to breaches but instead focus on comprehensively tracking sensitive data. We have developed a system, Pedigree, that tracks data using content-independent, tamper-proof tags. Pedigree uses these tags to track the provenance of sensitive data as it moves between applications, hosts, or even gets encrypted. Thus, independent of the attack or the type of encryption used to leak data, tags can identify the provenance of data flowing out of the enterprise and drop it if it contains sensitive information. In my talk, I would like to present an overview of our assumptions and solution, and stimulate discussion on this new way to prevent breaches from enterprises and Web Applications. More information and some simple demos are available at our startup's page http://nouvou.com.

Anirudh Ramachandran is a networks and systems security researcher at Georgia Tech and the founder and CTO of Nouvou Inc., a nascent data security startup. He has 6 years of experience developing solutions in areas such as data breach prevention, high speed traffic monitoring, network-level spam filtering, and botnet identification.

He graduated with a PhD in Computer Science from Georgia Tech in 2011. http://www.cc.gatech.edu/~avr

Rick Hayes
"Hey, I can do that..."

Media has transformed not only the security community, and society. The explosion of resources from Social Networks to podcasting makes the process increasingly easier and cheaper. Today, anyone, anywhere, can start a podcast. Unfortunately, there is much more to it than simply running a few applications and collecting the output and throwing it on the web. This talk will take you through the process of starting and running a podcast.  We will show you how to leverage our experiences to actually assist you creating something you can be proud of.

Rick Hayes @isdpodcast
Rick Hayes is a Sr. Principal Security Consultant primarily focused on penetration testing and vulnerability assessments. Rick is also a founder and host of the ISD podcast. He has over 20 years of experience in network security, Linux security, incident response, security assessments, and penetration testing. He specializes in OSINT and wireless/RF assessments. Throughout his career he has worked in various aspects of Information Security from Security Architect to CISO.

Mike Rothman
Positivity: The Future of Infrastructure Security

Securosis analyst Mike Rothman is just as frustrated as the rest of you. Our dyed in the wool security techniques of looking for what’s bad don’t work anymore. In fact, they suck and are hurting us by providing a false sense of security to those that are too dim to know the difference. We’ve got to take a different approach. Radically different. We have to think positively, not negatively and we need to start now. Mike will discuss a new infrastructure security architecture, based on defining what is good and blocking everything else. Including the traditional network security perimeter, internal networks, endpoint devices, Mike will discuss trends in each of these areas and how new controls can be implemented in a phased approach to minimize disruption and maximize effectiveness.

Why is this important?: As described, the status quo in network security is killing us. We think getting achieving compliance is the answer, while our financial information and intellectual property is being hijacked by organized crime and a variety of nation-states. The industry needs someone to shake it at its core, challenge the assumptions about what works and what doesn't, and most importantly make some suggestions on how we can do it better.

Doug Burks
Security Onion: Network Security Monitoring in Minutes

Traditional Intrusion Detection Systems (IDS) can be costly, difficult to install, and may not provide all the capabilities that you need to defend your network.  Network Security Monitoring (NSM) combines
traditional IDS alerts with additional data to give you a more complete picture of what's happening on your network. This presentation will demonstrate how to deploy NSM in just a few minutes
using a free Linux distro called Security Onion.

Doug Burks is the Deputy CSO for Mandiant and is also a SANS Community Instructor.  He started the Security Onion distro in 2009 after seeing a need for a quick and easy way of deploying Network Security
Monitoring.  Since that time, it has been downloaded by thousands of security analysts around the world.  You can find Doug blogging at http://pauldotcom.com/ and http://securityonion.blogspot.com/, and tweeting at http://twitter.com/dougburks.

Rafal Los
The Business Doesn’t Care, and it’s Your Fault
 
For many years Info Security professionals have been complaining, whining and crying over the business’ lack of compassion or care for ‘security’.  Well, it’s not the business’ fault, it’s yours.  I’ll talk through why it’s your fault, and what you can do about it to engage your business smarter, on their level, and so you can stop waving your hands and complaining.  Security is a fundamental part of any business model, you just have to understand how it delivers business value, and convey that properly.  Interested?
 
I’m Rafal Los (aka Wh1t3 Rabbit) …and HP’s Enterprise & Cloud Security Strategist …more importantly, I have a viewpoint on IT Security from a business perspective from years of being wrong and misunderstood I’d like to share with you.

Jeremy Allen
Build Secure iOS Applications

This talk covers secure development on the iOS platform, including new iOS 5 features. The talk uses an example driven approach, where possible, to highlight security issues and how developers can avoid them. The talk will detail best practices for new iOS 5 features.  Attendees will learn about data protection, Objective-C language features and behaviors, secure network communications, keychain usage, UDID usage and more. Basic application assessment techniques will be covered (HTTP proxying, SSL MiTM, proxy tools, etc.).

Jeremy Allen is the Chief Technology Officer with the Intrepidus Group. Jeremy is a regular speaker at popular security conferences such as BlackHat, SOURCE and OWASP AppSec. He is currently the lead developer of the SANS “Secure Mobile Application Development: iOS App Security” course. He has conducted numerous application assessments against iOS applications.

Dave Kennedy
Selling Security - Hackers are the next CSO's.

We continue to see an alarming rate of breaches and attacks. Our programs don't seem to be maturing well enough to even handle the most simplistic of a targeted attack.  This presentation will cover how to sell security, and how you...the hacker... can be the next CSO of a company. We are the future of information security, not some high level 5 year security plan that will never be implemented and was created by some business dude that knows zero about security. Throw all that crap away and let’s get dirty and talk about fixing what we all talk about. And yea... We'll be popping some boxes too.

Dave (ReL1K) is the Chief Security Officer at a Fortune 1000 company, author of the Social-Engineer Toolkit, co-founder of DerbyCon, and co-author of the Metasploit: The Penetration Testers guide. He hugs.

Jack Mannino
How To Not Build Android Apps

Android is quickly becoming the playground of choice for the bad guys.  The Android Market has been notoriously polluted with malicious applications, and the Android ecosystem is fragmented beyond belief.  On top of these problems, lots of developers are throwing common sense out the window when creating Android applications.  Things can only get better from here (hopefully).

This presentation will expose some of the many ways these issues combine to make the world a much scarier place.  We will focus on real-world examples of vulnerabilities within Android apps that will make most attendees say WTF?!?  Be prepared to be angry, frightened, and sad…all at the same time.  Live demonstrations of each issue will be provided as well as code samples pinpointing the problems.  

Attendees will be exposed to the overall attack surface for Android applications, and will learn about the steps developers can take to do a better job at protecting them.

Nick Owen
Finance for Hackers or How to get all the budget you deserve

There's a debate raging in InfoSec now about whether CISOs should be business people or IT/hacker type people.  This talk won't address that, because, what a stupid debate!  What does the background of someone matter?  If you're a business type, you better learn technology and if you’re a technical type, you better learn business.  Hacker types that want to move up the ladder need to understand business better, in particular the dark art of finance.

This talk will cover various financial concepts such as ROI, NPV and economic profit, how firms create value; how risk impacts value; how to discuss and present risk analysis in a financial way; and how to analyze buy/build/rent decisions based on both financial benefits and risk. This talk will help InfoSec professionals sell their needs to finance people in a way that finance people will easily understand.  After seeing this talk you will never use the term ROI or ROSI again, safe in the knowledge that only chumps use such lame measurements.

Ryan Jones
(Un)Common tools every tester should have

From free to expensive, many practical tools exist in everyday items that all red team testers should know about. Plenty of talks have been given on lock picks and leave-behinds; this speech will cover the NOT-so- common tools of the trade. This includes items you can buy in hardware stores, toy stores, and elsewhere that can be used in red team testing will be covered. This is your chance to learn to use everyday items in ways you most likely never thought of. More importantly, this talk will help you to learn to discover your own tools when walking through the stores you already shop in.

Ryan has spent fifteen years at the cutting edge of computer security. As Director of the physical security and social engineering practice, he focuses on client side testing, business intelligence, red team testing, physical security assessments, and both electronic and physical social engineering.

Before joining the SpiderLabs team, Ryan worked for USWest, IBM and Alternative Technology. As a consultant, he has provided computer security services to a range of organizations, from boutique operations to Fortune 500 companies.

Ryan has addressed major industry conferences, including SOURCE Boston, You Shot the Sheriff in Brazil, and THOTCON in Chicago. He is the co-producer and co-host of the Exotic Liability podcast, providing unique insight and analysis on computer security issues.

Taylor Banks
Uncomfortable Silence: For the Lulls (A Practical Guide to Speaking at Cons)

Do you speak at security cons? Want to? Either way, this talk is guaranteed to strengthen your confidence and improve your reception, or your money back! Never spoken at a con? Let me show you how!
 
This talk is both a primer on delivering information clearly and concisely to a large audience of varied technical backgrounds, and a practical guide to what NOT to do once your CFP entry has been accepted. I'll explore common mistakes that get made repeatedly by novice presenters, with real solutions to ensure that people don't throw shit at you, and instead ask you back. I will also provide tips and tricks that veteran speakers use to make their presentations more exciting, engaging, interesting and fun.
 
After being suspended from 3 elementary schools, expelled from 2 middle schools and dropping out of high school, Taylor has enjoyed tremendous success in InfoSec since 1997 and has been repeatedly asked back after speaking at industry cons  including Black Hat, BSides, DEF CON, LayerOne, Ouerz0ne and ShmooCon, to name but a few. You can find him at Atlanta’s local DC404 meeting, which he hosts at Manuel’s Tavern on the 3rd Saturday of every month @2pm.

Daniel Peck
Security Consequences, Thinning the Herd

Many of us spend our days researching new threats and developing protections and mitigations, but we seldom step back and think about the long term consequences of that new piece of mitigation technology.  With the exception of a few organizations that appear in Fortune lists or have a .mil domain name, the rest of us are part of the larger herd of computer users.  Attacks seen here seldom involve
0days, and usually come through some sort of messaging, usually email but increasingly via twitter, Facebook, etc.

Scams involving Nigerian princes or fake model profiles with "click here to see me naked" links leading to browser exploit kits plastered all over it are comically easy for anyone paying attention to avoid.  But as we increase automated detection and blocking of scams like this at the service provider level are we slowly forcing the hand of attackers to create increasingly effective bait making an advertorial world and a much more vulnerable herd in the process.
We'll discuss consequences, show examples of the messaging in and around attacks increasing in quality, and talk about how social media allows for huge distortions in the way we perceive and examine the truth in communication.

Daniel Peck is a Research Scientist for Barracuda Labs, currently interested studying social networks. Notable research includes being the co-creator of Caffeine Monkey, a tool for performing behavioral profiling of JavaScript, and demonstrating widespread validation vulnerabilities control system field devices.

Events/Contests

We have two special Events and Contests planned, as follows:

Lock Sport Village

FALE — FALE Association of Locksport Enthusiasts
http://lockfale.com

FALE came together around a common idea of general curiosity and persuasion of the public's "right to know". Formally founded in early 2010, the individuals involved in the initial organization already had a history in and love for the practice of locksport and of having a better understanding of the mechanisms we rely on so heavily to keep us secure. We meet bi-monthly to talk locks, picks, general security and a smattering of other topics all towards the end of a better knowledge of and ability to communicate the effectiveness (or lack thereof) of so many security measures in place in current society. We hope that through these conversations and our efforts publicly we will help to educate the larger community on the proper use and understanding of locks and security measures encountered daily.

FALE will be hosting a lockpick village where folks can come by to talk about physical security, learn to pick locks or talk about advanced picking techniques and tips; or just banter about pure nonsense. There will be plenty of locks, spare picks, and the obligatory various sets of handcuffs to play with, so be sure to stop by!

SlideShare Roulette
What the heck is SlideShare Roulette?

Think you’re a pretty good presenter, or would you like to be one someday?  Ever wonder how those improve comedy performers do it?  Taking the best of both worlds, we now give you SlideShare Roulette.  Here’s how it works - you get to go up on stage to present a full 3 minutes on a topic you don’t know yet.  Better still, its’ the audience that decides what your topic will be by shouting out a key word, which then gets entered into the magical slideshare.net search feature and when we’re ready, we put a slide deck up on the screen …and you present.  Totally unscripted, completely unprepared… just like in real-life.  Think you’re good enough to get through all 3 minutes?  Play along with us, and you could win a pretty cool prize…

Oh yea, there WILL be alcohol involved, be warned!

Event Planners

• Mary Catherine Petermann
• Nick Owen
• Eric Smith
• Tony UcedaVelez
• Martin Fisher
• Dan McGinn-Combs

Volunteers

• If you would like to help with the event, we need you! Please let us know. Email: securitybsidesatl at gmail.com 

CPEs

Your attendance at BSides Atlanta is valid toward the CISSP continuing education credits (CPEs). If you are a CISSP, please print a copy of this form and bring it to the meeting. Give it to the meeting moderator or one of the BSides Atlanta Staff members to sign, after which you can submit it to (ISC)2 as needed.

Hashtags

Please use the tag #BSidesATL for content related to this event.