-
If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.
-
You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!
|
BsidesMemphisCFP
Call For Presentations (CFP)
BSidesMemphis is looking for presenters on the following topics but not limited to:
- Cloud Security
- Digital Forensics
- Emerging Threats
- Intrusion Detection/Prevention
- Mobile Security
- Physical Security
- Security Tools and Techniques
- Social Engineering
- Application Security
- Secure Programming
The deadline for submitting a presentation is June
15th, 2012. Speaker notification is June 22, 2012. Each presentation should be no longer than 1 hour in length, including questions and
answers, and the format should consist of:
- Presentation or
- Workshop or
- Hands on Training
Please email your presentation proposal to bsidesmemphis at gmail.com. When
submitting a presentation proposal, include the following:
- Your Name
- Contact Information
- A short biography
- Title
- Abstract
- Supporting Research
- Format (Presentation/Training/Workshop)
Schedule
Saturday - September 15, 2012 |
---|
8:30 AM - 9:30 AM |
Registration |
9:45 AM - 10:00 AM |
Opening Remarks/Kick Off |
10:00 AM - 11:00 AM |
Building a Database Security Program - Matt Presson
|
11:00 AM - 12:00 PM |
How I Learned To Stop Worrying and Love the Smart Meter -
Spencer McIntyre |
12:00 PM - 1:00 PM |
BBQ Lunch!
|
1:00 PM - 2:00 PM |
Attacking Apache Reverse Proxy - Prutha Parikh |
2:00 PM - 3:00 PM |
WiFi Security - James Kegel |
3:00 PM - 4:00 PM |
SCADA Security: Why is it so hard? - Amol Sarwate |
4:00 PM - 5:00 PM |
Attacking Corp America using
Social Media - James Ruffer
|
5:00 PM - ? |
Social activities, etc. |
Talks
-
Speaker: Amol Sarwate
-
Title: SCADA Security: Why is it so hard?
-
Abstract: This talk will present technical security challenges faced by organizations that have
SCADA, critical infrastructure or control systems installations. It will provide examples of attacks and examples of security controls
for the same. The talk will introduce an open-source tool to help identify and inventory SCADA systems.The presentation will begin by
introducing SCADA systems under the hood including RTU, IED, PLC, FEP, PCS, DCS, HMI, sensors, data historians and other SCADA
components. The presenter will categories these components into distinct groups based on the functionality that each component
provides. The presenter will review the security implications on each of these groups and identify where most of the threats lie. The
presentation will take a packet level dive into SCADA protocols like MODBUS and DNP3 and study their security implications. The
presentation will give example of attacks that can be carried out against each group and component. The presenter will release an
updated version of an open-source tool to identify and inventory SCADA systems using the protocols discussed in this presentation. The
presenter will then focus on real world examples of successful and not-so-successful implementations of security controls with SCADA
systems. This will include examples of what some large organizations have done, and a discussion about why SCADA security cannot be
deciphered just by tools or technical solution. The presentation will conclude with guidance on how control system owners can start
implementing additional measures to get to an acceptable security.Attendees who are in charge of control system infrastructure will
get insight on what worked and what did not for other organizations. Engineers who are in-charge of security for control systems will
get a better technical insight of SCADA protocols and components and can use the open source tool that is introduced. Attendees who
are new to control systems will get an excellent overview of security complexities of control systems.
-
Speaker: Spencer McIntyre
-
Title: How I Learned To Stop Worrying and Love the Smart Meter
-
Abstract: The "Power Grid" is a growing topic in the security industry and Advanced Metering
Infrastructure (AMI) is a topic that hasn't been discussed to its full potential. This presentation will discuss the types of
vulnerabilities that have been found in Smart Meters, and give examples from real world assessments we’ve conducted. Different
methods of accessing the meter will be presented such as over the optical interface and the Zigbee wireless radio. In addition, we
will discuss a testing methodology we’ve developed which covers Smart Meter testing.
-
Speaker: Prutha Parikh
-
Title: Attacking Apache Reverse Proxy
-
Abstract: his talk will discuss the Apache Reverse Proxy vulnerability (CVE-2011-4317) that I
discovered while developing vulnerability signatures for Apache. Depending on the reverse proxy configuration, the vulnerability
allows access to internal systems from the Internet.
The presentation will start with discussion on reverse proxies and look at some older reverse proxy vulnerabilities and patches.
It will go into the thought process behind bypassing the latest patch to discover a new vulnerability to remotely gain access to the
internal network. It will also describe the tools, techniques and ideas that went behind discovering the new variant of the
vulnerability and constructing a proof of concept to exploit the issue. Along with exploring the root cause of the issue, it also
talks about the issue from an attacker’s perspective and finally recommends protection mechanisms against the attack. The talk
will also give the audience a peek into the process of vulnerability signature creation and discovering new vulnerabilities.
-
Speaker: James Kegel
-
Title: WiFi Security
-
Abstract:
-
Speaker: Matt Presson
-
Title: Building a Database Security Program
-
Abstract: In today's world of Information Security, we implement technical controls almost
everywhere. As such, you would probably be hard pressed to find an up-to-date InfoSec department that didn't manage firewalls, IDS/IPS
systems, Web Application Firewalls, HIDS/HIPS, AV for clients and servers, and full disk encryption for laptops. While these types of
systems can be useful, in most cases they fail to prevent a company's IP and customer data from being stolen by attackers.
This talk will present a model that can be used by companies to effectively detect and prevent such breaches by implementing a
database security program focused on business integration, proactive security controls, and continuous monitoring and alerting.
Examined will be the key focus areas of the program along with how each provides greater visibility to security and the business, and
makes it possible to respond quicker to potential security incidents - potentially preventing a breach altogether.
-
Speaker: James Ruffer
-
Title: Attacking Corp America using Social Media
-
Abstract:James F. Ruffer III is well-known ethical hacker with a special interest in social
engineering and social media hacking. He is a regular presence on the USA weekly (Chicago NBC radio), Memphis NBC TV, and Memphis
Clicks and Coffee, where he talks on security issues. Also, James has published widely on security topics,
includingsocialmediasecurity.com, FBI Infragard, and connectedcops.net. James has spoken at several security events, including
Phreaknic, Infosec Chicago, Memphis CyberExpo. Extending his expertise into the app world, James has publish apps for
datalossdb.org,ihackcharities.org, and exoticliability. James is currently on the board of Memphis OWASP and Memphis ISSA, and he
serves as VP of IT for a financial institute. His past experience also includes CTO social media/mobile development, Encryption
Engineer for fortune 500, and forensics engineer for fortune 50 company.
BsidesMemphisCFP
|
Tip: To turn text into a link, highlight the text, then click on a page or file from the list above.
|
|
|
|
|
Comments (0)
You don't have permission to comment on this page.