- Loading...
- No images or files uploaded yet.
Keynote:
Richard Bejtlich is Mandiant's Chief Security Officer. He has more than 13 years of experience in enterprise-level intrusion detection and incident response working with the federal government, defense industrial base, and Fortune 100 companies.
Prior to joining Mandiant, Mr. Bejtlich was the Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Before his work at GE, he operated TaoSecurity as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation. He began his digital security career as a military intelligence officer at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA).
Mr. Bejtlich is a graduate of Harvard University and the United States Air Force Academy. He wrote The Practice of Network Security Monitoring, The Tao of Network Security Monitoring, Extrusion Detection, and co-authored Real Digital Forensics. He currently writes for his blog TaoSecurity (taosecurity.blogspot.com) and teaches for Black Hat. Abstracts:
Paul Coggin (@paulcoggin) Digital Energy – BPT (Basic Persistent Threat)
There is a great deal of conversation today regarding APT and critical infrastructure networks for ICS/SCADA, smart grid networks and service providers. The basic persistent threat (BPT) issues are being ignored in many cases. How can the APT be mitigated when the BPT issues have not been resolved? Typically, the technical capability to mitigate BPT many of the APT risks already exist in the installed HW/SW but proper attention to trust relationships, integration and interdependencies are overlooked. Close attention should be given to the often overlooked network vulnerabilities in the network architecture and protocols that enable BPT. In this presentation common network BPT issues that are often discovered during security consulting engagements will be discussed. BPT network architecture mitigations including separation of services for control, management and data traffic as well as securing and monitoring trust relationships and interdependencies will be covered.
Doug Burks (@dougburks) Security Onion: Peeling Back the Layers of Your Network in Minutes
Traditional Intrusion Detection Systems (IDS) can be costly, difficult to install, and may not provide all the capabilities that you need to defend your network. Network Security Monitoring (NSM) combines traditional IDS alerts with additional data to give you a more complete picture of what's happening on your network. This presentation will demonstrate how to deploy NSM in just a few minutes using a free Linux distro called Security Onion.
Christopher Campbell (@obscuresec) & Matthew Graeber (@mattifestation) Living Off the Land: A Minimalist's Guide to Windows Post-Exploitation
Two of the biggest challenges of long-term penetration tests are advanced security products and active administrators. Host intrusion prevention, application white-listing and antivirus software are all looking for your tools. Administrators and network defenders are doing everything they can to find you. Surprisingly, the easiest way to hide from them and homestead in a Windows enterprise is to live off the land. Microsoft provides you with all the tools you need to get into a network and live there forever. Tools such as Wmic, Netsh and PowerShell are well-known to administrators, but they also provide an attacker a whole range of virtually untapped features. By simply leveraging PowerSploit and a few tricks you can reliably bypass antivirus, get around whitelisting, escalate privileges, redirect network traffic, take full packet captures, log keystrokes, take screenshots, dump hashes, persist and pivot to other hosts all without introducing a single binary!
David Bianco (@davidjbianco) Enterprise Security Monitoring: Comprehensive Intel-Driven Detection
This is a great time to be in the detection field! More and more organizations are waking up to the fact that an effective detection program is a “must-have” to protect themselves against sophisticated threats. This creates a market for high-quality threat intelligence, and many groups are stepping up to meet this demand. With very little effort, your organization can connect to any number of quality data feeds, both commercial and free. However, this can lead to it’s own problems: almost no one is using threat intel effectively! Now that you’re drowning in a sea of intel, how do you make sense of it all and ensure that you are making maximum use of this information to provide the best possible detection strategies for your organization?
When you fully leverage your knowledge of an adversary to rapidly detect and respond to their attacks, you deny them access to their trade craft. You become a harder target and they feel the burn! David developed the ESM method while creating and running the worldwide detection program at a Fortune 5 company. Learn how to apply ESM in your org to bring the fight to the attackers!
Mark Baggett (@markbaggett) Windows - 0wn3d by Default
In this talk we will discuss API Hooking, Process Execution Redirection, Hiding Registry keys and hiding directories on the hard drive. We must be talking about rootkits, right? Well yes, but not in the way you think. The Windows family of operating systems has all of these capabilities built right in! Using nothing but tools and techniques distributed and documented by Microsoft we can implement all of these rootkit functions. During this exciting talk I will be dropping 0-days like a mad man and present new attacks against Windows operating system that provide rootkit like functionality with built-in OS tools. The Windows family of operating systems provides native rootkit like capability. You just need to know how to tap into it! Do DEP, ASLR, UAC, and Windows Resource Protection, File system ACLS and other modern OS security measures get it your way? No problem. Turn them off! Do you want to hide files and registry keys and from the user? Wouldn't it be nice if that old MS08-067 exploit worked on target system again? I'll show you how to fix that. Everything you need to subvert windows applications is built right into the windows kernel. Come learn how Windows is 0wn3d by default.
TJ OConnor (@violentpython) Why Every Defender Should Know How to Write Exploits
All too often in our field of information security, we separate the roles of defense and offense. Often this is because of the very specialized training required in both domains. After spending fourteen years in the military that seems insane to me. The military has neither a defense team or an offense team of warriors but simply warriors that serve both purposes. For information security, we need to examine this in context of the exploit mitigation strategies employed on networks. Are defender-only versed defenders really doing the best job? Or is it worth it to get your hands dirty and really learn more about exploit development and the various creative methods the offense uses? This talk will step through some recent successful attacks and look at the various creative ways that attackers develop exploits to succeed and bypass mitigation strategies. In context, we will examine how a defender can do a better job knowing how the adversary thinks and acts.
Mike Jones (@saxdr) What’s in your toolkit: unconventional methodologies to consider in information security
Intrusion detection is a challenging problem that has no easy solutions. In this talk, we look at some models that heretofore have not been commonly used in network security that may provide new insight into network awareness. State space, agent-based, and linear regressive models are discussed. Rudimentary knowledge of linear algebra, differential equations, and statistics are helpful, but not absolutely necessary, in understanding the topics being discussed.
David Coursey (@dacoursey) Sheep and Sheepdogs: Employing EMET for Application Security
The Microsoft Enhanced Mitigation Experience Toolkit (EMET) is a free tool for reducing the risk of unknown software vulnerabilities. Easy to use and very powerful, EMET is the perfect addition to any organization struggling with endpoint security. This Tech Talk will showcase some of the capabilities of EMET and demonstrate its effectiveness.
Tim Tomes (@LaNMaSteR53) Look Ma, No Exploits! - The Recon-ng Framework
I've been on the conference circuit for the last year preaching the importance of thorough reconnaissance as a part of the penetration testing methodology. I've talked about the principles of reconnaissance, how to accomplish it quickly and effectively, and even released a few tools to help along the way. In my latest tool, the Recon-ng framework, the power of reconnaissance has been taken to a new level. In this talk, I am going to discuss and demonstrate the power of the Recon-ng framework by walking attendees through a live reconnaissance scenario which starts with the tester having nothing but the framework, and ends in the tester gaining credentials to the target environment. All without sending a single packet to the target network. Come a skeptic. Leave a believer. Reconnaissance is king.
Brad Shoop (@bradshoop) & Chris Rimondi (@crimondi) Eyeing the Onion
How do you make sense of the vast amounts of data Security Onion harvests from the packets that it sees? For users with little experience with Bro IDS, there is a learning curve one must ascend in order to maximize the value of Security Onion and ELSA to bring efficiency to detection and response. Security Onion for Splunk provides a powerful introduction to getting a better understanding of exactly what that information is so users can apply that understanding to maximize the value of ELSA. We will demonstrate the Security Onion for Splunk app, then show you how you can take your understanding of what you “see” there and apply it to ELSA for production deployments with techniques for parsing events and building dashboards. Lastly, we’ll demonstrate several dashboards we’ll be releasing.
Martin Holste (@mcholste) Not BigData, AnyData: Collecting Useful Security Data for Incident Response
Security data comes from everywhere; all data is security data. This talk will describe how to go about getting the raw data that you need and just as importantly, how to make it actionable. Specifically, methods for collecting traditional as well as how to leverage data that isn't traditionally security data. The talk will cover not only tricks for getting these sources of data collected, but also how to take the enormous amount of raw information and apply sound hunting and alerting methodologies using readily available tools. Strategies and procedures at the organizational layer will be discussed, including how the org can best benefit from the security incident response process.
Ron Martin Human Shields for your Network; or the Inadequacy of Current Security Awareness Training
End users are the primary targets of most cyber attacks. Primarily through Social Engineering (both technical and non-technical) attacks. The only defense against these attacks is effective user training. Many Information Security Awareness training programs tend to follow a pedagogic paradigm of reciting the types, tactics, tools, and motivations of hackers and cyber attackers. This methodology tends to miss the single most important focus for an adult learner: how does this apply to me? As Security professionals, the standard presentation of this type of information is more than adequate however; for the standard user, this information is nothing more than alchemy performed by modern
Sponsors:
Events:
FALE came together around a common idea of general curiosity and persuasion of the public’s “right to know”. Formally founded in early 2010, the individuals involved in the initial organization already had a history in and love for the practice of locksport and of having a better understanding of the mechanisms we rely on so heavily to keep us secure. Beginning with four members meeting monthly, we have quickly progressed to bi-monthly meetings. We talk locks, picks, general security and a smattering of other topics when meeting, all towards the end of a better knowledge of and ability to communicate the effectiveness (or lack thereof) of so many security measures in place in current society. We hope that through these conversations and our efforts publicly we will help to educate the larger community on the proper use and understanding of locks and security measures encountered daily.
Organizers:
Volunteers:
Task List:Tech
|
|
Comments (0)
You don't have permission to comment on this page.