May 17, 2014
Hilton Garden Inn New Orleans Convention Center
1001 South Peters Street / New Orleans, LA 70130
Note: The venue is a 5-10 minute walk from the French Quarter
Registration for BSidesNOLA 2014 is closed. Register information for BSidesNOLA 2015 can be found here!
The CFP ended on February 1st. Thanks to all who submitted!
Sponsor Logos | |
[Your Company's Logo Here!] |
|
[Your Company's Logo Here!] |
[Your Company's Logo Here!] |
To request a sponsorship packet, please email bsidesnola [@] gmail.com.
Track 1 |
Track 2 |
Track 3 | |
8:15 |
Registration Opens |
||
8:45 |
Opening Remarks Andrew Case (@attrc) Volatility Foundation |
||
9:00 |
Keynote Dionysus Blazakis (@justdionysus) Staff Software Engineer, FireEye |
||
10:00 |
Glenn Edwards (@hiddenillusion) & Ian Ahl (@tekdefense) Mo' Memory No' Problems |
Gillis Jones (@Gillis57) AppSec Tl;Dr |
Shannon Sistrunk (@shannonsistrunk) Interpersonal Manipulation |
11:00 |
Brian Baskin (@bbaskin) Introducing Intelligence into Malware Analysis |
Davi Ottenheimer (@daviottenheimer) Baby Got Risk: I like Big Data and I Can Not Lie
|
Dhia Mahjoub (@DhiaLite) Quest for Botnets using DNS |
12:00 |
Lunch!! |
||
1:15 |
Firetalks 10 five minute talks with the winner chosen by the audience at the end. Signups for firetalks will be available at the registration desk. |
||
2:15 |
David Stampley Who Defines "Reasonable Security"?Lessons from the Field and Courtroom |
Patrick Perry (@pjbperry) Security Analysis of a Fingerprint Fuzzy Vault |
Chris Sistrunk (@chrissistrunk) & Adam Crain How 2 Good Guys Changed an Industry
|
3:15 |
J. J. Guy (@jjguy) The Changing Face of Intrusion Response |
Dr. Golden Richard (@nolaforensix) Reverse Engineering Go |
|
4:15 |
Sarah Edwards (@iamevltwin) Reverse Engineering Mac Malware |
Amol Sarwate (@amolsarwate) 2014 - The year in which we cannot ignore SCADA |
Chad Olivier (@techariah) Responding to APT |
5:15 |
Closing Remarks Conference Organizers |
Mo' Memory No' Problems
Memory forensics is an area that is increasingly gaining popularity; however, it is still something that is not leveraged as much as it should be. Often times we find out that organizations/analysts either lack the capability to incorporate it into their analysis processes or they just do not truly understand or have a good knowledge of its usefulness.
If people are applying the Pareto Principle (80-20 rule) to host based artifacts for their investigations then why can’t the same thought be applied to memory forensics? In our experience, by grabbing this single artifact from an endpoint a majority of the questions we are tasked with are able to be answered. We’re not saying everything can be answered in every instance, but enough for us to ask/take a memory dump any chance we can because we have had that much success.
This talk will touch on why/how we use memory forensics, some issues/limitations and odd use cases we have encountered and wrap up with some of our own war stories that have resulted in custom scripting, rules and plugins to be developed.
Introducing Intelligence into Malware Analysis
Malware analysis is the current en vogue topic for computer security companies and careers. However, many are still approaching malware the same way their forefathers did a decade ago. Malware analysis without intelligence leads to slower responses, duplication of effort, and disparate results for each incident. These issues are mitigated by taking a systematic, layered approach to analysis that can then be applied to your organization's overall security posture through Free Open Source Software.
Security Analysis of a Fingerprint Fuzzy Vault
Given revelations of the last year there has been much discussion surrounding what encryption schemes are vulnerable to attack. While I am an incident responder by trade, I studied a popular fingerprint fuzzy vault looking for vulnerabilities in the implementation of this specific form of biometric authentication. As I am not a professional cryptographer I used some unique approaches drawing on my experiences in network security to help me show that a particular fingerprint fuzzy vault is not as secure as advertised and propose a solution to the problem. In this talk you will learn things you did not know about fingerprints, how they are used for biometric authentication and hopefully gain an appreciation of the inherent difficulty with this system. Finally, you will see the process I went through, as someone without a PhD in math, in trying to show that a crypto system is flawed.
Who Defines "Reasonable Security"? Lessons from the Field and Courtroom
Under prevailing legal standards, organizations must implement “reasonable” safeguards to control “material” security risks. Those terms are hard to define, and enforcement cases tend to focus on the outer bounds of what not to do. However, by reading between the lines, the cases reveal some outside-the-box, affirmative steps security practitioners can take, individually and collectively, pre- and post-event.
Baby Got Risk: I like Big Data and I Can Not Lie
Glenn Edwards
Glenn P. Edwards Jr. (@hiddenillusion) is a Senior Incident Response Consultant with FireEye Labs where he specializes in Incident Response, Digital Forensics and Malware Analysis. Glenn holds a M.S degree in Digital Forensics from the University of Central Florida as well as a B.S. degree in Information Security and Privacy from High Point University.
Ian Ahl
Ian Ahl (@TekDefense) is a Senior Incident Response Consultant with FireEye Labs. While responsible for many facets of DFIR, his areas of focus are Network and Memory forensics. Ian holds a M.S. degree in Information Technology. Additionally he writes article and produces video tutorials on Information Security topics at http://www.TekDefense.com
Gillis Jones
A giant of a man, Gillis Jones is currently employed as a Security Consultant at Accuvant Labs. He has been engaged in web application security for the last four years, and has worked with companies to increase their security posture all the way from a Stealth Startup to a multi-million dollar business with hundreds of employees. He is the founder of the Badmin Project, and has worked with dozens of entry level security people to assist them in becoming "1337".
Chris Sistrunk
Chris is a Sr. Consultant at Mandiant/FireEye on their new ICS/SCADA team. Before joining Mandiant, Chris was at Entergy for 11+ years as an Engineer, with the last 5 as SCADA SME for Transmission. Chris is a Sr. Member of the IEEE, a registered Professional Engineer, and is a member of the DNP3 Technical Committee. He also was partnered with Adam Crain on Project Robus - An ongoing search for vulnerabilities in SCADA/ICS protocols. He has his BS in Electrical Engineering and MS in Engineering and Technology Management from Louisiana Tech University. Chris also founded and organizes BSidesJackson, Mississippi’s only security conference, since 2012.
Shannon Sistrunk
Shannon Sistrunk has a B.A. in Speech Communication from Louisiana Tech University and a M.S. in Applied Communication from Mississippi College. She is the owner of Bayou Communications LLC, specializing in corporate, interpersonal & nonverbal communication, social-engineering, and more. Most importantly she is married to Chris Sistrunk for almost 15 years, it's been a blast! They have two children, ages 10 and 6. Shannon gets to test her skills daily against the best SE's ever. Her kids.
Brian Baskin
Brian Baskin is a digital forensics professional and incident responder with RSA. Brian was previously an intrusions analyst and malware analyst/reverse engineer for the Defense Computer Forensics Laboratory, part of the Defense Cyber Crime Center. For nearly 15 years Brian has worked to research, develop, and train responses to growing network threats. Brian devotes much of his time to researching malware, network protocols, and Linux and UNIX intrusion responses. He has authored numerous books on computer security and developed software to allow for more efficient intrusion and malware analysis. Brian is also a ginger.
Kati Rozdon
Kati Rodzon has over a decade of experience in statistics, research methodology, cognition, behavior, and all things human. She has managed content development and helped create security awareness programs that focus on experimentation, data collection and analysis for programs that unique to each organizations culture. She also has experience in the creation and implementation of customized enterprise behavioral content/modification plans, has created and tested methodology for cultural gap analysis services and has consulted in creating effective social engineering tools and testing penetration testing scenarios. As an independent contractor Kati continues to work in the security industry creating tools and program that effectively reach users across entire organization and motivates them to learn as well as engage in the material.
Dhia Mahjoub
Security researcher at OpenDNS, Dhia Mahjoub works on research and development problems involving DNS, security, big data analysis, and networks. Dhia holds a PhD in Computer Science from Southern Methodist University, Dallas with a specialty in graph theory applied on Wireless Sensor Networks. He presented at BSides NOLA, APWG eCrime, BSides Raleigh, BotConf and will be talking at the upcoming BSides San Francisco. He is also part of the non-profit security research group MalwareMustDie helping track botnets and other malicious sources on the Internet.
David Stampley
Dave Stampley, a partner at KamberLaw in New York, represents plaintiffs nationwide in information-technology-related class actions. Previously, he has served as general counsel and compliance specialist for Chicago-based Neohapsis and director of privacy for a Fortune 1000 retail management technology vendor. In public service, as an Assistant Attorney General in New York, he led landmark privacy and security enforcement actions to protect consumers’ interests. He began his legal career as a prosecutor in the Manhattan D.A.’s office.
Patrick Perry
Patrick is a Systems Engineer at Mandiant. He has a strong background in digital forensics and incident response and an interest in network security monitoring. He has worked in federal law enforcement, consulting and as a member of the GE-CIRT where he got to learn from some of the best people in the field. He received an MS in Computer Science from James Madison University in 2013 where his thesis work was on the fingerprint analysis he is discussing here.
J. J. Guy
J.J. spent twelve years in federal cyber operations, including an active duty tour with the Air Force’s Information Warfare Center and as Director/General Manager of one of the top providers of federal CNO R&D services, with about one hundred kernel programmers, reverse engineers and vulnerability researchers supporting a dozen different federal programs.
J.J.'s time in the Air Force gave him an intimate understanding of the shortfalls of enterprise network defense technology. Frustrated by the “state of the art†and narrow thinking of industry, he has been a strong advocate for shifting investment from protection to detection and response since 2002. As a full-stack engineer, proven leader and public speaker, he can move from the lab to the podium to the boardroom and back. J.J. has a BS in computer engineering from Case Western and a MS in Computer Science from Johns Hopkins.
Dr. Golden Richard
Golden G. Richard III has over 35 years of experience in computer systems and computer security and is currently Professor of Computer Science, University Research Professor, and Director of the Greater New Orleans Center for Information Assurance (GNOCIA) at the University of New Orleans, where he has taught and conducted research for the past 20 years. He's also the founder and owner of Arcane Alloy, LLC, a private digital forensics and computer security company. Golden earned a B.S. in Computer Science (with honors) from the University of New Orleans and an M.S. and Ph.D. from The Ohio State University. His first floppy drive cost $600 and required financing. Golden is also a professional music photographer--you can check out his work at High ISO Music.
Sarah Edwards
Sarah is an senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counterâ€intelligence, counter-narcotic, and counterâ€terrorism. Sarah's research and analytical interests include Mac forensics, mobile device forensics, digital profiling and malware reverse engineering. Sarah has presented at the following industry conferences; Shmoocon, CEIC, TechnoSecurity, HTCIA and the SANS DFIR Summit. She has a Bachelor of Science in Information Technology from Rochester Institute of Technology and a Masters in Information Assurance from Capitol College.
Davi Ottenheimer
Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is author of "The Realities of Big Data Security" and co-author of the book "Securing the Virtual Environment: How to Defend the Enterprise Against Attack".
Amol Sarwate
Amol heads Qualy's team of security engineers who manage vulnerability research. His team tracks emerging threats and develop new vulnerability signatures for Qualys’ vulnerability management service. Amol is a veteran of the security industry and has devoted his career to protecting, securing and educating the community from security threats. At Network Associates, he contributed in the development of security products like CyberCop Scanner and Gauntlet Firewall. At Hitachi Semiconductor, Amol managed a team that developed device drivers for RISC processor based boards. Amol has presented his research on Vulnerability Trends, Security Axioms and SCADA security at numerous security conferences, including RSA Conference, BlackHat, Hacker Halted, BSides, InfoSec Europe, NullCon, GrrCon, Homeland security Network HSNI and FS/ISAC. He regularly contributes to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. He writes the “HOT or NOT†column for SC Magazine.
Web: http://security-pulse.blogspot.com/
Chad Olivier
Chad Olivier is the owner of Shades of Gray Security. He has over a decade of experience in IT security. He has worked in every industry performing social engineering, reverse engineering, penetration testing, vulnerability research, and has been involved with incident response to some of the largest breaches in history.
Organizers:
If you would like to fill any of the volunteer spots or just volunteer in general then please contact us.
Registration can be found on our eventbrite page: https://www.eventbrite.com/e/bsides-nola-2014-tickets-9618726871
Tech
Wifi
Projector
Photo
Video
Audio
Streaming or Stickam or Skype or Ustream or Livestream
Non-tech
Coffee & Beignets -
Beverages -
Badges & Lanyards -
Venue -
A/V Equipment -
T-Shirts -
Please use the tag #BSidesNola for content related to this event