BSidesCT2011


 


 

Event details

 

 

When: Saturday, June 11th, 2011 9:00AM - 4:00PM

Where: NESIT Hackerspace (Map)

Cost: Free (as always!)

 

RSVP required for attendance: http://bsidesCT.eventbrite.com

 

Invite your friends by posting this on Twitter: "#BSidesCT June, 11,2011: Discover the next big thing!"

 

Live stream and recordings at http://www.ustream.tv/channel/bsidesct

 

Sponsors

 

Events Sponsors: Please contact bsides@nesit.net if interested in sponsoring!

 

ForeSite has been providing solutions for technology problems since 1997 through the IT division which provides everything from help desk, to network maintenance, projects and technology planning, and the Development division which focuses on designing and developing effective custom websites and applications.  We strive to be a true technology partner to our clients, whether we are acting as their full IT Department or as a valuable supplemental resource for their internal IT staff.  Our clients are a mix of nonprofit and for profit organizations ranging from 5-10 person offices to Fortune 500 companies. Learn more at http://www.foresitetech.com

 

 At Technology Partners, we are dedicated to helping our clients recover from any type of data loss. When your data goes missing or your systems go down, we’re just a phone call away. Our mission is to ensure that our clients' data is always “protected, accessible, and secure.”  Learn more at http://www.tpartners.com

 

 


 

 

Talks: 

 

Tim Armstrong

Kaspersky

Danger in the Mobile Marketplace

 

The Android operating system is on an explosive growth pattern, and has recently surpassed Apple’s iPhone for market share.  The growth of this largely uncontrolled mobile platform and application market presents a new and evolving challenge for security practitioners.  Google’s Android Market is likely to become the new source for cybercriminals.  There have already been multiple reports of malicious applications in the store from information stealers to GPS Trojans.  

 

This presentation will take a look at the security aspects of the Android Market.  I’ll delve into the architecture of the security model and its flaws, some of the malware currently found as well as future threats to expect.  Finally, various steps for mitigation will be suggested and discussed.

 

Kizz MyAnthia

 

Weaponizing The Smartphone: Deploying the Perfect WMD

 

"Weaponizing The Smarphone: Deploying The Perfect WMD" will show the audience how to create a deployable package on a MicroSD card for use on the HTC Rhodium (AT&T Tilt2) or similar Windows Mobile 6.5 smartphone. Then using a test wireless AP, a windows server 2003 VM, and The loaded WMD Smartphone the audience will be presented with a live demonstration of some of the tools including NMap, Metasploit, and The Social Engineering Toolkit to exploit the Windows Server 2003 VM and gain administrative access.

 

 

David Sugar

GNU Telephony

 

GNU Free Call; communications for free societies

 

GNU Free Call is a project that was introduced to create a world-wide free as in freedom secure self-organizing intercept-free peer-to-peer realtime communication networks from the bottom up without requiring mediating service providers and by using existing foundations such as SIP, ZRTP derived protocols, and the GNU SIP Witch server.  Our goal includes providing the means for any individual or private organizations to create their own private secure communication network as well as to participate and create a global network.  The ability to communicate securely, privately, and to even do so anonymously, are essential freedoms and have become a question of basic human dignity in the 21st century.  Our initial focus is on delivering sustainable medical communication infrastructure where the need for privacy is also essential to protect patents dignity.

 

Charlie Vedaa - PacketProtector

 

pwn0- game on!

 

Have you ever wanted to go all 'Grand Theft Auto' on a network? To brazenly scan and sploit everything in your path?  But you're too nice to unleash your hacker fury on the neighbor's wifi?

 

Then check out pwn0.com and help build an online playground where people can meet to pwn and be pwned.


Georgia Weidman

(Of Shmoocon Fame) 

Transparent Command and Control for Smartphones over SMS Redux

 

As smartphones become increasingly ubiquitous and powerful, they become appealing targets for botnet infections. Many of the top selling smartphone platforms are built on common PC operating systems. This makes the transition from developing PC based malware to smartphone based malware nearly trivial. Smartphone malware and specifically botnets have been seen both in security research and in the wild. The GSM modem can be viewed as a public IP address without filtering or firewall capabilities. The presentation shows an example of a smartphone botnet that is controlled over the GSM function SMS. The presented system works at the base operating system below the application layer, resulting in transparency to the user. Details of the system are discussed with particular interest on cryptography and security concerns. This attack vector will be put to the test, to defeat new defense techniques that have been released since this attack was first shown. 

 

Boris Sverdlik

SR Partner

Jaded Security


Hacking The Interview

 

We have all had that interview where you walk out with that knot in your stomach knowing that it did not go well. This can happen to the best of us regardless of who you are and how good you are at your craft. The problem with an interview is that you have a very short time to self yourselves to the potential employer. What if you could walk into an interview and know as much information about your potential new boss as his spouse? That would definitely change the odds in your favor. Now imagine if you could pick up on his or her social weaknesses within the first few minutes of the conversation?

 

Ryan O'Horo

IOActive

Pen Testing People: Social Engineering Integration

 

The security regimen most companies follow rarely includes the most critical element of any infrastructure – its people. The numbers don’t lie, targeted social engineering attacks are extremely effective and simple steps can be taken to immediately and consistently reduce the threat. In this presentation, Ryan O’Horo will take you into the psychology of a social engineering attack and the unfortunate truth of how unprepared companies can be against them. Critically, strategies for running social engineering test cases as part of regular security audits and educating end-users in resisting social engineering attacks will help you integrate social engineering with your organization and shrink your attack surface.

 
Chris Karr, CISSP - ÜberGuard Information Security Consulting, LLC SCADA Security  

Smart Grid operators must be diligent against international security threats from cyber terrorists, organized hackers, rogue states, etc. SCADA systems are intelligent IP-based hardware controls that are deployed to control and monitor the physical processes that make up the operation of energy utilities. The security challenges faced by power system operations are very different from those facing most other industries. Connecting a SCADA system to a public-facing network provides a host of security challenges. Since Chinese hackers have infiltrated the U.S. Smart Grid in 2009, where they left logic bombs and also gained control of many SCADA systems, SCADA security has moved into the limelight with the FBI, the Secret Service, the CIA, the NSA as well as the private-sector InfoSec community. 

Dan Weinstein Technology Partners Cloud Backup and Disaster Recovery

 

 (Abstract Pending) 

Grecs

Founder, NovaInfosecPortal.com

Hacking Your Career Talk

Hi, I'm Grecs. Would you believe me if I told you that I went from being a bankrupt first level help desk technician to being a poser 37337 hacker millionaire in just 5 years? Some days I have a hard time believing it myself, but it’s true! Although my life is amazing now, it wasn’t always like this... When I declared bankruptcy it seemed like my life was over at just 25 years old. I was ashamed, embarrassed and felt like a failure. My relationship with my girlfriend was on shaky ground. My health was deteriorating and I wasn’t sure how I was going to feed my two young cats. My only computer was a botnet and pr0n infested Pentium II running Windows 98SE. To say the least, I was not the provider I wanted to be. To the astonishment of my friends and family I was able scrape together $450 and turn it into a net worth of over $1 million dollars in just 60 months! You must be wondering how this is even possible. The answer is infosec certifications. Now my new hackerin wife and I live in the loft of a 10,000ft hacker space on a large fresh water lake surrounded by beautiful mountains with 2 swimming pools, 3 hot tubs, tennis courts, and a private gym in the richest county in the country. I impress people by pretending to hack on my dream computer - a Mac Pro with 12 2.93GHz processor cores, 64G of DDR3 ECC SDRAM memory, 2TB of SSD storage, and dual 27" LED cinema displays - paid in cash. Our cats go to the obedience school of our choice. Best of all, my wife and I don’t argue about money and I am finally able to relax and hack without constantly worrying about money. This has all been possible because of infosec certifications. … Ok the above is a bunch of BS … but if infosec is your hobby and you want to learn how to turn this into a career or if you are early in your career and looking to take it to the next level, come join me for a light hearted fun-filled session on hacking your career.

 

 

 


 

Attendee list available at: 

http://bsidesCT.eventbrite.com

 


Features:

 


 

Organizers

 

 


 

You may also contact bsides@nesit.net with any questions about this specific event. 

 

Volunteers