sploit me if you can
c++ template reversing, vftable madness, and randomization, oh my!
come watch as atlas iterates through the 2011 defcon quals “potent
pwnables 500″ challenge and the path to solution.
Speaker BIO: atlas
atlas is a doer of stuff. inspired by the illustrious sk0d0, egged on by
invisigoth of kenshoto, atlas has done a lot of said ‘stuff’ and lived to talk
about it. whether he’s breaking out of virtual machines, breaking into banks,
or breaking into power systems, atlas is always entertaining, educational and
fun.
Beat to 1337: Creating A Successful University Cyber Defense Organization
A university with no students with significant prior information security experience may find collegiate information security competition a daunting task. Most competitions require a large amount of technical knowledge to set up, along with a fair amount of organization. But how are students with no information security knowledge going to compete in competitions and keep from getting completely owned? Well, they’re not. The most important step to successful competition is educating oneself.
In this presentation, I describe our efforts organizing a team of undergraduate students interested in creating our school’s cyber defense organization and participating in CTF competitions. I’ll introduce the methodologies that we used (and continue to use) in order to start educating and motivating bright students about information security and keep them interested.
Information security education must continue outside the classroom. Although the demand for information security knowledge is high, the requirements are rigid. While the industry is growing very rapidly, students who do not show passion and dedication to the field and deep practical knowledge will quickly be left behind. We aim to leave you armed and ready to compete with and learn from some of the best and brightest information security students in the world.
Speaker BIO: Michael Arpaia
Mike Arpaia is a Junior in the CyberSecurity program at Stevens Institute of Technology and is a co-founder of the Stevens Cyber Defense Team. Mike works as a Security Consultant/Penetration Tester Intern at Gotham Digital Science LLC. His primary interests are in web application security and exploitation.
Offensive Countermeasures: Still trying to bring sexy back
Why is it that the Hackers and Penetration Testers get to
have all of the “sexy” fun? In this presentation we will cover some cool
tricks to confuse, block or mislead attackers. Penetration testers may
be angered during this presentation as we will describe how to make
their lives difficult. The term “hacking back” will be used in the same
sentence as “legally” and “naked”. The goal being to start a
conversation on how to make defenses actually work and and provide a
range of options to security professionals including annoyance,
attribution, and getting shell on an attackers box.
Speaker BIO: Paul Asadoorian (pauldotcom)
Paul Asadoorian is currently the “Product Evangelist” for Tenable Network Security, where he showcases vulnerability scanning and management through blogs, podcasts and videos. Paul is also the founder of PaulDotCom, an organization centered around the award winning “PaulDotCom Security Weekly” podcast that brings listeners the latest in security news, vulnerabilities, research and interviews with the security industry’s finest. Paul has a background in penetration testing, intrusion detection, and is the co-author of “WRT54G Ultimate Hacking”, a book dedicated to hacking Linksys routers.
Speaker BIO: John Strand
John Strand co-hosts PaulDotCom Security Weekly, the world’s largest
computer security podcast. He also is also the owner of Black Hills
Information Security, specializing in penetration testing and security
architecture services. He is a Senior Instructor with the SANS
Institute. He has presented for the FBI, NASA, the NSA, and at DefCon.
In his spare time he writes loud rock music and makes various futile
attempts at fly-fishing and drinks Coors Light while carrying a stick
and a marshmallow.
Walking the Green Mile: How to Get Fired After a Security Incident
Security incidents targeting corporations are occurring on a daily basis. While we may hear about the large cases in the news, network and security administrators from smaller organization quake in fear of losing their jobs after a successful attack of their network. Simple bad decisions and stupid mistakes in responding to a data breach or network intrusion are a great way to find yourself new employement. In this talk I’ll show you in twelve easy steps how to do so after, or even during, a security incident in your company.
zas
Speaker BIO: Brian Baskin
Brian Baskin is a senior digital forensics professional and incident responder with cmdLabs>. Mr. Baskin has been a part of the forensics and incident response field for over 10 years with most of those dedicated to research, develop, and train forensic responses to growing network threats as part of a large DoD facility dedicated to digital crime. Currently Mr. Baskin devotes much of his time to unique digital forensics, evolving Internet crimes, and network protocol analysis. He has led incident investigations, intrusion investigations and forensics analysis within the commercial market to include medical offices, research institutions and various other large businesses around the US. He has also authored and co-authored seven computersecurity books with Syngress Publishing. His most recent being the technical reference of the revised “Dissecting The Hack: The F0rb1dd3n Network”.
73o7\/\/@\/\/Ki – Survival Hacking your way out of Armageddon
Earthquakes, Tornados, 2012, Aliens Invasion and Zombies…Really Zombies? This presentation will discuss how to use the hacker mindset and everyday items the hopefully save your life in the event of an emergency.
Speaker BIO: Matthew Becker (Feloniousfish)
Information Security, Professional, Veteran Fleet Marine Corpsman & Medic, Naturalist & Musician
Hide yo kids, hide yo wife: Residential security and monitoring the bottom line
Over time, our expectations of residential alarm systems have been reduced to landline-laden, lowest-bidder hardware and a phone call from some random dude in Topeka who knows absolutely nothing about our homes and current situations. Why has this happened? Because it doesn’t usually end up adding much to their bottom line, actually increasing security through innovation is seldom a goal of the security companies. In this talk, we’ll examine the weaknesses in the current residential security landscape — specifically how well the “standard” setup deals with the most common types of break-ins, and we’ll talk about some fundamental changes that need to take place in the industry in order to push it forward in a major way.
Speaker BIO: Evan Booth (treefort)
Evan “treefort” Booth is an interactive developer with roots in advertising. His company, Recursive Squirrel Interactive, has serviced clients such as HP, 20th Century Fox, AARP, and Hess. Evan is also a founding member of the FALE Association of Locksport Enthusiasts (www.lockfale.com), where he regularly gets to teach fellow problem-solvers the fundamentals of lockpicking.
Welcome to DerbyCon 2011 – Introduction
Welcome to DerbyCon. You made it. You may not make it out. This is our first year and we’re hoping you’re loving it. As any new conference things will be different and events that you may have not known about. If you want to learn how DerbyCon got started, receive free hugs, and learn about the conference, you should be here.
Speaker BIO: Martin Bos (purehate)
Martin “Pure Hate” Bos
Martin (purehate) Bos works as a penetration tester for Accuvant Inc.. He resides in Louisville, KY with his wife, Kim and their daughter. Martin is also one of the core developers for Backtrack-Linux and has been with the project since its early days. Martin also is a Co-Founder of Question-Defense.com, a website dedicated to answering technical questions daily and also has the largest online WPA Cracking service on the web. In addition to these things, Martin is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky.
Speaker BIO: Adrian Crenshaw (irongeek)
Adrian Crenshaw has worked in the IT industry for the last twelve years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for the tests himself. He’s currently working on a Masters in Security Informatics, and is interested in obtaining a network security/research/teaching job in academia. Adrian is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky.
Speaker BIO: Dave Kennedy (ReL1K)
David Kennedy (ReL1K) is a security ninja and penetration tester that likes to write code, break things, and develop exploits. Dave is a Chief Information Security Officer (CISO) for a Fortune 1000. Dave is on the Back|Track and Exploit-Database development team and a core member of the Social-Engineer podcast and framework. David continues to contribute to a variety of open-source projects. David had the privilege in speaking at some of the nations largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET), Fast-Track, modules/attacks for Metasploit, and has released a number of public exploits. David heavily co-authored the Metasploit Unleashed course available online and has a number of security related white-papers in the field of exploitation. David has a book soon to be released in June from NoStarch Press, “Metasploit: A Penetration Testers Guide”. David is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky. Lastly, David worked for three letter agencies during his U.S Marine Corp career in the intelligence field specializing in red teaming and computer forensics.
Speaker BIO: Nick Hitchcock (nick8ch)
Nick8ch is a security engineer for a security consulting company and is the head of security for DerbyCon.
Building a Svartkast: Cheap hardware to leave behind on someone else’s network
It’s useful to control a host on a remote network, but you don’t necessarily have to pwn a box that is already there. You can also leave behind a host you can remote into, or since egress filtering rules are often less restrictive than ingress, have it shovel a shell back to you. This sort of host is often called a Kamikaze box, Svartkast, BlackThrow or Dropbox. You can even make it part of cipherspace (I2P or Tor) to make it less apparent who is controlling the box. This talk with describe how to construct such a box using inexpensive hardware.
Speaker BIO: Adrian Crenshaw
Adrian Crenshaw has worked in the IT industry for the last twelve years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for the tests himself. He’s currently working on a Masters in Security Informatics, and is interested in obtaining a network security/research/teaching job in academia. Adrian is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky.
Advanced Nmap Scripting: Make Nmap work for you!
The Nmap Scripting Engine, or NSE, has brought Nmap’s power to an unprecedented level. More than just a portscanner, Nmap’s Scripting Engine has the speed and power to scan thousands of hosts in parallel, quickly and with amazing results. Whether building packets from the ground up (such as probing DHCP or finding sniffers) or using high-level protocols (such as MSRPC or AFS), NSE makes it easy. In this highly technical presentation, the audience will be introduced to some interesting NSE scripts, be shown in detail how they work, and learn how to write their own from scratch. Learn how to make Nmap work for you!
Speaker BIO: Ron Bowes
Ron Bowes works as a vulnerability research engineer for Tenable Network Security. He is best known for his contributions to open source security software including the Nmap Security Scanner, for which he has written dozens of scripts covering a number of complex protocols. He also has a Bachelor of Computer Science from the University of Manitoba, runs a Winnipeg-based security consulting company (Dash9 Security), and is a founding member of SkullSpace – Winnipeg’s first and only hackerspace.
Open source firewalling with pfSense
pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices.
Speaker BIO: Scott Ullrich
Scott has been working with the BSD’s since 1995, and is an active
contributor to several BSD-related projects. He has been using BSD
firewalls since 1995. He co-founded the FreeBSD-based firewall
distribution pfSense in 2004. By day, he is the IT Manager for an
advertising agency in Louisville, KY.
Anti-Forensics for the Louise
This presentation is the anti-forensics version of those “Stupid Pet
Tricks” segments on late night talk shows. Nothing ground-breaking
here, but there may be some techniques presented that forensic
investigators haven’t considered or encountered.
Speaker BIO: int0x80 (of Dual Core)
int0x80 is the rapper in Dual Core.
Win32 Exploit Development With Mona and the Metasploit Framework
In this talk, Corelanc0d3r and Nullthreat will walk the audience through the process of writing exploits for Win32 User Land, while elaborating on the subtleties of writing effective and reliable exploits that bypass common memory protections.
Using a number of example exploits, they will demonstrate how the various functions available in mona.py, the Corelan Team PyCommand Plugin for Immunity Debugger, will assist exploit developers with writing better exploits, in a shorter amount of time.
Note: Although not employed by Rapid7, we will mention “Metasploit” a lot. While we don’t expect a free copy of Metasploit Pro, It wont hurt our feelings. Just saying’.
Speaker BIO: Peter Van Eeckhoutte (corelanc0d3r)
Founder of Corelan Team and author of various Win32 exploit development tutorials and articles. Peter will be assisted by some of the Corelan Team members, making this training truly unique. The team will work with the students during the training and labs, assist them while they are working on the numerous exercises, and will share exploit development tips & tricks / experiences that were gathered over the years.
Speaker BIO: Elliott Cutright (Nullthreat)
CoreLan team.
Surviving a Teleporter Accident (It could happen to you)
Don’t you hate it when you are minding your own business, in a
familiar place, in the right time…and you end up in a strange place,
in the wrong time, maybe even the wrong century? In this talk I will
provide tips and tricks for dealing with this all-too-common tragedy.
Don’t be a victim, be prepared.
(This is actually an informative, yet lighthearted introduction to the
topic of pragmatic, risk-based security, but without using terms like
“risk-based security”. There are two target audiences for this talk,
those who need a non-technical introduction to thinking about risk,
threat modeling, and security, and those interested in using
“subversive education” to get their message out to an audience).
Speaker BIO: Jack Daniel
Jack Daniel is old, and has a Unix Beard, so people mistakenly assume he knows stuff. He still makes no attempt to correct this gross misunderstanding. Jack has proven himself to be an inciteful moderator on compliance topics. He has many years of network and systems administration experience, and a bunch of letters after his name. Jack lives and breathes network security as Product Manager for Tenable.
Blue team is sexy — refocusing on defense — Part II — All your baseline are belong to us
One thing that really ticks me off about “defense” is that folks say
you need to baseline your systems… but they don’t tell you how. The
only folks in this space are vendors selling The Compliance Appliance
(tm). This talk will give you skills to know how to baseline your
systems, applications, databases, and network. You will *know* what’s
normal and not, and we’ll cover how to report to non-technical leaders
so your findings are actionable!
Speaker BIO: Mick Douglas
Mick is a community level instructor for the SANS institute and has
taught SANS 504 “Hacker Techniques, Exploits and Incident Handling”
and SANS 507 “Auditing Networks, Perimeters & Systems”. He is a senior
contributor to the PaulDotCom weekly security podcast. While Mick
enjoys and actively participates in penetration testing, his true
passion is defense — tweaking existing networks, systems, and
applications to keep the bad guys out. In addition to his technical
work, Mick jumps at every chance to participate in a social
engineering engagement. Mick has a bachelor’s degree from The Ohio
State University in Communications. In his spare time, you’ll likely
find him fleeing all things electronic by scuba diving, trying in vain
to improve his photography skills, and either hiking or camping. You
can follow Mick on Twitter at twitter.com/bettersafetynet .
OpenWIPS-ng
Opensource is known to offer free software alternatives in almost every domain and network security is no exception.
We’ve had opensource IDS/IPS for a while but for wired networks only. With Aircrack-ng, we’ve mastered wireless attacks and now it’s time to use that knowledge to be also on the defensive side to mitigate those attacks.
In this talk, I’ll present OpenWIPS-ng, a new modular and opensource wireless IDS/IPS.
Thomas d’Otreppe “Mister X” is a wifi hacker and the author of Aircrack-ng, a Wi-Fi auditing suite. He has designed Offensive-Security WiFu, a proactive wireless security course, with Mati Aharoni and also contributes to BackTrack Linux. He works as a software developer for NEK Advanced Securities Group.
Exploiting Java Memory Corruption Vulnerabilities
The Oracle/Sun Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.
Speaker BIO: Joshua Drake
Joshua J. Drake, a senior research consultant with Accuvant LABS, focuses on original research in areas such as vulnerability discovery and analysis, exploitation technologies, and reverse engineering. Joshua has over 10 years of experience in the information security field. Prior to joining Accuvant, Joshua served as the lead exploit developer for the Metasploit team at Rapid7. In that role, he analyzed and successfully exploited numerous publicly disclosed vulnerabilities in widely deployed software such as Exim, Samba, Microsoft Windows, Office, and Internet Explorer. Prior to that, Joshua spent four years at VeriSign’s iDefense Labs conducting research, analysis, and coordinated disclosure of hundreds of unpublished vulnerabilities.
Desktop Betrayal: Exploiting Clients through the Features They Demand
In this talk, Kevin Johnson of Secure Ideas and Tom Eston of SecureState will explore the use of client features to gain privileged access to the client systems. During previous talks around social networks, Tom and Kevin discovered that most of the damage we could perform against a target didn’t use an exploit against any vulnerable system. They were able to create various attacks that made use of the features of the client machines. While this talk will not disclose any vulnerabilities within popular client software, they will be releasing multiple attacks that use these clients against their users.
Kevin and Tom will be discussing attacks using JavaScript, HTML5, PDF files and Firefox extensions. They will be releasing code to perform these attacks as well as add-ons to tools such as BeEF and Metasploit that will enable these tools to make use of the attacks.
Speaker BIO: Tom Eston (agent0x0)
Tom Eston is a Senior Security Consultant for SecureState. Tom is a senior member of SecureState’s Profiling team, which provides attack and penetration testing services for SecureState’s clients. Tom focuses much of his research on new technologies such as social media and mobile devices. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is also a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national conferences including Notacon, OWASP AppSec, DEFCON and ShmooCon.
Speaker BIO: Kevin Johnson
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin’s involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.
Free Floating Hostility
This talk is a list topics we should all be bored with, tired of, or pissed at. Things that we all should have abandoned long ago, but somehow cling to like a false God. Topics will cover a number of things broadly recognized by the security industry as acceptable, including, acronyms, buzz words, and everyone’s favorite target… Apple. Think you know what an APT is? Ever followed a system hardening guide? Talk to a different vendor every day for more than a free lunch? Think your Apple device is the most secure platform on the planet? Come listen to the FACTS about the security industry that no one wants to admit to, with some style and finesse sprinkled in. If you work in the security industry this talk is a must see to cut through all the bull out there and get to the truth. If you can somehow leave without being offended then please find me at the bar, because we need to be friends.
Speaker BIO: Rick Farina (Zero_Chaos)
Rick Farina is a respected security researcher in the wifi industry and has spent several years trying to wake people up and focus them on the security issues they are ignoring. Zero_Chaos is an op with an iron fist who bans people for nearly no reason on irc, and no one likes him. Both of them are fed up with all the hypocrisy in the security world.
“Get Off of My Cloud”: Cloud Credential Compromise and Exposure
An Amazon Machine Image (AMI) is a virtual appliance container used to create virtual machines (VMs) within the Amazon Elastic Compute Cloud (EC2). EC2 instances typically interact with a variety of Amazon Web Services (AWS), and as such require access to AWS credentials and private key materials.
We will explore how AWS credentials and keys may end up being persisted within an AMI, allowing these credentials and key materials to be unintentionally shared with 3rd parties. We will discuss the risks and potential impacts of compromise of this sensitive information.
A new tool, “AMIexposed” will be released that can check an AMI for the most common ways AWS credentials and keys are persisted within an AMI. The results of research using AMIexposed against public AMIs will be presented, helping to quantify the scope and prevalence of AWS credentials and keys exposed within public AMIs.
We’ll also discuss the risks inherent in trusting public AMIs to be free of backdoors, trojans, and other malicious hitchhikers. Results of an experiment demonstrating these risks will be presented.
Finally, the talk will propose best practices for utilizing AMIs, both from the AMI creator and the AMI user perspective.
Speaker BIO: Ben Feinstein
Ben Feinstein is Director of CTU Operations & Analysis with the Dell SecureWorks Counter Threat Unit (CTU). Ben is an author of RFC 4765 and RFC 4767, and has over a decade of experience designing, implementing and operationalizing security-related information systems. His major areas of expertise include network IDS/IPS, digital forensics and incident response, and security operations. Ben has previously presented at Black Hat USA, DEF CON, ToorCon, DeepSec, the U.S. Department of Defense Cyber Crime Conference, and many other events. He is active in his local DEF CON group, DC404.
Speaker BIO: Jeff Jarmoc
Jeff has been hacking most of his life. He got his start in the early days of the 312 BBS scene, moved on to IRC and USENET, and eventually pursued a career in enterprise infrastructure and security. His latest passion is abusing ubiquitous infrastructure devices and systems in an attempt to bring renewed focus on the security of these systems everyone has come to rely on. Jeff has previously spoken at Black Hat USA. When not abusing software and hardware he enjoys spending time with his wife and daughter.
THE 99¢ HEART SURGEON DILEMMA – How to fix penetration testing.
Let’s assume you need heart sugery. I hope you don’t, but let’s just stick with it for a minute. How much would you be willing for someone to fix it and who would you hire to do it? If you are a suicidal emo kid, please don’t answer, you are ruining the point here. People want someone knowledgable to cut them open and sew them up and they are willing to pay good money for it. Here are two things you don’t want:
1) You don’t want to hire some old drunk with a pocket knife and a sewing kit from the dollar shop which claims to fix your heart for 100 bucks.
2) You don’t want to hire the same guy for 100’000 bucks when he’s wearing a white coat and got shiny high tech tools because the last guy paid in advance…
What does this have to do with penetration testing? More than we like. I have met companies that invested thousands of dollars, expecting a pentest and getting a spiced up Nessus report as a result. More subtle nuances of “crappy pentest” might overlook essential threats and leave customers at risk with a false sense of security.
Speaker BIO: Stefan Friedli (Twitter: stfn42)
Stefan Friedli is a senior security consultant and leads the red team at scip AG in Switzerland. He is also one of the founders of the PTES (Penetration Testing Execution Standard, http://www.pentest-standard.org) which, much like this talk, tries to fix penetration testing. He also organizes the hashdays conference in Switzerland.
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
This talk is about methodologies and tools that we
use or have coded that make our lives and pentest schedule a little
easier, and why we do things the way we do. Of course, there will be a
healthy dose of Metasploit in the mix.
Speaker BIO: Rob Fuller (mubix)
Rob is a Penetration Tester at Rapid7, and gets absolutely nothing done, nothing to see here. http://twitter.com/mubix
Speaker BIO: Chris Gates
Chris joined LARES in 2011 as a Partner & Principal Security
Consultant. Chris has extensive experience in network and web
application penetration testing as well as other Information
Operations experience working as an operator for a DoD Red Team and
other Full Scope penetration testing teams (regular pentesting teams
too). Chris holds a BS in Computer Science and Geospatial Information
Science from the United States Military Academy at West Point and
holds his… redacted…no one cares anyway. In the past, he has
spoken at the United States Military Academy, BlackHat, DefCon,
Toorcon, Brucon, Troopers, SOURCE Boston, OWASP AppSec DC, ChicagoCon,
NotaCon, and CSI. He is a regular blogger
carnal0wnage.attackresearch.com and is also a regular contributor to
the Metasploit and wXf Projects. http://twitter.com/carnal0wnage
How I learned to roll my own:Building custom pen testing platforms on the fly
Hi I’m Spiky with uPENTu industries, and I’m excited to present you with this special offer! Have you ever gone into a penetration test and found that little crack in the armor that you wanted to split wide open, only to find that the tool you wanted to use isn’t on the live distribution you booted on?! Or maybe you’re tired of that long, tedious “initial setup” you go through every time you boot that live disk. All those command-line aliases, configuration files, and application setups can be frustrating, and who has the time? How much would skipping that be worth? $150?! No Way!
Wouldn’t it be nice to have your very own customized platform, with your own applications and aliases? Would you pay $100? Absolutely Not! What about if you could also drop it to ISO whenever you wanted? Now how much would you pay? $50? No! What about $20? What if I told you, you could have it for – Nothing at all?! Do I hear Sold?
Speaker BIO: Spiky Geek
Spiky is a computer geek that has been working in the security industry for over 10 years, with a diverse background covering IT, comms, crypto, programming, IA, and more. When not disturbing the proponents of appropriate comments, he can frequently be found listening to music to get fired by, or at home providing amusement and entertainment for his wife and two dogs.
Typo-squatting Just Got A Lot More Dangerous
Domain typo-squatting is best known and most commonly used to perform phishing scams or spread malware to people whom accidentally misspell legitimate domain names in their Web browser. As widespread and effective as this attack vector is, it is certainly nowhere near the most dangerous use.
Recently during a six-month span, we set up and monitored several “doppelganger domains” simulating a variety of Fortune 500 companies and we were alarmed with what we found. Over this period we collected over 120,000 individual emails (~20GB of data) which included included trade secrets, business invoices, employee PII, network diagrams, usernames and passwords, etc.
In this presentation, we will cover a variety of domain typo-squatting attack techniques, show real world examples of what type of data can be leaked, and discuss methods of protection.
Speaker BIO: Garrett Gee
Garrett Gee is a penetration tester, researcher, and entrepreneur. He has been in the information security industry for the last 14 years, and is an active member of the community. He is an OWASP chapter leader, and has authored several tools. In 2001 he developed the first bootable live cd for penetration testing and forensics called PLAC. He has appeared on several news venues such as 60 Minutes, ABC News, and The Washington Post.
Smile for the Grenade! Camera go Bang!
Cameras are hugely important to urban and suburban battlefields. Reconnaissance is a must-have for commanders, and a force multiplier for actual combat units. A combat-deployable camera system is being developed or used by nearly every military-industrial manufacturer and government agency, ranging from Throwable Camera Balls to Grenade-style launched cameras. But they’re expensive and inaccessible to civilians. Would it be possible to build a combat-deployable camera system that would fulfill the mandates of a tactical combat team, feed information to a strategic command center, and force-multiply “on the cheap”?
Speaker BIO: Joshua Marpet @Quadling
Joshua Marpet’s Biography – Security is a complex system, with many disciplines and specialized knowledge. Luckily, there’s Josh, who’s done everything. Ex-cop, blacksmith, pen testing, video surveillance, sales engineering, and well, everything. And now, technological ordnance developer!
Speaker BIO: Vlad Gostom @Recompiler
Vlad has over 7 years of experience conducting security consulting and penetration testing in the corporate world. He has worked on such diverse projects as the future warrior combat system, wireless triangulation systems, adaptive IDS/IPS systems, network security/penetration testing for Fortune 50 companies, and physical security assessments for banks.
OSINT – Beyond the basics…
OSINT is transforming not only the intelligence community, and law
enforcement, but InfoSec as the once covert arts of HUMINT, and IMINT
converge. The explosion of resources from Social Networks to Image
Storage sites make the process increasingly easier and cheaper.
Today, anyone, anywhere, can with a click of the mouse acquire
information on a neighbor, co-worker or target. Unfortunately, OSINT
is much more than simply running a few automated tools and collecting
the output and throwing it in a report. This talk will take you
beyond the basics of OSINT and show you how to leverage the data
should be collecting to actually assist you on your next engagement.
Speaker BIO: Rick Hayes @isdpodcast
Rick Hayes is a Sr. Principal Security Consultant primarily focused on
penetration testing and vulnerability assessments. Rick is also a
founder and host of the ISD podcast. He has over 20 years of
experience in network security, Linux security, incident response,
security assessments, and penetration testing. He specializes in OSINT
and wireless/RF assessments. Throughout his career he has worked in
various aspects of Information Security from Security Architect to
CISO.
Speaker BIO: Karthik Rangarajan @krangarajan
Karthik Rangarajan is a Principal Security Consultant focused on
penetration tests and vulnerability assessments, who has been involved
in the information security arena for the last 2 years. He has been
writing programs, meddling with code and participating in developer
hackathons for almost 6 years. His programming background gives him a
good aptitude for static code analysis, as well as breaking down
mobile applications for security assessments. Karthik is a regular
co-host of the InfoSec Daily Podcast. He also tend to write a lot of
code that never gets released, and stare at Java bytecode for fun.
Realize Your Hacker Heritage: Do The Needful
This talk is a call to action for geeks, nerds, hackers and smarties all around. The talk covers the ideals that the hackers of olde left to us and some insights into what we should do with those gifts besides finding the quickest path to root. More than another talk on hacking systems, this is a talk about hacking tomorrow.
Speaker BIO: Brent Huston
Brent Huston (@lbhuston) is NOT a CISSP and never has been. He is, however, a 20 year veteran “cyber-hippie” (Who hates the word “cyber”.) with some skills around stuff that manages data. He is currently the CEO & Security Evangelist of MicroSolved, Inc. where they do a wide variety of critical infrastructure security consulting, threat intelligence and product testing. Come and see him talk about the way things used to be and how they might turn out down the road…:)
Exploiting PKI for Fun & Profit or The Next Yellow Padlock Icon?
Public Key Infrastructure (PKI) provides a large attack surface for the pentester. While attacking PKI directly may seem like a juicy target, using the information freely provided by PKI is of much more value than attempting to compromise well protected and monitored servers. This talk will demonstrate the information disclosure that is present in PKI implementations of large organizations in the private and public sector. It will explore the use of that information for purposes of social engineering, phishing, and network recon/profiling. Users have been groomed to accept anything that is signed or encrypted. Misusing the trust that users place in PKI is the new yellow padlock icon!
Speaker BIO: Thomas Hoffecker
Thomas Hoffecker is currently a senior Information Assurance (IA) leader at a DOD Agency in Northern Virginia. He oversees infusion of new IA technology to his Agency and supervises IA Managers that support enterprise business applications. He has worked for numerous DoD organizations including the Defense Logistics Agency (DLA), at Fort Belvoir, Virginia, the Army Network Operations & Security Center (NOSC) at Fort Belvoir, Virginia, and the 1st Information Operations Command’s Regional Computer Emergency Response Team (RCERT) Europe in Mannheim, Germany, DoD Education Activity (DoDEA) in Wiesbaden, Germany, and multiple contractors supporting the DoD. He has multiple industry certifications and holds a security clearance. In his spare time, he and his wife foster dogs for Maryland Westie Rescue (http://www.marylandwestierescue.org).
Avoiding the Landmines in your own Backyard
Security professionals often focus on external threats to security but fail to consider the common threats inside the perimeter. Through a mix of “Freakonomics” and “The Enemy at the Water Cooler” we will look at how conscientious employees can be the weakest link of security through their attempts to improve efficiency, reduce costs, and other admirable behavior caused by misplaced incentives, competitive pressures, and misunderstanding of the threat landscape.
Speaker BIO: Bart “d4ncingd4n” Hopper
Bart “d4ncingd4n” Hopper, CISSP, CISM, etc. is a security analyst at a financial instituion. Prior to his work in security, he was a systems administrator for a healthcare start up. Bart is the resident “old guy” on the Securabit podcast. His training came from the “Book of the Month” club and a quest for knowledge.
When Fuzzers Miss: The no Hanging Fruit.
Fuzzing is a process of automating the vulnerability discovery process but with all automation there are areas that can be missed. This presentation will try to bring light to some of these instances in memory corruption and show some methods behind discovering the vulnerable code in appliation when fuzzers miss.
Speaker BIO: Tony Huffman (Myne-us)
Tony works as a vulnerability research engineer for Tenable Network Security, Host for the Securabit podcast and member of the Securabit Exploit Group (SEG). Tony focuses much of his research on memory corruptions, exploit development and reverse engineering.
Virtual Trust, Virtual Permission and the Illusion of Security
This presentation will cover common issues implemented in existing technology, future technology and the allowance of applications to make human decisions without human interaction. Currently application developers are implementing applications with the ability to make human type choices that in some cases are not to the users benefit. This precedent in application implementation is causing multiple security issues across devices, services, and within applications that previously had no interaction with each other or networked environments. It is the underlying element that has been talked around by other security presenters due to its symptoms which are evident for the past few years but no one has identified it as the cause. This talk will also provide clear examples of how the implementation of virtual trust and permission are giving users an illusion of security which makes them feel secure even when they are not; Bruce Schneier calls it “Security Theater”. The talk hopes to provide security professionals and non-security professionals of all levels awareness of the issue so that they may be able to improve their security footprint, fend off digital snake oil salesmen, and protect their environment from elements and attack vectors that they had not considered before.
Speaker BIO: infojanitor
Infojanitor is a computer security professional working for a fortune 100 company that fed his initial techno lust using a commodore 64 in the mid 1980’s. Spent some time working at the John’s Hopkins Applied Physics Lab (JHU/APL) communications shop making databases and learning about PC’s, Sun systems and other technologies. He served ten years in US Air Force as a keyboard jockey performing database work sometimes while armed in other countries. He then spent the next 13 years after working for our “Uncle” legally robbing banks, breaking into lofty institutions and making things not show up on the public relation’s radar for customers for which he still maintains non-disclosure agreements (NDA’s).
Has this presentation been given before: No
Infectious Media – Bypassing AutoRun once and for all…
The original teensy research allowed us to drop downloader stagers via keyboard emulation. BSIDES LV this year we figured out a way to drop binaries purely through keyboard emulation. This is awesome however take a long time to write out hexadecimal representations of a binary, do binary conversion and execute. In this talk we’ve upped the game, changed the game, we’ve figured out a way to leverage the Teensy device to copy over a full binary in just a few seconds all through keyboard emulation. This to my knowledge has never been done and is pretty slick. How? …. Guess you’re going to have to come to this talk 
Let’s bypass autorun once and for all…
Speaker BIO: Josh Kelley (winfang98)
Josh Kelley is a security engineer at a Fortune 1000 company where he specializes in penetration testing, exploit development, and hitting people with sticks. Josh has contributed to the Social-Engineer Toolkit Teensy payloads. Josh has presented at Defcon 18, Blackhat, BSIDES Las Vegas, and a number of other security related conferences.
Mining Sensitive Information From Images Using Command-Line OCR
I will discuss the potential for using command-line OCR tools to mine documents that might otherwise be overlooked, especially in large numbers – such as scans and faxes. These documents are often overlooked because there are no searchable strings (i.e. the content is actually an image). This is a work in progress in its early stages, but I will cover some tools and some practical use of those tools within offensive scenarios (using a real world example). I will also discuss possible uses from a defensive position as well as what avenues of this approach I’d like to explore next.
Speaker BIO: Dennis Kuntz
Dennis Kuntz, CEH OSCP, currently works in Greensboro, NC as a senior director in security and architecture. He likes long walks on the beach, sunsets, and breaking things wide open to see what’s inside.
State of the Framework Address
The Metasploit Framework has changed considerably since I started playing with
it, all those years ago when owning friends in a coffeeshop was the height of
entertainment. This talk will cover some of the history of the Framework
focusing on the last 3-4 years, when my interests became more professional, and
highlighting major changes along the way. From there, we’ll discuss the
awesome new features in the latest 4.0 release. Lastly, I’ll explain some of
our plans for the future.
Incidentally, I promise not to interrupt “Desperate Housewives” or “The
Apprentice”.
Speaker BIO: James Lee (egypt)
James Lee is a software developer for Rapid7 where he is Open Source Project Manager and a core developer for the Metasploit Framework. Before coming to Rapid7 to work on Metasploit, he was a Cybersecurity researcher for Idaho National Laboratory where he discovered numerous vulnerabilities in SCADA and Industrial Control Systems and probably didn’t write Stuxnet.
Collecting Underpants To Win Your Network
1: Collect Packets, 2: ???, 3: Win! These demos and presentation will help you learn to passively profile a network through a new Metasploit module by gathering broadcast and multicast traffic, processing it, and looking at how the bad guys will use it to own your network. Without sending a packet, many networks divulge significant information about the assets that are attached. These broadcast packets can be used to identify hosts, OS’s, and other hardware that is attached. This presentation will show all skill levels how to easily gather and use this information, how to protect your underpants, and talk about how to extend the framework for new protocols.
Speaker BIO: Ryan Linn (sussurro)
Ryan Linn is an Information Security Engineer who has a passion for making security knowledge accessible. With over 10 years in IT and Security Ryan has experience in both the education and corporate IT and security arenas and has experience dealing with the security challenges inherent to different environments. In addition to being a columnist with the Ethical Hacker Network, Ryan has contributed to open source tools including Metasploit and the Browser Exploitation Framework (BeEF) and has has the opportunity to present research at conferences such as Defcon, SecTor and BSides events.
Hackers for Charity Update and Future
Johnny Long will give an update and future of the Hackers for Charity foundation.
Speaker BIO: Johnny Long
BIO: Johnny Long spent his career as a professional hacker. He is the
author of numerous security books including No-Tech Hacking, Google
Hacking for Penetration Testers. Currently residing in Uganda, East
Africa, Johnny’s now focused on his work with Hackers for Charity. HFC
is a non-profit organization that leverages the skills of
technologists. They solve technology challenges for various
non-profits and provide food, equipment, job training and computer
education to the world’s poorest citizens. Johnny’s website is
http://hackersforcharity.org.
You’re Going to Need a Bigger Shovel – A Critical Look at Software Security Assurance
OWASP has certainly pushed forward a lot of great advancements in Software Security Assurance, yet you’re still fighting your organization to allow you to scan applications before they go live. Somewhere between the avalanche of site breaches, new technologies, and new apps you’re going to need a better strategy. Let’s face it, if you want to keep playing the game with today’s rules, you’re going to need a bigger shovel …or you can simply choose to evolve your game. Combining a practical ‘workshop style exercise’ and a lecture style talk, this session covers and demonstrates some of the challenges of software security – and why you’re having all this trouble in your day job. This talk will cover why Software Security Assurance programs are still lagging in a majority of organizations, and provide a critical look at how a shift in strategy can help you fall behind a little slower.
Speaker BIO: Rafal Los
Rafal Los, Enterprise and Cloud Security Strategist for Hewlett-Packard Software, combines over a decade of deep technical expertise in information security and risk management with a critical business perspective. From technical research to building and implementing enterprise application security programs, Rafal has a proven track record with organizations of diverse sizes and verticals. He is a sought after speaker at both public and private information security and quality conferences, and has presented at events produced by OWASP, ISSA, SecTor, Black Hat, Defcon, and SANS and many others. Staying active and contributing to the community – he participates in OWASP, the Cloud Security Alliance and other industry groups. His blog, Following the White Rabbit, with his unique perspective on enterprise security and cloud has amassed a following from his industry peers, business professionals, and even the media and can be found at http://hp.com/go/white-rabbit.
Prior to joining HP, Los defined what became the software security program and served as a security lead at a Global Fortune 100. Los also contributed to the global organization’s security and risk-management strategy internally and with their customers. Rafal prides himself on being able to add a ‘tint of corporate realism’ to information security.
Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill.
100 bugs in 100 days: An analysis of ICS (SCADA) software
Please join us as we present the results of our research into vulnerabilities in Industrial Control System (SCADA) software. Our goal was to identify as many ICS software vulnerabilities as possible within 100 days. The results exceeded our expectations and include among other things: remote code execution, local privilege escalation, and web exploits. Using examples from our findings along with working PoC exploit code and a scanner capable of identifying Industrial Control Systems that we are releasing, we will teach you how to research and find ICS software vulnerabilities yourself.
Speaker BIO: Billy Rios (@XSSniper) and Terry McCorkle (@0psys)
No BIO provided. They are elite
Hook, Line and Syncer: The Liar for Hire’s Ultimate Tacklebox
This presentation is an exploration of the latest tools used in the art of social engineering. From information gathering to post exploitation, participants will get to experience “the thrill of the con” from presenters who live it each day. The presentation seeks to prove that you don’t have to be a sleazy ‘salesman’ type personality to be successful at social engineering. With the right tools and techniques, just about anyone can pull off creative exploits. While an overview of all popular tools will be given, a deep-dive will be taken into a few of the coolest tools. But even better, the presenters will discuss real-life situations in which these tools have been used. This provides the participants with a context in which to understand the tools and how they may best be leveraged for maximum ownage.
Speaker BIO: Chris Silvers
Chris Silvers, CISSP, CWNA, CEH, CEI, Foundstone Role
Chris is responsible for leading or conducting social engineering, internal and external penetration testing; Windows host, network architecture, firewall and router/switch reviews as well as enterprise security architecture and design projects. He serves as the service line lead for the social engineering practice, maintaining and developing the methodology as well as continuously enhancing techniques to reflect the threat environment. Chris also provides client education services as an instructor of the Ultimate Hacking Foundstone courses as well as the Certified Ethical Hacking (CEH), Systems Security Certified Practitioner (SSCP) and Certified Information System Security Professional (CISSP) courses. Chris has over thirteen years of information security and risk management experience in the financial services, wholesale and retail industries. Prior to working at Foundstone, Chris held the position of Security Architect at a Fortune 15 Company. While serving as a consultant for affiliate companies, Chris implemented process improvements though the use of discovery templates, process standardization and automation that saved the company over 50% in travel costs and reduced the information risk management assessment timeframe by over 80%. While working at a major central bank, Chris helped establish an inter-divisional team of penetration testers that continues to provide world-class service to that organization. Most recently, Chris taught the Ultimate Hacking Foundstone course at the 2008 Blackhat security conference in Las Vegas, Nevada.
Speaker BIO: “The Real” Pat McCoy
Pat holds the position of Senior Security Consultant with Foundstone Professional Services. Pat’s responsibilities include providing Internal Penetration Testing; External Penetration Testing; Wireless Penetration Testing; Social Engineering; Windows and Unix Host Assessments; Firewall/Router/Switch Secure Configuration Reviews; Database Security Assessments; and Risk Assessments utilizing various industry standards. Pat started his career in systems and network administration, quickly transitioning into more information security specific roles and has more than ten years experience in the industry. Pat has held positions with consulting practices with various positions in the marketplace, most recently, with some of the largest in the industry such as IBM ISS. Pat’s skill set includes extensive experience in security assessment methods and practices across multiple industry sectors including technical consulting centered on frameworks such as ISO 27002, GLBA, HIPPA, FISMA, and PCI; extensive experience with industry standard tool sets for security assessment and penetration testing (vendor supported and open source); and assessment of technical security controls and mechanisms found in most enterprises. During his tenure with IBM ISS, Pat performed several large scale engagements for multiple Fortune 500 and Fortune 10 companies spanning multiple industry disciplines while maintaining a level of client satisfaction and helping clients identify solutions to security problems which fit their needs.In 2004, Pat attained his GIAC Security Essentials Certification (GSEC) from the SANS Institute.
Battery Firmware Hacking
Ever wonder how your laptop battery knows when to stop charging when it is plugged into the wall, but the computer is powered off? Modern computers are no longer just composed of a single processor. Computers possess many other embedded microprocessors. Researchers are only recently considering the security implications of multiple processors, multiple pieces of embedded memory, etc. This paper takes an in depth look at a common embedded controller used in Lithium Ion and Lithium Polymer batteries, in particular, this controller is used in a large number of MacBook, MacBook Pro, and MacBook Air laptop computers.
In this talk, I will demonstrate how the embedded controller works. I will reverse engineer the firmware and the firmware flashing process for a particular smart battery controller. In particular, I will show how to completely reprogram the smart battery by modifying the firmware on it. Also, I will show how to disable the firmware checksum so you can make changes. I present a simple API that can be used to read values from the smart battery as well as reprogram the firmware. Being able to control the working smart battery and smart battery host may be enough to cause safety issues, such as overcharging or fire.
Speaker BIO: Charlie Miller
Charlie Miller is a Principal Research Consultant at Accuvant Labs. Dr Miller was a Global Network Exploitation Analyst at the National Security Agency (NSA) for 5 years. He was the first person to find a public remote exploit for both the iPhone and the G1 Android phone. He has won the CanSecWest Pwn2Own competition for the last four years in row. Popular Mechanics listed him as a Top 10 Hacker in 2008 and he was selected by Channel Web as a 2010 Security Superstar. He has authored two information security books and holds a PhD from the University of Notre Dame. He also has a CISSP and GCFA.
Adaptive Penetration Testing
Penetration Testing is something that has many different meaning depending on the context used by the person. The Penetration Testing Execution Standard (PTES) is aimed to change that. In this talk we’ll be covering adaptive penetration testing which essentially is the ability to conform and change based on the environment that your attacking. We’ll be covering several live examples used in real-world penetration tests, how we discovered some clever tricks to circumvent security controls, and eventually be creative and gain unauthorized access.
Speaker BIO: Kevin Mitnick
With more than twenty-five years of experience in exploring computer security, Kevin Mitnick is a largely self-taught expert in exposing the vulnerabilities of complex operating systems and telecommunications devices. His hobby as an adolescent consisted of studying methods, tactics, and strategies used to circumvent computer security, and to learn more about how computer systems and telecommunication systems work.
In building this body of knowledge, Kevin gained unauthorized access to computer systems at some of the largest corporations on the planet and penetrated some of the most resilient computer systems ever developed. He has used both technical and non-technical means to obtain the source code to various operating systems and telecommunications devices to study their vulnerabilities and their inner workings.
As the world’s most famous (former) hacker, Kevin has been the subject of countless news and magazine articles published throughout the world. He has made guest appearances on numerous television and radio programs, offering expert commentary on issues related to information security. In addition to appearing on local network news programs, he has made appearances on 60 Minutes, The Learning Channel, Tech TV’s Screen Savers, Court TV, Good Morning America, CNN’s Burden of Proof, Street Sweep, and Talkback Live, National Public Radio, and as a guest star on ABC’s spy drama “Alias”. Mitnick has served as a keynote speaker at numerous industry events, hosted a weekly talk radio show on KFI AM 640 in Los Angeles, testified before the United States Senate, written for Harvard Business Review and spoken for Harvard Law School. His first best-selling book, The Art of Deception, was published in October 2002 by Wiley and Sons Publishers. His second title, The Art of Intrusion, was released in February 2005. Mr. Mitnick’s autobiography is due for release in late summer 2011.
Speaker BIO: David Kennedy (ReL1K)
David Kennedy (ReL1K) is a security ninja and penetration tester that likes to write code, break things, and develop exploits. Dave is a Chief Information Security Officer (CISO) for a Fortune 1000. Dave is on the Back|Track and Exploit-Database development team and a core member of the Social-Engineer podcast and framework. David continues to contribute to a variety of open-source projects. David had the privilege in speaking at some of the nations largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET), Fast-Track, modules/attacks for Metasploit, and has released a number of public exploits. David heavily co-authored the Metasploit Unleashed course available online and has a number of security related white-papers in the field of exploitation. David has a book soon to be released in June from NoStarch Press, “Metasploit: A Penetration Testers Guide”. David is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky. Lastly, David worked for three letter agencies during his U.S Marine Corp career in the intelligence field specializing in red teaming and computer forensics.
Acoustic Intrusions
What do the News of the World phone hackers have to do with the safe in
your hotel room? How does war dialing help in an era with digital phones
and few modems? Why can Metasploit help with the threat of IEDs? This
talk will cover a different angle on security, with a focus on audio
data collection and analysis.
Speaker BIO: HD Moore (hdm)
HD is CSO at Rapid7 and Chief Architect of Metasploit, the leading
open-source penetration testing platform. HD founded the Metasploit
Project in the summer of 2003 with the goal of becoming a public
resource for exploit code research and development. HD has spent the
last 15 years conducting penetration tests, performing research, and
building products.
Dirty Red Team Tricks
Let’s time travel to 2003 with today’s tools and own everything. This talk takes you inside the red teams at the North East and Mid Atlantic Collegiate Cyber Defense competition events. Raphael Mudge, the developer of the Armitage Metasploit GUI, will guide you on this journey. You’ll learn how to automate Metasploit, nmap, and ssh to immediately own everything. You’ll also catch some nifty persistence tricks in UNIX and Windows. Finally, you’ll get a taste of red team collaboration tactics. If you defend networks or play in these events, come and see what others are using on you. If you think you’ll find yourself on a red team, you need to come to this talk.
Speaker BIO: Raphael Mudge
Raphael is a research consultant, writer, and the creator of Armitage for Metasploit. Raphael is passionate about cyber operations and sharing the field with others. He red teams at the North East and Mid Atlantic Collegiate Cyber Defense Competition events. He has also worked as a penetration tester, cyber operations scientist, and US Air Force officer. Raphael has written on security topics for Linux Journal, Hakin9, and ethicalhacker.net.
Compliance: An Assault on Reason
You have done PCI/HIPAA/SOX/ISO/FISMA/GLBA Compliance Audits, 10 Pentests, 20 Vulnerability Assessments, Code Review, App Testing and enough paperwork to feed the fire all winter long… but what did it get you. It got you a huge bill and a hardware stable of all of the latest security products. So now what? Are you safe? Will the Millions you spent on Hardware, Software and Compliance protect you from the “Bad Guys?” You may never know… but at least the marketing says it “Should.” Even if it DOES its job, will it protect your business? The answer: Not likely! For much too long, compliance has tested physical assets and ignored the thing that matters most…. YOUR BUISNESS. This session will discuss how we can change the paradigm. Throw away the # of addresses, the compliance reg, the book of what IT “thinks” is important and let’s get to work on testing the BUSINESSES ability to survive an attack. We will review how to evaluate what DOES matter and why compliance is nothing more than a blanket to hide under. At the end, it is about protecting the special sauce that makes your company unique. You can’t pay a fine for being “Non-Compliant” if you have already been HACKED OUT OF BUSINESS.
Speaker BIO: Chris Nickerson
Christopher “Tiger Team” Nickerson, the British soldier, was one of the most decorated World War II soldiers. Nickerson loved fighting, drinking, and doing both at the same time. He would drink for hours in between missions and would then challenge every man in the bar to a fight. On the battlefield it was a different story. He single-handedly rescued a
squadron by lifting the wounded one-by-one into his Jeep before destroying Nazi gunners in a nearby farmhouse. Nickerson once attacked a commanding officer who gave orders that killed 130 of Nickerson’s men. Most would have been court-martialed, but the British Army quickly remembered that he had pioneered drunkenly driving a Jeep into enemy airfields with guns blazing. He had destroyed over 100 enemy aircraft by himself using this method and no one thought it sound to disturb Mr. Nickerson.
Advanced Penetration Techniques for the non-technical n00b
ROP Chain, Rainbow Tables, 0-Day… Just because you can’t do or use them
doesn’t mean you can’t bring your target down to it’s knees… NASA spend
loads of cash developing a pen that works in space. Russia used a pencil.
Speaker BIO: Jason n00bz
Jason pays the bills by working for a F100 company doing Compliance and IT Security Globally by way of Wall Street and D&T. He started learned his computer skills by dialing up BBS across South Florida. Of all his exploits, he is most proud of his son who has taken over his twitter feed
with all his pictures.
The Hidden XSS – Attacking the Desktop
Cross Site Scripting is most generally known as a website or browser
vulnerability (see “Hacking Google ChromeOS”). But with today’s
dynamic desktop environment, it’s not uncommon for desktop application
to contain a mishmosh of technologies. Since user friendly interfaces
are very important (we have degrees in UI development!), HTML &
JavaScript is being utilized as a medium to deliver the function.
Fortunately for attackers, this also opens up the same web
vulnerabilities that a browser allows. Using popular IM clients (and
an operating system!) as examples, we’ll go over how an attacker can
own you, desktop and mobile, using an everyday web vulnerability,
Cross Site Scripting. Topics include discovering XSS vulnerabilities
in applications, writing the exploits, and post exploitation (what can
we do??)
Speaker BIO: Kyle Osborne (Kos)
Kos is a (red) team player. He enjoys pwning, winning, and figuring
out new ways to pwn and win. He plays a bad guy in the Western
Regional Collegiate Cyber Defense Competition (and sometimes in real
life.) He has some CTF development experience with the US Cyber
Challenge “Cyber Camps”, where he and a team developped a small little
CTF for the campers to compete in. Kos has also spoken at other
conventions, including Toorcon Seattle, BlackHat USA, DefCon &
BSidesLV. Kos has tiger’s blood, and lives in the danger zone. Kos is
a (red) team player. He enjoys pwning, winning, and figuring out new
ways to pwn and win. He plays a bad guy in the Western Regional
Collegiate Cyber Defense Competition (and sometimes in real life.) He
has some CTF development experience with the US Cyber Challenge “Cyber
Camps”, where he and a team developped a small little CTF for the
campers to compete in. Kos has also spoken at other conventions,
including Toorcon Seattle, BlackHat USA, DefCon & BSidesLV. Kos has
tiger’s blood, and lives in the danger zone. (Mostly factually
correct.)
Distinguishing Lockpicks: Raking vs Lifting vs Jiggling and More
There are a number of different companies producing lockpicks.
One thing that has been a significant source of confusion among
lockpickers is the multitude of names that exist for all of the pick
tools in common use today. Some pick tools are known by as many as five
separate names… a fact that can cause no end of headaches when
discussing tool kits among friends or attempting to place orders for
picks from suppliers. Do you know what makes one pick “standard” and
another “euro” style? Do you know that the tool one catalog calls a “C
Rake” might be known as “Double Rake” by another supplier and a “Three
Quarter Rake” somewhere else… even while all lockpickers simply call
it a “Snake”. The confusion over lockpick /names/ has led to great
misunderstanding with regard to their /use/. Many people are unaware of
the specific means by which many of the tools in their own kits are best
used. This talk will help sort out some of that confusion and
demonstrate a variety of useful techniques for lockpicking, some of
which you may have never considered… eventhough you have owned the
necessary equipment all along.
Speaker BIO: Deviant Ollam (TOOOL)
While paying the bills as a security auditor and penetration
testing consultant with The CORE Group, Deviant is also a member of the
Board of Directors of the US division of TOOOL, The Open Organisation Of
Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the
Lockpicking Village, and he has conducted physical security training
sessions at Black Hat, DeepSec, ToorCon, HackCon, ShakaCon,
HackInTheBox, CanSecWest, ekoparty, and the United States Military
Academy at West Point. His favorite Amendments to the US Constitution
are, in no particular order, the 1st, 2nd, 9th, & 10th.
Tactical Post Exploitation
The presentation will cover the techniques and methods used by penetration testers and hackers, how do they enumerate and perform their tasks once on a compromised system and how to detect the tell tales signs of their presence and actions.
You are the Smart Meter: Making (and hacking) of the 2011 MA-CCDC electronic badges
We all love those electronic conference badges, don’t we? This talk
illustrates the selection, design and implementation of a Zigbee enabled
conference badge for the Mid-Atlantic CCDC competition. This year’s
theme for the MACCDC was Smart Grid, so we wanted to give every
participant (both Red and Blue teams) badges as score-able, hackable, in
game assets. There were significant challenges along the way, from
selecting hardware, programming in a single threaded environment,
sniffing Zigbee and translating that into a score as well as making the
“Open Smart Meter” badge hackable AND defend-able in just 2 days with
folks that have little to no experience with Zigbee or
micro-controllers. We’ll do some live demos of traffic, capture and the
nightmare that is in game scoring. We’ll examine some of the red team
hacks, blue team defenses and show you where you can get all of the
goods so YOU can build a better badge and game for your next adventure.
Speaker BIO: Larry Pesce (haxorthematrix)
Larry is a Senior Security Consultant with NWN Corporation in Waltham,
MA. He also diverts a significant portion of his attention co-hosting
the PaulDotCom Security Weekly podcast. Larry also co-authored “Linksys
WRT54G Ultimate Hacking” from Syngress.
The Details Don’t Matter
Somewhere between the down in the trenches day to day operations of IT security
and the high level, watered down strategies consumed and regurgitated by the CxO
community, there lies some ground truths in what’s occurring in the information
security universe.
“What’s the best firewall to buy?” and “How to I configure it?” aren’t as important
questions as “What does a firewall really buy me given the current threat
environment?” Conversely “What percentage of my IT budge is spent on security?”
isn’t as important as “Am I spending my money in a manner that protects my
assets as effectively as required for my business?” and “How have I adapted from
the ‘defend everything’ to ‘accept compromise and worry about detection and
mitigation’ mindset?”
It’s easy to get caught up in the weeds of the currently state of infosec. It’s a highly
dynamic field and the specific threats and products change daily. However, the
ground truth of what’s really going on changes much more slowly. By paying
attention to the important truths of IT security, you can focus on the important
aspects of securing what you really care about and not get lost in the details that
simply waste time and cloud the real problems.
Speaker BIO: Bruce Potter (gdead)
Bruce Potter is the CTO and cofounder of Ponte Technologies. Mr. Potter
has extensive experience assisting clients who are dealing with advanced
threats against their IT infrastructure. Over the last several years, Mr. Potter
has lead teams focused on incident response and attack remediation, software
development of advanced defensive technologies, and IT security architecture
and purchasing strategy. Prior to founding Ponte Technologies, Mr. Potter held
several jobs focused on security and network operations including managing
advanced security solution devilery for Booz Allen Hamilton managing network
and security operations for Network Solutions and CTO for a transaction
processing startup in Anchorage, Alaska. Mr. Potter has coauthored a number
of books including ” 802.11 Security” and “Mastering FreeBSD and OpenBSD
Security” published through O’Reilly. Mr. Potter also regularly writes articles
and presents at a wide variety of security conferences. Mr. Potter is the founder
of The Shmoo Group of security, crypto, and privacy professionals. Through The
Shmoo Group, Mr. Potter assists with a number of open source projects and the
yearly ShmooCon security conference held in Washington, DC.
Tomorrow you can patch that 0day – but your users will still get you p0wn3d
In large corporate networks, the existence of a 0day exploit can wreck havoc.But a few weeks later, once patch management has done its job, and the risk isgone, what was the point? What has management learned from the ordeal ? Whatcould be improved to prevent the incident from occuring again ?
Nothing!
Is the network now ‘safe’ from attack?
Not even close!
In this talk, Rick will show examples of complete penetrations of large
corporate networks that were accomplishing using no 0day, in fact no
“exploits” in the classic sense, at all. Instead, the only things
exploited are the mistakes of users and administrators, to elevate
privileges all the way to root/Domain Administrator on almost all
machines on the network.
But why do a penetration test in this manner? Because it reveals actionable
items that can be fixed/mitigated immediately. These fixes will protect the
network just as much as patching an 0day. Only, these types of attacks are:
- More likely to occur
- More widespread
- More common
- Not audited by auditing groups
- Easier to perform
- Require less “l33t access” to uber 0day ‘sploits
- Less likely to be reported on by the security community
If you get nothing out of this talk, you can at least laugh at how
easy some complete compromises of Fortune 500 networks can be.
I would like for this talk to be a conversation starter about the importance
of security research into 0day vulns. This type of research is very important
to our industry, but is not helping to secure corporate environments. Is it
worth it ? Is the fame and fortune misplaced? Does the security community
REALLY care if corporate networks are secure or not ?
Speaker BIO: Rick Redman (Minga) – CrackMeIfYouCan
Rick Redman has been testing web application security and a penetration tester since 1999. He founded and runs the DEFCON password cracking contest “Crack Me If You Can”. He started out by running a BBS in the early 1993 and selling UUCP based Internet from a 486dx33. After graduating from Purdue’s COAST/CERIAS program in the 90s under ‘spaf’ he hit the ground running being a penetration tester by working on projects such as Sandia National Lab’s “Tiger Team”. Rick made the rounds in 2010 giving talks about advanced password cracking, including being on the closing panel at ShmooCON.
A Tribute to Dr. Strangelove
Building on the concept of taking security out of the desktop and server closets from 2010 when we attacked cars and busses….and then earlier this year when we picked on tractors…..we are going to see if we can get ourselves into some hot water by picking on airplanes and missiles. This talk will examine the role of the computer systems in the modern plane and the challenges surrounding the implementation of the security in both the core systems that ensure 250+ tons of metal stays in the air…as well as the 3rd party companies that are meant to support them. We will put forth some practical ideas and theories on how to compromise the architecture and of course the scenario’s of “what if” will be worked through. The talk is designed to be a back/forth discussion with the audience specifically around the scenarios and the various controls in place within the plane’s network to identify and deal with any such argument we can put forth.
We are going to focus on the commercial world of passenger transportation, however will touch upon the military crossovers where fully understood. We will discuss the data acquisition and modeling architectures as well as the BUS and core logic systems that are implemented within several identified plane types, and again as above we will run through scenarios and explain the logic involved in bypassing (fooling) the design.
Quite simply put we will theorize on how to turn the engines off at 35000 feet and not have any of those damn flashing warning lights go off in the cockpit….needless to say this is all theory (Please don’t try this on the way home, and only use on a tame “owned” 747.)
While we’re at it, we will examine those very same companies who produce components for the Boeing and Airbus industries and assess the military technology they produce, specifically that which is placed in the more “smart” type weapons, and how to influence the guidance and other targets, preferably “pre-build” again using a combination of research (Google ideas thanks to Johnny Long) and direct manufacturing influences.
Speaker BIO: Chris Roberts (@Sidragon1)
Chris Roberts is the Founder, CISO and Chief Geek of One World Labs, an assessment, remediation and research facility in the Front Range area of Colorado. Chris has played a variety of roles both inside and as a consultant to the IT security, engineering, and architecture/design operations of a number of Fortune 500 companies across the finance, retail, energy, and services sectors. He has a wealth of experience conducting vulnerability assessments, penetration testing, compromise investigations, and digital forensics examinations of all types of information systems.
Social Engineering is a Fraud
Social Engineering has increasingly been in the headlines lately, with several breaches over the last couple of years being attributed to this concept. Security companies have been quick to jump on this and claim they have the latest and greatest counter to social engineering. This presentation will also cover a proven way to reduce susceptibility to attacks into the single-digit percentages. This presentation will describe some of the attacks that have been successful over the years, the psychology that went into making them successful, how you can leverage the psychology of social engineering to be more successful in penetration tests, and finally, explain why the concept of social engineering may be considered fraudulent.
Speaker BIO: Jamison
Jamison graduated from the US Air Force Academy in 2001 with a degree in Social Sciences (including psychology/behavioral sciences). He has worked in information security for more than10 years, in a variety of forms. He spent 6+ years active duty in the Air Force in a variety of roles. In 2008, he graduated from the Air Force Institute of Technology with an MS in Information Resource Management. His graduate thesis was on instilling a resistance to social engineering. In 2008, he separated from the Air Force and helped found a Red Team at a major US bank. Since 2008, he has been leading Red Team assessments at this bank.
Jason Scott’s Shareware Calvacade
It drastically affected lives, it brought ruin and glory, and it left all the
participants coated in the scars of battle that would stay with them
forever. We speak, of course, of the shareware phenomenon. Drawing
from over a terabyte of shareware software collected over the last
decade, Jason will show you the highs, the lows, the ruination and the
triumph of a rapidly fading chapter in computer history. Expect a
fast-paced waterfall of trivia, eye-opening visuals and mind-blowing
examples of all the foibles of humanity captured on small plastic
discs.
Speaker BIO: Jason Scott
Jason Scott is a computer historian, archivist, documentary filmmaker
and essayist dedicated to saving digital history and having a blast
doing it. Between his sites TEXTFILES.COM, ARCHIVETEAM.ORG and a
propensity for saying a lot of stuff to a lot of people, he’s done his
best to ensure entire lengths of computer and hacker history have been
preserved and not forgotten. His cat is MANY times more famous than he is.
“Rule 1: Cardio” (and 9 other rules to keep intruders out)
No one likes to be made a fool of. But it’s doubly embarrassing if you help in the process. Physical pen tests tend to expose, sometimes in painful detail, just how low a priority is placed on preventing the entry of a new and unwanted organic endpoint (like me, Tom Cruise, the cast of Sneakers or a real bad guy) into one’s environment.
Put another way, most organizations are content to sit behind their chain link fences, their electronic doors and their low-paid security guards while blithely unaware of bad guys scripting out attack vectors. Sadly, these vectors are not really novel, or new, or even especially difficult. In fact, the ‘Top 10′ items in this presentation will seem like common sense, but when sewn together, create a virtual Red Carpet for a savvy pentester.
This presentation is not meant to be uber-techie but presents some social engineering and physical pentesting exploits that anyone responsible for securing people, places and things should familiarize themselves with. You will be given real-life examples from ethical hacking engagements as well as tips to help you close those avenues of attack.
Speaker BIO: Joe Schorr
Joe Schorr has over 16 years professional services and industry experience in Information Technology and Information Security. He currently manages the InfoSec Practice for CBI. Previously he led the BT Ethical Hacking team on an 11,000 hour PCI Compliance test for a large telco, once led a 100-day project that delivered secure internet access to every public school in Tennessee and was also the CIO of a major non-profit for several years. He has performed many social engineering and physical security assessments over the years and has presented on a range of topics including online child safety, wireless security and security awareness. He also enjoys the works of Hemingway, boats, fishing, guns, rum drinks and napping. But not all at once… mostly.
Is locksport a sport?
People learn to pick locks because it is deeply forbidden knowledge, like knowing about sex when you are in elementary school. The outside might read “I am interested in the technical aspects of physical security” but the inside says “I can steal your shit.” Who cares if you have the keys to her heart if you can pick your way in, right? The essence of Locksport is that it is a hobby. Is it? Are we training a new generation of thieves? Or are we serving all of the platitudes that we all provide – reducing reliance on security by obscurity and whatnot. Let the Administrative Director of Locksport International give you his feedback, and we will see where we stand.
Speaker BIO: Bill Sempf (Hydruh)
In 1992, Bill Sempf was working as a systems administrator for The Ohio State
University under Sandy Wambold, and formalized his career-long association with
internetworking. While working for one of the first ISPs in Columbus in 1995,
he built the second major web-based shopping center, Americash Mall, using Cold
Fusion and Oracle. Bill’s focus started to turn to security around the turn of
the century. Internet driven viruses were becoming the norm by this time, and
applications were susceptible to attack like never before. In 2003, Bill wrote
the security and Deployment chapters of the often-referenced Professional
ASP.NET Web Services for Wrox, and began his career in pen testing and threat
modeling with a web services analysis for the Ohio Department of Health.
Currently, Bill is working as a security-minded software architect specializing
in the Microsoft space. He has recently designed a global architecture for a
telecommunications web portal, modeled threats for a global travel provider, and
provided identity policy and governance for the State of Ohio. Additionally, he
is actively publishing, with the latest being C# 2010 All In One.
Mobile App Moolah: Profit taking with Mobile Malware
Smartphones are a hot new market for software developers. Millions of
potential customers, and a large percentage willing to part with a small
sum of money for your latest creation. Even a moderately successful app
can help fill your pockets. It’s hard to ignore for legitimate
developers. It’s even harder to ignore for criminals.
Things have changed from the old days of malware creation. It’s no
longer just about proving yourself or testing a new platform by writing
proof-of-concepts(PoCs), porting old malware, and learning the
idiosyncrasies of the development tools. Now it’s about evading
detection and taking a profit. Where there’s money, crime usually follows.
The presentation is not about attribution, naming names or pointing out
the parties responsible. It’s about the underlying technology and the
methods used, including:
- how actual examples in the wild function
- detection/analysis evasion techniques
- geographical trends in profit-taking malware
Speaker BIO: Jimmy Shah
Jimmy Shah is a Mobile Security Researcher for McAfee, specializing in
analysis of mobile threats on existing platforms (J2ME, Symbian,
Windows Phone, iOS, Android) and potential mobile malware and spyware.
He works with a team of researchers that regularly provides analysis and
research on mobile threats to McAfee clients. He has presented on
mobile threat research at a number of computer security conferences.
Pentesting over Powerlines
When performing penetration tests on the internal network in conjunction with physical pentests your always concerned about being located. Let’s remove that barrier and perform your penitents over power lines and never be detected. In this presentation we’ll cover how you can perform full penetration tests over the power lines and hack into home automation systems. Home automation has been gaining momentum not only in small homes but in large companies and organizations. There’s a huge variety of solutions out there both open-source and “proprietary” that provide these solutions to your homes and businesses. Home automation gives us several things for example, full-fledge 85mbps networks, security systems, lights, windows, HVAC, doors, and cameras and they are all generally done through the power lines or through short-wave wireless communications. So let’s break it…. During this presentation we’ll be going over the non-existence of security over these devices, show proof of concept demonstrations on hacking these devices, and while we’re at it, demonstrate how to disable all security mechanisms that use the different protocols like X10.
Speaker BIO: Rob Simon
Rob Simon is a security engineer for a Fortune 1000 international company. Rob is an OSCP and enjoys reverse engineering, penetration testing, and application security. Rob works with Dave Kennedy (ReL1K) as an application security penetration tester and has a passion for home automation systems.
Steal Everything, Kill Everyone, Cause Total Financial Ruin!
(or how I walked in and misbehaved)
This is not a presentation where I talk about how I would get in or the things I might be able to do. This is a talk where I am already in and I show you pictures from actual engagements that I have been on. They say one picture is worth a thousand words I show you how one picture cost a company a million dollars and maybe even a few lives. In a community where we focus so much on the offensive I also make sure with every attack I highlight, I spend an equal amount of time discussing what would have stopped me. We need to know the problems but we need more talks providing solutions and that is what I hope people will get from mine. I show the dangers of Social engineering and how even an employee with no SE experience can be an eBay James Bond then cause total financial ruin to a company. These Security threats are real. So are these stories!
Speaker BIO: Jayson E. Street
Jayson E. Street is an author of the book “Dissecting the hack: The F0rb1dd3n Network” from Syngress. He has also spoken at DEFCON, BRUCON, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. He also is the co-founder of ExcaliburCon held in China. *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. 
Your perimeter sucks
Most organizations do not include physical security as part of their
information security program. As security professionals we know that
attackers, don’t care how they get in. Your Internet posture may be
bulletproof, but how does that help if your front door is wide open?
Why put a lock on the door, if you have a hung ceiling above it?
Attackers think outside the box and so must you.
A skilled cat burglar will first case the place before they try to
break in. Take a walk through your lobby entrance and look at it as an
outsider what do you see? The typical setup is a camera, a locked
door, card reader, maybe an alarm panel and if they were really
diligent a motion detector. What good are these if you can just climb
over the wall? Or better yet cut through the drywall? Get where am I’m
going? Lock picking is a hobby most of us hold, so unlocking a door is
easy
Speaker BIO: Boris Sverdlik
A Solutions-oriented Information security consultant with a proven
record of directing a range of security initiatives; adhering to best
practices and regulatory requirements. I have been at the forefront of
information security spanning more than a decade. My experience covers
the entire gamut of Information Security, and more recently I have put
that that experience into building my own security consulting company.
Covert Channels using IP Packet Headers
A covert data channel is a communications channel that is hidden within the medium of a legitimate communications channel. Covert channels manipulate a communications medium in an unexpected or unconventional way in order to transmit information in an almost
undetectable fashion. A covert data channel transfers arbitrary bytes between two points in a fashion that would appear legitimate to someone scrutinizing the exchange. Several IP protocols prevent opportunities for covert communications utilizing bit fields within the layer 3, layer 4, and application payload headers. Whilest cleartext communications can be readily detected, header fields that are highly random can be further subverted for symmetric encryption information exchange.
Speaker BIO: Joff Thyer
Joff Thyer is a senior network security engineer, and penetration tester for the University of North Carolina at Greensboro. His experience includes systems programming, enterprise network security engineering / architecture, packet analysis geekage, various small software development projects, and penetration testing. Joff holds a Bachelor of Science in Mathematics, and a Masters of Computer Science both from the University of North Carolina at Greensboro.
Professional certifications include a GCIA-Gold, and GPEN.
BioMining: Data Mining for (Neuro)hackers
One of the pillars of neurohacking, Biomining, is useful for those who wish to collect data on themselves in order to better understand themselves, gather baseline data, track goals, or to see where they have room for improvement in their lives. This talk will cover the basics of biomining as well as give you a general idea as to how to set up your own Biomining lab.
Speaker BIO: Tottenkoph
Tottenkoph spends her days completing experiments in exchange for delicious cake, killing hordes of zombies in South Africa, battling terrorists in the streets of Las Vegas, and protecting the planet from the Covenant.
Throw It in the River? Towards Real Live Actual Smartphone Security
Smartphones are hot, like a server from 1995, public ip address (phone number) and sending all it’s data over telnet (unencrypted). Add in apps with your passwords and credit card and, you’ve got a way for a bunch of kids to get famous. This presentation is all about plausible mitigations that smartphone and app providers could adopt to mitigate attacks we’ve seen at conferences and in the wild. Can I completly fix smartphone security in 50 minutes or less? No, but in this talk I address specific risks that have been exploited either in the wild or in previous papers and talks, and discuss ways they can be mitigated given what the smartphones already have going for them. For example did you know most of the data you send over the cell provider network is encoded not encrypted? Yet the base smartphone OS has openssl installed. So here’s some code that provides end to end encrpytion for your text messages without even breaking the telecom SMS specficiations. As for the smartphone that acts like a credit card so you buy your Starbucks, if you want it to be secure, I still say throw it in the river.
Speaker BIO: Georgia Weidman
Georgia Weidman is a member of the GRM n00bs, a group providing training and media for information security beginners. She is a survivor of the collegiate cyber defense competition and a security master’s program. Now she specializes in whatever security work she can get, collects certifications, makes videos, takes photographs at inopportune times, and sometimes podcasts.
The Penetration Testing Execution Standard (PTES) Panel
This is what you have been waiting for. We are releasing the alpha version of the Penetration Testing Execution Standard. This standard will be the baseline moving forward for all penetration tests and something that we believe deeply in. It’s time to change the field and it starts right here at DerbyCon 2011.
Speaker BIO: Number of Experts
The panel will consist of a number of security professionals that are key individuals on the PTES standard development.
