-
If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.
-
Buried in cloud files? We can help with Spring cleaning!
Whether you use Dropbox, Drive, G-Suite, OneDrive, Gmail, Slack, Notion, or all of the above, Dokkio will organize your files for you. Try Dokkio (from the makers of PBworks) for free today.
-
Dokkio (from the makers of PBworks) was #2 on Product Hunt! Check out what people are saying by clicking here.
|
BSidesStJohnsTalks2012
Security BSides St. John's
Friday, September 21st, 2012
Register at http://bsidesstjohns.eventbrite.com/ Limited space available
Submitted Talks
- Name: Karim Nathoo
-
Title: Command and Control and Data Exfiltration, Version 2.0
-
Abstract: As defenders become more proficient at using network based detection techniques to identify the presence of malware on enterprise networks, we have inevitably seen attackers shift tactics to make network based detection more difficult. This talk will present a survey of both common and lesser-known techniques used by attackers to perform command and control functions and data exfiltration from enterprise networks and avoid detection. Case studies based upon analysis of malware found in the field will be presented to demonstrate that the techniques to be discussed have graduated into mainstream use. Each technique will be discussed in the context of the ability of current safeguards to detect and prevent use of the technique. Proof of concept code demonstrating techniques that could be observed in the future will be shared with the audience.
Offensive practitioners will be able to use the techniques discussed to perform more effective penetration tests and red team engagements. Defensive practitioners will come away with a better understanding of current blind spots within their networks and deficiencies in current threat models. Recommendations for better defenses will be presented to the extent possible. This talk will be presented at a level applicable to both technical and management level audiences.
-
Name: Mark Nunnikhoven,
-
Title: The Basics & Other Things That We're Probably Doing Wrong
-
Abstract: We're barely keeping our heads above water while trying to defend our information. We always need more time, money, and people in order to implement our security programs. But what if we're focusing on the wrong things? What if the core principles we hold dear no longer hold true?
In this talk, we'll discuss those core principles and--given where things are and where they are headed--try to figure out;
- do we have the right set of controls?
- are we using those existing controls in the right manner?
- where are the gaps in our defences?
- how do we not go crazy while trying to figure this all out?
-
Name: Jamie Goodyear,
-
Title: Anatomy of an Apache vulnerability report, and Secure Release Management
-
Abstract: In this talk we'll discuss the procedure for reporting a security vulnerability to an Apache project, and what you as a reporter should expect to see happen as the project community validates the issue, and proceeds towards a resolution. We'll then switch gears to talk about how users can validate that their Apache project downloads are in fact legitimate.
-
Name: Kellman Meghu,
-
Title: How NOT To Do Security: Lessons Learned From the Galactic Empire
-
Abstract: An analysis of the strengths and weaknesses of the Galactic Empire security policy. This presentation seeks to conduct a post-mortem on the data security policy implemented during the events that led to the destruction of critical technology needed by the Empire for continued operational efficiencies. A history of the company, as well as a detailed look at the events that followed, provides a great working analysis that can be applied to your policy in hopes of avoiding the same fate. Learning from past mistakes, let's ensure we are not doomed to repeat them, and potentially, suffer a similar fate.
-
Name: Russ Doucet
-
Title: Key Considerations in Securing Internet Access
-
Abstract: While the internet offers us access to a wealth of information and tools, we know it is increasingly being used as the vehicle to compromise our infrastructure via viruses, malicious code, advanced persistent threats (APT’s) etc. This leaves us with two important challenges:
1) How do we customize our users’ internet access to their business requirements and
2) How to minimize the risk that invariably comes with giving users internet access
We will explore the various ways in which your users’ internet access can compromise your security and application performance and how a multi-layer approach can help you to customize user internet access to their work-related requirements while minimizing the chances of being successfully attacked or hacked. We will also discuss the role of policy and procedure in establishing internet use guidelines, surveillance and enforcement.
Schedule
Friday September 21st, 2012 |
Track 1
|
8:30 AM - 9:00 AM |
Registration\Networking - Coffee and Muffins Served |
9:00 AM - 9:10 AM |
Opening Remarks |
9:10 AM- 9:50 AM
|
Name: Mark Nunnikhoven Talk: The Basics & Other Things That We're Probably Doing Wrong
|
10:00 AM - 10:20 AM
|
Name: Jamie Goodyear Talk: Anatomy of an Apache vulnerability report, and Secure Release Management |
10:30 AM - 11:20 AM |
Name: Russ Doucet Talk: Key Considerations in Securing Internet Access |
11:30 AM - 12:20 AM |
Name: Karim Nathoo Talk: Command and Control and Data Exfiltration, Version 2.0
|
12:30 PM - 1:30 PM
|
LUNCH
|
1:30 PM - 2:20 PM
|
Name: Kellman Meghu Talk: How NOT To Do Security: Lessons Learned From the Galactic Empire |
2:30 PM - 3:00 PM |
Name: Darryl MacLeod Talk: Have Credentials, Will Travel... Literally. |
3:00 PM - 3:30 PM |
Break |
3:30 PM - 4:20 PM |
Name: Bruno Germain Talk: Services defense in depth: an emerging paradigm for protecting the Data Center |
4:30 PM - 5:20 PM |
Name: Stefano Tiranardi Talk: Today's Threat Landscape – Facts, Figures, Myths and Perceptions |
5:30 PM - 6:00 PM |
Grand Prize (**iPad**) Give Away
|
6:00 PM - Onwards |
Finger Foods\Drinks and Social Gathering |
Sponsors
1. Platinum
|

|

|

|
|
|

|
|
2. Gold
|

|
 |
 |
|
3. Silver
|

|

|
4. Bronze
|

|
|
5. Educational Sponsor |
 |
|
BSidesStJohnsTalks2012
|
Tip: To turn text into a link, highlight the text, then click on a page or file from the list above.
|
|
|
|
|
Comments (0)
You don't have permission to comment on this page.