
BsidesNOLA 2013 was a great success. Find information about BSidesNOLA 2014 here!
Event details
When:
May 25, 2013
Where:
Hilton Garden Inn New Orleans Convention Center
1001 South Peters Street / New Orleans, LA 70130
Note: The venue is a 5-10 minute walk from the French Quarter
CFP
The CFP is now closed! Thanks to all who submitted!
CFP committee (besides the organizers):
Dion Blazakis - @justdionysus
Dr. Golden Richard - @nolaforensix
Michael Ligh - @iMHLv2
Sponsors
To request a sponsorship packet, please email bsidesnola [@] gmail.com.
Schedule
Day 1
|
Track 1
|
Track 2
|
Track 3 |
9:15AM - 9:30AM |
Opening Remarks
Joe Sylve (@jtsylve)
Co-Founder, 504ENSICS Labs
|
9:30 AM - 10:30 AM |
Keynote
Michael Murray (@mmurray)
Securenomics - The Evolving Vulnerability Landscape and its Implications
|
10:30 AM- 11:30 AM
|
Elizabeth Schweinsberg / @bethlogic
Week in the Life of a DFIR
|
Vassil Roussev
Small Data Forensics--Making Sense of Data Fragments
|
Katrina / @krodzon Sex, Drugs and Security Awareness |
11:30 AM - 12:30 PM
|
Kyle Maxwell / @kylemaxwell
Grabbing fresh "evil bits" with Maltrieve
|
Alissa Torres / @sibertor
Sick Anti-Analysis Mechanisms in the Wild
|
Joshua R. Nicholson
Closing the gap between incidnet handlers and security management
|
12:30 PM - 2:00 PM
|
LUNCH!!!
|
LUNCH!!!
|
LUNCH!!!
|
2:00 PM - 3:00 PM
|
Kristinn Gudjonsson / @el_killerdwarf
Plaso - reinventing the super timeline
|
Shannon Sistrunk / @shannonsistrunk
Pulling Back the Curtain on Social Enginnering
|
Eric Irvin / @SecRunner
Boss Hacking - how I sold your boss
|
3:00 PM - 4:00 PM |
Andrew Case / @attrc
Leveraging Memory Forensics during DFIR
|
Alexander Muentz
Are your security devices insecure?
|
Golden G. Richard III / @nolaforensix
Wild vs. Commercial Malware
|
4:00 PM - 5:00 PM |
Sarah Edwards / @iamevltwin
When Macs Get Hacked
|
Jimmy Wylie / @mayahustle & theAddict
Reverse Engineering Workshop
|
Valerie Thomas & Harry Regan / @hacktress09
All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches
|
5:00 PM - 6:00 PM |
@chort0
DFIR For Beginners
|
Dhia Mahjoub
Discovering new malicious domains using DNS and Big Data
|
6:00 PM - 6:15 PM |
Closing Remarks
Conference Organizers
|
Talk Abstracts
Securenomics - The Evolving Vulnerability Landscape and its Implications
While information security is a relatively new field (even within information technology), the field has important macro-trends that can inform a smart CISO on the likely future shifts in the threat and vulnerability landscape. Too often, an ignorance of those trends leaves many within our industry "fighting the last war"; always remaining one (or more) steps behind the attackers. Drawing on his experience both on the offensive and defensive side of security, MAD Security's Mike Murray will walk attendees through the patterns that drive change within the global vulnerability and threat landscape and provide new ways of approaching security investment to best allocate resources to protect against the threats of today.
Sex, Drugs and Security Awareness
Security behavior in users is a function of actual psychological behavior, and most information security professionals miss the actual psychological concepts behind what creates security awareness within organizations. Drawing on her background as a psychology researcher and specifically her work in addiction and human sexuality, manager of Security Behavior Design, and lead behavioral scientist for MAD Security Katrina Rodzon will show how legitimate psychology research shows the way to actually changing behavior within organizations.
Sick Anti-Analysis Mechanisms in the Wild
For those in the trenches of enterprise defense, it appears that malware authors as of late are deriving sick pleasure in mechanizing their end products with sophisticated self-defense and evasion capabilities. From "environmentally-aware" binaries to malware that defeats image acquisition, attackers have become increasingly more adapt at evading analysis. During this presentation, several of these anti-analysis techniques will be explored, preparing attendees for what they are likely to encounter with increasing frequency - malware that fights back.
Grabbing fresh "evil bits" with Maltrieve
When you're working on malware research or trying to get threat intel, sometimes you want the freshest "evil bits" you can get rather than grabbing large archives of older samples. Maltrieve is designed to help you do just that, by crawling sites that list bad URLs and grabbing the malware directly. We'll go over how Maltrieve works and what you can do with the results, including identifying previously-unknown samples, storing in repositories, and automated analysis to identify additional indicators of compromise (IOCs).
Are your security devices insecure?
Many of us allow IP capable security devices such as IP cameras, DVRs and access controls to be installed on our networks. Have you ever poked at one? During a recent client engagement, he noticed that devices designed to ensure security were themselves vulnerable to attack. It's possible to remotely disable the device, destroy evidence or use to attack other hosts. Examples of simple reverse engineering and evaluation will be done. Identities will be changed to protect the incompetent.
Plaso - reinventing the super timeline.
Timeline analysis has really grown in the past few years with new tools that can automate the correlation between multiple data sources into a single timeline. This analysis technique has provided the analyst with a completely new and unprecedented view of the data that lies on the drive. And with the introduction of the new log2timeline engine called plaso things are even changing more. The next generation of log2timeline produces more structured data with more features, which in turns opens up new ways of analyzing the massive dataset the tool extracts from any given drive. The goal of this presentation is to introduce the audience to timeline analysis in a practical way, showing how to use the tool in a simple malware intrusion investigation.
Social Aftermath - Responding to Social Pwnage
Many social engineering talks focus on the exploitation of trust relationship and the resulting compromise of corporate and personal assets. However, what happens after the pwnage is done?
This session opens with the aftermath of a successful social engineering engagement on a major automotive financing company. Attendees will learn of the methodical analysis of the interactions which led to the compromise of customer information as well as employee and executive network credentials. The case study also illustrates how this organization was able to use the forensic analysis of social interactions to enhance its customer service business processes. This information was also used to enhance employee engagement in protection information with associated touchpoints. Most importantly, they transformed customer care to frustrate social engineers while enhancing the experience of their customers.
Securing OSI Layer 8
Does your company have OSI Layer 1 through 7 locked down successfully? Great, now what? It is time to move on to OSI layer 8. As security professionals we spend a lot of time worrying about APT, Malware, Hackers and Firewalls when our biggest security problems sit in front of our keyboards every day. I will share some hilarious war stories from inside the Missouri Capitol and show you some tools and tricks I use to help secure my users and my network so you can take them back and implement them on your network.
When Macs Get Hacked
Computer intrusions cases usually consist of a Windows boxes or a *nix system, if you are lucky. Mac intrusion cases are a rare breed. These cases have the potential to become more popular with the growing market share of Macintosh systems. Many companies and government entities use Macs as their preferred system. This presentation will introduce you to incident response and intrusion analysis of the Mac.
Boss Hacking - how I sold your boss
Ever wonder how security products are sold? In this presentation, I'll give-up the dirt on Gartner and magazine reviews, how RFP/RFI's are responded to, how we handle objections and how we get deals done. I'll also give you some ideas on how to actually get your goals accomplished without getting sold by some sleazy salesguy that you might not ever see again.
DFIR For Beginners
Who says defense isn't sexy? Incident Response is one of the fastest growing areas in security and it's a lot more interesting than configuring firewalls. While many mature companies already have established IR teams, most organizations still have no capability at all. It might seem daunting to enter the world of digital forensics, but if you start with a plan and take it step by step, it's not as hard as it sounds. This presentation will cover how I setup an IR team from scratch, what tools are available on a budget, lessons learned, and ideas for the future. I'll include short demos of tools, including LiME, Volatility, Cuckoobox, & Redline, and lots of references for participants to start their own research into DFIR.
Closing the gap between incidnet handlers and security management
Cyber Security incident handlers and forensic investigators are often disconnected from the Information Security management program that invokes them. They are highly intelligent and technically competent individuals that are great at finding and gathering evidence in the same manner as their law enforcement counterpart on the criminal investigation side. The difference between the two mainly focuses on the type of work it is. Most police detectives understand physical evidence elements such as fingerprints, DNA, blood splatter, witness testimony, criminal history, etc… They can easily understand and digest this information into actionable intelligence that will help with the investigation. Even the District Attorneys understand it and can reconstruct events based on it. However, the same cannot be said on the digital side of the house. Too often security managers in major corporations do not have a technical background. They have a business and/or risk management background or perspective. They are not going to understand terms like disk slack, metadata, running processes, exfiltration, ACLS, polymorphic, , NTFS vs. FAT, or any of those other seemingly esoteric terms. He/She needs information on the incident translated into actionable intelligence that the organization can react to and report up to senior management. The Information Security manager is responsible for coordinating a response with IT and other business lines to protect the company or restore services if need be.
In this presentation I hope to highlight some areas where technical support staff and management can help to streamline this process making the organization much more nimble and capable of reacting to security threats.
Wild vs. Commercial Malware
Modern malware is used extensively in computer crime and cyber-warfare and poses a serious threat to privacy and to our national infrastructure. The goals of malware are typically to gain access to privileged information, to provide backdoor functionality (to allow persistent, unauthorized access and control of a system), and to hide data or processes from scrutiny. Malware can employ a number of techniques to gain access to needed resources and to prevent detection, including hooking or modifying system calls, adding new system calls, inserting new kernel modules, and directly patching kernel code. Malware is increasingly stealthy, being both difficult to detect and to analyze, employing complex packing, anti-debugging, and anti-virtualization schemes. Another form of malware, available at your local computer store, however, also deserves attention, because it poses potentially just as great a risk to individual privacy. This talk compares and contrasts "wild" and commercial, legal, off-the-shelf malware, highlighting real examples and recent casework.
All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches
Each year companies spend thousands of dollars on sophisticated security systems to ensure their secrets stay safe. Physical security flaws can be found everywhere from razor wire fences to RFID cards, if you know where to look. Join us for an hour of war stories, dos and don’ts of physical penetration testing, vulnerability trends and some prevention basics.
Small Data Forensics--Making Sense of Data Fragments
The vast majority of incident response/forensic efforts is focused on understanding (malware) code behavior. This talk focuses on tracking data, which is often necessary to evaluate the extent of a breach. Specifically, we will use a collection of (new and existing) open source tools that can identify, correlate, and classify pieces of binary data. These tools can aid in triage and quick understanding of the content of RAM and network captures, leftover HDD data, or partially corrupted files. We will also briefly present some relevant empirical studies (available as a while paper) that provide context for interpreting the tool output in various scenarios.
Pulling Back the Curtain on Social Enginnering
This talk will look at the the different theories behind Social Engineering, its applications to nonverbal communication and how it is applicable to everyday people and everyday interactions. It will also discuss how to recognize and diffuse social-engineering attacks. In this talk we will look at Social Engineering from a "social" standpoint not a "computer hacking" standpoint. This talk will focus on the very real art of hacking the person, the use nonverbal attacks, and how to read body language. The community is becoming more aware that security includes humans, the most uncontrollable factor. Learning these tools can help control that factor.
Discovering new malicious domains using DNS and Big Data
DNS is a fundamental protocol of the Internet. A prevalent DNS-based technique known as fast flux is used by attackers to evade blacklisting and take-down of their malicious domains. Despite having been around for several years, fast flux is still common as it is used by botnets such as Kelihos, or current phishing, and malware delivery sites. This presentation will examine the algorithms and techniques we use at OpenDNS to discover large sets of new fast flux domains. These techniques are based on machine learning and graph algorithms and they leverage the power of big data technologies and large volumes of DNS traffic both recursive and authoritative.
Speaker Bios
Katrina Rodzon
Katrina Rodzon is a behavioral scientist for MAD Security. Her last 9 years have been spent studying psychology and ways to modify and study human behavior. From learning about the power of social pressure on group behavior to how subtle changes in reinforcement can drastically change individual behavior, Katrina has spent the better part of a decade learning how humans work and now applies that to security awareness. When she is not testing the effectiveness of different methods of training, she helps with every thing from curriculum development to security awareness video creation.
Alissa Torres
Alissa Torres is a Certified SANS Instructor and Incident Handler at Mandiant, finding evil on a daily basis. She previously worked as a security researcher at KEYW Corporation, leading research and development initiatives in forensic and offensive methodologies and is co-founder of Torrora, LLC, a forensics consulting company. Prior to KEYW, Alissa performed digital forensic investigations and incident response for a large contractor in the Defense Industrial Base. Alissa began her career in information security as a Communications Officer in the United States Marine Corp and is a graduate of University of Virginia and University of Maryland. As an accomplished instructor, Alissa has taught for various government agencies on topics to include digital forensics, incident response, and offensive methodologies and is a frequent speaker at industry conferences. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GPEN, CISSP, EnCE, CFCE, MCT and CTT+.
Kyle Maxwell
Kyle Maxwell is a senior network security analyst for Verizon Business on the RISK Intel team, producing unclassified threat intelligence for private and public sector clients as well as supporting field investigators. He writes a blog on threat intelligence and network security at ThreatThoughts.com. Previously, he led the incident response team at Heartland Payment Systems and performed digital forensics for clients across the United States at several private investigation firms. Mr. Maxwell holds a degree in Mathematics from the University of Texas at Dallas.
Alexander Muentz
Comments (0)
You don't have permission to comment on this page.