- Loading...
- No images or files uploaded yet.
Abstracts:Chris Sanders (@chrissanders88) Defeating Cognitive Bias and Developing Analytic Technique
At the center of many defensive processes is human analysis. While we spend a lot of time performing analysis, we don’t spend nearly enough time thinking about how we perform analysis. The human mind is poorly wired to deal with most complex analysis scenarios effectively. This can be attributed to the inherent complexity of solving technical issues where so many uncertainties exist, and also to the cognitive and unmotivated biases that humans unknowingly apply to their analysis. All of these things can diminish our ability to get from alert to diagnoses quickly and effectively.
In this presentation, I plan to discuss the mental challenges associated with technical defensive analysis by leveraging research associated with traditional intelligence analysis. I will discuss how complexity can overwhelm analysis, how cognitive bias can negatively influence analysis, and techniques for recognizing and overcoming these limiting factors. This will include a few fun mental exercises, as well as an overview of several strategic questioning techniques including analysis of competing hypothesis, red cell analysis, and “what if” analysis. Finally, I will discuss several structured analysis techniques, including two different techniques that can be used specifically for NSM analysis: relational investigation and differential diagnosis.
Chris Sistrunk (@chrissistrunk) ICS/SCADA Defense - Protecting Your DNP3 Networks
Your SCADA system has a DNP3 vulnerability, now what? I shortly summarize the DNP3 vulnerabilities (and other ICS protocols too). Then I focus on the different mitigations that an ICS owner can do to mitigate these types of protocol implementation vulnerabilities even if there is no patch or patches can't be installed.
Mike Reeves (@toosmooth) Scaling NSM to the Enterprise
This is a presentation about how to scale NSM, specifically Security Onion to the Enterprise using OnionSalt. I will discuss the basics of NSM as well as go into detail on ways to make it work in large environments.
Chris Campbell (@obscuresec) PowerShell and You: Using Microsoft’s Incident Response Language
Anyone can write useful security tools in PowerShell. With just a little bit of knowledge you can automate almost anything. From advanced post-exploitation tasks to incident response tools, you can do it with PowerShell! This talk will explain why you should learn a new language and cover the basics to get you started.
Tim Crothers (@Soinull) Techniques for Fast Windows Investigations
A typical organization sees anywhere from scores to thousands of alerts daily. Many of those alerts are indicating a variety of problems with hosts. An all too common approach is to reimage affected systems. Unsurprisingly this is the equivalent of playing whack-a-mole. At the other end of the spectrum the host undergoes a forensics examination taking days of effort. Fortunately there is a middle ground. In this talk we'll focus on techniques to conduct quick yet effective examinations of windows hosts. In many cases we can use these methods to confirm or disprove a breach situation and determine root cause in minutes, not days.
Chris Truncer (@christruncer) Pentester++
This presentation outlines my journey from a systems admin turned novice hacker, to a professional penetration tester and co-developer of the Veil-Framework. As I began to gain experience breaking a wide variety of systems, I wanted to expand beyond tool-centric based testing. I believe that the ability to not only identify the right tool for the job, but to create a solution where one doesn’t exist is an invaluable asset any penetration tester can utilize in their career. This talk will be case-study driven, and will trace the motivation and development process for the projects I’ve worked on. Being able to create your own tools is a skill that is absolutely essential if you want to progress your career to the next level, and I hope my example can spark ideas and motivate others to start their own projects.
Tim Tomes (@LaNMaSteR53) Stored Password Security: The Adobe Guide to Keyless Decryption
It goes without saying that Adobe has made some mistakes as a software company. Quite possibly their largest was the breach that resulted in 153 million user credentials being disclosed to the Internet. The good news is that Adobe's passwords were encrypted. The bad news is that they were encrypted poorly. The worse news is that Adobe isn't alone. Each day greets us with news of a new breach, threatening to compromise our identities. We must address this growing problem of poor stored password security.
David Dewey App Wrapping: What does that even mean
Many security companies today are claiming to "wrap apps" on mobile devices. In digging into the details, it seems that this means a lot of different things to a lot of different people. Depending on how it is implemented, app wrapping can be very powerful; allowing vendors to add much needed security controls to apps users already use. In other cases, the phrase "app wrapping" is being used to mean something entirely different.In this presentation, we explore the different techniques employed by various app wrapping vendors, and evaluate the pro's and con's of each. After attending this presentation, attendees will have a strong understanding of app wrapping and be armed with a battery of questions they can pose to vendors to ensure they can achieve their actual security goals.
Jeff Murri (@InfoSec208) Is that hardware in your toolkit, or are you just glad you’re keeping up?
Friends… The landscape is a changin’, and if you are not integrating hardware devices into your audits (or are not familiar with various hardware solutions available) then soon you will be behind the curve. For the independent or hobbyist security researcher, however, hardware auditing tools are normally out of our reach – some notable exceptions being the Hak5 pineapple and hacked boxes running OpenWRT. Being an information security researcher of very modest means (and a big cheapskate), when a tool drops below $100 I’m a pretty happy guy. When a hardware tool drops below $50.00 then I can’t wait to add it to my toolkit!
Will Schroeder (@harmj0y) Adventures in Asymmetric Warfare: Fighting the AV Vendors
As a co-founder and principal developer of the Veil-Framework, the speaker has spent a considerable amount of time over the past year and a half researching AV-evasion techniques. This talk will briefly cover the problem space of antivirus detection, as well as the reaction to the initial release of Veil-Evasion, a tool for generating AV-evading executables that implements much of the speaker’s research. We will trace through the evolution of the obfuscation techniques utilized by Veil-Evasion’s generation methods, culminating in the release of an entirely new payload language class, as well as the release of a new ..NET encryptor. The talk will conclude with some basic static analysis of several Veil-Evasion payload families, showing once and for all that antivirus static signature detection is dead.
Tim Fowler (@roobixx) When Zombies take to the Airwaves
In a post-apocalyptic world, communication is going to be crucial for the survival and zombies alike. Long range, rapid, and mobile communication is going to be a must in order to properly organize, defend and ultimately survive. So naturally wireless communication is going to be a critical infrastructure but how will it hold up? Can it be leveraged to give us the upper hand?
Jacob Williams (@MalwareJake) Spying on your employees using memory
Many companies can't afford costly employee endpoint monitoring software, yet still have the need to figure out how a (potentially) rogue employee is spending his time on the job. Consider a cheaper solution for employee spying- one that makes use of native Windows services and an investigator's ninja memory analysis skills. Whether it be creating a scheduled task to send a machine to hibernate or instantiating an unsuspected memory dump, targeted employee spying can be done on the cheap. Through process enumeration, browsing history reconstruction and memory-mapped file extraction, watch as we piece together what our trusted insider was doing on their company computer, unbeknownst to his boss. Even if you don't have the need to covertly investigate a rogue employee (yet), this talk will arm you the knowledge to know what is within the realm of the possible. Even if your hat tends to be more black than white, the same techniques can be used for post-exploitation operations against your most valuable targets.
Mark Baggett (@MarkBaggett) Crazy Sexy Hacking
Sponsors:
|
|||||||||||||||||||||||||||||||||||||||||
Comments (0)
You don't have permission to comment on this page.