2012 BayThreat Speakers
Jay Jacobs - "Infosec Dataviz"
Adam Ely - "BYOD is Changing the Game"
Abraham Kang - "Code Reviewing Applications Built on Web Frameworks"
Kurt Grutzmacher - "A CouNtry's Honerable n3twork deviCes"
Robert Rowley - "Teaching Your WAF New Tricks"
Daniel Peck - "Dynamic Analysis and Exploration of Android Apps"
Sam Bowne*
Christie Dudley - "Will Your Car Betray You?"
Bob Lord, William Tarkington - "Cold Reading"
Billy Rios - "Going over the ICS Waterfall: An analysis of the Tridium Niagara Framework"
Randy Ivener - "Network Threat Defense"
Ankur Chakraborty - "Risk-based Remediation in an Agile World (or Fix it, Stupid!)"
Peter Venkman* - "IR Stories From the Vendor's Haunted Basement"
Allison Miller - "Games We Play: Defenses and Disincentives"
Christie Grabyan - "Where to Start When Securing a Startup?"
Andrew Hay - "Facilitating Fluffy Forensics"
Chort - "My First Incident Response Team: DFIR for Beginners"
King Tuna - "Brobots Poppin Boxen"
Joe Kovacic, Jared Sperli - "One Step Ahead: Defeating Tomorrow's Security Solutions"
Savant - "Shit I Learned on the Red Team (the Hard Way)"
Valerie Thomas - "Social Engineering and Penetration Testing"
Brett Hardin - "Building Your House on Sand"
Colton Ericksen - "Offense In Depth"
Nathan McCauley, Justin Cummins - "Securing Service Oriented Architecture: Secret Management, Authentication, and Authorization"
Kyle Osborn, Jeff Pettorino - "Gated Windows, Unlocked Doors (aka Zero-Exploit Pwnage!)"
Mike Shema, Sergey Shekyan, Vaagn Toukharian - "WebSockets unPlugged"
Rolf Rolles*
* more info to be announced
Check out the talks from 2011 and 2010!
Randy Ivener & Joe Karpanko - "Network Threat Defense"
Summary - "Increasingly botnets, worms, and denial of service attacks threaten the availability of every network, yet few network engineers realize the security benefits that can be obtained by leveraging the infrastructure to handle these attacks. We will discuss how to build a more secure infrastructure and how to leverage inherent network features, such as NetFlow, to provide a full range of attack handling mechanisms. During the talk we will briefly cover these fundamental network security topics:
State of Network Security
Threat Models for IP Networks
Incident Response
Designing Secure Networks
Device Hardening Overview
Introduction to NetFlow
At the completion of the talk we will be hosting a hands-on lab session that covers infrastructure protection techniques and best practices necessary to identify and respond to network attacks using routers and firewalls.
Please bring your laptop for a lab session following the presentation.
Bio: Randy Ivener Bio:
Randy Ivener, CCIE No. 10722 Emeritus, is a Security Manager with Cisco's Security Research and Operations Group. Randy has spent many years as a network security specialist helping companies secure their networks. Randy has presented security topics at industry events such as Blackhat and Cisco Live. Before becoming immersed in information security, he served in the Navy and spent time in software development and as a training instructor.
Joe Karpenko Bio:
Joseph Karpenko is a Senior Security Engineer in Cisco's Security Research and Operations Group. Joseph is a 12-year veteran of technology with expertise in networking, security, data center, and the systems administration fields. Currently Joseph is responsible for developing security solutions that deter, detect, and prevent existing, current, and emerging threats and attacks. Joseph has also been a speaker at multiple conferences presenting on security topics. During his career, Joseph has worked with customers on the design and implementation of large-scale enterprise and data center network and security architectures. Prior to joining Cisco, Joseph worked as a system administrator and senior escalation engineer handling and troubleshooting complex security and network incidents.
Ankur Chakraborty - "Risk-based Remediation in an Agile World (or Fix it, Stupid!)"
Summary - "We love breaking stuff but at some point, we have to act like adults and start fixing them. We have all heard it or said it at some point. You have 30 days to fix it, you have to fix it before your next release etc. Traditionally, these timelines have been static and based upon risk calculations that may be spot on or completely off-the-charts depending on the application portfolio.
In the agile world of software development, software requirements change at the drop of a post-it and developers need to pivot according to those needs. This change in priorities often leads to security issues dropping out because of a changed priority landscape. Risk assessors and managers need to be able to adjust priorities and calculations accordingly in order to have clear picture of threats and risks.
We discuss a methodology of managing remediation in such an environment while mitigating the maximum possible risk, how to scale it across your portfolio and finally, how to move from your traditional "fix it in 30 days" nag to actually getting your development teams to fix security bugs."
Bio: Ankur works at protecting the world from the terrors of the night, wrestling hippopotami, out-swimming great white sharks and writing great works of literature under famous pseudonyms.
In his free time, he pretends to be an information security specialist at Visa.
Peter Venkman* - "IR Stories From the Vendor's Haunted Basement"
Summary - " As part of Baythreat's 2012 First Responder initiative, I would like to contribute with a handful of real Incident Response stories from a hardware vendor's perspective. And these are not new stories, these are stories when organizations were less prepared to respond to security related incidents and when developers were not expecting people messing with packets and reversing firmware images. Everything starts with an IR engagement at the Sedgewick Hotel to investigate a card-payment fraud. At the hotel though, what ends-up happening is that the team captures their first ghost and deposits it in a "containment unit" located in the FireHouse brewery basement. Paranormal and 0-days activity begins to increase and the rest is history. The goal of the story telling is to reflect about the past, what have we learned in the past decade of so, and really, how prepared are we these days to deal with certain types of incidents. From an organization, as well as from a hardware vendor perspective."
Bio: "Peter Venkman is a parapsychologist , member of the Ghostbusters and former member of product incident response teams for networking vendors. He holds PhDs in both parapsychology and psychology and is a GIAC Certified Incident Handler. Originally his professional interests were focused on paranormal phenomena like ESP and playing with traffic generators before protocol fuzzing was cool. He appeared not to believe in ghosts until he actually saw one, just like developers would not believe one would send a malformed ICMP packet to crash a router until they actually saw one. Despite Venkman's lackadaisical attitude, from time to time he has created inventions that help the Ghostbusters and IR teams to save the day. "
King Tuna - "Brobots Poppin Boxen"
Summary - The PLXsert has been on the lookout itsoknoproblembro for more then just a few months. Itsoknoproblembro was not this public 11 months ago but its definitely made a name for itself now. This kit is one of the most complex booter shells we have seen. It may have hushed itself for a little while but past experiences have shown us that it will be back. Though we have not fought this fight alone we will use this time to talk about infection, mitigation, and removal of what is now an infamous booter suite.
Kyle Osborn, Jeff Pettorino - "Gated Windows, Unlocked Doors (aka Zero-Exploit Pwnage!)"
Summary - "
· Systems fully patched? CHECK
· Perimeter firewall up and running? CHECK
· Completed the PCI self-assessment? CHECK
· You must be secure, right?!?
Why is it that many organizations think they have ‘really good’
security, when in fact they aren’t even meeting the bar for “good
enough”? Instead of the big win they are full of fail.
In this presentation we will discuss real situations encountered during
penetration tests and compliance assessments. Real *facepalm* moments,
like the times when the attacker doesn’t even need to exploit a
vulnerability to get access. Compliance won’t protect your network, and
the new shiny firewall won’t guarantee your ROC passes. So what’s a
builder to do, and how can a breaker help his client with this mess?"
Nathan McCauley, Justin Cummins - "Securing Service Oriented Architecture: Secret Management, Authentication, and Authorization"
Summary - "This talk describes a deployed solution for hardening of a service oriented architecture, with focus on key distribution and authentication/authorization. A key distribution strategy is described using a central secret store with client agents installed on each machine throughout the infrastructure. A system for authentication and authorization based on TLS with client certificates is described. The talk contains details of the successes and challenges we faced rolling this out to Square's infrastructure."
Bob Lord, William Tarkington - "Cold Reading"
Summary - "Have you ever met someone who can uncannily tell what your feeling or thinking? Have you ever read a horoscope or psychic prediction and felt it was eerily accurate?
Come learn how cold reading works, the skills you need, and how with just a few basic principles you can blow peoples minds.
To begin Will and Bob will each give a brief demo of their skills something that has illicit strong reactions every time they do.
Then spend the rest of the time as Bob and Will break down each of the aspects of cold reading they use. Instruct you on some basic techniques you can use right away and finally how to spot, and debunk someone using cold reading.
Learning has never been so fun.
Allison Miller - "Games We Play: Defenses and Disincentives"
Summary - "Practitioners of information security often look to the models and tools provided by economics in order to explain the types of controls that will be most effective at limiting the impact of security exposures, ideally deterring attacks completely. For example, the idea that attackers are economically rational is attractive; our resources are limited so we seek to add controls (friction) where they will be most useful, i.e. making an attack "cost" more than the utility an attacker gets out of launching a successful exploit.
In this session we'll discuss how the application of economic theories has been playing out in the real world, and which ideas are the most important to consider when implementing security controls into a system. In particular we'll discuss some principles of game theory, behavioral economics, and design of incentive structures.
Bio - "Allison Miller is Senior Director of Operations at Electronic Arts, where she oversees the business operations of EA's cross-company digital platform. Allison has over 10 years of experience in designing, building and deploying real-time threat detection and prevention systems. Miller is active in the security community and presents research on fraud prevention and account security issues regularly to both industry and government audiences, including the ITWeb Security Summit, Black Hat Briefings, SOURCE Conferences (Boston, Barcelona, Seattle), USENIX/Metricon, and RSA. Prior to joining EA, Miller led Tagged's Security & Risk Management team, managed PayPal's Account Risk & Security team and was Director of Product / Technology Risk at Visa International."
Colton Ericksen - "Offense In Depth"
Summary - "Achieving initial compromise during a penetration test is only the beginning. This presentation will discuss the methods employed by hackers and penetration testers to spread and maintain their presence on a network once they've already obtained access. Tools, techniques, and technical examples will be shown, which may prove useful for both offensive and defensive security professionals. Colton will also share some amusing experiences from real offensive engagements, including hilarious spear phishing campaigns, chained exploitation examples, and other infosec pro-tips."
Bio - Colton Ericksen has worked in various information security roles in his career, including Penetration Testing, Security Research, and Network Security Analysis. Mr. Ericksen currently holds numerous industry certifications, and his professional background includes work with National Defense, Intelligence, and Law Enforcement, as well as commercial and private sectors.
Colton has augmented over 10 years of professional experience in the information technology realm with a long-standing personal involvement with the hacking and underground security community. Mr. Ericksen is a passionate, self-taught member of the offensive security community, with a keen interest in bleeding edge security research, particularly in the areas of Web applications, virtualization, and distributed systems. Colton has presented on, as well as authored, numerous blogs, whitepapers, and other publications related to security, social engineering, and penetration testing.
Mr. Ericksen's approach to security is one viewed through the eyes of a hacker. Colton's extensive experience in performing highly targeted, long term network penetration operations, provides him with the unique insight into the real-world techniques employed by attackers, and the real-world defense-in-depth strategies that can effectively protect against them.
Twitter @cfuty
Brett Hardin - "Building Your House on Sand"
Summary - "You web application is an amalgamation of different software. Proprietary code, open source libraries, and snippets from stack exchange are mashed together. However, when secure code review is looking only at custom code. What about the 85% of the code base using open source? As an organization how can you stay aware of patches to your third party library code?"
Valerie Thomas - "Social Engineering and Penetration Testing"
Summary - "If you're performing penetration tests without social engineering then you're leaving out the greatest security weakness, the human. As a security consultant I've used social engineering to increase my penetration success rate for years. Join me as we discuss the basics of social engineering, its role in penetration testing, and some unique attack vectors I've developed. You'll leave this talk with an understanding of the social engineering attack process and some new tools to get you started. "
Joe Kovacic, Jared Sperli - "One Step Ahead: Defeating Tomorrow's Security Solutions"
Summary - "The discussion will focus on the good, the bad, and the ugly of today's primary anti-malware techniques, how malware creators will remain ahead of the security industry at large, and how technology adaptation will be impeded. "
Savant - "Shit I Learned on the Red Team (the Hard Way)"
Summary - "When I joined the red
team I had a lot of glamorous ideas of what it would be like. Shaken
martinis, high tech gadgets, theme music. But when I got there...
This talk will cover some of the lessons learned on the job. What I
thought it would be and learning how wrong I was. I'll go over some
tricks I've picked up along the way and highlight some of the things
I've done wrong. All at great expense to myself."
Bio: savant is a fashion model for orange camouflage pants.
Billy Rios - "Going over the ICS Waterfall: An analysis of the Tridium Niagara Framework"
Summary - " The Tridium Niagara framework is one of the most prevalent Industrial Control System in the world. Used as a broker between industrial control processes, Tridium can be found in most of the Fortune 500. This talk will cover how the Tridium Niagara device functions, describe the attack surface available, and will describe various exploits for several vulnerabilities that recently patched."