Abstract

Knowing how to perform basic network forensics can go a long way in helping infosec analysts do some fundamental analysis to either crush the mundane or recognize when its time to pass the more serious attacks on to the the big boys. This presentation covers environment options for making your network monitor-able, three quick steps to triage and analyze alerts, and integrated distros that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a “ninja” per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of network forensics.

Bio

grecs has two decades of industry experience and undergraduate/graduate engineering degrees. After doing the IT grind, he discovered his love of infosec and has been pursuing it since. Currently, he spends his days as a senior cyber analyst enhancing customer defenses through advanced analysis, customized training, and engineering improvements. In his free time grecs is an international speaker and blogger covering a range of defensive topics.

Abstract

Over the past few years exploit kits have been widely adopted by criminals looking to infect users with malware.The exploit kit then proceeds to exploit security holes, known as vulnerabilities, in order to infect the user with malware. The entire process can occur completely invisibly, requiring no user action. In my research I try to deconstruct cyber kill chain involving one of the most notorious exploit kits used by cybercriminals – a kit known as Angler exploit kit. This talk will cover the evolution of AEK, it’s role in raising of ransomware threat, tricks used to send user web traffic to Angler landing pages, and methods to deliver payloads. It will also cover procedures that allowed us at OpenDNS to proactively discover and block landing pages and mitigate the risk of infections delivered by AEK, as well as the preventative measures that end-users and systems administrators can take to mitigate their risks.

Bio

I am current security analyst and penetration tester in the past.

Abstract

Almost everything you do on the web is being read and tracked. The web is no longer static HTML. Advanced browser features such as Javascript, cookies, and HTML5 are fantastic for making rich featureful sites, but they can also compromise your privacy. During the course of a typical web browsing session, information about what you read and who you are can be sent to hundreds of third party trackers without your knowledge or consent.

In this talk Cooper Quintin, Staff Technologist with the Electronic Frontier Foundation, will discuss the who, what, why and how of web tracking. He will demonstrate two tools: Panopticlick – EFF’s website demonstrating browser fingerprinting, and Privacy Badger – a browser extension to stop online tracking.

He will also discuss EFF’s plan to stop non-consensual third party tracking on the web once and for all.

Bio

Cooper is a security researcher and programmer at EFF. He has worked on projects such as Privacy Badger, Canary Watch, Ethersheet, and analysis of state sponsored malware. He has also performed security trainings for activists, non profit workers and ordinary folks around the world.

Abstract

With so many people taking advantage of the cloud, no one really thinks about how the cloud is taking advantage of you. We will be taking an in-depth look at the pros, and mostly cons, of the datacenter clusters that we harmlessly refer to as cloud infrastructure. These pros and cons shift from whitehat to blackhat in an instant depending on the circumstances. From using online backup for your corporate office, to an attacker breaking in, encrypting your cloud data, and ransoming it back to you. While a fortune 500 organization uses the cloud for their storage and email, there is another server physically sitting right next to it propagating exploit kits. We will be presenting real-world examples of how easy it is to hide in the cloud as an attacker, and how impossible it is to hide in the cloud for everyday users. Whether it be saucy selfies, bank or medical records, or even just highly valued data in general; How safe do you actually think it is…on someone else’s computer?

Bio

Caleb is a Malware Analyst at Cylance, practicing dirtywhitehat, and frequent contributor to the information security community both online and at technology security events. Caleb enjoys long walks on the beach with polymorphic malware in his leisure.

Evan also serves as a Malware Analyst at Cylance, constantly disseminating new threat intelligence among his team and performing security incident reconstruction in his spare time. Based in Raleigh-Durham, North Carolina, in his free time Evan is an avid lock picking enthusiast and penetration tester who enjoys finding holes in virtual and physical security controls of all kinds, belgian waffles and hacking all the things.

Abstract

This talk describes how/why system owners need to start taking responsibility for their own security. The fact that my city has a police department does not mean that I don’t lock my door or that I am not vigilant about my own property. Sadly, in IT today, this has gotten lost. Systems are breached for weeks/months at a time with no one knowing that it is going on. This year, globally there will be over a million INFOSEC positions that need to be filled. The fact is, there are not a million IT professionals looking for work, much less INFOSEC. We can add more eyes and intelligence to the challenge by enlisting system owners to take SOME responsibility for their own security.

Bio

John Smith has 18 years in IT, 16 in the enterprise before going to the vendor side. Unlike a lot of your speakers he is, in fact, NOT an INFOSEC practitioner. He does consider himself and have throughout his career, a person responsible for security. As security teams have evolved, system owners themselves have all but absolved themselves of taking any responsibility for their own security. He wants to change that!

Abstract

In digital forensics, sometimes you get a case where the standard tools do not provide the information you need. Whether you need metadata and files from an obsolete file system or you need to extract the data from unsupported file types, writing digital forensics tools in Python gives you abilities beyond those of widely used tools. In this session, learn about some of the Python toolkits and techniques that can help you solve those tough, unexpected digital forensics problems. A case study will be presented to show how Python was used to extract metadata and files from the legacy Macintosh File System (MFS).

Bio

Evan Dygert is a software developer and forensic computer specialist with over 30 years experience with a variety of computer languages, platforms, and databases. He has also been providing expert consulting, expert witness and computer forensic services in intellectual property and contract dispute cases for over 10 years. He is currently working on his Ph.D. dissertation in Computer Information Systems.