Wrecking Ball Talk – Security B-Sides Orlando 2016 Presented By FC² http://bsidesorlando.org/2016 Bringing Infosec to Central Florida Since 2013 Mon, 03 Oct 2016 13:56:28 +0000 en-US hourly 1 Sanders Diaz | Introduction to Custom Protocol Fuzzing http://bsidesorlando.org/2016/sanders-diaz-introduction-to-custom-protocol-fuzzing Thu, 28 Jan 2016 19:42:16 +0000 http://bsidesorlando.org/2016/?p=249

Abstract

Hunting for vulnerabilities in custom protocols can be shrouded in mystery to the novice. While there are many resources on the subject, its hard to find a single source of information that introduces the process from start to finish. This talk aims to introduce the tools and process involved in reversing an unknown protocol, interfacing with it, and ultimately fuzzing it to find vulnerabilities.

The talk will address the questions:

  • How does reversing and fuzzing protocols benefit my security program?
  • Who should do this kind of work?
  • What will I need?

It will also introduce you to netzob, scapy, wireshark dissectors, nmap NSE, and sulley.

Bio

Sanders Diaz is a Penetration tester based in the Central Florida region, working as a consultant in the public sector. He currently holds SANS GPEN and GXPN certifications. Along with penetration testing, Sanders nurses a healthy interest in development, reversing, gaming, and cars.

]]>
Itzik Kotler | Goodbye Data, Hello Exfiltration http://bsidesorlando.org/2016/itzik-kotler-goodbye-data-hello-exfiltration Tue, 26 Jan 2016 15:45:02 +0000 http://bsidesorlando.org/2016/?p=256

Abstract

Penetration testing isn’t about getting in, it’s also about getting out with the goodies. In this talk, you will learn how leverage commonly installed software (not Kali Linux!) to exfiltrate data from networks. Moving on to more advanced methods that combines encryption, obfuscation, splitting (and Python). Last but not least, I’ll address data exfiltration via physical ports and demo one out-of-the-box method to do it.

Bio

Itzik Kotler is CTO and Co-Founder of SafeBreach. Itzik has more than a decade of experience researching and working in the computer security space. He is a recognized industry speaker, having spoken at DEFCON, Black Hat USA, Hack In The Box, RSA Europe, CCC and H2HC. Prior to founding SafeBreach, Itzik served as CTO at Security-Art, an information security consulting firm, and before that he was SOC Team Leader at Radware. (NASDQ: RDWR).

]]>
Jonathan Echavarria | Pwning pwners like a n00b http://bsidesorlando.org/2016/jonathan-echavarria-pwning-pwners-like-a-n00b Tue, 26 Jan 2016 15:36:23 +0000 http://bsidesorlando.org/2016/?p=252

Abstract

Cybercrime, blackhat hackers and some Ukrainians.

If that doesn’t catch your attention, then stop reading. Follow the story of how stupid mistakes, OPSEC fails, and someone with a little too much time on his hands was able to completely dismantle a spamming and webshell enterprise using really simple skills and techniques you could pick up in a week. Did we mention that d0x were had as well?

This talk will be an in-depth examination at the investigation and exploitation process involved.

Bio

Jonathan is an information security professional working for ReliaQuest, LLC in Tampa, FL. His areas of interest revolve around red teaming, cybercrime, malware and threat intelligence.

]]>
Thomas Richards | Red Team Yourself http://bsidesorlando.org/2016/thomas-richards-red-team-yourself Tue, 19 Jan 2016 15:35:55 +0000 http://bsidesorlando.org/2016/?p=234

Abstract

So your organization conducts regular tests with $automated tool. Want to bring your security testing program to the next level? Red Teaming will give your organization a goal based, adversarial emulating approach to see how secure it really is. In this talk we will cover what red teaming is and how it can be applied to your organization to add a new level to your security program.

Bio

Thomas Richards, Senior Consultant, has been with Cigital since 2012. His primary areas of expertise include Red Teaming and Mobile Security. He is an Offensive Security Certified Professional (OSCP) and a member of TOOOL. Thomas spends his days guiding clients through secure mobile application development and secure web services API design. In his free time, he enjoys playing guitar, camping, and spending time with his wife and four kids.

]]>
Vikram Dhillon | IoT Security http://bsidesorlando.org/2016/vikram-dhillon-iot-security Mon, 18 Jan 2016 02:45:31 +0000 http://bsidesorlando.org/2016/?p=218

Abstract

Internet of Things has become the biggest buzzword to come out from 2015. But there are some serious efforts by big tech companies like IBM to create next generation technologies that talk to each other using the same language. What kind of security policies will we be able to design for a new type of networking? How do our traditional approaches work and where can we draw new inspiration from?

This talk focuses on some recent attacks on IoT technologies and what we have learned from them. More interestingly, what kind of attacks do the experts speculate will happen when IoT is more prevalent. What will be the implications of DoS when everything is online? A cautionary tale, but it almost feels like we’re living in the best of the times.

Bio

Developer, hacker and part time blogger.

]]>