And yes... we did score 2 of the 3 Tiger Team members. w00t!!
Here are the speakers, times and details for Fri & Saturday.
Keynote: Friday May 16 - 2:00 PM
The Art of Espionage (Tactics, Defense, and your Corporation)
TruTV's Luke McOmie, CISSP, NSA-IAM, NSA-IEM &
Chris Nickerson CISSP,CISA, NSA-IAM,17799 Lead Auditor
We have all heard the stories about looted laptops, misplaced media, and stupid user mistakes that have lead to losses in the millions. But what about the incidents that don’t get published or noticed? This upbeat presentation will discuss the role that espionage plays in today’s corporate world and will introduce many new attack and defense techniques. Previously unpublished case studies, a live demonstration, and audience participation will be used to help arm the audience with the basic knowledge needed to implement a multilayered security program that will help defend against these dangerous threats.
Luke McOmie is a Senior Security Consultant for Alternative Technology (an Arrow Company). Luke and the Security Services Team help protect and defend hundreds of the world’s largest companies and organizations. He specializes in Risk Analysis and Incident Response but is well versed in everything from Corporate Espionage to Physical Security. Formerly a senior consultant at the Department of the Interior (Bureau of Communications and Technology), he managed a national CSIRT responsible for Active Threat Defense, Risk Mitigation, and Incident Response. Luke is a senior staff member (goon) at the DEFCON Security Conference (http://www.defcon.org) and also contributes to several computer security organizations including the r00tcellar Security Team, 303, Security Tribe, and OSVDB.
Luke is also the coauthor of Aggressive Network Self Defense of Syngress Publishing and a featured member of TruTV's Tiger Team, a 30 minute reality television program showing the activites of actual penetration tests.
Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on information security in order to help companies better defend and protect their critical data and key information systems. He has created a Unique process to assess, implement, and manage information security strategy, architecture, policies, and procedures in the real world.
Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing and vulnerability assessments, to policy design, computer forensics, and regulatory compliance. Chris’s prior experiences include Developing and managing the Security Services practice at Alternative Technology, Chris was a Sr. Auditor for SOX compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris also served in the U.S Navy. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a 30 minute reality television program showing the activities of actual penetration tests and active assessments.
Friday May 16 - 3:00 PM
New School Information Gathering
Chris Gates, CISSP, GCIH, C|EH, CPTS, EH-Net Columnist
Network information gathering is changing; the days of getting everything you need for footprinting from whois are dead. This talk is about using current open source tools to generate a detailed target footprint without sending "non-standard" traffic to the organization. This detailed information includes network ranges, hostnames, dns information, and email addresses for client side attacks.
Chris Gates is an Ethical Hacker Network Columnist and VP of operations for http://www.learnsecurityonline.com/. For his day job, he currently works as a penetration tester for a large government contractor. In the past he worked for the US Army as a signal officer and over the years has worked with various satellite communications systems, worked with various deployable communications packages that allowed network connectivity in remote locations, served as a system and network administrator and as an Information Assurance Security Officer. Chris also holds his CompTIA A+, Network+, Security+ Certifications and is a Microsoft Certified Professional (MCP) for Server 2003.
Friday May 16 - 4:00 PM
Simple Principles to Protect Information and Control Now and Tomorrow
Matthew E. Luallen, CISSP, GIAC, CCIE
All too often we are caught up in the lure of securing with electronic controls. We are required to do so in today's automated world - HOWEVER, we are also lost in this same realm with truly understanding each control and their relationship to each other. We are essentially swimming in technology that many are isolated from understanding and internalizing - while many sharks lurk directly in front of us. Configuring firewalls, building web applications, protecting identities, securing financial transactions, all from interpreted regulations that drive the process forward. All too often, and easily, time is dedicated to protect, to defend, to build .. but limited time is given to understand. I have reflected on the process and have identified simple, but important principles to follow while architecting, integrating, supporting and decommissioning systems. In this one hour session I will share with you my insights and give you career building ideas on preparing for the future.
NOTE: The SCADA lecture, for many reasons, has been postponed indefinitely. If interested DCS/SCADA accountable parties would like to discuss securing process control systems on a one-on-one basis I will make myself available to you.
Matthew E. Luallen is a well-respected information professional, researcher, instructor and author. Mr. Luallen serves as the President and Principal Consultant of Sph3r3, LLC., a strategic and practical educational and consulting company. With Sph3r3 Mr. Luallen consults with both governmental and commercial sectors including a multi-client base of corporations, public utilities, financial institutions and healthcare organizations. He has provided assistance and architectural support for many information security projects including integrating compliance requirements associated with SOX, HIPAA and the NERC CIP standard. Recent endeavors include architecting and integrating protective controls for financial market transactions, virtualized environments and SCADA systems. Prior to incorporating Sph3r3, Mr. Luallen provided strategic guidance for Argonne National Laboratory, U.S. Department of Energy, within the Information Architecture and Cyber Security Program Office. In an effort to promote education and collaboration in information security Mr. Luallen is an instructor and faculty at several institutions. Mr. Luallen is adjunct faculty for DePaul University instructing the Computer Information and Network Security Masters degree capstone course. He is also a certified instructor and CCIE for Cisco Systems instructing security technologies such as firewalls, intrusion prevention, virtual private networks and general secure information architecture. As a certified instructor for the SANS Institute Mr. Luallen teaches wireless security, web application security and security essentials. Mr. Luallen is a graduate of National Technological University with a Master's Degree in Computer Science, Mr. Luallen also holds a Bachelor of Science degree in Industrial Engineering from the University of Illinois, Urbana.
Friday May 16 - 5:00 PM
A Look into Defense-In-Depth Security
Kelly Housman, Microsoft
A holistic approach to security throughout the enterprise. With today’s latest threats organizations need a comprehensive approach to security. A layered defense using multiple technologies across the infrastructure. This will include topics such as Network access protection, Anti-virus and Anti-Spam strategies, Edge protection, Desktop security, and IPSec domain isolation.
Kelly Housman has over 12 years of IT experience with the past 3 years of that with Microsoft Security technologies. He has an in depth knowledge of Microsoft’s security portfolio including ISA Server and Microsoft’s Forefront. He also holds certifications for both of those lines of products. He has been heavily involved with helping enterprises deal with complex security concerns around messaging and collaboration for the past 8 years. Prior to working at Microsoft, Kelly was an Internet security and international administrator supporting a global steel construction company. He also held security positions in the gaming industry.
Keynote: Saturday May 17 - 9:00 AM
Windows Command-Line Ninjitsu
Matthew Carpenter, SANS, Intelguardians
Compromised a Windows box? Learn new ways to leverage the power of the Windows Command-Line. Did I just say "power" and "Windows Command-Line" in the same sentence? Come to the talk and find out how to use Windows own weight against itself to bend the 0wned box to your pen testing will.
Matthew Carpenter is a Senior Security Consultant with Intelguardians. With a background in telecommunications and server infrastructure, Matthew brings a great deal of technical and business perspective to any forum. Matthew is a Community SANS Instructor and mentor for SANS, teaching about hacker techniques, attacks, defenses and recovery. Having spent most of his early career consulting and teaching audiences ranging from network engineers to administrative staff, Matthew is able to effectively communicate technical security concepts at an appropriate level, and has spoken in many security/hacking venues, foreign and domestic.
Matthew's expertise is in security penetration testing, digital forensic analysis, security incident response, and vulnerability/risk assessments. Matthew has provided security audits at many levels, ranging from network vulnerability assessment to deep binary security analysis. He has released several tools to the community pertaining to wireless security auditing and binary analysis, designed and developed several network service appliances, and has written and released a Java application server. Prior to working with Intelguardians, Matthew spent eight years at a major manufacturing/ecommerce corporation where he provided many of the services he currently engages in for Intelguardians' clientele.
Saturday May 17 - 10:00 AM
Understanding Heap Overflow Exploits
Jack Koziol, Infosec Institute
Jack will present on the most common type of heap overflow exploits for Linux and Windows. He will briefly explain how dynamically allocated memory works, its interaction with the heap memory structure, and how a normal heap operates. Jack will then demonstrate how heap overflows occur, and how they can be exploited on Linux, Windows 2000 and Windows XP SP2 with Data Execution Prevention (DEP) enabled. Depending on various circumstances, Jack may be able to demonstrate a new type of heap overflow technique for Windows Vista found while auditing the Adobe Flash player. Expect to laugh, cry, and be entertained!
Jack Koziol is a Senior Instructor and Security Program Manager at the InfoSec Institute and a provider of advanced ethical hacking training. He regularly is called upon to train members of the United States intelligence community, military, and federal law enforcement agencies. Additionally, Jack provides training for Fortune 500 companies, such as Microsoft, HP and Citibank on how to better secure their networks and applications. Jack has appeared in USA Today, CNN, MSNBC, First Business and other media outlets for his expert opinions on information security. Jack is the lead author of The Shellcoder's Handbook.
Saturday May 17 - 11:00 AM
The Renaissance of Human Exploitation
Mike Murray, Neohapsis
Information security has seen some major changes in the paradigms of attackers through the past 15 years. From the early days of social engineering, through the golden age of server hacking, and to the present times where the human is once again the target, we have seen significant changes in the way that attackers exploit targets. Mike Murray, Director of Neohapsis Labs and social engineering expert will detail those changes and provide a detailed understanding of the types of skills that are being used to exploit human targets today, as well as examples of strategies that you can take to defend against skilled social engineers.
Mike Murray has spent his entire career in information security, starting in the late 90's as a penetration tester and vulnerability researcher up to his current position as the Director of Neohapsis Labs, where he heads up research, testing and analysis of security products. His years of experience as a vulnerability researcher and leader of research teams have convinced him that the most important system to focus on in information security is the human system. His past few years, while continuing his work on the information security side with nCircle, LURHQ and Liberty Mutual, have been spent focusing extensively on the human side of security. His work helping other security professionals realize how to build a great career in security has been widely recognized, and his talks at major conferences about advanced social engineering techniques have been extremely well-reviewed. Mike's thoughts can be found on his blog at Episteme.ca, as well as his career site at ForgetTheParachute.com. He is the author of an upcoming book from No Starch Press on the intricacies and skills behind advanced social engineering and human exploitation.
Saturday May 17 - 12:00 Noon
More Fun With Cain
Brian Wilson, CISSP, CCSE, EH-Net Columnist
Brian will explain some of the features and tools in Cain & Able and also show live examples of MITM Attacks, Password Auditing, VoIP Captures, & much more. With Cain and an Active MITM Attack, you can also launch Wireshark and record all packet flows on a switched network. This is very useful for network monitoring and trouble shooting. Brian will also have some pre-recorded videos to back-up the demo if there are any technical issues.
Brian Wilson has over 13 years experience in IT starting with a tour in the United States Army, this Ethical Hacker Network Columnist has worked in and out of the US Government in many different organizations and technical roles including a stint as a Cisco Certified Instructor. Currently he works for an industry leading vendor supporting millions of customers of broadband & VoIP services. He has attained a number of industry credentials covering many aspects of IT including CCNA, CCSE, CCAI, MCP, JNCIA, Network+, Security+, and many DoD Certifications. He also uses his knowledge of IT to benefit a number of charitable organizations.
Saturday May 17 - 1:00
Saturday May 17 - 3:00 PM
Pen Testing War Stories
Steven McGrath, Chicago 2600
This presentation will be talking about the trials and tribulations of some past penetration tests and how to avoid them in the future. These "Warstories" are intend to be both entertaining and educational. Presented will be examples of systems to avoid scanning, and network misconfigurations are brought out into the light... bare and for all to see.
Steven McGrath is an Information Security Engineer for a large enterprise. With a past history in vulnerability assessment and penetration testing financial institutions, he has a knack for breaking things and then posing how to fix them. With a heavy Linux and UNIX background most of the projects he works on are focused on these and security related topics. Just make sure you put rediculously large dish repellent on the roof of your car before speaking with him. Current Projects: Nmap Manager Script, CUGNet Project, ISSA Chicago's Website, ChiSNORT Admin, Chicago2600 Admin, DefCon312 Admin, Chigeek.com
Saturday May 17 - 4:00 PM
Computer Forensics 101 - Internet Investigations
Jeremy Martin, Cyber Warfare Instructor
Computer forensics is relatively straight forward. If the data is on the disk, it can be retrieved. This presentation will cover searching a hard disk for internet activity including data carving of email, webmail, internet history, and the registry to build an evidentiary scope of what was done on the system. The attendee should walk away with a better understanding of computer forensics and how to find evidence relating to an Internet investigation.
Jeremy Martin is a Senior Security Researcher that has focused his work on Red Team penetration testing, Computer Forensics, and Cyber Warfare. Starting his career in 1995 Mr. Martin has worked with Fortune 200 companies and Federal Government agencies, receiving a number of awards for service. Jeremy is a published author, teaches, and speaks at security conferences around the world. Current projects include vulnerability analysis, threat profiling, exploitation automation, anti-forensics, and reverse engineering malware. Mr. Martin currently holds over 20 professional certifications including: CISSP-ISSAP/ISSMP, NSA-IAM/IEM, CEI-CHFI/CEH/CNDA/ECSA/LPT, IPTQ/IPTE, CASS, CHS-III, ACSA, Network+/A+. He is also active in the Information Security/Assurance world and is the current President for the Open Information Systems Security Group (OISSG) while sitting on the Board of Directors for Denver’s Infragard chapter. Jeremy is also an active member of the Business Espionage Controls & Countermeasures Association.
Saturday May 17 - 5:00 PM
Le’go My Stego
James Shewmaker, Bluenotch, SANS
What happens when viral marketing meets hidden data? In the new media world of Web 2.0, massive content can hide massive data. How can steganographic techniques survive media conversion? This talk will discuss the impact, potential, and demonstration using freely available remote storage to stash your data.
James Shewmaker has over 15 years experience in IT, primarily developing appliances for automation and security for broadcast radio, internet, and satellite devices. He is one of the first GIAC Platinum certified Malware (GSM) experts. Jim has written and audited questions for GIAC and is on the Advisory Board. Jim is a founder and active consultant for Bluenotch which focuses on investigations, penetration testing, and analysis. He has contributed to the courseware in various SANS courses including Security Essentials and Reverse Engineering Malware: Advanced Techniques.