A lot of people have talked about the potential of mobile malware. This is real stuff. In this talk we look at tools and techniques that have been used in the wild and draw some conclusions. Example of a skyrocketing (and profitable) malware threat, one technique for distributing malware and one piece of malware you willingly install on your phone.

Bio

James has worked in a variety of Engineering and Information Technology positions including serving as a Director of IT and several consulting gigs.  James’ primary area of interest at Team Cymru is data processing, and additionally has spent time focusing on generalized solutions to Information Security problems and process automation.

The post James Shank | The State of Mobile Malware appeared first on Security B-Sides Orlando - April 11 – 12, 2015 -.

Security competitions are an important part of educating and providing simulated real-world information security experience to students. They provide a sandbox that is intended to simulate the types of network services and scenarios that will be encountered in the modern enterprise. The Information Security Talent Search (ISTS) is one such competition hosted annually by the Rochester Institute of Technology. Recognizing the importance of voice services in the modern business, the ISTS team developed a more comprehensive voice architecture for ISTS 12 in 2015. This talk explores the infrastructure that was developed, vulnerabilities that were introduced, operational results of the competition, and ideas for future growth. It is ideal for students and organizers of security competitions, as well as those who are new to voice over IP, Asterisk, and the security concerns surrounding these topics.

Bio

Anthony Critelli graduated summa cum laude from the Rochester Institute of Technology with a B.S. in Networking and Systems Administration in May 2014. He designed, deployed, and operated the voice infrastructure for the 2015 Information Security Talent Search at RIT. He has a strong interest in voice over IP and its security, particularly as implemented on Asterisk platforms. Anthony currently works in network operations at Harris Corporation.

The post Anthony Critelli | Implementing Voice over IP in Security Competitions appeared first on Security B-Sides Orlando - April 11 – 12, 2015 -.

Drones are the hot sh*t these days! Yeah, you can go and buy one from Amazon or your local hobby shop, but don’t you think building one would be much more fun? This is where the Quadcopter of Doom workshop comes into play.

In this event, you will learn about how multirotors work, what components they are made of, the construction process, and ultimately, some flight time!

This workshop includes:

• 250 Quad Frame
• 1900Kv Motors (And Props)
• 12A SimonK ESCs (Voltage Regulators)
• KK2.1.5 Flight Controller (Brain)
• 5CH Radio Transmitter (Remote)
• LiPo Battery and Charger
• All other tools and equipment needed

Workshop registration is required.

Bio

Jonathan is one of the primary organizers of BSides Orlando, Co-lead of OWASP Orlando, Co-founder of Hack@UCF, Co-founder of CitrusSec, and all around nerd. Be sure to say hello to him around the conference.

The post Jonathan Singer | Quadcopter Workshop of DØØM appeared first on Security B-Sides Orlando - April 11 – 12, 2015 -.

“Brainstorming Your Brand” will focus on helping IT and Security professionals understand all of the aspects of their personal brand and find creative ways to develop and enhance their brands. This is a hands-on workshop, where you will participate in brainstorming for brands of your peers in the group and walk away with actionable ideas and a Mind Map of your brand.

Goal: Learn about the anatomy and evolution of branding and walk away with a Mind Map for your personal or business brand and the start of a plan for creating, developing, enhancing (remodeling) and promoting your brand.

Agenda:

• Introductions (Facilitator (Christa Pusateri, Wisegate & President of Hook Marketing & Design) and Participants) and overview of the workshop – 10 Min
• Brand Identity, Assets & Collateral -15 Min
• Brainstorming Ideas, Resources and Mind Maps -15 Min
• Break- 10 Min
• Creative Group Collaboration – Take 10 minutes per member to brainstorm the brand (40-50 Minutes)
• Promoting Your Brand – High Level Overview of Marketing, PR and Social Media Basics (10 Minutes)
• Wrap Up & Your Next Steps (Homework) – 10 min

Workshop registration is required.

Bio

Christa Pusateri is a trusted advisor to IT and InfoSec leaders and marketing professional with over 10 years of marketing, sales, and branding experience. As Director of Member Recruitment at WisegateIT.com, she helps IT, InfoSec and Risk leaders connect with expert peers to solve problems, save time, save money and promote their expertise. She is a creative problem solver, entrepreneur, student, coach, geek, and devoted wife and mother.

The post Christa Pusateri | Brainstorming Your Brand & Influencing Others appeared first on Security B-Sides Orlando - April 11 – 12, 2015 -.

In this workshop, students will learn basics of data science as they apply to analyzing common security-related data. Prediction, anomaly detection, interaction graph analysis and clustering will be demonstrated as tools for incident response, forensics and planning. This workshop makes no assumptions about the data science experience, or math background of attendees, nor does it attempt to be a general data science course. Instead, this course focuses on practical, applied techniques and methods which may be used by any security practitioner to better understand their environment, regardless of scale.

Workshop registration is required.

Bio

Rob leads Big Data platform architecture for Akamai, building compute, storage, and transport systems processing over an exabyte a year. He is the Chair of the Akamai Center of Excellence in Machine Learning, founder of the BSides Ground Truth track, and author of the Blarpy anomaly detection tool. Additionally, he brings academics to reality as co-editor of the Journal of Big Data. He is also the founder of Red Lambda, and its former CTO.

The post Rob Bird | Intro to Data Science for Security appeared first on Security B-Sides Orlando - April 11 – 12, 2015 -.

This hands-on workshop is a rapid introduction to key artifacts and techniques for investigating compromised Linux systems using Linux tools. We will cover collecting and analyzing disk and memory evidence, showing you where to look and introducing tools every investigator should know.

Workshop registration is required.

Bio

Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the US and Europe and global corporations. Hal is a SANS Faculty Fellow, and a respected author and speaker at industry gatherings worldwide.

The post Hal Pomeranz | Linux Forensics appeared first on Security B-Sides Orlando - April 11 – 12, 2015 -.

With all the different possible layers of Defense in Depth, security professionals often ask how much do I really need to know to effectively apply Defense in Depth in protecting assets and data. There’s a professional certification in IT security where the exam is often described as a “mile wide, an inch deep”. This talks seeks to discuss the reality of how information security requires that professionals go beyond the basic understanding of layers they are implementing to learn and properly apply defense in depth.

Bio

Ryan is currently an IT Security and Compliance Manager with a local government entity and an independent security consultant. He has over 10 years experience in IT and IT Security including security operations, monitoring, incident response, and compliance. He attained his Bachelor’s degree in Information Technology at the University of Central Florida and holds CISSP, CISA, and EnCE certifications.

The post Ryan Buenaventura | Defense in Depth – A Mile Wide, A Mile Deep appeared first on Security B-Sides Orlando - April 11 – 12, 2015 -.

Wanna teach your kid to be a hacker but don’t know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career … or at least make our children a more security-conscience adult in whatever field they choose.

Bio

grecs has almost two decades of experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career ever since.

The post grecs and pupstrr | Project KidHack – Teaching the Next Next Generation Security through Gaming appeared first on Security B-Sides Orlando - April 11 – 12, 2015 -.

Business Intelligence is one of the many powerful types of information we can gather on targets through reconnaissance. However, besides using search engines, many of the sites available either have restrictions in place to try and protect customer data or have API services which require paying for credits. As hackers, it is in our nature to try and evade these types of restrictions in order to obtain the data we are in need of.

I will demonstrate a case example of bypassing and abusing LinkedIn business processes to gather intelligence on your target. Who said reconnaissance can’t be sexy?

Bio

Danny Chrastil is a hacker of all things web. Coming from a past life of web development and system administration, he has retained his passion for writing code and enjoys writing scripts that make hacking more efficient and interesting. Danny is a Sr. Security Consultant for HP Fortify on Demand, and has been in web application security for 6 years.

The post Danny Chrastil | What I know about your Company! Hacking LinkedIn Business Processes appeared first on Security B-Sides Orlando - April 11 – 12, 2015 -.

Kerberos, besides having three heads and guarding the gates of hell, protects services on Microsoft Windows Domains. Its use is increasing due to the growing number of attacks targeting NTLM authentication. Attacking Kerberos to access Windows resources represents the next generation of attacks on Windows authentication.In this talk Tim will discuss his research on new attacks against Kerberos- including a way to attack the credentials of a remote service without sending traffic to the service as well as rewriting tickets to access systems.He will also examine potential countermeasures against Kerberos attacks with suggestions for mitigating the most common weaknesses in Windows Kerberos deployments.

Bio

Tim is a senior technical analyst at Counter Hack, a company devoted to the development of information security challenges for education, evaluation, and competition, as well as security consulting. Tim is also a Certified Instructor with SANS.

Tim dislikes pants.

The post Tim Medin | Attacking Kerberos: Kicking the Guard Dog of Hades appeared first on Security B-Sides Orlando - April 11 – 12, 2015 -.