| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

BeaConSchedule

This version was saved 10 years ago View current version     Page history
Saved by Zach Lanier
on March 27, 2014 at 12:51:57 pm
 

11:00 - BeaCon opens; intro

11:30 - TBA

12:00 - TBA

13:00 - TBA

14:00 - TBA

14:15 - TBA

14:30 - TBA

15:30 - TBA

16:30 - TBA

17:30 - TBA

18:00 - Outro; BeaCon ends 

 


Michael Coppola - Performing Open Heart Surgery on a Furby 

This talk will dive into the world of hardware hacking, as applied to the satanic toy known only as the Furby.  We'll discuss various techniques to reverse engineer and instrument the hardware, including identifying unknown chips, dumping memory, sniffing data buses, and boiling chips in corrosive acid.

 

Michael Coppola is a vulnerability researcher working at a defense contractor, as well as an undergraduate student at Northeastern University. His main interests include Linux kernel exploitation and rootkit development, embedded systems, and burning things with a soldering iron. He has been known to hack unsuspecting Androids and bathroom scales.

 

Dan Crowley - Application-level Denial of Service

While traffic flooding attacks are generally what come to mind when one hears the term "Denial of Service", this is only a very small slice of attacks on availability. Traffic flooding is so often used and so popular because there is never a way to fully protect against it, only ways to reduce its usefulness. To borrow a quote: "Brute force always works. If it doesn't work, you're not using enough." However, traffic flooding attacks are a war of attrition. It all comes down to whoever has the most resources.

 

The more interesting attacks on availability are asymmetric; that is, one person with one 28.8k dialup connection can take down an entire web server. What's more, some of these attacks can be very difficult to block using technologies like WAF and IPS, because they look like completely normal traffic. This talk will discuss various asymmetric denial of service attacks from the historical to the modern to provide a broader understanding of how attacks on availability can be achieved.

 

Daniel (aka "unicornFurnace") is a Senior Security Consultant for Trustwave's SpiderLabs team. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie.Daniel has won assorted CTF events and locksport competitions. Daniel is covered in BEEEEEEEEES. Daniel also holds the title of Baron in the micronation of Sealand and writes in the third person. 

 

Oliver Day - Guerrilla Techniques in Website Defense

Defending websites has become more difficult as advance tools have proliferated in the underground markets. Organizations that are too small to afford IT staff, let alone security staff, are outgunned and have little chance at keeping attackers out. This talk describes a new strategy in web defense that focuses on cheap and fast recovery of web site attacks. We will discuss automated backup and detection strategies that assume the attacker can and will compromise an account that allows them to write files to the web

 

Oliver Day is an information security professional and has consulted for many Fortune 100 companies in the last ten years. He has developed security audits to detect vulnerabilities in computers remotely, performed penetration tests, and architected security through analysis of engineering designs. His information security pedigree includes tenure at companies such as eEye Digital Security, @stake, Symantec, Rapid7, StopBadware and Akamai.

 

Oliver is also deeply fascinated by urban farming and has a thriving herb garden. He likes to study the applications of biostatistics and epidemiological models to predict the spread of computer disease. He is also an avid student of Mandarin and international relations issues in Asia. He lives with one very happy and slightly chubby cat.

 

Paul Drapeau - Steganography in a Commonly Used HF Protocols

TBD

 

Meathead, Grimm, and WoW - Agile Defensive Technologies

The ability to successfully mold with the evolving adversary will be critical in successfully defending an enterprise network. The open IOC community is a global framework of public, private, and government entities that embrace the open IOC concept as a method of detection and incident response. This community can baseline the entire Industrial Base presenting a unified defensive strategy enhancing the security of a nation. IOC Bucket enables everyone the search capability, where customers can search through its reputation database, for any one of the 500+ indicators in the IOC framework returning IOC matches for download. Learn how IOCs work, how to develop them, and how to use them with your current defense mechanisms.

 

Meathead’s areas of professional expertise includes penetration testing, exploitation research, and network defensive technologies.  He also has 7 years’ experience in the network security field.  After graduating from the United States Naval Academy with a degree in Information Technology Meathead was selected as a data communications and satellite transmissions Officer.  He is also a published author in the field of computer security his certifications include Certified Information Systems Security Professional (CISSP), Penetration Testing and Ethical Hacking (GPEN), Certified Ethical Hacker (CEH), Security +, and Network +.

 

WoW is currently an associate conducting assessments on applications, source code, and web assets.  She has over 6 years of experience with DoD and 1 year with commercial networks.  WoW has extensive knowledge on a vast number of security software tools used in the IA Community.  She has a B.S. in Information Technology with a minor in Business and a graduate certificate in Project Management.  

 

Grrimm currently works as a CTO for Polito Inc. conducting penetration testing engagements for public and private clients. He studies a variety for languages such as Python, Java, C#, C, and the list goes on. Grrimm has over 10 years experience in the cybersecurity field within the DoD, federal agencies, and the public sector specializing in Unix security.  He has obtained the GSEC, GPEN and Linux+ certifications.  He has worked on numerous projects at various bases such as Quantico / Dahlgren, VA.   He has both blue team and red team knowledge utilized by MCOTEA and HQMC C4 CY.  He released his first android app last December called Binary Blackout and will continue to release security applications throughout this year.

 

Andrew Murray - TBD

TBD 

Comments (0)

You don't have permission to comment on this page.