Infosec Events » Parties

CanSecWest 2010 Agenda

glenn — Tue, 23 Mar 2010 14:19:49 +0000

Canada’s premier conference is starting tomorrow, March 24! CanSecWest is the most comprehensive and advanced applied digital security event in North America. With cutting-edge speakers delving into a host of highly-informative and highly-technical sessions, this is one security conference you would not want to miss.

Unlike most events, CanSecWest features a single track of presentations, distilling all the latest, emergent infosec knowledge and techniques into a single focused series of talks. Here is the schedule for this event:

Wednesday March 24

10:30 – 13:00 Registration

13:00 – 14:00 Internet Nails – Marcus Ranum, Tenable

14:00 – 15:00 Under the Kimono of Office Security Engineering – Tom Gallagher & David Conger, Microsoft

15:00 – 15:30 Break

15:30 – 16:30 Automated SQL Ownage Techniques – Fernando Federico Russ, Core

16:30 – 17:30 Can you still trust your network card? – Yves-Alexis Perez & Loïc Duflot

Thursday March 25

08:30 – 09:00 Registration & Breakfast

09:00 – 10:00 SEH overwrite and its exploitability – Shuichiro Suzuki, Fourteenforty

10:00 – 10:30 Second Breakfast

10:30 – 11:30 There’s a party at ring0, and you’re invited. – Julien Tinnes & Tavis Ormandy, Google

11:30 – 12:30 Babysitting an army of monkeys: an analysis of fuzzing 4 products with 5 lines of Python – Charlie Miller, Independent Security Evaluators

12:30 – 13:30 Lunch

13:30 – 14:30 ShareREing is Caring – Halvar Flake and Sebastian Porst, zynamics GmbH

14:30 – 15:30 Cisco IOS Exploitation with IODIDE – Andy Davis, KPMG

15:30 – 16:00 Break

16:00 – 17:00 Random tales from a mobile phone hacker – Collin Mulliner

17:00 – 18:00 Legal Perspectives of Hardware Hacking – Jennifer Granick, EFF

18:00 – 19:00 Lightning Talks – Various

20:00 – 1:00 Party – Venue TBA

Friday March 26

08:30 – 09:00 Breakfast

09:00 – 10:00 Stuff we don’t want on our Phones: On mobile spyware and PUPs – Jimmy Shah, McAfee, Inc

10:00 – 10:30 Second Breakfast

10:30 – 11:30 Practical Exploitation of Modern Wireless Devices – Thorsten Schroeder and (contributing) Max Moser, Dreamlab Technologies

11:30 – 12:30 RFID Hacking at Home – Dr. Melanie Rieback, Vrije Universiteit Amsterdam

12:30 – 13:30 Lunch

13:30 – 14:30 Advanced Mac OS X Physical Memory Analysis – Matthieu Suiche

14:30 – 15:30 Full Process Analysis and Reconstitution of a Virtual Machine from the Native Host – James Butler, MANDIANT

15:30 – 16:00 Break

16:00 – 17:00 Through the Looking Glass: An Investigation of Malware Trends and Response Activity – Jeff Williams, Microsoft

17:00 – 18:00 The Jedi Packet Trick takes over the Deathstar: taking NIC backdoors to the next level – Arrigo Triulzi, Independent Security and Networking Consultant

18:00 – 19:00 C8H10N4O2 and C2H6O (and teardown)

We’re sure a lot of you are waiting for a few of these session and what they have in store. If you’re going to the conference and want to meetup, leave a comment below.

Week 10 in Review – 2010

glenn — Mon, 15 Mar 2010 08:30:21 +0000

Events Related:

RSA related posts
- Chattin’ With the Boss: “Securing the Network” (Waiting For the Jet Pack) – rationalsurvivability.com
- RSA Interview (c/o Tripwire) On the State Of Information Security In Virtualized/Cloud Environments. – rationalsurvivability.com
- RSAC2010: ISC2 – mckeay.net
- Pics from the RSA Codebreakers Bash – tripwire.com
- Videos from the RSA Codebreakers Bash – Spinning and Hoops – tripwire.com
- RSA Conference 2010 Recap (Round 1): – visiblerisk.com
- RSA 2010/Security BSides Recap – Day 02 – infosecramblings.com
- RSA Conference Wrapup – ha.ckers.org

Resources:

Security BSides Slides – slideshare.net/BSides
The slides from the recent unconference.

Tools:

SAHI – Web Automation & Application Security Testing Tool – sahi.co.in
Sahi injects javascript into web pages using a proxy and the javascript helps automate web applications.
Plecost v0.2.2-7 – iniqua.com
Wordpress finger printer tool to search and retrieve information about the plugins versions installed in Wordpress systems.
OpenSCAP v0.5.7 – scap.nist.gov
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas.
Flint v1.0 – runplaybook.com
Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems.
Samhain v2.6.3 – la-samhna.de
The update includes fixes for email code regression.
Beltane v2.3.19 - la-samhna.de
Fixes for Oracle database paths were included here.
Vordel SOAPbox – vordel.com
SOAPbox is a Web services testing tool, which supports both SOAP-based and REST-based invocation modes.
S-E Ninja v0.1 Beta – brokenpixel.com
S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP.
Sniff-n-Spit v1.0 – andlabs.org
It sniffs for HTTP packets from the client to server and forwards them to your favorite proxy.
Imposter v0.9 – andlabs.org
Imposter is a flexible framework to perform Browser Phishing attacks.

Techniques:

Netsparker, Accuracy and Time Costs of Web Application Security Scanner Report – mavitunasecurity.com
One of the most unrealistic things about the report is the amount of false-positives possibilities in the test websites.
Simple Log Review Checklist Released! – chuvakin.blogspot.com
We have created a “Critical Log Review Checklist for Security Incidents” which is released to the world today.
Frisky Solitaire – Another Info Stealer – didierstevens.com
No need to exploit a software vulnerability to steal info.
Attacking RSA exponentiation with fault injection – root.org
The general idea is that an attacker can disrupt an RSA private key operation to cause an invalid signature to be returned, then use that result to extract the private key.
In the wild PDF exploits using a combination of “ASCIIHexDecode” and” ASCII85Decode” filters – zscaler.com
In the last few months, we have seen PDF exploits related to filters like “ASCIIHexDecode”, “FlateDecode”, etc., being used to avoid antivirus detection.
Locate and Exploit the Energizer Trojan – metasploit.com
As of this afternoon, you can now use Metasploit to locate infected systems on the local network.
SANS Top 25 series
More about the top software flaws present in most systems today
- Top 25 Series – Rank 7 – Path Traversal – sans.org
- Top 25 Series – Rank 11 – Hardcoded Credentials – sans.org
- Top 25 Series – Rank 13 – PHP File Inclusion – sans.org
Decrypting Symantec BackupExec passwords – sensepost.com
BackupExec agent is often among common services found on the internal pen tests.
The ultimate faceoff between password lists – skullsecurity.org
I spent some time graphing potential password dictionaries’ success against leaked password lists to see which one was best.
“Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries” – honeyblog.org
A gadget encapsulates all code related to a specific task and can be executed in a stand-alone fashion.

Vulnerabilities:

Apache bug prompts update advice – zdnet.com.au
Sense of Security has discovered a serious bug in Apache’s HTTP web server, which could allow complete control of a database.

Another IE 0day shows up
A very targeted attack emerges that seems to come from a single web address
- Microsoft Security Advisory (981374) – microsoft.com
- Microsoft Security Bulletin Summary for March 2010 – microsoft.com
- March 2010 Security Bulletin Release – technet.com
- Targeted Internet Explorer Zero-Day Attack Announced (CVE-2010-0806) – avertlabs.com
- IEPeers – A New Internet Explorer Zero Day Vulnerability – praetorianprefect.com

Vendor/Software Patches:

Apple Plugs 16 Safari Security Holes – threatpost.com
The Safari 4.0.5 update fixes flaws that could lead to remote code execution if a user is tricked into surfing to a maliciously rigged site.

Other News:

Researchers dissect ZeuS botnet blueprint – itnews.com.au
Malware startup costs put at $2,753.
Zeus botnet dealt a blow as ISP Troyak knocked out – itworld.com
Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers.
China has declared a cyber war: NATO – zopag.com
NATO diplomatic sources have told The Times that the Chinese have become very active with cyber-attacks.
Energizer Bunny’s software infects PCs – computerworld.com.au
According to researchers at US-CERT, software that accompanies the Energizer DUO USB battery charger contains a Trojan horse
Vodafone distributes Mariposa botnet – pandasecurity.com
A quick look into the phone quickly revealed infected software and was spreading the infection to any and all PCs that the phone would be plugged into.
Cyber Crooks Leave Traditional Bank Robbers in the Dust – krebsonsecurity.com
Organized cyber criminals stole more than $25M versus $9.5M for traditional stick-up artists.
FBI: Online Fraud Costs Skyrocketed in 2009 – krebsonsecurity.com
Reported losses from online fraud more than doubled last year, from $265 million in 2008 to nearly $560 million in 2009.
Former NSA tech chief: I don’t trust the cloud – networkworld.com
The former National Security Agency technical director told the RSA Conference he doesn’t trust cloud services.
Hands On: Unboxing the Fake Intel Core i7-920 – gearlog.com
The box looks very real, and the weight of the package is perfect.
Password cracker 100 times faster with an SSD – h-online.com
An acceleration by a factor of 100 was observed, compared to the older 8GB Rainbow Tables for XP hashes.
New “Smart Meters” for Energy Use Put Privacy at Risk – eff.org
Energy usage data, measured moment by moment, allows the reconstruction of a household’s activities.
TJX Hacking Conspirator Gets 4 Years – wired.com
Zaman, a former network security manager at Barclays Bank, was charged with laundering between $600,000 and $800,000
Kaspersky: Apple is blocking iPhone security software – pcpro.co.uk
Eugene Kaspersky has claimed Apple is blocking attempts to bring third-party security software to the iPhone.
Why Bob Maley’s Firing is Bad for All of Us – threatpost.com
Maley became a sought-after speaker and interview subject, a fact that led directly to his firing.
Facebook Adds Code for Clickjacking Prevention – theharmonyguy.com
On high-risk pages, a block of code checks whether the page is “top” and not inside a frame.
Google “99.9 pct” sure to shut China search engine: report – news.yahoo.com
Google was likely to take some time to follow through with its plans.
Haven’t found that software glitch, Toyota? Keep trying – latimes.com
There’s a lot of speculation that Toyota’s problems with sudden acceleration may be caused by the vehicles’ electronics systems.

Vendor Parties @ RSA 2010

ggee — Sun, 28 Feb 2010 03:20:21 +0000

The RSA conference is just around the corner, and that means the vendor parties are as well. I’m not sure who is behind the RSA party list on yahoo’s upcoming, but it contains a good list of parties. I’ve gone ahead and created a party map for Tuesday and Wednesday of next week.

Tuesday Map:

Wednesday Map:

Vendor Parties @ Black Hat USA

ggee — Wed, 06 Aug 2008 07:24:17 +0000

Vendor parties during Black Hat USA is always interesting, because the conference is in Las Vegas. Here is a list of vendors that I know of that are throwing parties this year at Black Hat USA 2008.

Tuesday, August 5th

Wednesday, August 6th

Thursday, August 7th

Saturday, August 9th

IOActive / StillSecure

Know of any other parties that aren’t on the list? Post a comment or send us an email and we can share the joy.

Security Bloggers Meetup @ RSA

ggee — Fri, 11 Apr 2008 22:49:16 +0000

What an amazing event put on by Jennifer Leggio and crew. I had a great time talking to other security bloggers, and the food was awesome. Thanks to Fortinet, Microsoft, and StillSecure for sponsoring the event.

Here is a video clip of the opening:

<\/param><\/param><\/embed><\/object><\/div>";" alt="">

And here is a list of people (in no particular order) that I talked to.

Joshua Morin – Br0kenHalo
Adam O’Donnell – NP-Incomplete
Augusto Quadros Paes de Barros – Security Balance
Techdulla
Daniel Miessler
Mike Davies – Online Identity and Trust in EMEA
Matt Flynn – Identity Management
Kristen Romonovich – Go CSI
Andreas Antonopoulos
Shrikant Raman – Security Coin
Mike Rothman – Security Incite
Rich Mogull – Securosis
Jeff Jones
George Ou
Jennifer Leggio – Mediaphyter
Stacy Thayer
Alan Shimel – StillSecure, After All These Years
Martin McKeay – Network Security Blog
Mike Murray – Episteme
Deb Radcliff – Online Crime Bytes

Also, Martin McKeay did some live interviews for the Network Security Podcast. I had a very short interview because Dan Kaminsky was next in line, and Rich wanted to get him before he left. Maybe next time I will get a longer spot.

WASC Meetup @ RSA

ggee — Fri, 11 Apr 2008 21:11:48 +0000

The WASC meetup was a few days ago at Jillian’s, and I had a blast. It was a great to have conversations with groups of like-minded people during the day, and not at a loud dark bar. Thanks to WhiteHat Security for sponsoring the event, and for the yummy food. Here are a few pictures I took at the event, and the rest can be found on flickr.

Update: Anurag Agarwal, and Jeremiah Grossman also blogged about the event.

Microsoft Hates Jews (@ RSA Party)

ggee — Wed, 09 Apr 2008 09:34:03 +0000

With my ever growing RSA party list, my friends made me decide which party we should attend, so I selected Microsoft’s party. I figured you can’t go wrong with a huge company, and it was at the Cartoon Art Museum. The current theme for the main exhibit was Sex and Sensibility, and it contained many amusing cartoons. If you are in San Francisco and like cartoons, stop by the museum and I’m sure you will enjoy it.

So how does my post title tie into all this? Well, for food they were only serving pork -roasted pork, Thai pork balls, and pork ribs. One of my friends with me is Jewish, and they are forbidden to eat pork! He was fairly offended because there was nothing else available, so we ended up leaving shortly after.

I’m surprised nobody at Microsoft thought about that, but hopefully they will get word of the issue and not make the same mistake the next time.

Vendor Parties @ RSA – Part 2

ggee — Tue, 08 Apr 2008 08:15:42 +0000

I didn’t think my RSA vendor party list would get that much attention, but a few people reached out to me an told me about a few other parties.

The additional vendors throwing a party are: IOActive, Ingrian, Sourcefire, Nokia, Chosen Security, Aladdin, MANDIANT, SecureIT Alliance, IBM, Deloitte, IdentityTruth, Akibia, Check Point, and Infoblox. I heard of an Application Security dinner, but I couldn’t get an invite. And I still haven’t heard from any nCircle folks

As to my theory about going into any bar or hotel close to the Moscone Center to find a party… I think it will hold up. I started to map the locations of the events, and tons of places close by are booked up. Some popular places seem to be Bong Su Restaurant, Roe Restraunt, Thirsty Bear Brewing Company, W Hotel, and Jillian’s.

So what parties have you been invited to? Is it not on my list yet? Post a reply or email me with info!

Infected Art Exhibit

ggee — Tue, 08 Apr 2008 06:09:56 +0000

MessageLabs threw a party tonight at the Varnish Gallery Bar, showcasing the computational art by Alex Dragulescu. There were six threat categories (viruses, spam, phishing, trojans, spyware, and malicious links) and all of the renderings were amazing.

MessageLabs provided Alex with the disassembled code, and Alex ran it through his program that analyzed the code, and created a 3d entity based on its values. From there it was transferred to modeling software for positioning and lighting. And the final step was to render it for presentation.

Some of Alex’s work was covered in the past, from Gizmodo and Cnet. A portion of the renderings can be seen on his site under malwarez, but seeing them in person is 1000x better. Hopefully there will be another exhibit so others can see the wonderful art.

Here are a few of my pictures from the event, and the rest can be found on flickr.

Vendor Parties @ RSA

ggee — Thu, 03 Apr 2008 03:55:06 +0000

Now that I have my RSA schedule in place, I have to figure out what I am doing in the evenings. So far I’ve been invited to seventeen (17!) vendor parties. In no particular order, the list of vendors are: Blue Coat, MessageLabs, SenSage, ESET, Ping Identity, Microsoft, Secure Computing, WASC, F-Secure, Voltage, Commtouch, Porter Novelli, CoreTrace, Entrust, Cenzic, and iSec Partners. Any other companies want to invite me? I know nCircle will be at RSA… where is my invite?

I’m not going to give out the times or locations for the parties, as they are invite only. But if you did feel like trying to crash a party, just go to any bar or hotel close to the Moscone Center and I bet you find a vendor party there.

But back to the schedule, I think I will leave the evenings open, and just go with the flow. Unless you have a suggestion on which party I should attend? There are just too many to choose from!