Special Guests

Dave Kennedy (ReL1k)

Synopsis:

Title: You are the future of Security
Description: We are taught to take orders, to believe in the future, to believe in the vision. Our leadership has failed us in security. Think about it...... Done? We get breached, our security doesn't get better, the five year plans aren't working, the consultants aren't working, we just get owned more and more. I'm here to tell you that YOU are the future of security, YOU are the next CSO. Come to this presentation, learn what it takes to be successful and what not to do.
Stop going to lunch with vendors, taking baseball tickets, buying the latest APT prevention, and do some work. I'm a CSO of a Fortune 1000 and I'm here to tell you that I'm a hacker and will always be a hacker. I just talk to people and explain in words they can understand. You'll see.... Anyone can do this stuff.

Bio:
Dave (ReL1K) is the Chief Security Officer at a Fortune 1000 company, author of the Social-Engineer Toolkit (SET), co-founder of DerbyCon, and co-author of Metasploit: The Penetration Testers Guide.
He also gives hugs.

Adrian Crenshaw (Irongeek)

Synopsis:
"Title: Getting up and running with I2P and Tor/Hosting services as I2P eepSites and Tor hidden services”

This is one workshop, loosely separated into two parts

Part 1: Getting up and running with sites as I2P and Tor

Abstract:
Most of you have probably used Tor before, but I2P may be unfamiliar. This workshop will cover installing both in Windows and Linux, as well as how to find resources on the darknets and common pitfalls that may reveal your identity.

Outline of how people will spend the day in your workshop:
Setting up Tor and I2P, as well darknet hosted websites and services to visit.

What people will get out of this workshop:
Knowledge of how to get around in I2P and Tor.

What people will need to bring to this workshop to get the most out of it:
A laptop, Linux or Windows. The will be a slight leaning towards Windows in the demos.

Part 2: Hosting services as I2P eepSites and Tor hidden services
Abstract:
Ever wanted to host something but not have it tied back to you? Don't know what VPS to trust? How about hosting it in I2P or Tor? This workshop will cover how, along with some of the pitfalls that may give your identity away.

Outline of how people will spend the day in your workshop:
Setting up an I2P eepSite and a Tor hidden service on their laptop of virtual machine. They will then have the knowledge to set it up on a more permanent basis at home.

What people will get out of this workshop:
Knowledge of how to host I2P eepSites and Tor hidden services.

What people will need to bring to this workshop to get the most out of it:
A laptop, Linux or Windows. The will be a slight leaning towards Windows in the demos.

Bio:

Adrian Crenshaw has worked in the IT industry for the last twelve years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for the tests himself. He's currently working on a Masters in Security Informatics, and is interested in obtaining a network security/research/teaching job in academia.

Twitter: @irongeek_adc

Martin Bos (purehate)

Synopsis:
Your Password Policy Sucks

Current password policies in enterprise environments are just not cutting it any more. Every day password cracking tools are becoming faster andnetwork breaches are becoming much more prevalent. In the last few years password-cracking tools have even harnessed the power of graphics processing units and field-programmable gate arrays (FPGA) making password recovery much easier and faster. This has re-established password cracking as a viable attack vector again and as a result millions of passwords have flooded the Internet recently from various password breaches. Through this presentation attendees will learn about the latest attacks, tools, and techniques employed by today's password crackers, as well as potential countermeasures that can help protect against these attacks. Anyone who has anything to do with password policy at a company should be interested in this talk. People always are, and always will be the weakest link in any network environment and password creation left up to the user can be detrimental to an organizations infrastructure.

Covered topics include:

• Evolutions of password algorithms and tools
• Profiling password policies
• Analyzing password lists from some of the most recent high profile breaches
• Establishing a better password policy
• Password cracking tools, rule sets and other tricks to attack
• How to conduct regular password audits

Bio:
Martin “Pure Hate” Bos Martin (purehate) Bos works as a penetration tester for Accuvant Inc.. He resides in Louisville, KY with his wife, Kim and their daughter. Martin is also one of the core developers for Backtrack-Linux and has been with the project since its early days. Martin also is a Co-Founder of Question-Defense.com, a website dedicated to answering technical questions daily and also has the largest online WPA Cracking service on the web. In addition to these things, Martin is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky.

Twitter: @purehate_

Boris Sverdlik (JadedSecurity)

Synopsis:

“Your Perimiter Sucks” - Most organizations do not include physical security as part of their information security program. As security professionals we know that attackers, don’t care how they get in. Your Internet posture may be bulletproof, but how does that help if your front door is wide open? Why put a lock on the door, if you have a hung ceiling above it? Attackers think outside the box and so must you.

A skilled cat burglar will first case the place before they try to break in. Take a walk through your lobby entrance and look at it as an outsider what do you see? The typical setup is a camera, a locked door, card reader, maybe an alarm panel and if they were really diligent a motion detector. What good are these if you can just climb over the wall? Or better yet cut through the drywall? Get where am I’m going? Lock picking is a hobby most of us hold, so unlocking a door is easy


Bio:
A Solutions-oriented Information security consultant with a proven record of directing a range of security initiatives; adhering to best practices and regulatory requirements. I have been at the forefront of information security spanning more than a decade. My experience covers the entire gamut of Information Security, and more recently I have put that that experience into building my own security consulting company.

Twitter: @jadedsecurity

Joshua Perrymon CEO, Packetfocus

Synopsis:
TBA

Bio:
Joshua Perrymon is the CEO of PacketFocus. He has been doing IT security consulting for over 15 years worldwide. During this time, Josh has worked in leading edge security research in areas like Social Engineering, RFID Hacking, Intrusion Detection, Application Security and Physical Security. His theory is “Security before Operations”, and his company works closely with organizations to help them understand IT related risk and implement appropriate security measures. Josh has worked and presented in several countries such as Canada, Australia, USA, and Asia Pacific. He wrote the RFID hacking chapter in the latest “Hacking Linux Exposed” and is also working on a book of his own regarding Social Engineering and defense measures. His hobbies include fishing, camping, kayaking, and outlaw drag racing.

Twitter: @packetfocus

Jon Schipp

Synopsis:

“Knowing What's Under Your Hood: Implementing a Network Monitoring System”

Jon will cover implementing a NMS with Linux and/or FreeBSD for a small-medium size business.

Points:
Collecting data from your switches, routers, and other network devices. Discussion of the means to collect: virtual interfaces, bridges, hubs.What to do with the data, how is it useful, how can it benefit me and/or my organization?

Tools that can be used to make the data useful to you and your organization: *subject to change* iftop, trafshow, bmon, slurm, ntop, snort, xplico, tcpdump

Using the tools to discover and analyze attacks and solve network problems.

Bio:

Jon Schipp is a Unix Administrator/Security Specialist for a small business in Southern Indiana. He was the winner of last year's NetKoH challenge. He has been attending small cons for a few years now and enjoys hanging out with the "larger" guys. He spends his free time playing volleyball, running a local Linux User Group, and studying capitalism, political economy, and philosophy."

Tim Tomes and Mark Baggett

Synopsis:

"Lurking in the Shadows"

In the past, hackers and pen testers have used various techniques to hide the presence of tools and information on compromised systems. Techniques such as alternate data streams in Windows, and directories with common names in Linux, have been basic implementations of such techniques.  The addition of Shadow Copies to modern Windows operating systems provides us with yet another opportunity to conceal information on remote systems.  This talk will discuss the history of concealing data within operating systems and new techniques and tools for doing so in modern Windows implementations.

Bios:

Tim Tomes (LaNMaSteR53) is a Senior Enterprise Security Consultant for Accuvant Labs and security blogger for http://pauldotcom.com who specializes in penetration testing, web application assessments, and Python tool development.  A former officer in the U.S. Army and 10 year veteran, Tim spent 3 years as the Senior Red Team Leader for the Army Red Team and was the principle designer of the Army's 1st CyberTraining program.

Twitter: @LaNMaSteR53

Mark Baggett (Mark Baggett) is the Technical Advisor to the DoD for the SANS Institute, an instructor for SANS, and a security blogger forhttp://pauldotcom.com.  Mark is the owner and operator of In Depth Defense Inc, a private consulting firm that specializes in penetration testing and incident response.

Twitter: @MarkBaggett

Brian Martin, Digital Trust, LLC.

Synopsis:
Class 3 Hacking
Join us for a rapid paced discussion of firearms fact, fiction, and fun, as we cover what the truth is about owning exotic weaponry and related information about Class 3 items and hacking guns. What is gun hacking? You'll have to attend to find out. Feds get in free (this session only) if they show their badge and pose for a picture with the speaker.

Bio:
Brian Martin owns Digital Trust, LLC an information security consulting company in Allentown, PA. He's been doing this stuff for 30 years...badly. He is sometimes confused in cyberspace with some other Brian Martin's, who are undoubtedly more talented and should get any kudos for doing something interesting, because it wasn't this Brian Martin. His biggest interests are tax deductions (no lie), racing, firearms, and Guinness.

Twitter: @icbkr

Keith Pachulski

Synopsis:

Presentation Title: The Project: Common Project Issues with Technical Assessments

While we all love being able to just roll in, pop some boxes and walk away with the hashes then call it a day; This type of mindset doesn't bring return customers. In this presentation we'll be discussing some of the common issues with managing technical assessments to ensure that the customers we hack today will call us back again in the future to hack them again.

Bio:
Keith Pachulski is a Security Consultant based out of Northeast Pennsylvania with over 16 years of experience in the Information Security and Physical Security industries specializing in Penetration Testing, Vulnerability Assessment, Risk Assessments & Compliance for the private and public sectors. Prior to consulting, he was the CSO for a medium sized company in Pennsylvania as well as creating and managing a Managed Security Services Team servicing the northeast PA area. He recently started the NorthEast PA Information Security Group http://groups.google.com/group/nepa-infosec-group

Twitter: @sec0ps

@grecs

Synopsis:

“Presentation Title: How to Win Followers and Influence Friends: Hacking Twitter to Boost Your Security Career”

Abstract: Twitter has become the de facto standard that infosec pros use to communicate with peers and many outside the security community. We share interesting articles, proclaim our opinions, strengthen friendships, build new relationships, and overall become more of a community as a whole. For many Twitter is a chaotic stream of conscience that we both pull and contribute to. This presentation tries to help practicing security professionals reign in the chaos with 5 key strategies that will help you effectively use Twitter to improve your career prospects.

Bio:

Grecs has over 16 years experience, undergraduate and graduate degrees in Electrical Engineering, and a really well known security certification. Even though his training was in Electrical Engineering, Grecs has always been more of a Computer Science person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for 5 years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days doing cyber security paperwork drills in building and maintaining multi-billion dollar government systems. At night he runs a local infosec website and tries to get some hands-on skillz.

Twitter: @grecs
Website: NovaInfosecPortal.com

Chris Silvers, CISSP, CWNA, CEH, CEI and Pat McCoy, Foundstone

Abstract:

Hook, Line and Syncer: A Liar for Hire’s Ultimate Tackle Box

This presentation is an exploration of the latest tools used in the art of social engineering. From information gathering to post exploitation, participants will get to experience “the thrill of the con” from presenters who live it each day. The presentation seeks to prove that you don’t have to be a sleazy ‘salesman’ type personality to be successful at social engineering. With the right tools and techniques, just about anyone can pull off creative exploits. While an overview of all popular tools will be given, a deep-dive will be taken into a few of the coolest tools. But even better, the presenters will discuss real-life situations in which these tools have been used. This provides the participants with a context in which to understand the tools and how they may best be leveraged for maximum ownage.

Bio:

Chris Silvers, CISSP, CWNA, CEH, CEI

Chris is responsible for leading or conducting social engineering, internal and external penetration testing; Windows host, network architecture, firewall and router/switch reviews as well as enterprise security architecture and design projects. He serves as the service line lead for the social engineering practice, maintaining and developing the methodology as well as continuously enhancing techniques to reflect the threat environment. Chris also provides client education services as an instructor of the Ultimate Hacking Foundstone courses as well as the Certified Ethical Hacking (CEH), Systems Security Certified Practitioner (SSCP) and Certified Information System Security Professional (CISSP) courses.

Chris has over thirteen years of information security and risk management experience in the financial services, wholesale and retail industries.Prior to working at Foundstone, Chris held the position of Security Architect at a Fortune 15 Company. While serving as a consultant for affiliate companies, Chris implemented process improvements though the use of discovery templates, process standardization and automation that saved the company over 50% in travel costs and reduced the information risk management assessment timeframe by over 80%.

While working at a major central bank, Chris helped establish an inter-divisional team of penetration testers that continues to provide world-class service to that organization. Most recently, Chris taught the Ultimate Hacking Foundstone course at the 2008 Blackhat security conference in Las Vegas, Nevada.

Bio:

Pat McCoy

Pat holds the position of Senior Security Consultant with Foundstone Professional Services. Pat’s responsibilities include providing Internal Penetration Testing; External Penetration Testing; Wireless Penetration Testing; Social Engineering; Windows and Unix Host Assessments; Firewall/Router/Switch Secure Configuration Reviews; Database Security Assessments; and Risk Assessments utilizing various industry standards.

Pat started his career in systems and network administration, quickly transitioning into more information security specific roles and has more than ten years experience in the industry. Pat has held positions with consulting practices with various positions in the marketplace, most recently, with some of the largest in the industry such as IBM ISS. Pat’s skill set includes extensive experience in security assessment methods and practices across multiple industry sectors including technical consulting centered on frameworks such as ISO 27002, GLBA, HIPPA, FISMA, and PCI; extensive experience with industry standard tool sets for security assessment and penetration testing (vendor supported and open source); and assessment of technical security controls and mechanisms found in most enterprises.

During his tenure with IBM ISS, Pat performed several large scale engagements for multiple Fortune 500 and Fortune 10 companies spanning multiple industry disciplines while maintaining a level of client satisfaction and helping clients identify solutions to security problems which fit their needs.

In 2004, Pat attained his GIAC Security Essentials Certification (GSEC) from the SANS Institute.

Charlie Vedaa, CCIE Emeritus, founder of PacketProtector

Abstract:

F*** the Penetration Testing Execution Standard (PTES)

The PTES folks are all rockstars, but they're also all wrong. Forward looking pen testers need to forget the standard and embrace the anarchy. Within 5 years, half of you offensive pros will be joining me on the dull side (defensive security). The other half will be taking pen testing to strange new places. Tune in to hear an alternate view of the path ahead.

Bio:
Charlie Vedaa, CCIE Emeritus, is a seat moistener for the federal government. He is the founder of PacketProtector, a security distro for wireless routers. packetprotector.org / pwn0.com.

James Macgregor Watson C|EH

Abstract:

Online Time OF cRIME - The utilization of online gaming networks for illicit purposes. With the broad reach of high speed/broadband internet, online gaming is taking a larger and larger role within our society. As with all things it can become something different than intended. There exists within these networks a massive opportunity for increased efficiency and operations by organized criminal elements. You will be shown a brief history in regards to the evolution of these nefarious purposes as well as current incarnations and the potential consequences to you.

Bio:

James Watson is a Senior Security Engineer with SeNet International Corporation who has worked with the security departments of multiple Federal Agencies. James has had experience in Intrusion Detection analysis and Penetration testing as well as experience in reverse engineering of Malware. Currently James is involved with the Security Testing and Evaluation phases in support of Certification and Accreditation for FISMA compliance. James is also an avid Urban Explorer who utilizes that hobby as a means to enhance his study of physical security systems and their implementation.

Gus Fritschie Director, Security Engineering - SeNet International

Abstract:

Online poker is a multi-million dollar industry that is rapidly growing, but is not highly regulated. there have been "hacks" recently (i.e. weak ssl implementation, superuser account) that have drawn more attention to security in the poker industry, especially as it moves to full regulation in the united states. This talk will cover the technical architecture of online poker, existing security controls, examples of past vulnerabilities, new weaknesses we have discovered in the poker clients and surrounding infrastructure, and next steps of research we are performing in this area.

Bio:

Mr. Fritschie has been involved in the field of information security for over ten years. He began his career in information technology (it) as a system administrator for a growing financial company. it was there that he gained a fundamental understanding of all aspects of it, including network security. Mr. Fritschie then joined the information security consulting practices of KPMG, Deloitte and Touche leading and performing numerous vulnerability assessments and penetration tests in support of financial audits, GISRA (now FISMA), and other compliance related efforts. clients included fortune 500 companies, civilian agencies, and dod. since joining SENET as the director of engineering and security assessments, Gus has led several large-scale projects. some of these projects included enterprise-wide vulnerability assessments for multiple government and commercial clients, management of the certification and accreditation efforts, and web application penetration tests. he is also an avid poker player having logged close to a million hands online.

Jonathan Claudius - CISSP, Sec+

Abstract:

Title: BNAT

Hijacking: Repairing Broken Communication Channels

NAT “just works” – sometimes in ways we don’t expect. Thanks to broken vendor implementations and subtle configuration problems, it’s not uncommon to see a router leaking packets. As it turns out, these packets, even in mangled form, often represent a missed opportunity. In this presentation we are going demonstrate how broken communication channels can be repaired to give an attacker an entirely different functional view of your public facing infrastructure. If you’re planning on attending this talk, expect to check your understanding of an "open port” at the door and be ready to discover what your last penetration test probably missed. A suite of open source tools will also be released during this presentation that will allow you to identify, weaponize and exploit communications channels that "never existed", but have been there all along!

Detailed description: A common example of Broken NAT (BNAT) is found in asymmetric routing. Asymmetric routing is basically the concept of creating a logical layer 3 loop in a TCP/IP session between a client and a server. This is commonly found in complex routing scenarios or situations where mistakes are "corrected" to make something work without understanding or caring about the actual flow of traffic.

In many cases, what can happen during asymmetric communication initiation is that the response traffic can get mangled/nat'd by egress devices to the point where the connection becomes inoperable but the traffic still makes it back to the initiator. What I'm doing is taking this inoperable communication channel and designing a fully usable connection that an attacker could leverage to gain access to the hidden service which responded but your client failed to understand the response.

Bio:

Jonathan Claudius is a passionate information security professional that is always looking for that next big challenge. In his role as Security Operations Manager at Trustwave, Jonathan works closely with SpiderLabs on detecting and preventing real threats in the wild as they happen. Jonathan also leverages his penetration testing and security consulting skills along with years of experience in the field to provide a unique twist on traditional network defense models.

BNAT is Real and it’s Out There Use the BNAT Suite to Find It and Hijack It Know your traffic flow & Order Matters!

Thomas Hoffecker

Abstract:

Exploiting PKI for Fun & Profit or The Next Yellow Padlock Icon?

Eric Milam

Synopsis:

In 2011 MiTM attacks are still a valid and extremely successful attack vector. Exploiting it often requires knowledge of multiple tools and physical access to the network or proximity to an access-point. Easy-Creds takes the MiTM automation to the next level, bringing high-percentage MiTM attacks to the masses. Easy-Creds was recently added to the BackTrack (BT) repository and is slated for inclusion in the next BT base distribution. After performing enterprise assessments for many organizations, and frequently attempting a MiTM attack, via ARP poisoning; the extremely high success rate is remarkable even though this attack has been around and discussed for almost a decade. During this talk we will review the reasons why MiTM is still a valid attack and seldom defended, how to execute an effective attack, the usage of Easy-Creds and demonstrate how to run Easy-Creds for attack simulation engagements.

Bio:
Senior Security Assessor – Accuvant LABS – Accuvant, Inc.
Eric is a security consultant on the Accuvant assessment team with over 14 years of experience in information technology. Eric performs ongoing enterprise security assessments, perimeter penetration testing, and application vulnerability assessments.

Experience:
Eric has performed innumerable consultative engagements including enterprise security and risk assessments, perimeter penetration testing, vulnerability assessments, social engineering, physical security testing, and extensive experience in PCI compliance controls and assessments.

Certifications and Training:
Eric is a Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), PCI Qualified Security Assessor (PCI-QSA), Certified Ethical Hacker (CEH), CompTia Security+, Network+, and Linux+

Education:
Eric holds a Bachelor of Science degree from Xavier University in Psychology.