Just a short post to announce the speakers for this year’s ShmooCon Firetalks… With several more submissions at the last-minute, the selection committee has continued to pull together a diverse program with the most interesting talks combined with a good mix of established and new speakers.
We’d also like to continue to thank our sponsors for making this event interesting by supporting awards for the best speakers. And if you hadn’t notice, Hacker Academy also signed up as our Bronze sponsor. More on them later… Also if you wouldn’t mind giving them a shoutout on Twitter thanking them for supporting #FireTalks, we’d appreciate it.
And a special thanks to @mubix for pointing out some bad links on our main FireTalks page. In the History section we pointed to the two original PodcastersMeetup.com posts that introduced the FireTalks concept to the security world. Unfortunately, that domain has since lapsed and so those posts no longer exist. Anyway, @mubix found some clean backup versions to point to over on Archive.org. Thanks!
And without further ado … we are pleased to announce the speakers for this year’s ShmooCon FireTalks!!!
Womens Tech Collective, and Gender Equality in Tech (Friday)
by Sarah “@dystonica” Clarke
tl:dr – sexism is bad, blaming sexism on men is bad, sexism is a result of unbalanced population density, there are compelling reasons why we would all benefit from more women in IT, and failure to address this as a community leads to third parties addressing it for us, in ways that have negative consequences for the industry.
TrendCoins: Making Money on the Bitcoin/Altcoin Trends
by Zac “@ph3n0” Hinkel
With the difficulty increasing, people are moving from mining coins into trading them. But how do you get into trading? And what about all of those colorful charts? Come join Zac as he does a quick recap of the 2013 Bitcoin market. You will then be educated on transferring money into the market, reading charts, and coming up with a game plan to capitalize on the many exchanges around the world.
Building An Information Security Awareness Program From Scratch
by Bill “@oncee” Gardner
Most organization’s Security Awareness Programs suck: they involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Another Log to Analyze – Utilizing DNS to Discover Malware in Your Network (Friday)
by Nathan “@HackHunger” Magniez
DNS logs are an often overlooked asset in identifying malware in your network. The purpose of this talk is to identify malware in the network through establishing DNS query and response baselines, analysis of NXDOMAIN responses, analysis of successful DNS lookups, and identifying domain name anomalies. This talk will give you the basics of what to look for in your own unique environment.
Crossing the Streams with State Machines in IDS Signature Languages
by Michael “@michaelrash” Rash
While network intrusion detection is not dead, it is certainly pushed beyond current limitations by contemporary exploit techniques. One area that has highlighted IDS shortcomings is the lack of state machines that track exploit communications that cross multiple streams. Simultaneously, this difficulty created an opportunity in the SIEM world where a core feature expected by SIEM users is the ability to alert on sequences of events regardless of the underlying data or how it is delivered. This talk will present an exploit-driven argument for the need in the intrusion detection community to implement cross-stream state machine capabilities within IDS signature languages. For example, the “flowbits” keyword in Snort’s language can build a state machine out of a set of rules as it watches for malicious traffic, but such rules linked by flowbits criteria can only apply within a single TCP connection. This is quite limiting. Imagine a generalized “flowbits” keyword (call it “xbits”) that can set a bit on a UDP flow and then test it within a seemingly unrelated TCP connection. This talk will use Metasploit modules that require multiple independent connections for successful exploitation to illustrate why a new “xbits” keyword is needed within Snort and Suricata.
Having Your Cake and Eating It Too: FOIA, Surveillance, and Privacy
by Michael “@theprez98” Schearer
In the District of Columbia, the federal government is arguing against a prolific Freedom of Information Act (FOIA) requester that his multitudinous requests, taken together, constitute a “mosaic” of information whose release could “significantly and irreparably damage national security” and would have “significant deleterious effects” on the bureau’s “ongoing efforts to investigate and combat domestic terrorism.” Also in DC, the federal government is defending the legality of the intelligence community’s surveillance programs under a 1979 Supreme Court case, Maryland v. Smith, that found constitutional use of a “pen register” device to gather information on numbers called by a criminal suspect. So, yes: the government is simultaneously arguing to that too much otherwise-legitimate FOIA data creates a mosaic that threatens national security–but large scale metadata collection, far beyond anything contemplated by a simple pen register device in 1979–is perfectly legitimate. Is this a problematic dichotomy? And if so, what can we do about it?
Writing Your Own Disassembler in 15 Minutes
by Jay “@computerality” Little
Have you ever started a binary analysis project with the thought “First I have to write an x86 or ARM disassembler”? Wait! Don’t do it! From A to Z, or darm to XED, there are many public disassemblers available to use. Some of them are even licensed without GPLv3. This presentation will rate the many disassemblers I have found over the years through googling, searching GitHub, and through recommendations from people on the internet. We’ll consider each with an eye towards their applicability to malware analysis and penetration testing. In addition to listing the pros and cons of publicly available tools, demonstrations of most of them will be shown so new users can start trying them quickly.
You Name It, We Analyze It (Saturday)
by Jim “@JimGilsinn” Gilsinn
With the ever increasing number of industrial networking protocols, it can be difficult for vendors, integrators, and end-users to determine how well different products and systems perform in real-world networking situations. Each protocol has their own method of defining traffic streams and message structures. Packet analyzers, like Wireshark, have been developed to interpret individual network packets and can perform rudimentary analysis of traffic streams for well-known packet types. Analyzing industrial protocols usually requires much more massaging of the data and in many cases requires a user to do much of the work by hand. This talk will present a method to break-down industrial traffic streams into the core components necessary to analyze their performance. By identifying a few key fields in each protocol, a user can define their own method to identify individual traffic streams and analyze their performance.
Windows Attacks: AT Is the New Black (Friday)
by Rob “@mubix” Fuller
A follow on to the Encyclopaedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon 2011, this talk is aimed at detailing not just escalation from user to admin and admin to system, but persistence and forced authentication as well as a few other treats.
Eyes on IZON: Surveilling IP Camera Security
by Mark “@markstanislav” Stanislav
This presentation will provide insight into the security mechanisms being used by the IZON camera, some of the weaknesses found during research, and a few recommendations for them (or anyone else developing these sorts of cameras) to benefit from. Attention will be paid to topics such as network protocols, iOS app security, APIs, and other aspects of the camera’s platform that has attack surface.
Weaponizing Your Pets: War Kitteh and the Denial of Service Dog
by Garcon Coffee & Gene “@gbransfield” Bransfield
Concerned kitteh owners are able to purchase products that will track their kittehs and report back locations to the concerned kitteh owner. All we needed to add was an SSID sniffer and we’d have a War Kitteh. At Outerz0ne one year someone outfitted a particular pooch with WiFi gear and referred to the dog as the WiFi Service Dog. Now if you outfitted a particular pooch with a different set of equipment you could have a Denial of Service Dog.
Get Out of Jail Free Cards? What Aviation Can Teach Us About Information Sharing
by Bob “@strat” Stratton
In both information security and aviation. sharing information on risks, threats, incidents
and consequences is viewed as fundamental to the avoidance and prevention of future
failures and accidents. The information security community also often seems better at
reporting problems with things, as opposed to problems with processes. In both disciplines, there are disincentives to admitting and sharing our mistakes and
surprises. Sometimes that’s due to fear of regulatory or legal liability, sometimes it’s for
competitive reasons, and sometimes we just don’t want to look stupid. In the aviation world, there is a surprisingly enlightened system in place for the reporting of operational incidents.The Aviation Safety Reporting System is set up to protect the anonymity of people submitting reports, incorporates some protections from liability, and was set up in a way that separates the agencies receiving reports from those that have enforcement authority. This talk is intended to stimulate discussion about how this sort of system might help the security world learn more intelligently about exactly how things go wrong with operations, not just during product or software development.
Gurl’s Guide to Breaking OpSec (alternate)
by Stacey “@StaceyBanks” Banks
OpSec is a key aspect to security in all phases of life. However it is also easily broken. A wise Red Team will always include a charismatic lead. This gives an advantage in many situations where character comes into play. In the course of test events and general life this becomes rapidly apparent. If you act like you belong you can own the place. Sit back and watch and learn. Stories of potential exploits and opportunities (taken or not) will be shared from real world events. If you think you’re not a potential target, this presentation may change your mind.
Hope to see you all at ShmooCon! See ya!