===
NCC Group Security Open Forum - San Francisco

DATE: Thursday, June 30, 2016
TIME: 6:00pm-9:00pm
LOCATION: Netflix Offices
121 Albright
Los Gatos, CA

The event will be in the theater in Building D. Plenty of parking available. There is a VTA light rail stop about a mile up Winchester Ave from the campus for public transit.

Please RSVP via https://www.meetup.com/NCCOpenForumSF/ if you wish to attend!

technical managers and engineers only please
food and beverage provided

===
AGENDA

SPEAKER: Mike Grima / Senior Security Engineer / Netflix

PRESO TITLE: Herding the Octocats - Getting Control of Your GitHub Organizations

PRESO SUMMARY: A discussion on grappling the challenging task of managing company-owned public GitHug organizations. This discussion heavily focuses on user identity management, which includes the identification of users, 2FA enforcement, automatic removal of users, permissions models, as well as third-party application restrictions. Also discussed are some tactics on the discovery of sensitive data.

SPEAKER BIO: Michael Grima is a Senior Security Engineer on the Security Tools and Operations team at Netflix. Mike's primary responsibility at Netflix is in the development of tools to automate, implement, and improve the security of Netflix's very large scale cloud-based infrastructure. Prior to Netflix, Mike worked as a Computer Scientist at the DoD developing distributed applications and automating security of Linux based systems. He holds a M.S. in Information Security, and a B.S. in Computer Security and Computer Science from East Stroudsburg University of Pennsylvania.

-=-=-

SPEAKER: Michael Roberts / Security Consultant / NCC Group

PRESO TITLE: A Look At Websocket Security

PRESO SUMMARY: Over the years, the Websocket protocol has become a popular choice when a variety of applications need a lightweight, full-duplex communications channel, but the tools needed to test Websockets have not matured alongside the protocol. Come join me as we talk about Websocket security and a tool I've developed to help test Websocket implementations.

SPEAKER BIO: Michael Roberts is a Security Engineer out of NCC Group s San Francisco office. As a hobby, he has reverse engineered online video games' binaries and network protocols to develop cheats, and he is an avid VR (virtual reality) fan and deep dish connoisseur.

-=-=-

SPEAKER: Patrick Kelley / Security Engineer / Netflix

PRESO TITLE: IAM Access Profiling for Applications (Repoman)

PRESO SUMMARY: Determining the appropriate AWS IAM permissions to provide an application can be non-trivial. Developers often code against libraries like boto and may not be aware of the underlying API calls or permissions their applications require. Vendors often request a permission set that will ensure their application will never see an access-denied error. It is the security team's responsibility to ensure the permissions provided to an application are provisioned correctly, and continue to be correctly provisioned as the application evolves. We will present ongoing work to profile application access and remove those permissions that are no longer being used. Repoman combines usage information from CloudTrail, IAM Access Advisor, and other sources to determine what is being used. Repoman does this across many AWS accounts and has assurances that the policy your are developing and testing with will have the same access as the policy you intend to run in your production account. Repoman is automated and scheduled and provides application owners self-service to repo their own policies without interaction with the security team or to roll it back if something goes horribly wrong. Future work is planned to allow application owners self-service to add permissions from a pre-approved set and to add anomaly detection on AWS API usage patterns. We hope that Repoman joins other Netflix OSS and is thought of as a required part of a modern multi-account large scale cloud deployment.

SPEAKER BIO: Patrick Kelley is an engineer on the Netflix Security Tools and Operations team. He spends much of his time creating tools to monitor and maintain Netflix's large multi-account AWS deployment. Patrick is the author and maintainer of security_monkey and Repoman. Prior to Netflix he spent years at eBay building tools, fighting fraud, and configuring firewalls. Patrick started his career at General Dynamics C4 Systems building security systems for the U.S. military.

===
About the NCC Group Security Open Forum

The NCC Group Security Open Forum is an informal and open venue for the discussion and presentation of security related research and tools, and an opportunity for security researchers from all fields to get together and share work and ideas.

The Forum meets quarterly in the Bay Area, Seattle, Chicago, New York City, and Austin. Forum agendas are crafted with the specific needs/interests of its members in mind and consist of brief 20-30 minute talks. Talks are not product pitches or strongly vendor preferential. Attendance is limited to engineers and technical managers. Any area of security is welcome including reversing, secure development, new techniques or tools, application security, cryptography, etc.