iSEC Open Forum Bay Area

iSEC Open Forum Bay Area

DATE: Thursday, May 19, 2011

TIME: 6:00pm-9:00pm

LOCATION: Adobe Systems

Kojak Room

601 Townsend St.

San Francisco, CA 94103

Please RSVP if you wish to attend! Contact rsvp@isecpartners.com with any questions.

technical managers and engineers only please

food and beverage provided

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

AGENDA

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

SPEAKER: Brad Hill / “Making the Internet Safer” / PayPal

PRESO TITLE: Common Flaws of Distributed Authentication Systems

PRESO SUMMARY: A summary, in the spirit of the “OWASP Top 10”, of some of the most common flaws and failures of identity and authentication protocols from the last fifteen years. Those inventing, implementing, deploying and evaluating such systems may find the list useful in avoiding similar mistakes. Examples from the literature and the author’s experience are discussed, and mitigation strategies provided.

SPEAKER BIO: Brad Hill is tasked with “Making the Internet Safer” at PayPal. Prior to accepting a position at PayPal, he was a Principal Security Consultant with iSEC Partners. Brad has over a decade of experience as a software engineer and security consultant. His previous research has focused on authentication technologies in a variety of contexts, including XML, Web Services and SOA. His work has lead to several papers, tools and presentations at industry conferences including Black Hat, SyScan and numerous OWASP events. He has been an invited speaker at top software companies and an invited expert on the W3C XML Security Working Group.

SPEAKER: Dan Guido / Security Consultant / iSEC Partners

PRESO TITLE: The Exploit Intelligence Project

PRESO SUMMARY: In 2011, mass malware is still the most common source of compromise on corporate networks. Bots like Zeus, Gozi, and Clampi successfully infect devices despite organizations carefully managing disclosed vulnerabilities and subscribing to detailed analysis of the latest malware families. Existing efforts at malware prevention focus broadly on vulnerabilities and their impact yet ignore the means by which they are exploited and the motivations, opportunities and capabilities of attackers, which has allowed this problem to become worse year-after-year.

In this talk, I introduce an intelligence-driven approach to malware defense, focusing on attacker's capabilities and methods, with data collected from the most popular crimeware packs currently deployed in-the-wild. This analysis identifies the means by which exploits are developed and selected for inclusion in crimeware packs, identifies defenses that are outside the capability of malware exploit writers to bypass, and helps attendees evaluate not just the exploitability, but the probability of a vulnerability being exploited. This study shows that, until crimeware packs substantially advance in sophistication, only a few simple defensive tactics are required to protect users from such opportunistic threats.

SPEAKER BIO: Dan Guido is a Security Consultant at iSEC Partners, where he specializes in incident response, application security, and penetration testing. Before joining iSEC, Dan worked for the Federal Reserve System's incident response team where he developed and ran a threat intelligence program to report on current trends in cybercrime, threats to payment systems, and nation-state cyber espionage activities. In addition to his work at iSEC, Dan is an adjunct faculty member at NYU:Poly where he teaches a graduate computer science course in penetration testing and vulnerability analysis.

SPEAKER: Karthik Raman / Security Researcher / Adobe Systems

PRESO TITLE: Towards Classification of Polymorphic Malware

PRESO SUMMARY: Polymorphic malware are a menace to modern computing. The challenge faced by antivirus technology is that there is not enough time for new variants of these malware to be collected, sent to antivirus companies, analyzed, and for signatures to be created and returned to customers. To attempt to address this problem, we explore the classification of malware using machine learning. We compare some classifiers for malware and present a carefully selected set of attributes that result in good classification between malware and clean programs. We discuss the application of this research to security technologies.

SPEAKER BIO: Karthik Raman, CISSP, is a security researcher in the Adobe Product Security Incident Response Team (PSIRT), where he focuses on vulnerability analysis and technical collaboration with industry partners. Before joining Adobe, Karthik was a Research Scientist at McAfee Labs, where he worked on threat analysis, building automation systems, malware analysis, and developing advanced antimalware technology. Karthik holds a MS in Computer Science from UC Irvine and BS degrees in Computer Science and Computer Security from Norwich University. Both universities are NSA Centers of Excellence in IA.

Interested in presenting at a future Forum? Email forum@isecpartners.com . Talks should be 20-30 minutes max.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-