OWASP Meetup - Nov 2016 (1 of 2) - San Francisco

Important Notes:

1. There is an OWASP Chapter event in SF on Nov 15 and also an event in Sunnyvale on Nov 16 (https://www.meetup.com/Bay-Area-OWASP/events/235021203/). Please select the event most convenient to you.
2. Important - For building security you must supply your first and last name as it appears on your ID or you won't be granted access to enter.

Agenda

• 6:30 Doors Open
• 6:45 - 7:30 Talk 1
Will Bengston and Travis McPeak
Jumpstart a Bandit Program in Your Organization

• 7:45 - 8:30 Talk 2
Kuba Sendor (@jsendor), Yelp
"Slicing Apples with Ninja Sword: Fighting Malware at the Corporate Level"

• 8:30+ Networking
• 9 Doors Close

Talk 1

Speakers: Will Bengston and Travis McPeak

Bio (Will): William Bengtson is an information security professional with over eight years of experience in a variety of roles including red teaming, network security, architecture risk analysis lead, software security, exploit development, security architect lead, application developer and certification lead. Bengtson comes to Nuna as the Senior Security Program Manager from Lockheed Martin as a Core Cyber Security Lead, Cigital as a Senior Security Consultant, and Raytheon as a Cyber-Professional having studied anti-tamper, reverse engineering and exploit development (on both standard and non-standard systems). Bengtson has worked in numerous industries providing support and expertise creating a proactive stance on security within the industries.

Bio (Travis): Travis McPeak is a Sr. Security Architect at IBM Cloud. Travis is a firm believer that intelligent security automation and tools are necessary to address the resource constraints currently plaguing product security teams. As a member of upstream security teams of two large cloud open source projects (OpenStack and Cloud Foundry) he has witnessed firsthand the need for inexpensive and scalable security programs and served active roles in the development of several open source tools and resources.

Topic: Jumpstart a Bandit Program in Your Organization

Abstract: Bandit is a Python security analysis tool that was designed to be pluggable and highly configurable. In this talk Travis McPeak and Will Bengston show how to use Bandit like a pro, how to build a CI workflow around Bandit, and how organizations have extended Bandit to cover interesting new use cases. Whether you've heard of Bandit or not expect to learn something new and useful to take back to your Python development environment.

Kuba Sendor

Bio: Kuba Sendor (@jsendor) is working at Yelp security team where he automates malware incident response and together with his teammates makes sure that Yelp's infrastructure stays secure. Previously he worked at SAP in the Security and Trust research group where he participated in the initiatives related to access control and privacy in the digital world.
He holds double MSc degree in Computer Science from AGH University of Science and Technology in Krakow, Poland and Telecom ParisTech/Institut Eurecom in Sophia Antipolis, France. In his free time he likes to cycle uphill and travel around the world or just back home, to Poland.

Topic: "Slicing Apples with Ninja Sword: Fighting Malware at the Corporate Level"

Brief Abstract/Description: Even for a big incident response team handling all of the repetitive tasks related to malware infections is a tedious task. Our malware analysts (we love to call them "ninjas" as they are superfast!) have spent a lot of their precious time staring at the digital forensics collected from potentially infected macOS systems. Early on, we have automated some parts of the collection (taking advantage of our open source OSXCollector) and analysis (with OSXCollector Output Filters), augmenting the initial set of digital forensics with the information gathered from the threat intelligence APIs. This helped us in taking the full advantage of the additional information on potentially suspicious domains, URLs and file hashes. But our approach to the analysis still required a certain degree of configuration and manual maintenance that was consuming lots of attention from malware responders.

So we have turned our OSXCollector toolkit into AMIRA: Automated Malware Incident Response and Analysis service. It's like a ninja sword and a chainsaw combined into one. AMIRA turns the forensic information gathered by OSXCollector into an actionable response plan, suggesting the infection source as well as suspicious files and domains requiring a closer look. Furthermore, we integrated AMIRA with our incident response platform, making sure that as little interaction as necessary is required from the analyst to trigger the collection of the forensic artifacts.