NCC Group's Austin Open Forum (InfoSec)

This is a past event

65 people went

Location image of event venue

Details

WHAT WE'LL DO:
Join us for an evening of appetizers, drinks, and talks about security!

WHAT TO BRING:
Yourself and any security-minded people you know who would like to get involved in the Austin InfoSec scene!

IMPORTANT TO KNOW:
Parking details can be found at here:
https://en.parkopedia.com/parking/locations/the_belmont_305_w_6th_st_austin_texas_78701_united_states_of_america_9v6kpwrb7ff/?country=us&arriving=201905161830&leaving=201905162030

TALKS:
Speaker:
Ryan Breed, Principal for Security Operations Research, ThetaPoint

Presentation Title:
"Instrumenting Leaky Secrets (How bad can it git?)"

Presentation Summary:
How bad can it git? - Meli, et al. NDSS 2019 developed some pretty compelling evidence that secret leakage through the git Source Code Management (SCM) system occurs at a significant rate and presents a non-zero risk for any organization that depends on any SCM, public or private. Traditional methods of security instrumentation are a poor fit for the monitoring surface, so I will present some more semantically meaningful methods to develop high fidelity observability and control that are useful in a real-time operational context.

-------------------------------------------------------------------------------------------------

Speaker:
Joe Parker, Information Security Analyst, Duo Security

Presentation Title:
"Creating Incident Response Tabletops"

Presentation Summary:
Incident response is difficult and challenging work but it can be made easier by conducting tabletop exercises to hone your skills and identify gaps. I will be discussing how to create successful IR tabletop exercises including who should participate, what type of incidents to test, and some tricks and tips that I have learned creating these exercises.

-------------------------------------------------------------------------------------------------

Speaker:
Derek Hinch, Senior Security Consultant, NCC Group

Presentation Title:
"Persistence via Execution Proxied COM Objects & other AWL Bypasses on Windows"

Presentation Summary:
Bypassing modern white listing and execution prevention/response technologies has been an accelerating cat and mouse game between researchers and manufacturers. Within the past few years, it has become an arms race between forcing cryptographic signatures on what executes, and abusing signed code to execute unsigned (or untrusted signed) malicious code. A mainstay of research has been within this realm of 'execution by binary proxy.' This talk aims to convey some of the basics of evading current signed execution only policies, as well as more advanced techniques regarding execution, execution obfuscation, and endpoint protection response mitigations. Topics include COM Hijacking via Scope, orphaned objects, and undocumented functionality of core, Microsoft signed, binaries in conjunction with these techniques.

A python tool to create long execution chains of locally scoped COM objects will also be released in conjunction with this talk. More information about the development of this tool will also be shared, along with the manual methods to create the objects prior to the tools release.