• NCC Group Open Forum

    The Speakeasy (Music Lounge/Downstairs)

    • What we'll do Join us for an evening of appetizers, drinks, and talks about security! • Talks Speaker: Frank Gifford, Senior Consultant - NCC Group Title: “Root on Netscaler in two steps (CVE[masked])” Synopsis: A client wanted us to examine the Netscaler load balancer with an eye towards what a malicious insider could do. Our efforts led to a zero-day discovery of a nasty authentication bypass where an attacker who can reach the management port can trivially become the root user. This was rapidly fixed by Citrix after it was reported. Now that enough time has gone by, it’s time to share how a complex binary can be examined and a pitbull-like mentality can locate several significant flaws. ---------------------------------------------------------------------------------------------------- Speaker: Jasiel Spelman (Wandering Glitch), Exploit Developer ZDI Title: Breaking Safari JIT Synopsis: Apple Safari has a JavaScript engine with a rather simple name, JavaScriptCore, however the engine itself is anything but simple. One common feature within JavaScript interpreters is to have a just-in-time (JIT) engine to increase performance of the executed JavaScript. JavaScriptCore takes an interesting approach to this by supporting multiple tiers of optimization levels, even allowing for switching between them within a single function depending on collected statistics. As with other JIT engines, the optimization strategies employed by Safari's JIT engine have also resulted in a number of vulnerabilities. The downside to applying typical compiler optimizations in order to JIT compile custom user-supplied code is that basic assumptions can be broken. This talk will cover low level internals of JavaScriptCore before going over a few JIT vulnerabilities as well as how they were patched. ---------------------------------------------------------------------------------------------------- Speaker: Andrew Taylor (Large Oil & Gas Company), Supervisor of Vulnerability Testing - Cyber Security Organization Title: Developing an In-House “Red Team” Synopsis: A sufficiently mature information security organization may consider developing an in-house “red team” to augment the work done by other parts of the security program. Implementing and growing such a team faces many challenges, from hiring the highly-skilled and in-demand professionals, to getting buy-in from the business. Furthermore, once in place, measuring the efficacy of the red team and demonstrating its value to all levels of management is crucial to the team’s long-term success. The speaker, Andrew P. Taylor, leads the Vulnerability Management Team for a large, global oil & gas company. Although his organization has had a vulnerability management program in some form for nearly a decade, it has only been in recent years that he grew his team’s capabilities to include a full-time red team. Mr. Taylor will discuss the business aspects of getting support from Executive leadership as well as the technical aspects of specific activities carried out by the team, measuring critical success factors, and reporting to the broader organization. The speaker’s goal is to convey the challenges he faced, as well as the successes of having this team in place in the hopes that the audience be better prepared to implement a red team within their own organization, or work more effectively with a third-party team. • What to bring Yourself and any security minded people you know who would like to get involved in the Austin infosec scene! • Important to know Parking Details can be found at https://en.parkopedia.com/parking/bar/speakeasy-tx-1/

    3
  • NCC Group Open Forum

    Vulcan Gas Company

    • What we'll do Join us for an evening of appetizers, drinks, and talks about physical security! --- SPEAKER: Chris Kuethe, Security Engineer at Box PRESO TITLE: Lessons learned while migrating access control systems PRESO SUMMARY: In late 2015 Box moved from Los Altos to Redwood city. We all spent a couple of weeks working from home (or commuting to the SF office) while movers fork-lifted our old building into the new digs. This talk highlights some of the things we learned in the process: bulk data import/export/command capabilities are critical to any modern system, as are well-documented APIs. Develop cross-functional relationships between your PhySec and IT/SecEng teams to allow you to built custom tools and functionality without being subject to vendor lock-in. SPEAKER BIO: Former public sector sysadmin goes into private industry seeking fame, fortune, and 0-day lulz. Chris's other interests include Software Defined Radio, Microcontrollers, and Barbecue. --- SPEAKER: Daniel "unicornFurnace" Crowley, Research Baron at IBM X-Force Red PRESO TITLE: Electronic Physical Access Control Systems: Advantages and Disadvantages PRESO SUMMARY: Physical access control is nothing new. In the last decade, however, many organizations have moved to managing physical access control using electronics on varying levels from computerized video surveillance and physical intrusion detection systems to networked electromechanical door locks and visitor management systems. This talk will explore the advantages and disadvantages of using computerized, networked physical access control solutions and discuss what attacks (some theoretical, and some proven) against these systems mean for those who rely on them. SPEAKER BIO: Daniel is a penetration tester, ethical hacker, breaker of things, or however else you'd like to put it. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and is TIME magazine's 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including BlackHat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel's work has been included in books and college courses. Daniel also holds the noble title of Baron in the micronation of Sealand. --- SPEAKER: Shawn Pearcy, Associate Security Consultant at NCC Group PRESO TITLE: Physical Security; Tooling Around PRESO SUMMARY: This talk will cover the various types of physical pentest tools for different use cases (mostly bypass tools) and various ways to make or improvise your own. SPEAKER BIO: Shawn Pearcy is an Associate Security Consultant with NCC Group, a global information security firm specializing in application, network, and mobile security. Beginning with telecommunication support in the US Army followed by a technical support role, Shawn was exposed to the importance of security, leading him to focus on info sec. Shawn then completed a Bachelor of Science in Applied Sociology with a Computer Science minor at Texas State University, (with a focus on deviance, crime, and computer security) while working in the Information Security office (where he performed vulnerability analysis, penetration testing, and incident response; including conducting forensics for the University Police). Prior to NCC Group, Shawn worked as an Application Security Analyst with Trustwave Spiderlabs, while completing a Master of Arts in Sociology. • What to bring Yourself and any security minded people you know who would like to get involved in the Austin infosec scene! • Important to know Closest Parking Lot is at Trinity & E 7th Street

    7
  • NCC Group Open Forum

    The Speakeasy (Music Lounge/Downstairs)

    This quarter we will be focusing on Red Team scenarios with a little Blue Team thrown in as well. Dirty Red Team Tactics By: Summer Lee (crazian) / Senior Security Consultant at GuidePoint Security Summary: The mantra of any good red teamer is, “hope for the best, but plan for the worst.” In this talk, you will learn tactics to achieve client goals and successfully provide value even when going in cold. About the Speaker: Summer Lee (crazian) is part of the Threat & Attack Simulation (TAS) team for GuidePoint Security. She started using social engineer tactics at a very young age which led her to have a special interest in physical Red Team engagements. Crazian is an Army veteran who has been active in the Austin infosec community since 2014 including AHA, Longhorn Lockpicking, OWASP Austin Chapter, and ATX2600. She is also a mentor for the RRISD CyberPatriots and various CCDC competitions. When she's not talking infosec, she can be found playing tabletop and video games. Red Team vs Blue Team By: Damian Archer, Manuel Philipose, Joey Victorino, and Danny Aga Summary: A team of NCC Group consultants will discuss techniques that are commonly utilized as part of Red and Blue Team assessments. The presentation will aim to address areas of attack, detection and include simple improvement that can be made to improve defensive capabilities. About the Speakers: • Damian Archer is a Regional Director at NCC Group where he applies his knowledge of information security to numerous clients throughout a variety of industries. Damian has been in the security industry for over a decade carrying out various types of security assessment for some of the biggest organizations on the planet. Damian has been integral part of many assessments for clients who required a ‘real-world’ attack simulation. This involves carrying out a complete assessment of organizational security from the point-of-view of a real world attack group. Manuel Philipose is a Security Consultant at NCC Group where he has led and participated in several projects related to testing networks and web applications. Manuel is also an Offensive Security Certified Professional (OSCP). Previously, Manuel has worked for L-3 Communications, National Instruments and three research labs related to bioinformatics, robotics, and security. Manuel completed his Bachelor's of Science in Electrical Engineering at The University of Texas at Austin in May of 2015. • Joey Victorino is a Security Consultant with NCC Group and has participated in several projects related to digital forensics and incident response. Previously, Joey has worked for Cisco Systems, Volusion and several other Fortune 500 companies in information security. Joey has a Masters of Science in Cybersecurity and Information Assurance from Western Governors University. During his time at Volusion, Joey ran multiple security programs, and drove internal teams to provide timely resolutions to potential system or process issues that were identified. • Danny Aga is a Security Consultant at NCC Group and focuses on Digital Forensics and Incident Response in NCC's Security Defense Operations Group. Danny has worked as a Forensics and eDiscovery Consultant for 12 years prior to joining NCC. Many of his recent projects have revolved around compromise assessments and incident response readiness consulting, including the auditing aspects of Purple Team engagements.

    1
  • NCC Group Open Forum

    Vulcan Gas Company

    It's that time again!!! You're invited to the NCC Group Security Open Forum in Austin! Per usual we'll have open bar, good food, and interesting technical discussions. Swing by, grab your favorite brew and stay a while! SPEAKER: Gregg Braunton PRESO TITLE: Friday Night Incident Response 'Storyboard IR (SB-IR) methodology' PRESO SUMMARY: It's Friday night "IR Night", 5pm and you get the call. After some initial information is collected, inevitably the next first step is to spin up an IR bridge. Rapidly the various teams join; incident managers, server and network, application analysts and the incident response lead. 90%+ of IR teams will convene on a conference line - and that method negatively constrains communication and synergy. Leveraging visual techniques in training is proven to increase speed of understanding and depth of retention by an additional 80%. So why don't IR teams everywhere do this? In this presentation, attendees will learn why they should - for every IR event. Attendees will learn about the "Storyboard" Incident Response Methodology. A simple, effective, repeatable, and extremely visual methodology, participants eyes and mind will pop with that "ah-ha" moment that will instantly make them converts to storyboarding and ask themselves, "why didn't I think of that?". High level objectives of how attendees will learn the practical application of storyboarding to effectively support all phases of the incident response process: --rapidly and effective engage teams to establish and document the facts and circumstances of the incident --give richer, visual context to more accurately triage and analyze an incident; identify and separate phases, artifacts, IOCs and/or TTPs of the event; layer in geography, people, cost, business use and impact of an event --use event diagramming to visually map and assign containment, recovery and follow up work-streams to technical staff, business owners, or vendors --converting the storyboard event into an effective leadership communication tool (avoid the re-write) --how to shape a storyboard into a work product for the investigative file when it's all over --shaping the storyboard into an effective Breach Response Team (BRT) decision brief; compromise or breach? --train attendees on the 3 tools to easily make it all happen back at work; WebEx, OneNote and Visio In the context of a mock IR event, participants will see and experience with their own eyes and senses, the stark contrast of using the traditional conference call approach with that of storyboarding. This simple, no-cost solution will change the IR response paradigm for new and seasoned IR professional alike. SPEAKER BIO: Gregg grew up in California and had a love of computers from an early age, buying a Commodore 64 at age 13. That same year in 1984 he started a computer club at his middle school. In junior high his favorite accomplishment was coding a software program on the Commodore 64 that used animated sprites to teach students about the parts and pieces of a laboratory microscope. Gregg remained engaged with computers all through high school and into college. In 1993 he graduated from the United States Military Academy, West Point with a degree in Computer Science. Following college Gregg served 5 years active duty in the US Army as a Signal Officer where he again followed his passion for computers and communications. He served in various tactical and technical roles responsible for building secure, ad-hoc digital voice and data networks to support troops and leaders on the battlefield. Leading a Cyber Protection Team, he is still active in the US Army Reserves today. After departing from active duty service, Gregg held various positions in the technology and healthcare fields; Hewlett-Packard as a HP-UX, Microsoft, and Cisco Services Field Engineer supporting Boeing, Amazon, Starbucks, and AT&T in the Seattle area. From HP Gregg has worked in healthcare exclusively since 2000 holding a number of technical support and leadership positions in IT and IT security departments. In his most recent positions, Gregg served as the Regional Information Security officer as an internal INFOSEC security consultant to the multiple hospital Boards, Senior Leadership, VPs, directors and business leaders. Currently Gregg serves as the National Director, Threat Management, Incident Response & Forensics. In this role he manages internal/external vulnerability assessments, PENTEST activities, and web application security assessments; leads the organization’s CSIRT team, provide SCM/Cyber Hygiene governance leveraging the CIS Critical Security Controls, and supports all digital forensic and eDiscovery needs for both internal and external legal teams. Gregg has extensive civilian and military training and possesses both technical and management certifications in the Information Security discipline; CISSP, GCFA, C|HFI, C|EH, GIAC/GSEC (Gold), DoD Computer Network Defense Course (CNDC), MCP, Carnegie Mellon Incident Response Handling, Carnegie Mellon Information Assurance for Technical Staff, Certified Information Systems Security Manager (CISSM), DoD 8570 Certified/Compliant IA Tech III and/or Mgmt III. Currently he lives and works in Houston, Texas with his wife and 4 kids. SPEAKER: Michael Gough PRESO TITLE: Netflow without Netflow - LOG-MD and the Windows SRUM Database PRESO SUMMARY: Whenever a system is infected or compromised, the first question management or your client might ask is “How much data did I lose?", or "When was I first infected?” How do you determine how much data was sent or received from a compromised system? Does the network you are on have everything required to provide netflow analysis and details and how far back can you go? What if it doesn’t? How can you determine if data is leaking out and how much data you or your client may have lost? And how can you tell when the system was first compromised? This talk will show you how you can gain netflow and compromise dates straight from Window 8.1 and Windows 10 using LOG-MD and SRUM. SPEAKER BIO: Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed the “Malware Management Framework” and several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons. Michael is also blogs on HackerHurricane.com on various InfoSec topics. --- Accepted Internal Speakers --- SPEAKER: Shaun Jones, Senior Security Consultant at NCC Group PRESO TITLE: Social Engineering | Phishing Stories PRESO SUMMARY: The talk will be about phishing, touching on the basics and types of attacks. It will mainly include some of the phishing stories from jobs that I've done and the effectiveness of phishing being used on larger social engineering engagements. SPEAKER BIO: Shaun has been a Senior Security Engineer for NCC Group for over 4 years, with experience in the information security industry for over 7 years. Shaun is currently responsible for performing technical security assessments for clients across multiple industry sectors, specifically web application pentests, network assessments, and red team engagements. Shaun is also the co-creator of Piranha, a phishing simulation tool and service lead for Phishing in NCC's North American offices. Shaun started his career as a eForensics technician working on criminal investigations for Cheshire Constabulary before moving onto incident response and eDiscovery. During this period became more and more interested in "hacking" pushing him into a career as penetration tester. During his time as a security consultant he's conducted various different types of engagements across the world in places like India, Dubai, Israel, UK, US and mainland Europe. ---

    6
  • NCC Group Open Forum

    The Market

    It's that time again!!! You're invited to the NCC Group Security Open Forum in Austin! Per usual we'll have open bar, good food, and interesting technical discussions. Swing by, grab your favorite brew and stay a while! SPEAKER: Richard Johnson, Technical Research Lead, Cisco Talos PRESO TITLE: Fuzzflow Framework and Windows Guided Fuzzing PRESO SUMMARY: Fuzzflow is a distributed fuzzing management framework from Cisco Talos that offers virtual machine management, fuzzing job configuration, pluggable mutation engines, pre/post mutation scripting, and crash collection, and pluggable crash analysis. We have recently ported the code from crusty 90s era DHTML to a modern web application and open-sourced it on GitHub! We will show off some of the workflow while discussing new mutation engine features driving the client side of the fuzzing system. In the past year we have also added the Intel PT tracing mode as an engine for targeting Windows binaries in the widely used evolutionary fuzzer, American Fuzzy Lop. This fuzzer is capable of using random mutation fuzzing with a code coverage feedback loop to explore new areas. Using our new Intel PT driver for Windows, we provide the fastest hardware supported engine for targeting binaries with evolutionary fuzzing. We will discuss the design challenges and implementation details involved with performantly harnessing Intel Processor Trace for fuzzing. SPEAKER BIO: Richard Johnson is a computer security specialist with a focus on software vulnerability analysis. Currently the Technical Research Lead of Talos Group for Cisco, Richard offers 15 years of expertise and leadership in the software security industry. Current responsibilities include research and development of advanced fuzzing and crash analysis technologies facilitating the automation of the vulnerability triage and discovery process. Richard has presented annually at top-tier industry conferences worldwide for over a decade and was co-founder of the Uninformed Journal. --- SPEAKER: WanderingGlitch PRESO TITLE: Leaking Windows Kernel Pointers PRESO SUMMARY: As part of reversing win32k.sys to understand the User-Mode Callback mechanism, I found several kernel information leaks. As it turns out, there were several situations where the kernel was readily returning kernel pointers to user land. This talk will be a brief introduction into how user-mode callbacks operate, a description of the information leaks vulnerability and how prevalent they are, and then a detailed description of how to take advantage of CVE[masked]. SPEAKER BIO: WanderingGlitch is a vulnerability analyst and exploit developer for the Zero Day Initiative (ZDI) program. His primary role involves performing root cause analysis on ZDI submissions to determine exploitability, followed by developing exploits for accepted cases. --- SPEAKER: Derek Hinch, Senior Security Consultant at NCC Group PRESO TITLE: Rapid Response Dominance with GRR: Capabilities, Architectures, Caveats PRESO SUMMARY: Many proprietary solutions exist to meet enterprise forensic incident response needs, however one open source project is taking the lead when it comes to flexibility, scalability, and capabilities. That project is known as GRR Rapid Response. In this talk we discuss the current maturity of the Google Project, an overview of the capabilities and analysis options, low cost practical architectures to support between 10 to 35,000 clients, and workarounds for performance issues in the latest build of GRR. SPEAKER BIO: Derek has been involved in offensive security research for more than 20 years. He is a former USAF Electronic Warfare R&D specialist (SEI 084/AFSC 2A071D), SIPRNET Domain Admin, and is currently senior staff at DEFCON - where he runs the DEFCON Groups initiative, as well as serving as a veteran DEFCON Security Goon. In his spare time he meddles in persistent threat development, cryptography, and forensics. Derek has been a court certified expert witness in Computers, Computer Security, and Digital Forensics for computers and phones for more than 5 years. "In God We Trust. All others, we monitor - jam - and deceive." Pax Per Imperium

  • NCC Group Open Forum

    The Speakeasy (Music Lounge/Downstairs)

    OH YEAH BABY....It's that time again!!! You are MOST cordially invited to the NCC Group Security Open Forum in Austin, Texas! As is our traditional custom we will have a healthy open bar, the best food of your entire life, and only the absolutely coolest, most interesting technical discussions. Swing by, grab your favorite brew and stay a while! DATE: Thursday, June 30th, 2016 TIME: 6:30-9:30pm LOCATION: The Speakeasy Music Lounge ADDRESS: 412 Congress Ave, Austin, TX 78701 Speakers: External Speaking Slots: SPEAKER: Todd Carr, Unity Technologies PRESO TITLE: Hurt Me Plenty: The Design and Development of Hack Doom PRESO SUMMARY: In this presentation I'll be discussing work on my project, "Hack Doom," the fusion of CTF and videogame that anyone can play, build, and share. I will be covering its state of development, relevance to the security community, and design philosophy. SPEAKER BIO: Todd Carr has been involved in systems administration since 2006. He's currently employed as a DevOps Engineer at Unity Technologies. Todd has been active in the Austin security community since 2012 including ATX2600, AHA, and lolctf. In his spare time, he enjoys making, breaking, and gaming. --- Internal Speakers: SPEAKER: Steve Park, Associate Security Engineer at NCC Group PRESO TITLE: The Elephant in the Room....er Sky Rather: Exposing the Soft Underbelly of the National Airspace System (NAS) PRESO SUMMARY: The Next Generation Air Traffic Management system started out as a grass-roots movement born on the shoulders of grieving families from rural Alaska demanding action from the government to solve an urgent problem. NexGen and in particular ADS-B has saved lives and millions of dollars so far, but at the cost of placing our nation and our world at critical risk. In this presentation we'll discuss the origins of Air Traffic Control, the implementation of NexGen, why it is broken, and what to do about it. SPEAKER BIO: Steve Park is an Associate Security Engineer with NCC Group, an information security firm specializing in application, network, and mobile security. Steve has a special interest in Red Team engagements with Physical Breach simulation and Social Engineering elements. Prior to NCC Steve served with the Marine Corps Forces Special Operations Command, a part of SOCOM, as a weapons and tactics instructor among other things. Following the service Steve earned a degree in Aviation where he learned of the benefits and limitations of the NexGen Air Traffic Management system significantly influencing his decision to make a major career change, and to develop this presentation. SPEAKER: Manuel Phillipose, Associate Security Engineer at NCC Group PRESO TITLE: Inferno - Inference Attacks on Mobile Devices with Machine Learning PRESO SUMMARY: Machine learning is an incredibly useful tool. Prior work has shown that using this tool, an attacker can extract speech, keystrokes, even private keys from non-conventional physical characteristics. This presentation demonstrates how machine learning can analyze power consumption for high level inference attacks. Specifically, we use the amount of power the Android device uses over time to determine a victim’s browsing activity. This presentation will discuss machine learning, side-channel attacks, physical testing methodology, evaluation of machine learning models, and a potential defense against the attack posited in the presentation. After attending this talk, you will understand how to leverage machine learning and seemingly irrelevant data to extract potentially sensitive information. Manuel will demonstrate why side-channels are a pervasive problem and incredibly difficult to defend against. SPEAKER BIO: Manuel Philipose is an Associate Security Engineer with NCC Group, a global information security firm specializing in application, network, and mobile security. Manuel has worked for L-3 Communications, National Instruments and three research labs related to bioinformatics, robotics, and security. Before NCC Group, Manuel studied at The University of Texas at Austin where he earned a Bachelor's of Science in Electrical and Computer Engineering degree in May of 2015. During this time, he led IEEE Communications Society, a student organization on campus focused on educating the next generation of engineers about security. In addition, Manuel was an undergraduate researcher at the Security, Privacy and Computer Architecture (SPARK) Labs where he worked on developing novel side-channel and inference attacks using machine learning. Before graduating, Manuel received the Marjorie Morales award for Best Undergraduate Research in Computer Science for his work on side-channel attacks on mobile web browsers. --- WE WANT TO HEAR FROM YOU!!! SEND US YOUR NAME, TITLE, SUMMARY, AND BIO IF YOU'D LIKE TO SHARE SOME OF YOUR RESEARCH WITH US!

    4
  • NCC Group Open Forum

    The Speakeasy (Music Lounge/Downstairs)

    It's that time again!!! You're invited to the NCC Group Security Open Forum in Austin! Per usual we'll have open bar, good food, and interesting technical discussions. Swing by, grab your favorite brew and stay a while! DATE: Thursday, January 14th, 2016 TIME: 6:30-9:30pm LOCATION: The Speakeasy Music Lounge ADDRESS: 412 Congress Ave, Austin, TX 78701 Accepted Speakers External Speaking Slots: SPEAKER: Jason Geffner PRESO TITLE: VENOM PRESO SUMMARY: Sit back and listen to the fascinating journey of this year’s VENOM vulnerability discovery. Learn how hypervisors work and where researchers should look for critical vulnerabilities. Find out how the VENOM vulnerability was found and why it went unnoticed for so many years. Hear all about the challenges of a coordinated vendor disclosure process. And take in the lessons we learned from the media exposure VENOM received. SPEAKER BIO: Jason Geffner is a world-renowned industry thought-leader in the fields of computer security and reverse engineering. He has been interviewed by Forbes, Fortune, CBS, AP, CSO Magazine, c|net, PCWorld, Dark Reading, and Threatpost, and has been featured on Slashdot, The Register, SC Magazine, ZDNet and Computerworld. Geffner holds several patents, is the discoverer of VENOM, and the inventor of Tortilla. He has been invited to present numerous times at Black Hat, RSA Conference, CanSecWest, OWASP, REcon, Breakpoint, Ruxcon, ISOI, Lockdown, and other industry conferences, in addition to delivering training to the United States Air Force, Japan’s National Police Agency, and private industry. --- SPEAKER: Charisse Castagnoli PRESO TITLE: " A Walk through Wasserman, should a researcher be Worried?" PRESO SUMMARY: In this talk Charisse will give us some valuable insight in to the legal field as it pertains to current events in Hacking and Penetration Testing Consultancy. She will cover events both new and old, and leave room for a Q&A period so we all can be aware of the current landscape as we move forward into the new year. SPEAKER BIO: Charisse is a highly decorated veteran of the cyberwarfare world, VP of Security and General Counsel for Trucker Path, Co Founder of C1ph3r_Qu33ns, current ISSA Austin President, and has many other notable accomplishments under her belt that are too numerous to list. Check her out on LinkedIn: https://www.linkedin.com/in/charisse-castagnoli-b3070 --- THIRD SPEAKER: YOU? SEND ME YOUR NAME, TITLE, SUMMARY, AND BIO IF YOU'D LIKE TO SHARE SOME OF YOUR RESEARCH WITH US!

    6
  • NCC Group Floating Open Forum

    Lake Austin Riverboats

    It's that time again!!! You're invited to the NCC Group Security Open Forum in Austin! Per usual we'll have open bar, good food, and interesting technical discussions. Swing by, grab your favorite brew and stay a while! DATE: October 8th, 2015 TIME: Boarding is at 6:45pm for 7:00pm departure Return will be at 9:30pm-10:00pm LOCATION: Drifting along Lake Austin up to Pennybacker Bridge and back. ADDRESS: The chartered course begins at the LCRA dock in between the Tom Miller Dam and Hula Hut located at 3825 Lake Austin Blvd, Austin, TX 78703. Free parking is available across the street at the LCRA facility lot; signage will by placed by the road to indicate where to go. EVENT SPACE: http://www.austinriverboats.com Accepted Speakers External Speaking Slots: --- SPEAKER: Joshua "jduck" Drake (confirmed) PRESO TITLE: Stagefright: Scary Code in the Heart of Android PRESO SUMMARY: With over a billion activated devices, Android holds strong as the market leading smartphone operating system. Underneath the hood, it is primarily built on the tens of gigabytes of source code from the Android Open Source Project (AOSP). Thoroughly reviewing a code base of this size is arduous at best -- arguably impossible. Several approaches exist to combat this problem. One such approach is identifying and focusing on a particularly dangerous area of code. This presentation centers around the speaker's experience researching a particularly scary area of Android, the Stagefright multimedia framework. By limiting his focus to a relatively small area of code that's critically exposed on 95% of devices, Joshua discovered a multitude of implementation issues with impacts ranging from unassisted remote code execution down to simple denial of service. This presentation discusses; Android OS internals, techniques used for discovery, exploitat mitigations in play, the disclosure process, and more. Finally, proof-of-concept code will be demonstrated. After attending this presentation, you will understand how to discover vulnerabilities in Android more effectively. Joshua will show you why this particular code is so scary, what has been done to help improve the overall security of the Android operating system, and what challenges lie ahead. SPEAKER BIO: Joshua J. Drake is the VP of Platform Research and Exploitation at Zimperium Enterprise Mobile Security and lead author of the Android Hacker's Handbook. Joshua focuses on original research such as reverse engineering and the analysis, discovery, and exploitation of security vulnerabilities. He has over 10 years of experience auditing and exploiting a wide range of application and operating system software with a focus on Android since early 2012. In prior roles, he served at Metasploit and VeriSign's iDefense Labs. Joshua previously spoke at Black Hat, RSA, CanSecWest, REcon, Ruxcon/Breakpoint, Toorcon, and DerbyCon. Other notable accomplishments include exploiting Oracle's JVM for a win at Pwn2Own 2013, successfully compromising the Android browser via NFC with Georg Wicherski at Black Hat USA 2012, and winning the DefCon 18 CTF with the ACME Pharm team in 2010. Internal Speaking Slots: --- SPEAKER: Tony Cargile (confirmed) PRESO TITLE: Rebooting SDLC for the modern age: Lessons from Silicon Valley PRESO SUMMARY: In this talk, Tony Cargile shares his perspective as a security consultant who has been tasked with helping implement a Security Development LifeCycle in some of the largest software development shop. By being able to see both the offensive and defensive sides of security, Tony is able to give some interesting perspectives into how SDLC should be carried out in a large scale environment. This talk will go over some of the pain-points that large scale SDLC deployments face and some of the lessons learned from these hurdles especially in an Agile environment. Also, this talk will introduce innovative ideas on how we approach our pre-conceived methodologies of SDLC such as Static Code Analysis. This talk is a must see for anyone who is tasked with implementing Security Development LifeCycle or for anyone who is simply curious on how to prevent software vulnerabilities before they are coded. SPEAKER BIO: Tony Cargile is a Senior Security Engineer with NCC Group, a global information security firm specializing in application, network, and mobile security. At NCC Group, Tony has participated in and led projects ranging from single consultant short-term engagements to 50 consultant month-long projects. Specializing in application security, Tony has performed reviews of a vast array of products in both white-box and black-box methodologies in languages across the spectrum, including Java, C, Python, Assembly, C#, PHP, as well as many others. He has also performed research and presented at national conferences on the DNS technology DANE as well as the Security Development LifeCycle. Before NCC Group, Tony has professional programing experience developing custom software for CMMI solutions in C#, Visual Basic, and Perl and received a bachelor’s of science in Computer Science at the University of Texas at Austin with an INFOSEC certification. --- SPEAKER: Dan Crowley (confirmed) PRESO TITLE: Cryptanalib and FeatherDuster: Making cryptographic attacks easier PRESO SUMMARY: In 2010, the application security world was shocked to learn that one cryptographic attack technique could be used to break cryptosystems in Java Server Faces, Ruby on Rails, and most notably, ASP.NET: Vaudenay's padding oracle attack. More shocking was that Vaudenay published this technique in 2002! Being eight years behind, the application security community has a lot of catching up to do when it comes to cryptography. Creating tools and educational materials to help appsec professionals become proficient in finding and attacking weak cryptosystems is the obvious answer, but when cryptosystems can exist in about as many places as ordinary data can, how can general purpose tools be made? The answer is to create tools for creating tools! This talk will discuss Cryptanalib, a crypto attack library designed to make it easier to write cryptographic attack tools, and FeatherDuster, a tool built to take out as much of the work as possible in writing tools with Cryptanalib. SPEAKER BIO: Daniel (aka "unicornFurnace") is a Security Engineer for iSEC Partners. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel was TIME's 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie. Daniel also holds the title of Baron in the micronation of Sealand. ---

    9
  • NCC Group Security Open Forum

    Tap Room at The Market

    You're invited to the NCC Group Security Open Forum in Austin! Per usual we'll have open bar, good food, and interesting technical discussions. Swing by, grab your favorite brew and stay a while! DATE: July 16th, 2015 TIME: 6pm-9pm LOCATION:The Tap Room at The Market ADDRESS: 319 Colorado St EVENT SPACE http://www.themarketaustin.com/v1/ (http://www.themarketaustin.com/v1/) Accepted Speakers External Speaking Slots: --- SPEAKER: Jasiel Spelman PRESO TITLE: Process Injection and Instrumentation PRESO SUMMARY: Whether you're auditing for vulnerabilities, triaging a crash, or writing an exploit for a vulnerability, you need to have a good understanding of the application you're working with. While a lot can be learned through reading documentation and static analysis of the binaries, sometimes you need to interact with the application dynamically. There are a few options at this point, from traditional debuggers to more advanced dynamic instrumentation or static recompilation. This talk will give an overview of the various options along with the methods that have worked the best for me. SPEAKER BIO: Jasiel Spelman is a vulnerability analyst and exploit developer for the Zero Day Initiative (ZDI) program. His primary role involves performing root cause analysis on ZDI submissions to determine exploitability, followed by developing exploits for accepted cases. Prior to being part of ZDI, Jasiel was a member of the Digital Vaccine team where he wrote exploits for ZDI submissions, and helped develop the ReputationDV service from TippingPoint. Jasiel's focus started off in the networking world but then shifted to development until transitioning to security. He has a BA in Computer Science from the University of Texas at Austin. --- SPEAKER: Kurtis Miller PRESO TITLE: Fuzzing and Vuln Research Ops PRESO SUMMARY: Do you want to find bugs in third party libraries? Do you want a quickly deployable and repeatable environment to perform vulnerability research and collaborate with your team? This talk will discuss and demonstrate an approach to achieve all of these goals with available tools, finding interesting things along the way. SPEAKER BIO: Kurtis Miller is a Senior Security Engineer at Atlassian where he works to identify, fix, and prevent security issues in Atlassian products. Before Atlassian, Kurtis spent some time as a Senior Security Engineer at iSEC Partners. Kurtis has been obsessed with software security since his teens and has been fortunate enough to do it professionally. --- Internal Speaking Slots: --- SPEAKER: Damon Smith PRESO TITLE: Bugged Files: Are your documents telling on you? PRESO SUMMARY: In this talk, we explore various file formats and their ability to make outbound requests, as well as what that means from a security and privacy perspective. Most interestingly, these techniques are not built on mistakes, but intentional design decisions, meaning that they will not be fixed as bugs. From data loss prevention to de-anonymization to request forgery to NTLM credential capture, this presentation will explore what it means to have files that communicate to various endpoints when opened. SPEAKER BIO: Damon Smith is a Security Consultant with NCC Group, an information security firm specializing in application, network, and mobile security. Damon specializes in web application assessments, embedded device/point of sale assessments, network penetration testing, and mobile testing.

    1
  • iSEC Partners: Austin Open Forum

    Vulcan Gas Company

    You're invited to the iSEC Partners Austin Open Forum. Per usual we'll have open bar, good food, and interesting technical discussions. Swing by, grab your favorite brew and stay a while! DATE: April 23rd, 2015 TIME: 6pm-9pm LOCATION: Vulcan Gas Company ADDRESS: 418 East 6th Street EVENT SPACE: http://vulcanatx.com Speaking Agenda (order may change but speakers are confirmed) --- SPEAKER: Derek Hinch, Security Engineer at iSEC Partners PRESO TITLE: Advanced Replay Attacks using bouncyDuck PRESO SUMMARY: When time on an unauthorized terminal counts, replay attacks can be some of the most efficient methods for target acquisition. Devices such as the teensy HID and USB Rubber Ducky can be quite useful, however, the default firmware is lacking in features. bouncyDuck is a simple script that manages programming of multiple firmware types for the USB Rubber Ducky, along with additional tools that allow payload customization in the field with little to no knowledge of the ducky scripting language (does not require a network connection either). This short talk will provide an overview of each one of the types of firmware contained in bouncyDuck, the best use case scenarios, and some of the features of the bouncyDuck tool along with demonstrations of each. SPEAKER BIO: Derek has been involved in offensive security research for more than 20 years. He is a former USAF Electronic Warfare R&D specialist (SEI 084/AFSC 2A071D), SIPRNET Domain Admin, and is currently senior staff at DEFCON - where he runs the DEFCON Groups initiative, as well as serving as a veteran DEFCON Security Goon. In his spare time he meddles in persistent threat development, cryptography, and forensics. Derek has been a court certified expert witness in Computers, Computer Security, and Digital Forensics for computers and phones for more than 5 years. "In God We Trust. All others, we monitor - jam - and deceive." Pax Per Imperium --- SPEAKER: Jeremy Powell PRESO TITLE: Software Defined Radio Primer PRESO SUMMARY: SDR is a powerful technology that has recently become cheap enough to for individuals to hack on. However, there's a steep learning curve since it's fairly new and intersects many different disciplines. This presentation will give you an overview of what SDR is, what technology is available, and the vocabulary needed to start learning for yourself. SPEAKER BIO: Jeremy has worked in the field of information security for seven years after graduating from the University of Texas at Austin with a Computer Science degree. He has performed product security assessments of products ranging from the Linux operating system to enterprise-level web applications. He currently works as a product security consultant at Hewlett Packard in Austin, TX. --- SPEAKER: James “Iv0ryW0lf” Boyd, Lvl 23 Cyber Shaman @ Lumenate PRESO TITLE: BlackMailed PRESO SUMMARY: During some boring research looking through emails, I stumbled upon unnecessary uses that are fun! I plan to cover a brief history of email, brief discussion of DarkMail, and then move into BlackMailed. The preso will cover statics based on a collection of emails that are considered good, bad, and unknown and are stored in a database for intelligence gathering. I will cover email header details & their uses, some trend analysis, and interesting header manipulation/hacking. BlackMailed is a series of python scripts that are only prototypes with mongoDB in the backend. Once I get it to a decent and stable state, I will add it to my GIT repo. SPEAKER BIO: Retired USAF Master Sergeant IT Security, 23 years Network Traffic Analysis Digital Forensics/Malware Analysis Hacking/Pentesting Certified C|EH & Security+ Current role Leverage analysis tools Enhance customer security posture Malware Hunter UAT Course Development Digital Forensic Instructor SAHA!

    5