Location visible to members
NCC Group Open Forum Q2 – NYC
DATE: Wednesday, May 18th, 2016
837 Washington St, 3rd floor
New York, NY 10014
Enter under red awning "Super City Meat Inc."
Between W 13th St. & LITTLE W 12th St.
** Complimentary food and beverages provided **
Lost? Questions on the day of the event? Contact Karsten Cross at[masked].
Closest trains are:
A, C, E, 1, 2, 3
SPEAKER: JULIAN COHEN
ABSTRACT: Attacker groups that target web applications do not use the same tactics that your penetration testing team does. This leaves a gap between vulnerabilities that your team finds and vulnerabilities that attackers are actively discovering and exploiting. In this talk, we use actionable data about real attacker groups to develop tools and methodologies to aid your penetration testing team.
SPEAKER: TOM CROSS
ABSTRACT: Internet honeypots have had limited value because any computer system that is placed on the open Internet is going to be subject to attack by all kinds of parties. However, there is a role for deception to play in network defense, if those deceptive features are more carefully crafted. Military strategists have employed deception to gain the upper hand in conflicts for hundreds of years, and there is a large, formal body of knowledge that they have developed on how to utilize deception effectively and what it's pitfalls are. This talk will cover some of that wisdom and how it can play a role in infosec programs of any budget or maturity level.
SPEAKER: ROBERT SEACORD
TITLE: Reading Uninitialized Variables in C
ABSTRACT: Most developers understand that reading uninitialized variables in C is a defect, but some do it anyway, for example, to create entropy. Reading uninitialized variables in C is actually undefined behavior. In this talk, we’ll explore why and examine the possible consequences to real world code.
About the NCC Group Open Forum
The NCC Group Open Forum is an informal and open venue for the discussion and presentation of security related research and tools, and an opportunity for security researchers from all fields to get together and share work and ideas. Open Forum meets quarterly in the Bay Area, Seattle, Austin, Chicago, and New York City. Forum agendas are crafted with the specific needs/interests of its members in mind and consist of brief 30 minute talks. Talks are not product pitches or strongly vendor preferential. Attendance is by invite only. Any area of security is welcome including reversing, secure development, new techniques or tools, application security, cryptography, etc.