iSEC Open Forum Bay Area

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

iSEC Open Forum Bay Area

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

DATE: Thursday, September 12, 2013

TIME: 6:00pm-9:00pm

LOCATION: VMware, 900 Arastradero Road, Palo Alto, CA – Creekside Building

Please RSVP via Meetup or to rsvp@isecpartners.com if you wish to attend!

technical managers and engineers only please

food and beverage provided

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

AGENDA

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

SPEAKERS: Ted Sumers / Embedded SW Engineer / Automatic Labs, Grayson Zulauf / Motiv Power Systems

PRESO TITLE: Hot-Wiring of the Future: Reverse-Engineering Automotive CAN

PRESO SUMMARY: To the layperson, a car is a primarily mechanical system—an internal combustion engine linked to four wheels. Yet modern vehicles are highly computerized, with dozens of sensors and MCUs (collectively known as electronic control units, or ECUs) controlling every aspect of the car from engine timing to infotainment systems. These ECUs pass vast amounts of unsecured information over a mandated intra-vehicle network: the CAN bus.

Accessing the network via the standardized OBD-II port, we were able to gain control over numerous safety-critical systems, including the dashboard display and door locks. We present our open-source software package, part of the GoodFET framework, as well as a methodology for reverse-engineering proprietary automotive CAN implementations.

SPEAKER BIOS: Ted Sumers spent four lonely, cold years in college in New Hampshire wondering where all the other software engineers were. Thankfully, this spring, an extended post-grad climbing-hobo road trip brought him out to the bay area, where he found friends! He was going to go back east to get an MS in robotics in the fall, but stayed when he realized Automatic would pay him to play with cars instead. Ted presented at REcon 2013 and will be talking at Breakpoint/Ruxcon in October.

Grayson Zulauf recently graduated from Dartmouth College with an electrical engineering degree too broad to know much about anything, and has subsequently tried to learn at least a little bit about a lot of different things: nanotechnology, breaking cars, and now, power electronics and how to not electrocute himself. He works at Motiv Power Systems building commercial scale electric vehicles (like North America's first all-electric garbage truck!), and is struggling to make the transition from breaking vehicles to making them work. He will also be presenting at Breakpoint/Ruxcon in October.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

SPEAKER: Balint Seeber / Applications Engineer and SDR Evangelist / Ettus Research

PRESO TITLE: All Your RFz Are Belong to Me - Hacking the Wireless World with Software Defined Radio

PRESO SUMMARY: Ever wondered what traffic is flowing through the many satellites in orbit above you? Have you wanted to intercept RADAR signals from air traffic control and visualize your local airspace in real-time on a 3D map? While you're at it, check how many faults have been reported by the next plane you'll be travelling on (e.g. do the toilets work?). How about tracking down the source of a clandestine transmission that is interfering with your favorite channel? If you have ever wanted to reverse engineer such radio systems, this talk is for you!

I will show how to analyze and hack RF communications systems using open source software and cheap radio hardware. The focus will be on how to use Software Defined Radio to create: a digital satellite demodulator for blind signal analysis, a souped-up Mode S aviation transponder/ACARS receiver with an Internet-enabled smooth-streaming Google Earth front-end, and a Radio Direction Finder. I will also touch on some other SDR applications (AIS, APRS, 802.11a, RFID, RDS & GPS).

SPEAKER BIO: @spenchdotnet / balint@spench.net (hacking) / balint@ettus.com (work-related)

A software engineer by training, Balint is a perpetual hacker, Applications Engineer and SDR Evangelist at Ettus Research, and the guy behind spench.net. His passion is extracting interesting information from lesser-known data sources and visualizing them in novel ways. Lately, he has become obsessed with Software Defined Radio and all that can be decoded from the ether. When not receiving electromagnetic radiation, he likes to develop interactive web apps for presenting spatial data. Originally from Australia, he moved to the United States in 2012 to pursue his love of SDR.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

SPEAKER: Josh Yavor / Senior Security Engineer / iSEC Partners

PRESO TITLE: The BYOD PEAP Show: Mobile Devices Bare Auth

PRESO SUMMARY:The onslaught of Bring Your Own Device(s) in recent years places a new focus on the security of wireless networks. In this presentation we will investigate how a perfect storm of events in the recent past created a situation in which PEAP, the most commonly deployed WPA2 Enterprise authentication protocol, can no longer be used safely with mobile devices. After highlighting how easy (and fun!) exploitation is, the focus will shift to mitigation efforts and how to transition to more secure mobile device authentication solutions.

SPEAKER BIO: Josh Yavor is a Senior Security Engineer at iSEC Partners' San Francisco location where he draws enormous satisfaction out of being evil, for good. Josh has presented at Black Hat, DEF CON and at R00tz Asylum. Prior to joining iSEC, he operated an independent IT consultancy and took years off of his life expectancy while teaching middle school.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-