iSEC Open Forum Bay Area

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-iSEC Open Forum Bay Area-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

DATE: Thursday, December 12, 2013

TIME: 6:00pm-9:00pm

LOCATION: Dropbox, 185 Berry Street, Suite 400 (Lobby #4, up to 4th floor) San Francisco, CA 94107

PARKING: No free parking, AT&T park parking lot a block away and metered street parking. Public transportation is highly recommended (CalTrain and Muni are 1/2 block away).

Please RSVP if you wish to attend!

technical managers and engineers only please

food and beverage provided

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-AGENDA

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

SPEAKERS: Xavier Shay / Engineering Manager / Square

PRESO TITLE: Securing Rubygems with TUF

PRESO SUMMARY: Xavier will be speaking about the recent work Square has beendoing to secure Rubygems against malicious activity (such as the break-in thatoccurred earlier this year) using The Update Framework (TUF). Will include anintroduction to TUF and how it defends against the myriad different attacksagainst packaging systems, how it applies to Rubygems, and then some practicalimplementation details and a proof-of-concept.

SPEAKER BIOS: Xavier is an Engineering Manager in the Production Engineeringgroup at Square, based in San Francisco. He is an RSpec and Bundler core teammember, and has over fifty published repositories on GitHub. He has beenworking professionally with Ruby since 2006.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

SPEAKERS: SA Jeffrey S. Miller / Federal Bureau of Investigation

PRESO TITLE: A discussion of IT crimes, trends and defenses by local FBI agents

PRESO SUMMARY: Myself and the other Agents attending will be discussing how theFBI is organized here in the Bay Area and how we interact with technologycompanies. Additionally, we will be discussing recent trends and indicators ofcompromise regarding high profile computer intrusions, DDoSes, data breaches,and the types of actors responsible for the attacks. We will also provide theattendees with several ways they can protect themselves from becoming targets,as cyber criminals are now beginning to target specific types of employeeswithin technology companies instead of the companies directly.

SPEAKER BIOS: Jeff Miller has been a Special Agent with the FBI for 3.5 years,and is assigned to a criminal computer intrusion squad in the San FranciscoDivision (San Jose Resident Agency) of the FBI. Prior to becoming a SpecialAgent, Mr. Miller was a software developer and database administrator at anautomotive company in the Midwest.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

SPEAKERS: Alban Diquet / Principal Security Engineer / iSEC Partners

Marc Blanchou / Principal Security Engineer / iSEC Partners

PRESO TITLE: Introspy: Security Profiling for Blackbox iOS and Android

PRESO SUMMARY: In 2013, assessing the security of iOS and Android applicationsstill involves a lot of manual, time-consuming tasks - especially whenperforming a black-box assessment. Without access to source code, acomprehensive review of such applications currently requires in-depth knowledgeof various APIs and the ability to use relatively complex, generic tools suchas Cycript and Cydia Substrate - or just jump straight into the debugger.

To simplify this process, we are releasing Introspy - an open-source securityprofiler for iOS and Android. Introspy is designed to help penetration testersunderstand what an application does at runtime. The tool comprises threeseparate components: an iOS tracer, and Android tracer, and an analyzer. TheiOS and Android tracers can be installed respectively on a jailbroken iOSdevice and a rooted Android device. Both tracers hook and recordsecurity-sensitive APIs called by a given application at run-time: functioncalls related to cryptography, IPCs, data storage or data protection,networking, and user privacy are all recorded and persisted in a SQLitedatabase on the device. This database can then be fed to the Introspy analyzer- which generates an HTML report displaying all recorded calls, plus a list ofpotential vulnerabilities affecting the application.

This presentation will first briefly introduce general concepts and currentmethodologies for mobile black box testing, as well as a cursory review ofclassic vulnerabilities affecting iOS and Android applications. We will thendemonstrate how Introspy can greatly simplify the process of vulnerabilitydiscovery and how to use it on every day mobile assessments.

SPEAKER BIOS: Alban Diquet is a Principal Security Engineer at iSEC Partners.While at iSEC, Alban has led or contributed to security assessments on avariety of client/server applications, including large scale web applications,iOS applications, Windows / OS X clients, and server applications. Alban'sresearch interests include web and mobile security as well as SSL and PKI. Hereleased SSLyze, an open source SSL scanner written in Python, as well asvarious tools to simplify the pen-testing of iOS Apps.

Alban received a M.S. in Computer and Electrical Engineering from the "InstitutSuperieur d'Electronique de Paris" in Paris, France, and a M.S in "Secure andDependable Computer Systems" from Chalmers University, in Gothenburg, Sweden.

Marc Blanchou is a Principal Security Consultant at iSEC Partners, aninformation security firm providing security assessments on multiple platformsand environments. At iSEC, Marc worked on a wide variety of products rangingfrom mobile, desktop and web clients as well server-side and kernel relatedcomponents. Marc has recently presented at Black Hat, RSA Conference, Hack InThe Box and OWASP on various topics including compiler/hardware induced bugs inOSes/VMs, building better browser-based botnets and how to audit enterpriseclass products on Android and iOS.

Prior to iSEC, Marc was a lead application developer on a wide variety ofprojects and worked on several products involving low-level legacy code for afinancial and a game company. For his master's thesis at EPITECH, Marcdeveloped a multiplatform flash file system in C which resulted in severalcommits to the Linux kernel.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Interested in presenting at a future Forum? Email forum@isecpartners.com. Talksshould be 30-40 minutes max.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-About the iSEC Open Security Forum-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The iSEC Open Security Forum is an informal and open venue for the discussionand presentation of security related research and tools, and an opportunity forsecurity researchers from all fields to get together and share work and ideas.

The Forum meets quarterly in the Bay Area, Seattle, New York City and Austin.Forum agendas are crafted with the specific needs/interests of its members inmind and consist of brief 30-40 minute talks. Talks are not product pitches orstrongly vendor preferential. Attendance is by invite only and is limited toengineers and technical managers. Any area of security is welcome includingreversing, secure development, new techniques or tools, application security,cryptography, etc.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-To unsubscribe from further communication regarding iSEC Partners Events,please email rsvp@isecpartners.com with UNSUBSCRIBE in the subject.