Food and beverages will be provided. Talks start at 6:45pm

===
AGENDA

SPEAKERS: Gerald Doussot / Senior Security Consultant / NCC Group
Roger Meyer / Senior Security Consultant / NCC Group

PRESO TITLE: Singularity of Origin: a DNS rebinding attack framework

PRESO SUMMARY: During recent security assessments, we’ve seen applications running on the localhost interface or exposing services on an internal network without authentication. This includes Electron-based applications or applications exposing Chrome Developer Tools and other various debuggers.

Exploiting such services is typically straight forward, but it takes a substantial effort to implement an attack in the context of a security assessment. There are tools available to exploit DNS rebinding vulnerabilities but they pose a number of challenges including the lack of support or documentation. They sometimes do not even work, are very specific and/or do not provide a full exploitation stack, requiring much effort to assemble and integrate all the missing bits and pieces. Furthermore, some of our customers are still unaware or unsure of the nature and potential adverse impact of DNS rebinding vulnerabilities or do not implement appropriate controls to prevent them.

We present Singularity of Origin, a framework to facilitate the exploitation of software vulnerable to DNS rebinding attacks, and to raise awareness on how they work and how to protect from them.

SPEAKER BIOS: Gérald Doussot is a security consultant with NCC Group with extensive experience in information technologies. Gérald has undertaken defensive and offensive security roles, including the design, implementation and management of security solutions, software development, integration and security testing.

Roger Meyer is a Senior Security Engineer with NCC Group, a global information assurance specialist providing organizations with expert security consulting services. Roger has extensive experience managing/leading complex engagements involving dozens of interested parties at large enterprise clients.

-=-=-

SPEAKER: Ally Clayton / Manager, Detection & Response at Slack / Slack

PRESO TITLE: Collaborating for Incident Management

PRESO SUMMARY: Managing a high priority, high visibility event means managing resources quickly and efficiently. Email's asynchrony delays decision making. Tracking key items across multiple emails causes data loss. We use Slack to manage incidents in our environment, and we have created tools to make the process easier and more transparent. It saves time and leads to cleaner, faster event resolution.

SPEAKER BIO: With a security career spanning 17 years from the US Government to Disney and now to Slack, Ally has held a number of roles including researcher, foreign partnership liaison, leading blue and red teams, IR, and threat hunting. She now leads the fast-paced Detection and Response team at Slack.

-=-=-

SPEAKER: Will Bengtson / Senior Security Engineer / Netflix

PRESO TITLE: Protecting AWS Credentials

PRESO SUMMARY: A widespread concern of operating in the cloud is credential compromise with the outcome of a compromised credential varying depending on the motive and skill of the attacker. What if there were some protections that you can do in order to prevent this from being a concern for your enterprise? This talk focuses on two methods that can be used in conjunction or separately to enable enterprises to take a proactive step in protecting and preventing credentials in AWS.

SPEAKER BIO: Will Bengtson is senior security engineer at Netflix focused on security operations and tooling. Prior to Netflix, Bengtson led security at a healthcare data analytics startup, consulted across various industries in the private sector, and spent many years in the Department of Defense. Bengtson is on the BSidesSF and Bay Area OWASP leadership team. Bengtson contributes to numerous open source projects and has spoken on topics of security across the world.