CiNPA: Hackers' Night 20
Topic 1) Inter-chip communication: Testing end-to-end security on IoT
Speaker 1) Deral Heiland
The evaluation of an embedded products end-to-end security can often be greatly improved by examining data communication at the circuit level via inter-chip communication as data passes thru an embedded device. So during this presentation we will be exploring inter-chip communication concepts. Focusing on mapping circuit layouts, capturing and decoding communication methodologies, and evaluation of end-to-end security concepts on IoT bridging devices used for remote Internet access to devices leveraging none routable Protocols. With the goals of identifying and understanding: The decoding of Inter-chip communication, End-to-End security validation, Identification of potential attack vectors & vulnerabilities, Device internal command structure, Weaponization of bridge devices.
Deral Heiland, serves as a Research Lead (IoT) for Rapid7. Deral has over 25 years of experience in the Information Technology field. Over the last 15+ years Deral's career has focused on security research, penetration testing, and consulting. Deral has conducted security research on numerous subjects, releasing white papers, advisories, and has presented the information at conferences including Blackhat, Defcon, Shmoocon, DerbyCon, and Hack In Paris. Deral has been interviewed by and quoted by media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, and MIT Technical Review.
Topic 2) Pass-the-Hash (PtH) attacks using Metasploit
Speaker 2) Matt Scheurer
Pass-the-Hash (PtH) attacks can be leveraged to authenticate on remote systems without the need of a password. Armed with just a hash, PtH attacks allow malicious threat actors to move laterally to other systems throughout an enterprise environment with Administrative privileges. In this talk we will use Metasploit to demo a PtH attack in action.
Matt Scheurer serves as Chair of the Cincinnati Networking Professionals Association Security Special Interest Group (CiNPA Security SIG), an Ambassador for Bugcrowd, and works as a Systems Security Engineer in the Financial Services industry. He holds a CompTIA Security+ Certification and possesses multiple Microsoft Certifications including MCP, MCPS, MCTS, MCSA, and MCITP. He has presented on numerous Information Security topics as a featured speaker at many local area technology groups and large Information Security conferences. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Financial Services - Information Sharing and Analysis Center (FS-ISAC), Information Systems Security Association (ISSA), and InfraGard.
Specific meeting information can be found at CINPA website (http://www.cinpa.org)
NOTE: Meeting includes food and beverages.
Cost: Free for current CiNPA Members, Become a CiNPA Member ($35.00 annual dues), or $5.00 as a Guest