BSM January 2020

Thanks to this month's sponsors: Digital Ocean and Synopsys.

• Please take a moment to familiarize yourselves with our Code of Conduct and Vendor/Recruiter policies at https://www.meetup.com/The-Boston-Security-Meetup/about/

Bring your ideas and great conversation we will provide the food and beverages.

Doors open at 6, sessions start at 7

Talk#1 - OSINT Scrutiny: Act More Putinly by Mitch Kucia

Publicly accessible information presents a huge attack surface for companies (including those with broadly-scoped bug bounties (or yours)). I'll walk through the OSINT/recon phase of a red team engagement, starting with only a company name. You'll learn techniques for host and service discovery, and find out how to coax information from commonly exposed services.

Speaker Bio: Mitch Kucia (@b17zr) is a senior security consultant at NCC Group. Mitch specializes in network penetration tests, including adversary simulations and red teams.

Talk#2 - How to Automatically Protect Against Covert USB Attacks by Amin Kharraz

Targeted attacks via transient devices are not new. However, BadUSB attacks have shifted the attack paradigm tremendously. These attacks embed malicious code in device firmware and rely on users who unwittingly open their organizations to an internal attack. Instances of security breaches in recent years illustrate that such devices are used to spread malware, control systems, and exfiltrate information. In this talk, I explain how it is possible to automatically identify badUSB devices, and answer three questions on how to deploy an ML model as an augmented service to the OS without introducing discernible overhead compared to the unmodified USB subsystem.

Speaker Bio: Amin Kharraz is a system researcher at UIUC--NEU. His research focuses on building systems to facilitate a data-driven approach to security.