Bay Area IoT Security - April meetup

Join us on Thursday, April 13th for a two hour informative session on Internet of Things Security and Pentesting.

6.30 - 7.00: Networking

7.00 - 8.30: Presentations

Details:

Session 1: IoT Pentesting 101 by Aditya Gupta

Session 2: The Dawn of the DDoS Age by Nate Lindstrom

Session 1: IoT Pentesting 101 by Aditya Gupta

IoT is one of the hottest trends in technology right now! There seems to be an arms race between both consumer and industrial vendors to connect almost everything to the Internet – your fridge, thermostat, coffee machine, watch, shoes, dog’s collar and toaster are all included! This new frenzy to connect “everything” to the Internet is here to stay and we are already seeing millions of these “smart” devices in homes, offices and public areas.

During the previous “Mobile Application” age, security took a backseat and almost every other app was insecure to the most basic and embarrassing of vulnerabilities. Unfortunately, to our horror, this golden age of “IoT – smart devices” is no different!

The key challenge in learning how to pentest and secure IoT devices is understanding the complex interaction between hardware and firmware. This includes being able to find debug ports to connect to or even having the ability to read/write directly to a chip! This session will take you through this complex yet extremely interesting and exciting journey.

This session is beginner friendly and starts from the very basics of IoT devices and their security – how to get started? Hardware? Software? Tools? Techniques? Will all be answered.

About the Speaker

Aditya Gupta (@adi1391 (https://twitter.com/adi1391)) is the founder and principal consultant of Attify, an IoT and mobile security firm, and a leading mobile security expert and evangelist. He has done a lot of in-depth research on mobile application security and IoT device exploitation. He is also the author of the popular training course - "Offensive IoT Exploitation (http://offensiveiotexploitation.com)", creator of Attify-Store (https://attify-store.com) and also the author of Android security book "Learning Pentesting for Android Devices" that sold over 15,000 copies, since it was published in March 2014.

He has also discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe and many more. He has also published a research paper on ARM Exploitation titled "A Short Guide on ARM Exploitation." In his previous roles, he has worked on mobile security, application security, network penetration testing, developing automated internal tools to prevent fraud, finding and exploiting vulnerabilities and so on.

He is also a frequent speaker and trainer at numerous international security conferences including Black Hat, Syscan, OWASP AppSec, PhDays, Brucon, Toorcon, Clubhack amongst others, and also provides private and customized training programmes for organizations.

Session 2: The Dawn of the DDoS Age by Nate Lindstrom

Today, Nate Lindstrom will be giving a Tech Talk on the rise of the black market economy that rents chaos and extortion by the hour. Please note that this event will not be recorded. Due to the sensitive nature of the information being discussed, no recordings will be permitted. The Internet is in the grip of malicious forces whose power has grown beyond our wildest imagination in recent months. We trace the history of botnets and Distributed Denial of Service (DDoS) attacks, explore the rise of the Mirai botnet, look at extortion-for-hire, and discuss what you can do to protect yourself and your online services as the Internet grows darker by the minute.

About the Speaker:

Nate Lindstrom is the VP of Solutions Engineering for NS1, a next generation DNS and traffic management platform architected to service the most demanding, mission-critical applications on the internet. He has significant experience building, operating, and securing cloud environments for a number of companies including Yahoo! and Salesforce.