NCC Group's Open Forum (August)

A penetration tester’s view of security with Go.

The event will start at 6pm Central. mHub is conveniently located off Chicago and Halstead; close to 8 Halsted bus and 66 Chicago bus, plus a short walk from the Blue Line or Brown Line.

Speaker:John Ventura of Optiv Security, Inc.

Talk: "THEY'RE COMING FOR YOUR TOOLS: EXPLOITING DESIGN FLAWS FOR ACTIVE INTRUSION PREVENTION"

Abstract: This talk explores the real world limitations of popular attack tools and methodologies. The set of tools commonly used for both network based penetration tests and real world intrusions exhibit exploitable vulnerabilities. System administrators can use these vulnerabilities to complicate or even prevent intrusions, while attackers can also use them to target each other.In the course of researching this topic, we have developed a set of proof-of-concept tools that demonstrate various strategies for promoting intrusion detection by targeting common tools and methodologies. We will demonstrate tools that enable man-in-the-middle attacks against popular remote access tools and complicate password recovery techniques.

Speaker: Jim McKenney, of NCC Group's Transport Security Practice

Title: Hacking trains, safely

Abstract: In this talk, Jim McKenney will discuss how to gain support for cyber security testing in operational environments (OT) such as rail, discuss impact based and negative testing techniques to assess cyber risk to operational (OT) environments, discuss effective techniques to communicate results and discuss how we can address some of the root cause issues in the convergent IT/OT environment. Learning objectives: 1. Discuss how to gain support for cyber security testing in operational environments by linking outcomes to key business metrics 2. Discuss the benefits of impact based approaches to assess cyber-physical risks 3. Discuss negative testing and the adversarial approach 4. Discuss trends and necessary skills to address deficiencies in IT/OT convergence.

Speaker: Terence Tarvis

Title: A penetration tester’s view of security with Go.

Abstract: This talk will discuss the security of applications built with the Go programming language. It will include a brief overview of the language and some of the features Go has. Building on this, some of the security features Go has inherently will be discussed. Finally, an overview of code review and penetration testing will be given, including areas to watch for that may present potential security issues.