iSEC Open Forum Bay Area
Details
iSEC is very excited about tonight's event, but due to an unprecedented number of RSVPs, we are concerned about the venue's capacity. As such, we will be checking people in starting at 5:40 (please bring valid ID) and will be required to close the doors if we reach capacity (~80 people).
I apologize in advance to anyone who arrives after the space has filled. We hope this does not deter any of you from future events and will look for larger capacity sites if we do in fact have to close the doors early tonight.
Also a reminder that due to illness, Aaron Grattafiori is unable to present "Containing Linux Containers" and instead Ping Yan will present "Devil in the Haystack: Applied Statistics and Machine Learning on in-app Events".
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
iSEC Open Forum Bay Area
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
DATE: Thursday, January 29, 2015
TIME: 6:00pm-9:00pm
LOCATION: Salesforce, 1 California Street, 5th Floor, Manoa 2
San Francisco, CA 94105
technical managers and engineers only please
food and beverage provided
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
AGENDA
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
SPEAKERS: Angelo Prado / Senior Product Security Manager / Salesforce.com
Xiaoran Wang / Senior Product Security Engineer / Salesforce.com
PRESO TITLE: Things your browser never told you
PRESO SUMMARY: In this talk, we will demonstrate and unveil the latest developments on browser specific weaknesses including creative new mechanisms to compromise confidentiality, successfully perform login and history detection, serve mixed content, deliver malicious ghost binaries without a C&C server, exploit cache/timing side channels to extract secrets from third-party domains, and leverage new HTML5 features to carry out more stealthy attacks. This is a practical presentation with live demos that will challenge your knowledge of the Same Origin Policy and push the limits of what is possible with today's web clients.
SPEAKER BIOS: Angelo Prado is a Senior Product Security Manager at Salesforce.com and an independent security researcher. He has worked as a software and application security engineer for Salesforce, Microsoft, and Motorola. Mr. Prado has a proven record of leading engineering teams of highly trained product security engineers by providing effective application security and building a robust and respected security practice.
Mr. Prado is one of the leading contributors to BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext), a security exploit against SSL which leverages a compression side channel to derive secrets from the ciphertext in an HTTPS stream. As a thought leader of the security community, Mr. Prado frequently speaks at major conferences worldwide, including Black Hat USA, ToorCon, SecTor, Hacker Halted, TakeDownCon, Comillas University, and Georgetown University.
Angelo Prado holds a Master's degree in Computer Science from Universidad Pontificia Comillas, Madrid and has also attended University of Illinois at Urbana-Champaign. His passions and research include web application security, windows security, web browsers, machine learning, malware analysis and side channels. Some of Mr. Prado's recent disclosures include: "SSL, Gone in 30 Seconds - a BREACH Beyond CRIME" (US-CERT, MITRE: CVE-2013-3587) presented at Black Hat USA 2013 (Las Vegas). Resin Pro improperly performs Unicode transformations (US-CERT, NIST: CVE-2014-2966). Mail in Apple iOS6 allows remote attackers to spoof attachments (US-CERT, NIST: CVE-2012-3730). Microsoft Security Researcher Acknowledgments for Online Services (TechNet: 2012, 2013). Additional CVEs are pending assignment.
Xiaoran Wang is a Senior Product Security Engineer at salesforce.com. He has presented at several conferences such as Black Hat USA, Black Hat Asia, ToorCon, HackerHalted, etc. He is passionate about security, especially web application security. At work, he does architectural feature review for security, web penetration testing, security training, security automation, etc. In his personal time, he does security research in a variety of topics including exploit writing, malware analysis, vulnerability analysis, and tearing things apart. He has written many useful defensive tools as well. For example, he developed an add-on "Mixed Content Monitor" for Firefox to block and show the insecure resources loaded within https. He also developed "Process Injection Monitor" that does automatic malware analysis and extracts injected code to a binary when a malware process tries to inject itself into other processes. You may checkout his personal website at www.x1a0ran.com.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
SPEAKER: Hans Nielsen / Principal Security Consultant / Matasano
PRESO TITLE: Hack All The Things
PRESO SUMMARY: Those of us in the Exploiteers have taken all of our previous experience exploiting embedded devices and used it to bring you a presentation filled with more exploits than ever before™. This presentation will feature exploits for over 20 devices including but not limited to TVs, baby monitors, media streamers, network cameras, home automation devices, and VoIP gateways. Gain root on your devices, run unsigned kernels; it’s your hardware, it’s internet connected, and it’s horribly insecure.
SPEAKER BIO: Hans Nielsen is a Principal Security Consultant for Matasano Security with over ten years of experience as a computer professional. His experience includes protocol analysis, software and hardware reverse-engineering, and web application penetration testing. Hans is a systems thinker, able to look at a complex application and comprehend it on a holistic level. He has a long history of developing for and reverse-engineering embedded devices.
The Exploiteers were originally formed to hack Google TVs, but have since branched out into all kinds of consumer electronics. As a group, we have released exploits for more Google TVs than you can count, Roku streaming devices, the Chromecast, the Nest, and anything else that has a shell. Originally founded by Amir Etemadieh (@Zenofex), we currently have eight members, including CJ Heres (@cj_000), Hans Nielsen (@n0nst1ck), Mike Baker ([mbm]), gynophage, Jay Freeman (saurik), Khoa Hoang (maximus64), and Tom Dwenger (tdweng).
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
SPEAKER: Ping Yan / Research Scientist / Salesforce.com
PRESO TITLE: Devil in the Haystack: Applied Statistics and Machine Learning on in-app Events
PRESO SUMMARY: Application security lies in the core of Salesforce.com's products, for which the reason is obvious. As much as one has strengthened on perimeter defenses, an in-depth defense strategy that lies right in the app is much needed. This talk focuses on the application of statistics and machine learning techniques on in-app events to detect and (eventually) prevent attacks and abuses.
OWASP group laid out a framework of intrusion detection response in applications - Appsensor. Our work is distinct from the Appsensor project in that the data-driven statical approaches are built with online learning methodologies and adaptive behavior modeling techniques; it thus require as little configuration and supervision as possible. Unsupervised learning and bootstrapping are established techniques within machine learning.
SPEAKER BIO: Ping spent nearly a decade conducting academic and applied research, innovating machine learning models in various domains, from consumer behavior modeling to algorithmic security threat detection. Her works were published as journal articles, monographs and books.
Ping has her PhD degree in Management Information System from University of Arizona (National Top 5 MIS program) with a focus on machine learning, consumer analytics and healthcare surveillance.
She spoke at various academic conferences in the field of management science such as ICIS, WITS, BioSecure among others, and InfoSec events including BayThreat, BSidesSF and CanSecWest 2014, AppSec California 2015.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Interested in presenting at a future Forum? Email forum@isecpartners.com. Talks should be 20-30 minutes max.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
About the iSEC Open Security Forum
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The iSEC Open Security Forum is an informal and open venue for the discussion and presentation of security related research and tools, and an opportunity for security researchers from all fields to get together and share work and ideas.
The Forum meets quarterly in the Bay Area, Seattle, New York City and Austin. Forum agendas are crafted with the specific needs/interests of its members in mind and consist of brief 20-30 minute talks. Talks are not product pitches or strongly vendor preferential. Attendance is by invite only and is limited to engineers and technical managers. Any area of security is welcome including reversing, secure development, new techniques or tools, application security, cryptography, etc.