What we're about
Upcoming events (2)
Join us on Thursday, on June 11, for the first Talkin' Security event of June 2020. ===== ATTENTION! Online meeting details below Meeting link: https://cisco.webex.com/cisco/j.php?MTID=mab52feef3ae4003d869a0c84c7dcceea Meeting number (access code):[masked] Meeting password: grGy8CPAH55 [masked] from phones) ===== AGENDA 6:45 - 7:00pm: Introduction 7:00 - 8:00pm: Sherri Davidoff - Ransomware is Changing. Are You Ready? Speaker Bio: Sherri Davidoff is the CEO of LMG Security and the author of the recently released book “Data Breaches.” As a recognized expert in cybersecurity and data breach response, Sherri has been called a “security badass” by The New York Times. She has conducted cybersecurity training for many distinguished organizations, including the Department of Defense, the American Bar Association, FFIEC/FDIC, and many more. She is a faculty member at the Pacific Coast Banking School, and an instructor for Black Hat, where she teaches her “Data Breaches” course. She is also the co-author of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012), a noted security text in the private sector and a college textbook for many cybersecurity courses. Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in Computer Science and Electrical Engineering from MIT. She has also been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien”. Summary of the Talk: Ransomware has evolved. Organized crime groups around the world are driving new developments to maximize monetization of each hack. Today, ransomware is often the last stage of a data breach, launched by criminals after they have already stolen massive volumes of data. Exposure threats are on the rise, as criminals threaten to publish data if they don't receive their payment. Ransomware-as-a-service is booming, with a flood of new products competing on the dark web. In this talk, we'll show you the latest ransomware in action, including screenshots from real-world cases. We'll discuss strategies for preventing and responding to modern ransomware attacks, including common mistakes to avoid. Learn how to reduce your risk of a ransomware attack and respond effectively, now and in the future.
Join us on Thursday, on July 9th, for the first Talkin' Security event of July 2020. ===== ATTENTION! Online meeting details below Meeting link: https://cisco.webex.com/cisco/j.php?MTID=m3b8d46d6a6f8fdd9a33c09c527dad03a Meeting number (access code):[masked] Meeting password: 8EYehMXgP54 [masked] from phones) ===== AGENDA 6:55 - 7:00pm: Introduction 7:00 - 8:00pm: Levi Broderick - Security Reviewing .NET Code – A Primer Speaker Bio: Levi has more than a decade of experience on the .NET platform. His background includes work on the ASP.NET runtime, including helping to create the earliest versions of ASP.NET MVC. Since then he has been with the .NET Core libraries team working on the lowest levels of the Base Class Libraries. He is a member of the .NET security team. His duties include advocating for “secure by design” patterns in APIs, performing review of .NET code before it ships to customers, and responding to security vulnerabilities as they’re reported. GitHub: https://github.com/GrabYourPitchforks/ Twitter: https://twitter.com/levibroderick Summary of the Talk: As we move to a more connected world, there risk increases that the code we write is subjected to hostile inputs. Malicious actors can leverage this to suit their desires, ranging from degrading the performance of a web site all the way to assuming control over the site. In this talk, I’ll share what we’ve learned working on .NET security. The talk will cover the basics of input validation and how to think about trust boundaries. You’ll learn how to audit your business logic for algorithmic complexity or resource exhaustion attacks. We’ll discuss both safe usage and common anti-patterns in common .NET types like Dictionary, plus some newer .NET types like Span and ArrayPool. All while remaining mindful of maintaining your application’s performance. This talk is not specific to web security. The contents of this talk are meant to complement traditional web security talks which focus on AuthN/AuthZ, XSS, and other web-specific concerns.