Daniel Peck Principal Research Scientist, Barracuda Labs This will be a presentation focused on abusing web application APIs through the use of associated Android apps. We’ll demonstrate using the JVM based scripting language JRuby to load, modify, and run code from targeted APKs in an easily scriptable way. We’ll leverage this to
Kyle Wilhoit Trend Researcher, Trend Micro These attackers had a plan, they acted upon their plan, and they were successful…targeting SCADA devices that were Internet facing. This talk will profile, provide intelligence, and list actors that attacked my ICS devices in the wild. This talk will also feature a demo of the attackers in
Justin Seitz Senior Security Researcher, Immunity Inc. Python is the king (or queen depending on preference) of languages for security professionals, with massive adoption and many mature libraries used for a range of tasks from crafting raw network packets to reverse engineering tasks. Justin will spend 2 hours giving a whirlwind tour of how
Jonathan Chow SVP & Chief Information Security Officer, Live Nation Entertainment When Jonathan Chow took the role of senior vice president and CISO at Live Nation he was stepping into unfamiliar territory. Walking away from an established, mature security program, Chow agreed to become the first ever CISO at the organization, undertaking
Donato Ferrante Co-Founder & Security Researcher, ReVuln Ltd. There are two main ways to perform an attack. One way is to use 0-days and the other is to use old vulnerabilities. While using 0-days is an easy win, using old vulnerabilities can be more complicated. In fact there are two main problems: the target is
Read more
Read more
Ryan Huber Engineer, Risk I/O Application-Level Denial of Service (DoS) attacks are a threat to nearly everyone hosting content on the Internet. DoS attacks are simple to launch, but are often very difficult to defend against. Modern websites are a diverse set of moving parts, and a malicious actor only needs to find the point
Read more
Read more
Sandra Liepkalns Information Security Architect, Netrus Inc. We have the tools and technology to secure our systems and infrastructure, but people remain the weakest link. How many unencrypted USB sticks does it take to cause a Privacy Breach? or someone misplacing corporate data containing personal, confidential or personal health information
Paul Royal Research Consultant, Barracuda Labs Many people assume that it is safe to visit popular, long-lived websites. While anecdotal examples of popular website compromises (e.g., USAToday.com, PBS.org) contradict this expectation, there exist few comprehensive studies that attempt to systematically quantify maliciousness in top-ranked
Scott N. Wright President, Security Perspectives Inc. Since the USA PATRIOT Act of 2001 was put into law – effectively granting US government authorities more power to collect customer records from US-owned businesses, without warrants – many Canadian organizations have struggled with the issue of whether or not it is safe to use US-owned
Charlie Miller Security Engineer, Twitter There is a lot of hype out there about attacks on mobile devices. It’s enough to make you break out that old flip phone from 2005. In this talk, I’ll try to discern truth from reality. I’ll discuss how mobile operating systems defend themselves as well as give examples of
Read more
Read more