The Life of Py

Justin Seitz Senior Security Researcher, Immunity Inc. Python is the king (or queen depending on preference) of languages for security professionals, with massive adoption and many mature libraries used for a range of tasks from crafting raw network packets to reverse engineering tasks. Justin will spend 2 hours giving a whirlwind tour of how

Read more

Starting from Scratch – A CISO’s Journey

Jonathan Chow SVP & Chief Information Security Officer, Live Nation Entertainment When Jonathan Chow took the role of senior vice president and CISO at Live Nation he was stepping into unfamiliar territory. Walking away from an established, mature security program, Chow agreed to become the first ever CISO at the organization, undertaking

Read more

Smashing Exploit Detectors: The Java Exploits Case

Donato Ferrante Co-Founder & Security Researcher, ReVuln Ltd. There are two main ways to perform an attack. One way is to use 0-days and the other is to use old vulnerabilities. While using 0-days is an easy win, using old vulnerabilities can be more complicated. In fact there are two main problems: the target is 

Read more

Running at 99%: Surviving an Application DoS

Ryan Huber Engineer, Risk I/O Application-Level Denial of Service (DoS) attacks are a threat to nearly everyone hosting content on the Internet. DoS attacks are simple to launch, but are often very difficult to defend against. Modern websites are a diverse set of moving parts, and a malicious actor only needs to find the point 

Read more

Risk Management: Where is the Information?

Sandra Liepkalns Information Security Architect, Netrus Inc. We have the tools and technology to secure our systems and infrastructure, but people remain the weakest link. How many unencrypted USB sticks does it take to cause a Privacy Breach? or someone misplacing corporate data containing personal, confidential or personal health information

Read more

Quantifying Maliciousness in Alexa Top-Ranked Domains

Paul Royal Research Consultant, Barracuda Labs Many people assume that it is safe to visit popular, long-lived websites. While anecdotal examples of popular website compromises (e.g., USAToday.com, PBS.org) contradict this expectation, there exist few comprehensive studies that attempt to systematically quantify maliciousness in top-ranked

Read more

Mobile Threats – Hype vs. Reality

Charlie Miller Security Engineer, Twitter There is a lot of hype out there about attacks on mobile devices. It’s enough to make you break out that old flip phone from 2005. In this talk, I’ll try to discern truth from reality. I’ll discuss how mobile operating systems defend themselves as well as give examples of 

Read more