Ryan Kazanciyan and Matt Hastings Over the past two years, we’ve seen targeted attackers increasingly make use of PowerShell to conduct command-and-control in compromised Windows environments. If your organization is running Windows 7 or
John Pavelich Malicious cyber activities are growing both in number and in complexity.Many advanced cyber attacks exist and the current trend is one of attackers exploiting ‘low hanging fruit’ cyber vulnerabilities of organizations
Russ Gideon Penetration testing came about because of real world attacks. The industry quickly realized that we need to behave like the attackers to learn how to defend against them, and thus the penetration testing industry was born. Back then
Kelly Lum Java isn’t the only managed language with bugs. This talk will cover the current state of .NET reverse engineering and exploitation, including practical examples of both application-level and framework vulnerabilities.
AbdulAziz Hariri Over the last couple of years we’ve seen a rise of use-after-free zero day vulnerabilities being exploited in Microsoft Internet Explorer. Internet Explorer has a rich attack surface that allows attackers to maximize their
Eric Jacksch As the popularity of VoIP continues to increase, individuals and businesses continue to suffer financial losses. Popular VoIP servers provide minimal security features and many compromises go completely undetected until fraud
Scott Wright In the reconnaissance phase of an attack, the attackers will use tools to gather information about a target organization. We often worry about what architectural vulnerabilities they can discover with scanning tools. But Open Source
Justin Seitz With the widespread adoption of social media, in particular Twitter, by extremists around the globe there is increasing interest in how to identify and monitor them. Traditional approaches include keyword monitoring, text analytics
Adam Allred and Paul Royal The detection of virtualized malware analysis environments has become increasingly popular and commoditized. Sophisticated virtualization detection techniques are now available to any novice cyber criminal. As a
François Marinier As an IT security analyst, I have spent most of the past two years applying key processes and activities of ITSG-33 to real-life IT projects. From new infrastructure services to mission-critical business applications to changes