Using WEBINT to Identify Critical Infrastructure Risks

Scott Donnelly WEBINT analysis can identify the targeting trends and methodologies of both cyber state actors and hacktivists.  Recent Recorded Future analysis identified multiple instances where hacktivist operations have opened the door for state directed attacks.  This presentation will discuss how APTs can leverage exposed

Read more

Open-source Security in the Era of Heartbleed

Nelson Ko and Sherif Koussa Recent zero-days in popular open-source software have led to a lot of controversy, an old debate fueled by the Heartbleed bug. The old question was: Is open-source software really more secure than closed-source? However, with open-source adoption rates on the rise in the enterprise especially in the Government

Read more

Investigating PowerShell Attacks

Ryan Kazanciyan and Matt Hastings Over the past two years, we’ve seen targeted attackers increasingly make use of PowerShell to conduct command-and-control in compromised Windows environments. If your organization is running Windows 7 or Server 2008 R2, you’ve got PowerShell 2.0 installed (and on Server 2012, remoting is enabled by

Read more

Cyber Threat: Wireless APT

John Pavelich Malicious cyber activities are growing both in number and in complexity.Many advanced cyber attacks exist and the current trend is one of attackers exploiting ‘low hanging fruit’ cyber vulnerabilities of organizations since many are struggling to effectively implement comprehensive safeguards for their wired cyber

Read more

Evolution of Penetration Testers vs Attackers

Russ Gideon Penetration testing came about because of real world attacks. The industry quickly realized that we need to behave like the attackers to learn how to defend against them, and thus the penetration testing industry was born. Back then if an exploit was found it was released in raw format, possibly/probably perfected by

Read more

Anatomy of a VoIP Hack and How to Prevent Them

Eric Jacksch As the popularity of VoIP continues to increase, individuals and businesses continue to suffer financial losses. Popular VoIP servers provide minimal security features and many compromises go completely undetected until fraud occurs. Using data from custom tools and live PBXs, this session will examine real-world attacks on

Read more

Don’t Spill Your Candy in the Lobby: Managing the Corporate Infosec Risks From Open Source Intelligence (OSINT)

Scott Wright In the reconnaissance phase of an attack, the attackers will use tools to gather information about a target organization. We often worry about what architectural vulnerabilities they can discover with scanning tools. But Open Source Intelligence (OSINT) is just as valuable to attackers, since it can be used to launch successful

Read more