Titanium Sponsors

Inquest

Inquest

Platinum Sponsors

Leonardo DRS

Leonardo DRS

Gold Sponsors

Modern Technology Solutions, Inc.

Modern Technology Solutions, Inc.

University of Dayton
Department of
Computer Science

University of Dayton - Department of Computer Science

Gluware

Gluware

Social Media

Our LinkedIn Group: OISF at LinkedIn


OISF on YouTube: OISF on YouTube


Meeting Agenda - January 9th, 2014

9th January 2014

6:00pm:

Food Served

Introduction

A brief overview of the Ohio Information Security Forum.

Presentation 1:Trusted Platform Module (TPM) 101 - Mohit Arora

The TPM is essentially a passive cryptographic engine available on many modern motherboards. The specification is written by the Trusted Computing Group, consisting of many major software and hardware corporations. In addition, the module provides sealing, binding and remote attestation functionality. It's uses include disk encryption, platform integrity and other encryption enabled software.

Mohit Arora lives in Austin, Texas currently a Director of Engineering at MAFAZO Digital Solutions, a Dayton based cyber security startup! He started his career with Citrix where he played with graphic cards driver development. He and his team received a patent for inventing various methods and systems to remote 3D graphics to distributed machines. Mohit also worked at Dell where he worked with Trusted Platform Module (TPM) and Windows/Linux kernel driver development for FIPS approved encryption modules.

Presentation 2:Practical Exploitation Using A Malicious Service Set Identifier (SSID) - Deral Heiland

How easily we overlook a simple wireless SSID and think nothing of it or its potential risk to us. In this presentation I will be discussing the leveraging of SSIDs to inject various attacks into Wireless devices, and management consoles. The type of injection attacks discussed will include XSS, CSRF, command injection and format strings attacks. I will be discussing various malicious SSID restrictions, limitations, and potential attack success dependencies. Using live demonstrations I will show how each of these attack methods are carried out. In Conclusion I will be discussing how common this attack vector potentially is, and its overall risk factors.

Deral Heiland CISSP, GWAPT, serves as a Senior Security Consultant for Rapid7 where he is responsible for security assessments, and consulting for corporations and government agencies. Deral is also founder of Ohio Information Security Forum a not for profit organization that focuses on information security training and education. Deral is also the creator of the open source tool “Praeda” an data harvesting tool used to extract critical information from embedded devices. Deral has also presented at numerous national and international security conferences including BlackHat, ShmooCon, Defcon, Derbycon, Hacker Halted, Securitybyte India and Hackcon Norway. Deral has been interviewed by and quoted by several media outlets and publications including Bloomberg UTV, MIT Technical Review, MSNBC and Pcworld.