Ohio InfoSec Anniversary 2014

Time and Place

July 12th 8:00AM - 5:00PM EST

Miami Valley Research Park 1900 Founders Drive Suite 100 Dayton, Ohio 45420

Directions

Registration and Payment ($10)

In order to attend this event, registration is required and is only $10. This can be done in advance through the Paypal link below:

Agenda

Speakers

Dave Kennedy - Looking Ahead - Changing Security Now.

Bio

David Kennedy is the President / CEO of TrustedSec, LLC. David was a Chief Security Officer (CSO) for an international fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. David is considered a thought leader in the security field and has presented at many conferences worldwide. David has had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the founder of DerbyCon, a large-scale security conference in Louisville Kentucky. David also co-authored Metasploit: The Penetration Testers Guide book (with Devon Kearns, Jim O’Gorman, and Mati Aharoni) which was number one on Amazon.com in security for over 6 months. David was also one of the founding members of the “Penetration Testing Execution Standard (PTES)“. PTES is the industry leading standard and guidelines around how penetration tests should be performed and methodologies.

Abstract

We always hear about the failures of the security industry and it seems that each talk we go to just plunges us further down into how bad we’re doing with INFOSEC. This talk is a little bit different, it goes into the successes we’ve had and how we need to keep moving forward to protect our corporations and intellectual property. There are also a number of things that we need to change in order to progress and continue to move forward. This talk goes into the successful building blocks of an information security program and things that you can use right now to improve and better what your currently doing. With any of my talks, I always keep it fun and interactive, we’ll be showing some of the advanced attacks going on today, and quick wins and simple things to block a number of them without investing in the latest whiz bang piece of technology.

Adrian Crenshaw - Lockade: Electronic Games for Locksport

Bio

Adrian Crenshaw has worked in the IT industry for the last seventeen years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for the tests himself. He holds a Master of Science in Security Informatics, works for TrustedSec as a Senior Security Consultant and is one of the co-founders of Derbycon.

Abstract

Gamification can make learning more fun, and some people are inspired and motivated by competition. This talk will be on integrating hobbyist electronics with lock picking games. We will show rough schematics, release code, and invite people to play the games at the con.

Deral Heiland “Percent_X” - Praeda to PraedaSploit: The embedded device data Harvesting tool for the masses

Bio

Deral Heiland CISSP, GWAPT, serves as a Senior Security Consultant for Rapid7 where he is responsible for security assessments, and consulting for corporations and government agencies. Deral is also founder of Ohio Information Security Forum a not for profit organization that focuses on information security training and education. Deral is also the creator of the open source tool “Praeda” an data harvesting tool used to extract critical information from embedded devices. Deral has also presented at numerous national and international security conferences including BlackHat, ShmooCon, Defcon, Derbycon, Hacker Halted, Securitybyte India and Hackcon Norway. Deral has been interviewed by and quoted by several media outlets and publications including Bloomberg UTV, MIT Technical Review, MSNBC, Threatpost and SC Magazine.

Abstract

In this presentation I will discuss several of the most effective Multifunction printer attack vectors and how they can be leveraged by attackers to compromise critical systems. I will also be discussing the automation of these attack vectors. Including the the current open source automated data harvesting tool Praeda. We will also discuss the current project to migrate all exploit and data discovery modules it into Metasploit, and the planed future development of Praedasploit, for the automation of system fingerprinting and integration into Metasploit.

Tom Webster - Modern Times: Passwords

Bio

Tom Webster is an IT grunt, VPN admin, Security Lead, Programmer, and general tech guy at BWI Group. He’s constantly breaking, fixing, and researching things as well as ranting over at SamuraiLink3.com and his Google Plus profile. Tom has a secret love of cooking while wearing Google Glass and can make a damn good pot roast.

Abstract

The password has been around for a good portion of known human history. We’ve become experts and making bad passwords and forcing others to do the same. What happens when we start taking a modern look at passwords and approach the topic pragmatically?

Jerod Brennen - For the Love of God, DEFEND YOUR MOBILE APPS! Part 2

Bio

By day, Jerod (@slandail) is CTO & Principal Security Consultant with Jacadis, an award-winning security solutions and services provider. By night, he’s a husband, father, writer, filmmaker, martial artist, musician, gamer, and social media junkie.

Jerod has over a decade of IT, infosec, and compliance experience. He spent years as an Information Security Specialist with American Electric Power, one of the largest electric utilities in the U.S., before moving to Abercrombie & Fitch, and multibillion dollar international luxury retailer. At A&F, Jerod built out and managed the information security program. His team was tasked with security operations, PCI and SOX compliance, and identity and access management.

At Jacadis, Jerod is responsible for performing security assessments, penetration tests, and security architecture reviews, as well as evaluating security technologies on behalf of Jacadis clients. He applies his hands-on experience in support, management, and budgeting roles to help Jacadis clients identify and implement reasonable and appropriate security controls to meet their security and compliance obligations.

Jerod has presents frequently for local and regional information security professional organizations, as well as larger information security conferences. He also teaches information security courses on behalf of MIS Training Institute, both domestically and internationally.

His approach to infosec has two key tenets: you shouldn’t be afraid to void warranties, and you shouldn't need to bypass security to get your work done. http://about.me/slandail

Abstract

You may have heard Jerod speak on how to defend your mobile apps from attackers. In that presentation, he covered the fundamentals of secure mobile app development, identifying resources you should bake into your mobile app development process to reduce the likelihood of compromise. In this follow-up presentation, he continues that conversation with live demos against iOS and Android apps, in addition to covering vetting requirements for third party application developers and for apps that you plan to install on corporate mobile devices.