Gold Sponsors



Modern Technology Solutions, Inc.



IRG Realty Advisors



Social Media

Our LinkedIn Group: OISF at LinkedIn


Post Archive


Meeting Agenda - October 14th, 2021

14th October 2021

Registration

The monthly meeting will be held both in-person and online via Google Meet.
Pre-registration via Eventbrite is encouraged to help plan for food and drink (as well as for keeping within capacity limitations).

Registration Link

(You're still welcome to register at the door.)

When you register for the conference, you will be asked if you would like a CPE certificate to support certification requirements.

6:30pm (In-Person):
Food and drinks served, doors open.

6:50pm (Online via Google Meet):
On-line part of meeting opens for participants to join.

7:00pm (Both)

Introduction

A brief overview of the Ohio Information Security Forum.

Presentation

Toward a User-Centric and Code-Origin Policy Specification and Enforcement for Web-based Systems

By: Dr. Phu H. Phung, University of Dayton

Abstract

Security and privacy are significant challenges and risks today for Internet users, mostly due to the presence of code from multiple parties within a single web-based application. Standard web security mechanisms such as the same-origin policy or Content- Security Policy could not prevent potential privacy risks nor allow users to control their privacy settings. In this talk, we present our recent works that introduce a novel approach to monitoring code execution in web-based systems that can detect and prevent potential privacy leakage channels. The detected leakage is either automatically prevented by our context-aware policies or decided by the user if needed. Our method advances the conventional same-origin policy standard of the Web by enforcing different policies for each source of the code. We report our practical evaluations to demonstrate the effectiveness of our approach, including a prototype in hybrid mobile applications and a browser extension. Our experimental results evidence that the proposed method can detect and prevent data leakage channels not captured by the leading tools such as Ghostery and uBlock Origin and allow the user to control their levels of privacy protection.

September 2021 Update

5th October 2021

The Archives section has been updated.
Link to 2021 Archives

It includes the following:

Demo of REMnux (free VM created by SANS for malware analysis)

Presentation
Malware analysis cheat sheet
REMnux malware analysis tips

Meeting Agenda - September 9th, 2021

9th September 2021

Registration

The monthly meeting will be held both in-person and online via Google Meet.
Pre-registration via Eventbrite is encouraged to help plan for food and drink (as well as for keeping within capacity limitations).

Registration Link

(You're still welcome to register at the door.)

When you register for the conference, you will be asked if you would like a CPE certificate to support certification requirements.

6:30pm (In-Person):
Food and drinks served, doors open.

6:50pm (Online via Google Meet):
On-line part of meeting opens for participants to join.

7:00pm (Both)

Introduction

A brief overview of the Ohio Information Security Forum.

Demo of REMnux (free VM created by SANS for malware analysis)

By: John Carls

Meeting Agenda - August 12th, 2021

12th August 2021

Registration

The monthly meeting will be held both in-person and online via Google Meet.
Pre-registration via Eventbrite is encouraged to help plan for food and drink (as well as for keeping within capacity limitations).

Registration Link

(You're still welcome to register at the door.)

When you register for the conference, you will be asked if you would like a CPE certificate to support certification requirements.

6:30pm (In-Person):
Food and drinks served, doors open.

6:50pm (Online via Google Meet):
On-line part of meeting opens for participants to join.

7:00pm (Both)

Introduction

A brief overview of the Ohio Information Security Forum.

Recap of SANS Digital Forensics and Incident Response (DFIR) 2021 Conference

By: John Carls

Reviewing this summer's critical Microsoft vulnerabilities

By: Jason Kinder