BSIDES PITTSBURGH 2011
June 10th, 2011
Left Field Meeting Space
Think you have to go to Washington or Vegas for an awesome computer security conference? Think again! Pittsburgh is getting its own Security Bsides this summer, featuring awesome talks and the chance to meet other local Infosec people as well as nationally recognized experts. There are a lot of people in Pittsburgh doing awesome things in the field; let's get them all together! Oh, did we mention it's all free - even the food and beer??
Speakers and Talks
9:00 - Eric Irvin (@SecRunner) - Nice Guys Finish Last
Why Doing the Right Thing Sucks Regardless of if you believe there are two sides of security (black/white) or if you feel it's just a world of in-between (Gray), there are some lines in security that we have to cross. These lines may not feel very comfortable, but it comes with the territory. It doesn't matter if you are crawling over a hard drive in a forensic investigation, firesheeping your roommates wifi, or simply eye-balling someone entering a password. We are nosey, by nature, and we like to explore. Yet, some cross in to fairly dark territory with breaking in to sites, developing malware with intent, and other acts to profit, disrupt, or explore beyond legal, ethical, and even moral boundaries. In this talk, we will discuss some of the situations that we come across every day and the decisions we make as we chose what we believe is the right thing to do.
9:50 - David C Brown - Business Performance Improvement, Compliance, Security, and eDiscovery: How To Get It Right.
Describes why the traditional stovepipe approach to solving them does not work and what to do about it.
10:40 - Jim Paulick Esq. - Cybercrime Law: Electronic Search and Seizure
Search and seizure law is as old as the U.S. constitution. No issue in the criminal law of evidence is more contested than the legality of evidence seized by law enforcement officers. Over time, the law has been molded and crafted by judges and legislators to effect the intent and mandates of the Fourth Amendment protections from "unreasonable search and seizure". Technology and cybercrime have introduced new constitutional boundaries and litigation battle lines within search and seizure law because of the distinct natures between physical and electronic evidence. We will explore some recent examples of how prosecutors, defense attorneys and the judiciary are dealing with this techno-legal conundrum
11:30 - KizzMyAnthia (Nicholas Donarski) - Weaponize The Smartphone: Deploying The Perfect WMD
The acceptance and integration of mobile phones, specifically smartphones, into our everyday life has allowed for these devices to penetrate deep into secure areas. The ability to have your phone along with you at any moment of the day feeds our needs for social media, email, business, and pleasure. This ability and access has allowed the use of smartphones to be bred into devices that rival other penetration testing hardware/software combinations. I have developed and created an OS platform package that allows penetration testers and security professionals the ability to test both physical security and technical security without being constrained by computers, cords, or the image of suspicious behavior. The WMD platform package is based on Windows Mobile 6.5 Smartphones and is executed similar to a virtual machine. The WMD package is pre-loaded with many of the same applications and testing tools that are included with Backtrack 4, www.backtrack-linux.org, there is no affiliation between the two projects, only the similar desire to create a single source of the latest tools, applications, and techniques used by today's security professionals integrating today's latest technologies.
12:45 - Spenser McIntyre - APeak and EAPScan, Wireless Foot Printing for 802.1x
The presentation will be a demonstration of our new open source tool EAPeak and EAPScan. Attendees will understand how EAP types are used to authenticate clients and how to determine useful information when performing a security assessment. Finally a demonstration of the new EAPScan tool will be given, which bridges the gap of passive reconnaissance to active enumeration of EAP enabled wireless networks.
1:30 - Dave Kennedy (@HackingDave) - Strategic Pentesting: The Penetration Testing Execution Standard
Penetration testing has grown into a full-fledged industry and a critical component to our information security program. We'll be covering where we've gone, where we're going, and what needs to happen to fix the issues we see currently in the penetration testing industry. The penetration testing execution standard is a new standard developed by the information security community to fix the problems we face as an industry. This presentation will cover the evolution of penetration testing, it's place in the industry, and where PTES is positioned and where it's going.
2:30 - Ashley Brown - How Social Media Is Used To Drive Online Pharmacy Sales
Social media networks play a significant role in today’s society and in many cases consumers rely on social media for official answers. As the rising cost in prescription drugs skyrocket so does the increase in online pharmacy networks, leading to an array of counterfeit pharmaceutical products available for purchase.
- Explore popular social media networks and the potential risks to consumers.
- How social media networks use keywords to divert traffic to online pharmacies.
- Explore trending among social media networks in conjunction with online pharmacies.
- Discuss what kind of influence social media networks have on consumers.
3:20 - Deral Heiland - From Printer to Owned: Leveraging Multi-function Printers During Penetration Testing
In this presentation we go beyond the common printer issues and focus on configuration data available on multi-function printers (MFP) that can be leveraged to gain access to other core network systems. During this presentation I will be discussing how poor printer security, and discovered vulnerabilities can be leveraged to harvest a wealth of information from MFP devices including usernames, email addresses, and authentication information including SMB, Email, LDAP passwords. I will also be discussing the real world penetration testing scenarios and how MFP data was gathered and used to successful gain administrative access into core systems, including email servers, file servers and Active directory domains on multiple occasions. We will also explore MFP device vulnerabilities including authentication bypass, and information leakage flaws. Tying this altogether we will discuss the development of an automated process for harvesting the information from MFP devices with the beta release of the tool ‘PRAEDA’.
4:30 - Alex Volynkin - Full Disk Encryption: Defending Against Cold Boot Attacks on Encryption Keys
Full disk encryption has become an essential element of organization data protection. It has been demonstrated that full disk encryption is prone to cold boot attacks that exploit data remembrance properties of RAM. We can prevent Cold Boot attacks. I will present an overview of the full disk encryption technology, an actual cold boot attack, and a set of software-driven techniques for protecting its cryptographic keys. These software techniques do not involve the use of any specialized hardware or encryption chips. Instead, the techniques utilize specialized cryptographic transformations, memory system and operating system operations, and certain architectural features of general-purpose processors. The methods can defend against Cold Boot attacks on machines that have been shut off, on machines in hibernate and sleep modes, and even on machines in screen lock mode.
5:20 - Tim Hollebeek - Payment Security Standards: How They’re Made, Why They Have Bugs Too
This talk will provide a quick overview of payment security standards (X9, PCI), then move on to a description of how these standards actually get made, including case studies of actual “bugs” in security standards and requirements. Some editorial commentary about the difficulty (and importance!) of getting security requirements right will be inevitable.
6:00 - Johnny Cocaine - Behind The Mirror Shades: The Making of Johnny Cocaine
Eat'n Park Hospitality Group
Dan Klinedinst (@dklinedinst)
Chris Teodorski (@can0beans)
Joe Wynn (@wynnjoe)
Alex Meyers (@amattress)