Lockdown 2007

Presentations

PKI Poster Session
Nick Davis

Digital certificates are a plug-in technology, which can enable existing email clients such as Outlook and Thunderbird to send and receive encrypted, and digitally verified messages and attachements, protecting data end to end while in transit across the internet. The UW-Madison is making these digital certificates available to faculty, staff and students with a verified need to secure their email communications. The UW has issued over 1000 of these digital certificates since 2005 with much success. The poster display session during registration will provide information on how digital certificates work, as well as have a computer on site with a hands on digital certficiate demonstration.

The State of the Hack
Kevin Mandia Presentation (.ppt)

During the last two years, Kevin Mandia responded to over 20 computer security incidents at some of America’s largest organizations. Kevin was on the front lines assisting these organizations in responding to international computer intrusions, theft of Intellectual Property, electronic discovery issues, and widespread compromise of sensitive data. During his efforts to resolve these incidents, many similar challenges and issues confronted each organization. During this presentation, Kevin provides examples of how these incidents impacted organizations, and discusses the challenges each organization faced. He demonstrates the “State-of-the-Art” methods being used to respond to these incidents, and addresses emerging trends and technologies that offer strategic approaches to minimize the risks an organization faces from the liabilities the information age has brought.

JavaScript Malware
Jeremiah Grossman Presentation (.pdf)

This presentation will address the increasing prevalence of JavaScript malware, the threats associated with it, why organizations must understand it and how they can defend against it. Grossman will demonstrate a wide variety of cutting-edge website attack techniques and describe best practices for securing websites and users against these threats, including:

Port scanning and attacking Intranet devices using JavaScript
Blind Web server fingerprinting using unique URLs
Discovery NAT'ed IP addresses with Java Applets
Stealing Web browser history with Cascading Style Sheets
Best-practice defense measures for securing websites
Essential habits for safe Web surfing

MetaSploit — Lowering the Hacker Bar to a Five Year Old
Matthew Luallen Presentation (.ppt)

Metasploit is an excellent, openly available resource that, if used successfully, can help to prove security weaknesses. The framework contains the appropriate prebuilt capabilities to validate a vulnerability (exploit) and install a backdoor (payload) and even provides several prebuilt exploits and backdoors for your exploiting pleasure. The presetation will discuss the history of and current capabilities of framework.

Augmenting Digital Investigations with Volatile Memory Analysis
AAron Walters

Recently, a growing amount of attention has been given to research and advancement in the area of volatile memory analysis. While recent research has demonstrated the feasibility of performing this type of analysis, most investigators have been unable or reluctant to include such analysis in their digital investigations due to lack of training, resources, or time. This talk will discuss why and how incident response and auditing can be augmented with volatile memory analysis.

Application-layer Forensics: Finding the Unseen Bits and Bytes

The explosion of custom web-based applications has opened organizations and government entities alike to a new world of attacks and threats. Ciphent Labs has been researching the threat of custom polymorphic web application layer attacks and the repercussions of such automated capabilities. Outside of system compromise, the other biggest threat is the lack of evidence from such attacks. This presentation will detail attack types, tools, and recovery techniques for identifying, analyzing, and measuring advanced attack details. We'll show you how to code you applications so that an evidence trail is not thrown under the "rug."

PCI DSS: What it is and how it works
Walter Conway Presentation (.ppt)

A security professional’s worst nightmare is to arrive at work one morning and see the CEO or CFO standing in front of a crowd of TV cameras, microphones, and shouting reporters all wanting to know how the organization managed to compromise the financial records of thousands of its customers. The Payment Card Industry (PCI) Data Security Standard (DSS) was designed to prevent this situation. PCI DSS applies to all organizations that store, process, or transmit payment card data. In this session we will examine each of the standard’s 12 main requirements, explore their implications, and identify pitfalls that can lead to failing a PCI audit. We also quantify the business case for achieving and maintaining PCI compliance. This session is also for organizations that are not credit card merchants. The reason is that the Standard, because of its specificity and detail, can be a model to protect all sensitive information, e.g., HIPAA and SOX.

Auditing Data Access without Bringing Your Database to its Knees
Dale Brocklehurst Presentation (.ppt)

Today’s privacy requirements place significant additional auditing burdens on databases. First you have to know which databases in your environment contain regulated Personally Identifiable Information (PII) or Protected Health Information (PHI), then you have to monitor ALL activity surrounding that data—not just changes to it. In the world of databases, this means auditing all SELECT statements—something many native database auditing tools are not very good at. This presentation will demonstrate how you can log this activity across multiple database platforms (without bringing your database to its knees), and then what to look for in those reams of log entries your auditors made you record.

Security Tools - Hands On
BadgIRT Volunteers Workbook (.doc)

**Important Note**
This is a hands on session and will require the participants to bring a laptop. At minimum, the laptop will need 512 MB ram, 10G of free hard drive space and be capable of running a current version of Vmware player (no cost), workstation (5.5 or later) or server. Participants will be emailed on Monday, August 6 with Vmware (www.vmware.com) install instructions (if not already using) and disk image locations that will be used during the session.

This is a double session hosted by the BadgIRT Volunteers that will provide an introduction to some widely used security tools. Each tool will be reviewed and the participants will be given time to work through exercises. The planned tools include Wireshark, Cornell Spider, Senf, SysInternals, Priamos sql injection scanner and Tripwire.

Botnet Tracking: Tools, Techniques, and Lessons Learning
Dr. Jose Nazario

In this session Dr. Jose Nazario, author and security researcher, will discuss his research on botnet behaviors. Attendees will learn how botnet attacks have increased in frequency and malice through various forms such as DDoS attacks, new malware outbreaks, and high volume scanning and exploit activity. They will learn how through actively monitoring a large number of botnets specialized tools and techniques have been developed to infiltrate a large number of botnets for long periods of time.

Securing Open Source Software

The use, customization, and general acceptance of Open Source Software continues to be an alternative for the world's largest organizations. A new report stating that "every company relies on OSS" has spawned a new challenge that will fundamentally change the software industry forever. The question remains, how do you cost effectively secure open source software without implementing modifications that could break future releases and RPMs. This presentation will take a technical viewpoint of the true risks behind implementing OSS as well as several differing approaches to implement, test, and manage the security of these applications.