Category Archives: Speakers

BSides Detroit 13 Episode 08

Ben0xA joins the podcast with J Wolfgang Goerlich to discuss user engagement and awareness training. Do you want to run an effective awareness campaign for less than $20 a person? Check out Ben0xA’s talk: Creating A Powerful User Defense Against Attackers.

Abstract. Does your security defense stop at the firewall, antivirus, logging, auditing, and the IDS? Regardless of the size or complexity of your perimeter security if your user clicks on a malicious link or opens an infected file it could still be ‘game over’ for your network. One of the strongest defenses is knowledge and empowerment. In this talk, I will show you how we were able to get our executives, IT team, and all of our users excited about security with a unique approach to User Security Awareness Training. I will show you examples of how we convinced everyone in our organization that they are a part of the security defense team. I will show you what worked and what didn’t work when we implemented this in our organization. I’ll talk about how these techniques that I used in an organization of 70 employees can work at organizations of all sizes. I will give you practical tools to sell the idea to your boss, sell the idea to your IT team, and sell the idea to your users which will help you create a powerful user defense against attackers.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 06

Keith Dixon (@Tazdrumm3r) joins us to share a brief retrospective of BSides Detroit 12, and to give a preview of his 13 talk on honeypots.

Abstract. Be vewy vewy quiet, we’re hunting hackers – Honeypots and the fun you can you have. This talk is to give a demonstration of what fun and interesting things you can discover and learn about by setting up a honeypot or two.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 05

Fresh from Twitter’s security breach with 250,000 passwords and the increased calls for Twitter to use two-factor authentication, John Moore (@RabidSecurity) joins the podcast to cover password strength and two-factor authentication. John covers his new BSides Detroit talk, Advanced Password Recovery Techniques and Modern Mitigation Strategies, along with his Cain and Abel password cracking workshop.

Abstract. Think about all the passwords we use to access information every day. Whether it is email, social media, financial institutions or numerous other services, passwords have become the keys to our digital kingdoms. So it’s no surprise that Advanced Persistent Threat (APT) actors and malicious software target these credentials once they have compromised a system or systems in our network to further entrench and seek profit from unlocking our personal and corporate data. In order to curb this problem, most enterprises and operating systems encrypt this data to keep it safe. However, we have seen with the right tools these credentials can be unencrypted and used for more nefarious means. This problem has plagued even the largest organizations and the list of companies suffering from credential leaks is growing almost daily and includes such giants as LinkedIn, EHarmony and Yahoo. In this talk, we discuss how these breaches occur, the risks to the organization as well as the individual and what can be done to mitigate this growing security epidemic. An “Enclave Protected Defense-in-Depth” strategy toward creating, securing and managing passwords against this class of attack will be propounded and a focus will be placed on explicating the tools, techniques and practices (TTPs) used by malicious actors that leverage these attacks to gain access within the network to breach critical data that can bring harm to the individual and organization. Lastly, we will explore how to improve personal and enterprise password strategies, discuss alternatives like two factor authentication and Active Directory Group Policy strategies to help mitigate this risk and, finally, speculate to what the future of authentication may look like.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 04

The GrrCon conference is returning to sponsor BSides Detroit 13. The GrrCon crew is always a lot of fun. And on this episode, Chris Payne (@EggDropX) joins us to discuss this cross-state collaboration. “I see us all as one family. It is Michigan. It is what we do. If we are not going to support you, who is going to?”

Chris also previews his new talk, In case of ZOMBIES break glass. Fair warning: Chris uses explicit language at times.

Abstract: One thing is for certain, surviving the inevitable Zombie Apocalypse will not be easy. Many of you will die, potentially creating a larger army of the undead to attack the rest of us. Not sure what to do when the zombie apocalypse hits?  How do you and your loved ones survive an army of the undead with your brains, & sanity, intact? This presentation will cover some VERY real scenarios that may bring about the zombie apocalypse and provide you will invaluable information to make sure you are one of those left to retake the earth.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 02

In this episode, we interview Mark (@Tech357) about his talk: I’m in, now what?: Recon and maintaining access in Linux system. Mark also discusses BSides Chicago’s New and Local track and the value of presentations that cover intermediate computer security skills.

Abstract: Pentesters going after Windows systems have the distinct advantage of using Meterpreter. They can install programs, clear logs, escalate privileges, to name a few. Unfortunately, there is no good Linux equivalent so we must do it all by hand. Attendees will learn how to map out the server and install a backdoor for later use. This talk will cover identifying key directories and files, noting additional services that may not have been immediately evident during initial Recon, using netcat combined with crontab to create a backdoor window, and selectively clearing logs. Some Linux / Minimal Pentesting experience required as this assumes you have already compromised the box.

Join us as we kick off BSides Detroit 13.

BSides Detroit 12 Interviews 23

THIS WEEKEND!!! WE’VE MADE IT!!! The word on the net is they have sold 400 tickets.

But really you have to hear Wolf Interviewed this week. Wolf and Ray Davidson talk to this week’s guest, Mark Manning. His talk is on Jacking the Juke. What does that mean? Listen and find out. Here’s a hint: Ray’s got a strong background in RF.

Abstract: You’re sitting in a bar with your friends having an interesting discussion about an abstract security topic when suddenly Bon Jovi starts blasting from the jukebox with 10 screaming girls that distract you. You’re saying to yourself, “Self, I’d really like to turn that music off or at least the volume down.” Well you’re in luck because that jukebox is connected to the Internet, has a mobile app, and uses an RF remote control that transmits over shared ISM frequencies. All of which are fun to hack on. This talk will discuss some of the issues with a popular jukebox system and some of the things you can do. The presentation includes mobile hacking, network exploits, and an introduction to hardware hacking for pen testers all wrapped up in an old school hacking story line.

This episode is cross-posted at Rats and Rogues.

 

BSides Detroit 12 Interviews 21

This week Chris and Wolfgang talk to Dave Kennedy. Normally people only ask him about SET and social engineering. While we did talk about those things, we were really interested in his Key Note talk about Penetration Testing Execution Standard (PTES). It’s about changing the industry.

Abstract: The Penetration Testing Execution Standard (PTES) was just released in its first draft form at DerbyCon 2011. Since then, there has been an overwhelming amount of input placed on changing the way the industry does Penetration Testing. This talk will cover what defines a penetration test, what they are used for, and how you can change the industry for the better.

This episode is cross-posted at Rats and Rogues.

BSides Detroit 12 Interviews 20

This week, Wolfgang and Chris talk to Mark Lenigan (@niteshad). Mark’s talk is called: Cyberwar: How I Learned to Stop Worrying and Fight the F.U.D. It’s a rebuttal to Richard Clark’s Cyberwar: The Next Threat to National Security and What to Do About It. Mark had some very insightful things to say.

From there, Mark talked about the other thing he’s doing for Bsides Detroit. He’s planning a Range Trip for Friday morning. Security Geeks with Guns. He talked about letting them know you’re a novice and the rules of the gun he lives by, more strict than the NRAs. Check it out, it’ll be worth the time.

Abstract: Richard A. Clarke bills himself as an expert on “cyberwar” (his prefer- red term for strategic and tactical use of network resources in a conflict) due to his service as an advisor to four Presidents on matters of national security. However, his treatment of this topic in his book _CYBERWAR: The Next Threat to National Security and What to Do About It_ is riddled with technical flaws, dubious assumptions, and ultimately potentially poor advice for our national defense of military, civil government and private sector networks and infrastructure. This talk will explore his ideas of risk from a more technical perspective, to give a more realistic evaluation of the risks of “cyberwar.” Examples drawn from real-world case studies, such as Fermi II Nuclear Power Plant and the Hubble Space Telescope (similar in design to military reconnaissance satellites) will be used to assess risk and critique Clarke’s ideas and conclusions.

This episode is cross-posted at Rats and Rogues.

BSides Detroit 12 Interviews 19

So after talking with Jen Fox, for episode 018, and learning of The Moscow Rules… Wolfgang and Chris decided to play spy. They found a burlap sack and snuck up behind Scott Thomas.

The next thing he knew, he was in the mobile podcast booth (Wolfgang’s car under the El) outside Bsides-Chicago. Scott is going to tell us about Dealing with InfoSec Flameout. This time it’s not the job that’s burning you out, it’s the studying outside of work while trying to break that InfoSec job mold. This started as a blog post and became larger than he thought.

Abstract. Burnout has many causes and is experienced by people at different stages of their career. This talk will start with exploring burnout in the infosec community and move to providing methods, including using social engineering techniques, to combat and eventually overcome burnout. It will cover examples of burnouts that the speakers have experienced and real life examples of how the speakers have dealt with burnout.

This episode is cross-posted at Rats and Rogues.

BSides Detroit 12 Interviews 18

While Wolfgang and Chris were at BSides Chicago,they found Jen Fox and got her in to a special mobile podcast booth under the El (Wolfgang’s car). Jen’s talk is on The Moscow Rules and how we should apply those rules to our work in InfoSec. What are The Moscow rules? You’ll have to listen and find out.

Abstract: Ever worked at a company with poor relations between IT and business? Ever been on the team that comes in for the second or third try at a failed project? Ever been a consultant or contractor at a company that is suspicious of outsiders? If you answered yes to any of these questions, this talk is for you. The Moscow Rules are said to be the rules used by spies operating in Russia during the Cold War to protect their lives and their missions. This talk adapts the Moscow Rules for the IT professional who needs to have ongoing interactions with the “other side” (business). Providing secure environments for our companies and clients depends upon our abilities as infosec professionals to work effectively with the people in our environments as well as the technology. In order to accomplish our infosec missions, we need to enhance our toolkit to include rapport building and consulting tradecraft.

This episode is cross-posted at Rats and Rogues.