This session will cover the current state of deception technology tools and the best practices to use them effectively. Instructors will review the open source and vendor landscape, functionality, techniques, and trade-offs. The detailed how-to session will include live configuration of offensive decoys and deployment of deception grids. You will learn how this technology is complementary to your existing cyber security defenses and understand how deception technology can fit into your current architecture. Discussion will include malware traps, intrusion detection techniques, and forensic analysis. Finally, this session will share some tips on building and supporting a business case for deception strategies.
The Domain Name System (DNS) is the ultimate distributed database serving as the directory for the Internet that is referenced by nearly everyone billions of times per day. DNS has become so ingrained, so invisible, and so taken for granted that many IT professionals forget it exists.
Many cyber criminals, however, are very familiar with DNS and know how critical DNS is to the infrastructure of the internet. Innovative hackers have developed techniques to exploit DNS vulnerabilities and even found ways to use DNS itself as a weapon in their arsenal. With over 3 billion people online today, security professionals must do everything possible to protect their users and networks by securing their DNS from attacks and preventing their systems from being hijacked.
But the DNS role in security isn't all about attacks it's also a weapon used for good. DNS Traffic Management is often a crucial part of ensuring site high availability, balancing Internet traffic and load distribution, and even optimizing performance for the best user experience. Adding digital signatures (DNSSEC) to DNS helps to create a highly secure distributed Internet database with unlimited potential. Recently, injecting policy enforcement into the DNS recursive resolver process has provided new tools for security professionals to protect their infrastructure and thwart attacks.
In this workshop attendees will learn:
- DNS Concepts and Tricks
- Various types of DNS attacks
- Use of DNS as a weapon
- Techniques to mitigate DNS vulnerabilities
- Impacts of DNSSEC
- Responsible DNS management
- DNS Enforcement Policy as a tool to protect and defend infrastructure
Threat feeds are the new, sparkly "must have" in the world of enterprise security. With the flood of emerging vendors and open source projects providing threat intelligence feeds, it has become a daunting task to discover feeds that are right for you. Once a collection of feeds has been chosen, you are still left without any direction on how it should be used.
In this workshop, we will show you techniques to enhance both your threat feed data and your enterprise network logs. These enhancement techniques will enable you to gather more context and attribution on your network sources, enrich your threat feed data for improved correlation, reduce false positives on network threat feed alerts, and reduce investigation time when performing incident response.
The workshop will focus on user endpoints and network threat feeds, but will also demonstrate techniques corresponding to the different categories of endpoint and threat feeds. Beginners should walk away with a solid understanding of network threat feeds and how they can use them effectively in their environment. Experienced veterans will leave this workshop with new tricks and techniques for using their preexisting feeds. The hands-on exercises presented in this workshop are optional and can be done with any CSV parser.
The final understanding and verification of a security incident ultimately requires human interpretation and decision. Over the past 15-20 years the industry has invested billions in pursuit of automated security layers (e.g. firewalls, endpoint protection, intrusion detection), but attempts at automating the human interaction part of the process have fallen short. Instead of providing definitive answers to offload our already overburdened teams, system-generated false positives add more work.
Increasing complexity - driven by cloud/mobile centric architectures and infrastructures that are dynamic by design (e.g. SDN, cloud) - will create a new class of challenges for both automated and human layers of IT security. We refer to this new class as 'Unknowns.'
In this interactive session, we will examine and demonstrate a new data discovery paradigm and class of data analytics, specifically for the human layer of IT security. The technology's inventor will share his perspective on the 'human layer' technical requirements and his vision for the future. The workshop will include a live demonstration and a chance to take a test drive.
Ken Munro and Chris Pickering are from Pen Test Partners, a penetration testing firm from the UK. They are known for several interesting hacks of IoT devices in recent months. Regularly called on by the media, including the BBC, NBC, Forbes and many others they spread the message of sensible security with no FUD, or vendor bias.
They are the guys responsible for the Samsung TV "listening to you" investigation, making the My Friend Cayla doll curse, discovering how flaws in Wi-Fi kettles can give up your wireless PSK, helping make GoPro cameras less likely to be used covertly as spying devices against their owners, to name but a few.
In this session they'll show you how many of their findings in IoT devices come from hackers having easy access to mobile app source code. If code was properly obfuscated, it would be much harder to decompile and reverse engineer it in the first place.
They will demonstrate reverse engineering and uncovering security flaws in mobile app code
This workshop is designed for software development leads, product managers, security architects and everybody who is in charge for product security and the protection of customers' privacy data.
The bad news is that enterprise data is at risk, and the attackers have the advantage. The good news is that this situation has created a boom market for IT security professionals. How can a skilled security pro take advantage of this lucrative marketplace? What's the best way to find new job opportunities and open positions? What skills and training are the best resume builders? Which positions offer the best salaries, and how can security pros find them? If you are doing the hiring, what positions are most in demand, and how can you identify potential candidates who have the special skills you need?
In this panel session, top IT security recruiters and employers offer insights on how to find open positions, how to benchmark your salary, and how to improve your experience and training to make yourself more attractive to potential employers. The experts will also offer advice to managers who are seeking out top security talent, providing insight on how to make staffing decisions and how to find the best people. The session will also offer the latest data on security salaries and employment attitudes culled from newly-published research by Dark Reading and InformationWeek.
Booz Allen Hamilton is here to keep the hacking going with once again, another iteration of their Kaizen CTF series. This interactive event is designed to build the skills of security enthusiasts through hands-on challenges in forensics, web exploitation, scripting, and binary reverse engineering. Whether you are a 1337 h4x0r or new to information security and want a healthy environment to try your first CTF, come check out Kaizen! Learn more at https://blackhat.kaizen-ctf.com
Kaizen consists of a variety of challenges, with all equipment provided. Top scores will receive 1st, 2nd, and 3rd place prizes as well as challenge and achievement based prizes for the truly advanced! Additionally, they will receive an invitation to our exclusive sponsored networking event held on Thursday evening.
Realistic - Participants are faced with real world challenges, conducting open source research, crafting new solutions and pure development/scripting on-the-fly.
Hands On - Truly 100% hands on, independent learning; no lecturing. Mentors available and provide one-on-one help when needed, but participants are encouraged to succeed through independent learning.
Accommodates all experience levels
o Experienced/senior technical participants are motivated to compete, test their skills, and gain points on the leader board.
o Junior participants can trade points for hints, work with mentors, research and learn how to solve problems in a safe but competition space.
Environment - A key element that makes this successful is the relaxed and fun environment. Stop on by, say hello, and network with individuals like you!
Every aspect of security has become challenging, with lots of talk about what "should" be done, but few actually making progress. Join Twitter for an interactive discussion on ways to tackle the complex, often overlooked issues plaguing security today.
Using actual examples of companies who may have left themselves exposed to potential cyberattacks, we'll discuss a recent investigation into targeted phishing attacks. This presentation will look at the motivations for the attack, the steps organizations could have taken to identify and stop the attack and how by leveraging accurate threat intelligence the attack was linked to wider threat activity.
We will touch on the techniques used within a spear-phishing email to perpetrate the attack, solicit an open, disguise the link and then attack and navigate the network. We'll wrap the session by highlighting what companies should consider in order to better defend their organizations.
If you've watched television or read mainstream media publications lately, you know that businesses and executives have become very interested in "cyber threats" ranging from Target's data breach to China's surveillance of U.S. corporations. But what about the people who work in IT security for a living? What are they worried about and how do they prioritize and take action on those concerns?
In this comprehensive session, editors from Dark Reading and InformationWeek join to share the results of in-depth research on the state of the IT security department and the attitudes of information security professionals. The research, which includes InformationWeek's annual Strategic Security Survey as well as a new Dark Reading survey of Black Hat attendees, will outline some of the key concerns of IT security professionals, including breach incidence as well as current threats. The studies also offer new insight on enterprises' plans for technology spending and implementation, and their approach to new IT challenges such as mobile and cloud security.
The editors will be joined by Chris Wysopal, a reknowned security expert and CTO of Veracode, who will offer insights on how security professionals' attitudes and priorities are changing, and how these new priorities may affect security practices and technology choices in the future.
In an infinitely connected and connectionless world, online infrastructures are subjected to an equally infinite number of threats from countless sources, each with their own distinct motives. The mission assigned to IT security professionals is simple, but not easy: cover everything from everywhere. Tall order, but geographical IT intelligence that can see through the smoke and mirrors of hackers can help. In this session, you will learn how the right tools and disciplines can help you:
Combat DDoS and other malicious attacks
Detect and reduce online fraud
Mitigate risks that threaten user experience
Join Neustar for this informative session to gain insights can help you keep cyber attackers from devastating your online business.
