Topic: Attacking web-proxies in the modern era
Bio: Ahamed Nafeez is a security engineer with interest in browser and network security. In the past, he has been a speaker at Nullcon, Black Hat, and Hack-In-The-Box. He loves working on solutions to build defensive softwares and ways to detect attacks.
Topic: Breaking and Fixing Android In App Purchases
Bio: I am a Senior Security Consultant at Virtual Security Research in Boston with a background in web, mobile and product security. I previously worked at Tenable Network Security where I wrote Nessus plugins. My interest in In App Billing sparked a few years ago when I saw someone playing Candy Crush and wondered if I could get those Lollipop Hammers for free. It turns out I could. http://www.linkedin.com/in/aramirezjr
Bio: Andy Ellis is Akamai’s Chief Security Officer, responsible for overseeing the security architecture and compliance of the company’s massive, globally distributed network. He is the designer and patentholder of Akamai’s SSL acceleration network, as well as several of the critical technologies underpinning the company’s Kona Security Solutions. Andy is at the forefront of Internet policy; as a speaker, blogger, member of the FCC CSRIC, supporting Akamai’s CEOs on the NIAC and NSTAC, and an advisory board member of HacKid. He is a graduate of MIT and a former US Air Force officer, the recipient of the CSO Magazine Compass Award, the Air Force Commendation Medal, The Wine Spectator’s Award of Excellence, and the Spirit of Disneyland Award. He can be found on Twitter as @csoandy.
Topic: The Great Trojan Demo
Bio: Information systems specialist turned offensive security expert, Ben Miller brings a unique mix of networking, compliance and security experience to the table. As an Ethical Hacker for Parameter Security, Miller identifies and exploits weaknesses in clients’ networks – emulating a real-world attack. Prior to Parameter Security, Ben was employed by Lincoln County Medical Center where he gained extensive knowledge of meeting and maintaining HIPAA compliance regulations on an ongoing basis, creating and deploying as well as securing systems against malicious hackers.
Topic: On Defending Against Doxxing
Bio: Benjamin Brown currently works on systems safety, adversarial resilience, and threat intelligence at Akamai Technologies. He has experience in the non-profit, academic, and corporate worlds as well as degrees in both Anthropology and International Studies. Research interests include novel and side-channel attack vectors, radio systems, the psychology and anthropology of information security, metacognitive techniques, threat actor profiling, intelligence analysis, and thinking about security as an ecology of complex systems. https://www.linkedin.com/profile/view?id=88339064
Topic: The Other Guys | Vulnerability Research in Alternative Android Browsers
Bio: Benjamin Watson is a Lead Security Researcher at VerSprite. When he is not pumping iron and snorting ground coffee beans, his time is focused on mobile security, embedded systems, reverse engineering and exploit development.
Topic: Multipath TCP – Breaking Today’s Networks with Tomorrow’s Protocols
Bio: Catherine (Kate) Pearce is a Senior Security Consultant at Neohapsis (Now a part of Cisco). Kate spends half her time breaking applications and networks, half her time working to secure systems being built, half her time tinkering with standards to find where the designer missed something, and the other half figuring out where she got four halves from. So far, her work has been presented at Blackhat USA and TROOPERS, among others. Bred, born, and raised in New Zealand, Kate’s a Kiwi who was temporarily pulled all the way from Middle Earth to New England a while back. She loves crossed-protocols, exotic failure modes, and long talks on the breach (sorry). While in the USA, she will tolerate a single sheep joke per person – as long as it’s targeted at Australians.
Topic: Breaking Scada systems
Bio: Chris Sistrunk is a Senior Consultant at Mandiant, focusing on cyber security for industrial control systems (ICS) and critical infrastructure. Prior to joining Mandiant, Chris was a Senior Engineer at Entergy (over 11 years) where he was the Subject Matter Expert (SME) for Transmission & Distribution SCADA systems. He has 10 years of experience in SCADA systems with tasks such as standards development, system design, database configuration, testing, commissioning, troubleshooting, and training. He was the co-overseer of the SCADA, relay, and cyber security labs at Entergy Transmission for 6 years. Chris has been working with Adam Crain of Automatak on Project Robus, an ICS protocol fuzzing project that has found and helped fix many implementation vulnerabilities in DNP3, Modbus, and Telegyr 8979. Chris helped organize the first ICS Village, which debuted at DEF CON 22. He is a Senior Member of IEEE, member of the DNP Users Group, Mississippi Infragard, and also is a registered PE in Louisiana. He holds a BS in Electrical Engineering and MS in Engineering and Technology Management from Louisiana Tech University. Chris also founded and organizes BSidesJackson, Mississippi’s only cyber security conference.
Topic: How to Grow a Hacker
Bio: David has extensive experience in many areas of information security. His career began by working in the trenches of perimeter analysis and conducting external threat research for large financial institutions. After switching to offensive security, David joined Redspin to conduct application security assessments and network penetration tests. David is currently the Chief Technology Officer and Vice President of Professional Services at Redspin, specializing in External and Application Security assessments, and managing a team of highly skilled engineers. David has particular interests in complex threat modeling and unconventional attack vectors, and has been a speaker at many conferences throughout the country.
Topic: Threatmon – Real time threat monitoring of attacks on applications hosted on cloud
Bio: Dibyendu Sikdar is an Open Source Developer and Independent Security Researcher .He is currently pursuing Bachelor’s Degree in Computer Science and Engineering from KIIT University. He is the Project Leader of OWASP DROID10 and OWASP JSEC CVE DETAILS . As an independent security researcher he participated in various bug bounty programs and has been acknowledged by various organization like AT&T , Microsoft , Oracle , Sony , etc in their hall of fame and acknowledgement section for responsible disclosure of vulnerabilities in their online services. He is also a member of SillyCon Security Research Group .
Topic: Managing Elevated Privileges in the Enterprise Environment
Bio: Erik has been working in the Information Technology industry for the past twenty years, while primarily focusing on security for the past ten years. He has a diverse background, which includes work in a variety of industries and the Government sectors, which have all contributed to his vast knowledge and skill sets. Erik has a CISSP, some other certifications, and a Masters of Science in Information Assurance.
Topic: Practical Electronics: Fixing the fan in a post-poop scenario
Bio: Growing up, it was a safe bet that if an object around the house was held together with screws or contained any number of wires, Evan “treefort” Booth took it apart at some point to see what made it tick. In 4th grade, with the help of strategically placed pens, erasers, and a Pop-Tarts wrapper, Evan’s pencil box could quickly be converted into a model rocket launchpad. His Liquid Drano purchases to toilets cleaned ratio is absolutely abysmal. This never-ending supply of curiosity eventually translated into a passion for understanding computers and programming. Having earned a degree in Digital Media — a nerdy union of design fundamentals and computer programming — from East Tennessee State University in Johnson City, Evan founded his company, Recursive Squirrel, where he has served a wide variety of clients in need of application development and consulting for nearly a decade. When he isn’t organizing 1’s and 0’s, Evan is likely off picking locks with the FALE Association of Locksport Enthusiasts, a lock picking group he co-founded in 2010. In his most recent project, Terminal Cornucopia, Evan set out to demonstrate how difficult it would be for an attacker to construct lethal weapons in a typical airport terminal after the security screening. After successfully building an arsenal consisting of everything from simple melee weapons to reloadable firearms to a remotely-triggered incendiary suitcase, Terminal Cornucopia garnered international media attention and attracted viewers from nearly every country on the planet. Make no mistake: the best part about buying a bulky item is, in fact, the huge cardboard box.
Topic: Now It’s Personal: Red Team Anecdotes
Bio: FuzzyNop is a computer who knows how to computer.
Topic: Cyber Medical Terrorism: Hacking DNA for a Brave New World
Bio: Gregory Carpenter, CISM, is the owner of Gregory Carpenter Enterprises LLC and co-author of “Reverse Deception: Organized Cyber Threat Counter-Exploitation. He is an Adjunct Professor, Northern Virginia Community College and on the Board of Directors of ATNA Systems. Previous positions include positions at the Army Research Laboratory, Army Cyber Command and several years at the National Security Agency / Central Security Service. Additionally, Mr. Carpenter worked at the Joint Task Force for Global Network Operations and served at the Army Material Command. He is the recipient of numerous awards including the coveted National Security Agency Military Performer of the Year.
Topic: Anti-Forensics: Memory or something, I forget.
Bio: int0x80 is the rapper in Dual Core. He has a mustache and doesn’t afraid of anything.
Topic: Emergence of the Hardware Botnet
Bio: Jeremiah has been in the IT security industry for nearly 20 years and is the founder and president of RedTeam Security. He has a masters degree in Information Security & Assurance and an executive business education from the University of Notre Dame. Jeremiah is an active security researcher and an adjunct faculty member at Norwich University. Jeremiah is the author of The Social Engineer’s Playbook: A Practical Guide to Pretexting and has held numerous leadership roles including CISO and expert consultant to several Fortune 500 companies. He is a CISSP, CCISO, CEH, CHFI and CCENT.
Topic: Cloud Device Insecurity
Bio: Jeremy is a security researcher focused on application security, largely involved in vulnerability research and development. He has gained extensive software security experience working at a large software company for several years on various projects including exploit mitigations, scalable fuzzing and kernel security. Other interests include static analysis, penetration testing and all things fascinating in the field of computer security.
Topic: Hacking NGFW and NGIPS For Fun and Profit
Bio: The past 5 years I’ve taken the hobby and made it a profession as Penetration Tester and Information Security Analyst. I’ve had the privilege to gain experience working across various domains of Information Security. Currently, I’m a contracting Information Security Analyst for my own Cyber Security company called Arma-Net,llc. I perform Contracting and Consulting associated with a wide variety of Cyber Security projects. In the more recent months I have been providing consulting and managed security services for Information Assurance- Governance, Risk, and Compliance auditing. The auditing work has evolved mainly into hacking/auditing of “cutting edge” Enterprise grade Security appliances. It has became a personal interest and research focus of mine. I’d like to share some of high level tools and methods I use for these testing processes.
Topic: Moving Meterpreter in Complex Networks
Bio: Josh Stone is a penetration tester for PSC, conducting assessments for some of the world’s largest retailers and payment processors. With 15 years of professional infosec experience, Josh has been privileged to work in a variety of capacities, including incident response, pen-testing, research, and security strategy. He lives the life of a consummate nerd, with interests across the full gamut of information technology, computation, and electronics.
Topic: Social Engineering 101 – 2hr Workshop
Bio: Shannon Sistrunk has a B.A. in Speech Communication from Louisiana Tech University and a M.S. in Applied Communication from Mississippi College. She was awarded for her Graduate research at MC for her work on recognizing the expression of pain among the other universally accepted facial expressions. She is the owner of Bayou Communications LLC, specializing in corporate, interpersonal & nonverbal communication, social-engineering, and more. She is married and has two children.
Topic: Malware is Hard, Let’s Go Shopping!
Bio: Wartortell works as a reverse engineer and malware researcher for Palo Alto Networks. Previously he worked in Threat Intel, Binary Rewriting and Binary Transparency. He also casts a mean Ice Punch, and this is not even his final form.