Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Security [clear filter]
Monday, June 15
 

10:30

Actionable Threat Intelligence, ISIS, and the SuperBall
When adding a new threat intelligence feed into your threat model and security practice, one always has to ask: “what is the value?” Unfortunately, over the past couple of years, organizations have struggled with showing true value from standard threat intelligence feeds for several reasons, most of which coincide with the fact that the feeds are too generic, and do not directly relate to the operating environment of the organization.
In this talk, we will discuss how to create a customized, organization-specific threat intelligence feed, that in turn will be used to actively increase the security posture of the organization in a measurable way. Some of the examples we will address include dealing with DDoS attacks & social media account takeovers and adjusting to finding threats and threat actors in order to proactively tune defenses before an attack.

Speakers
avatar for Ian Amit

Ian Amit

Iftach (Ian) Amit, Vice President at ZeroFox, has over a decade of experience in hands-on and strategic roles, working across a diversity of security fields: business, industry, marketing, technical and research. At ZeroFOX, Ian leads the company’s customer solutions offerings and runs ZeroFOX’s New York offices. Previously, Ian served as Director of Services at IOActive. His career also includes time at Security-Art, Aladdin, Finjan... Read More →


Monday June 15, 2015 10:30 - 11:15
Room 2

11:15

Incident Handling in the cloud

Hva gjør vi når vi har sikkerhetshendelser i skyen? Hvordan tar man et RAM image utav en SaaS (Software as a service) tjeneste? Man gjør det ikke! Håndtering av sikkerhetshendelser i skyen er en ny problemstilling som mange av oss blir tvunget til å ta stilling til når flere og flere tjenester blir provisjonert i skyen.

I foredraget vil jeg ta opp tema som:

- Hvilke utfordringer ser man i med å håndtere hendelser i skyen
- Hvordan kan noen av disse utfordringene løses
- Hva bør man tenke på før man velger en sky-leverandør.
- Hvordan håndtere utfordringene.


Speakers
avatar for Chris Andre Dale

Chris Andre Dale

I'm Chris Dale from Norway, currently the technical lead for penetration testing & incident handling at Netsecurity. Along with my security expertise, I have a background from system development and application management. Having a vast and broad experience in IT certainly help a great deal when working penetration tests and incidents. | | I'm an open, sharing and engaging person to be around, some even think I'm funny. Enthusiastic and... Read More →


Monday June 15, 2015 11:15 - 12:00
Room 2

12:45

NextGen Pentesting: Mobile, Cloud and Internet of Things
Cloud backups and getting access to enterprise information on smartphones and tablets (now even watches and sunglasses) adds a ton on convenience, but as a slew of celebrities recently found out, the added functionality doesn’t come without its share of risk. If the door locks are hooked up to the network such that the head of physical security can let someone in in an emergency from the comfort of his home, that will be awesome for his home life, but what does having physical controls in Active Directory mean for an attacker? As penetration testers, we are tasked with simulating an attack and discovering vulnerabilities from missing patches to employees who click on weird links in emails. What are the new risks that our new enterprise network landscapes bring with them? And how can we effectively test for them? In this talk we will look at some of the vulnerabilities introduced by the introduction of mobile, cloud, and Internet of Things as well as testing techniques and methodologies to bring these pieces into our enterprise security assessments.  The talk will include demonstrations of attacks and suggestions for remediation. 

Speakers
avatar for Georgia Weidman

Georgia Weidman

Bulb Security
Georgia Weidman is a penetration tester, security researcher, and trainer. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at conferences around the world including Shmoocon, Hacker Halted, Security Zone, and Bsides. Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews.


Monday June 15, 2015 12:45 - 13:15
Room 2