Northeast Ohio Information Security Forum

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday October 16, 2013
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly
meeting at the above date and time. It will be held in the lower
level of the Park Center Plaza #1 building (in the large room on lower
level) off of Rockside Road in Independence. Links to maps and
directions included in this email.

Agenda:

HTTP Header Analysis by Nathan LaFollette “httphacker”

HTTP Headers are the least protected areas in a Web Application.  httphacker will review current HTTP Headers, and how to effectively analyze them for vulnerabilities with the gethead Project (to be released publicly during the talk).
Presentation Outline:
* Why are headers important to us?
* What header checks are in today’s automated tools?
* Review of current header attributes
* Announcement of the gethead Project & Demo

SPEAKER BIO:

Nathan LaFollette (httphacker) is a Senior Security Consultant for HP ShadowLabs, a division of HP Fortify.  Nathan has been leading international security engagements in the areas of Web Application Penetration Testing for many years. Nathan’s vast experience with web vulnerability analysis is unmatched in the industry.  Currently as a Senior Security Consultant, Nathan has advised and performed Web Application Penetration Testing for some of the world’s largest publicly and privately traded companies. Nathan brings a great deal of international security threat expertise and corporate security experience to the information security community.
Second Talk TBA

Don’t forget to come early, starting at 6:00 PM, for pizza and pop.
Another great meeting from NEO Info Sec Forum – we hope to see you there!

– NEOISF Board –

———————————————————————————-
[Location]
Park Center Plaza 1
6100 Oak Tree Blvd
Google maps link: short link http://bit.ly/ndIDBZ

[Directions]
1. I-77
2. Rockside Road exit
3. West on Rockside Road
4. 2nd light go South onto Oak Tree Blvd
5. Pull into the 3rd driveway on the right
6. Go to lower level
———————————————————————————-

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday August 21, 2013
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly
meeting at the above date and time. It will be held in the lower
level of the Park Center Plaza #1 building (in the large room on lower
level) off of Rockside Road in Independence. Links to maps and
directions included in this email.

Agenda:

The Complete Life Cycle of Targeted SE Attacks

Description: We’ve all heard that Social-Engineering is effective
– but how do you create something thats effective and has a large
impact on an organization? This talk will walk through how to craft
scenarios for an organization that works for almost every
organization and rips through almost all of the defensive mechanisms
that we are use to today.


BIO: Nick Hitchcock (@nick8ch) is a Senior Security Consultant at
TrustedSec and has a relentless pursuit to break security and make
things do things they were not meant to do. He also has experience
working in the IT/information security field for several years and
has performed large scale security assessments/penetration tests,
risk assessments, forensic analysis, physical security assessments,
social engineering engagements. In addition to secular work Nick is
also actively involved in the Infosec community, being one of the
organizers of DerbyCon and head of security for BSidesLV and
BSidesDE. He also is a contributor to social-engineer.org and part
of the Social Engineering CTF team at DEF CON. OSCP, GPEN

Attacking and Defending Full Disk Encryption by Tom Kopchak

One of your company’s laptops was just stolen. You know that there was
sensitive information on the machine. You also know that full disk
encryption was deployed. Is your data safe? Can you prove it?

Many organizations are flocking to full disk encryption as a solution
to their data security requirements. Unfortunately, many of these
installations view the deployment of full disk encryption as a panacea
for any and all security concerns for their laptop fleets. All too
often, these systems are neither properly configured nor adequately tested.

In this talk Tom Kopchak, Senior Engineer, will analyze the challenges
associated with both attacking and defending systems protected with full
disk encryption. Many of the examples provided will draw from Tom’s
personal experience, including a case where a fully encrypted and
powered down system was able to be fully compromised as part of a
penetration test.

Don’t forget to come early, starting at 6:00 PM, for pizza and pop.
Another great meeting from NEO Info Sec Forum – we hope to see you there!

– NEOISF Board –

———————————————————————————-
[Location]
Park Center Plaza 1
6100 Oak Tree Blvd
Google maps link: short link http://bit.ly/ndIDBZ

[Directions]
1. I-77
2. Rockside Road exit
3. West on Rockside Road
4. 2nd light go South onto Oak Tree Blvd
5. Pull into the 3rd driveway on the right
6. Go to lower level
———————————————————————————-

The NEOISF meeting for Wednesday, July 17 has been canceled.

We will have our next meeting Wednesday, August 21, 2013.