Northeast Ohio Information Security Forum

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING ---< Wednesday December 15, 2010 ---< 6:30 PM - 8:00 PM ---< Pizza and social start 6:00 PM ---< Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio ---< Open to everyone and free as always The Northeast Ohio Information Security Forum will meet for its monthly meeting on Wednesday December 15, 2010 starting at 6:30 PM. It will be held in the lower level of the Park Center Plaza #1 building (in the large room on lower level) off of Rockside Road in Independence. I've included links to maps and directions in this email. We have two talks planned... +++ Rooting Out the Bad Actors - Dan Walters, Sr. Systems Engineer at FireEye (www.fireeye.com). +++ Offensive-Security: A roadmap to penetration testing - David Kennedy See bottom of email for talk abstracts. PRIZES! Did we get your attention? We plan to have some prize giveaways as well. We have some NEOISF swag (shirts, mugs, etc) and other items we'll be giving away. Don't forget to come early, starting at 6:00 PM, for pizza and pop. Another great meeting from NEO Info Sec Forum - we hope to see you there! -- NEOISF Board -- ============================================================ [Location] Park Center Plaza 1 6100 Oak Tree Blvd Google maps link: TinyURL link http://tinyurl.com/neoisfmtg [Directions] 1. I-77 2. Rockside Road exit 3. West on Rockside Road 4. 2nd light go South onto Oak Tree Blvd 5. Pull into the 3rd driveway on the right 6. Go to lower level Signs will be posted on the building. ============================================================ TALK ABSTRACTS Rooting Out the Bad Actors - Dan Walters, Sr. Systems Engineer at FireEye (www.fireeye.com) Botnets have been around for some time now and don¹t seem to be going away ­ in fact they are becoming more prevalent and dangerous with the involvement of organized crime. Botnet zombies are resource thieves and potentially leave you and your network open to blacklisting and/or legal action. How can you keep track of new Botnet threats, how do you know you have been ³botted², how did you get ³botted², and what are the impacts or ramifications of the new bots? In our presentation, we look at several aspects of the current Botnet threats and give some help in answering these questions and more. Offensive-Security: A road-map to penetration testing - David Kennedy Offensive-Security offers several high end courses that is aimed at teaching the student the ability to effectively perform penetration tests and learn advanced techniques in the art of exploitation. Dave recently completed the Offensive-Security Certified Expert (OSCE) which is the hardest certification offered by Offensive-Security. This presentation will dive into all of the different courses, the expertise needed to pass the tests, and talk about a road-map to building you as a penetration tester.

Our next meeting is WEDNESDAY November 17, 2010. Pizza and networking start at 6:00 PM. Talks start at 6:30 PM. Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio. Click here for a Google Map! Open to everyone and free as always!

Here are the list of talks and agenda items for this months meeting:

The Enemy Within: How Cross-Site Request Forgery Can Turn Your Employees Into Unwitting Internal Hackers
Chris Bush, Sr. Security Consultant, Accuvant LABS

Web applications have for years now been increasingly the focus of attention for hackers. After all, vulnerabilities like SQL Injection have provided hackers a simple way to bypass firewalls and other network and host security controls to gain easy access to company data and internal resources. As a result, many companies have placed an increasing focus on securing their external web applications from these vulnerabilities, providing another layer of security and further hardening their perimeter. Meanwhile, corporate intranet applications have often not received this kind of attention to security, so they may still be vulnerable. And hackers still have a way to reach them – through your employees, and the web browser – using a technique known as Cross-Site Request Forgery. This talk will provide a technical overview of Cross-Site Request Forgery (CSRF). We’ll discuss how and why CSRF works, and how hackers can leverage it to turn your employees into unwitting accomplices to attack your internal applications. We’ll also cover some protection strategies that can be used to help mitigate the threat.

OSSIM Open Source SIEM
Kyle Capatosto, Hurricane Labs

OSSIM is an open source SIEM, developed by Alienvault LLC. It is a heterogeneous mixture of over 200 different open source projects, featuring a strong correlation engine, incident management tools, customizable reporting, and various cross-platform agents all tied into a simple, easy to-use web interface. Today’s talk will be covering installation styles, best practices, OSSIM innerworkings, as well as tips and tricks to get the most out of your OSSIM deployment.

Speaker Bios:

Chris Bush

Chris is a Certified Information Systems Security Professional (CISSP) and holds a Masters Degree in Computer Science from Binghamton University, Binghamton, New York and a Bachelors Degree in Computer Science from University at Buffalo, Buffalo, New York.

Kyle Capatosto

Kyle Capatosto has been a network security engineer at Hurricane Labs for over 2 years, currently consulting fortune 500 companies on secure network design, intrusion prevention, incident response, and SIEM. Kyle has performed multiple implementations of OSSIM on complex networks providing clients valuable insight into the interworkings of their network, as well as helping them to implement a better incident response program.

Our next meeting is this WEDNESDAY September 15, 2010. Pizza and networking start at 6:00 PM. Talks start at 6:30 PM. Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio. Click here for a Google Map! Open to everyone and free as always! Here are the list of talks and agenda items for this months meeting:

Building Blocks for Building Docs
Alex Hamerstone will speak on the ways that IT Professionals can become more competent and comfortable writing policies, procedures, and related documentation. He will cover how to determine which policies are necessary, how to structure documents, how to store and distribute documentation, and additional areas relevant to documentation.

Well aware that documentation is not always the favorite subject of IT professionals, Hamerstone brings a lighthearted approach to this often stuffy topic.

PowerShell … It’s time to own
David Kennedy and Joshua Kelley will be giving the same talk as presented at Blackhat/Defcon on attack vectors utilizing PowerShell.

Powershell is as close to a programming language we are going to get through a command line interface on Windows. The ability to perform almost any task we want through Windows is a huge benefit for systems administrators… and hackers. During this presentation we’ll be covering the attack vectors you can use with PowerShell and demonstrate some new Metasploit modules that were released at Defcon.

Speaker Bios:

Alex Hamerstone
As a consultant in the Risk Management group, Alex Hamerstone has been providing security solutions to companies for close to two years at SecureState, and prior to SecureState has almost a decade of consulting experience around technology implementation as well as business process assessment and development. His work focuses on the business side of security.

During his career, Alex has developed literally thousands of policies and procedures for organizations of many sizes. With a solid understanding of business processes, human resources, finance, security, and technology he is uniquely positioned to provide a great deal of value to any organization.

Dave Kennedy (REL1K)
Dave is a security ninja that likes to write code, break things, and develop exploits when he has spare time. Heavily involved with BackTrack and the Social-Engineer Framework, David continues (and strives) to contribute to a variety of open-source projects. David had the privilege in speaking at some of the nations largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET), Fast-Track, modules/attacks for Metasploit, and has (responsibly) released a number of public exploits, including attacks that affect some of the largest software vendors in the world. David heavily co-authored the Metasploit Unleashed course available online and has a number of security related white-papers in the field of exploitation.

Josh Kelley (winfang)
Josh Kelley is a security analyst for an international Fortune 1000 company located in North Canton Ohio. Josh has helped write and author ground breaking attack vectors through PowerShell and the Teensy HID devices and has presented at Blackhat and Defcon. Josh has a number of strengths in the security industry including penetration testing, zero day research, buffer overflows, web application security, and exploitation.