Episode254

From Paul's Security Weekly
Revision as of 23:16, 8 August 2011 by Mikep (Talk | contribs)

Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here



Announcements

PaulDotCom Security Weekly - Episode 254 for Thursday August 11th, 2011.

  • Los episodios de PaulDotCom Espanol con Julio Canto, Lorenzo Martinez, Chema Alonso, Ruben Santamarta y Raul Siles esta disponible aqui.

Guest Tech SegmentCon: A Special Night with Trustwave's SpiderLabs!

Amazingly True Stories of Real Penetration Tests with Rob Havelt & Wendel Henrique

7:30 PM EDT / 6:30 p.m. CST

Rob Havelt, director of penetration testing, and Wendel Henrique, security consultant, will present Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests.


Rob is Director of SpiderLabs' Penetration Testing Practice, where he oversees all aspects of network and infrastructure security testing and wireless network testing.

Wendel is a consultant for penetration testing at Trustwave, where he has discovered vulnerabilities across a diverse set of technologies including webmail systems, wireless access points, remote access systems, web application firewalls, IP cameras, and IP telephony applications.


Proper Bios

Rob Havelt:

Rob has conceived and led original research for Microsoft Encrypted Filesystem (EFS) cracking and file recovery, producing a whitepaper based on this research that lead to clarification in the PCI DSS. He also conducted original research into Frequency Hopping Spread Spectrum (FHSS) wireless networks, publishing a whitepaper to help Trustwave and their clients determine compliance needs for these networks. Havelt has written for the Linux journal and served as a technical editor for Cisco press and other leading scientific publishers. A sought-after speaker on the conference circuit, Havelt has addressed major industry gatherings such as Black Hat, TOORCON and THOTCON.


Wendel Bio:

Wendel Guglielmetti Henrique is a consultant for penetration testing at Trustwave's SpiderLabs, the advanced security team within Trustwave focused on forensics, ethical hacking, and application security testing for premier clients. He has worked with IT since 1997, during the last 8 years he has worked in the computer security field. During his career, he has discovered vulnerabilities across a diverse set of technologies including webmail systems, wireless access points, remote access systems, web application firewalls, IP cameras, and IP telephony applications. Some tools he wrote already were used as examples in national magazines like PCWorld Brazil and international ones like Hakin9 Magazine. Recent presentations include Black Hat Arsenal 2010 (USA), OWASP AppSec Research 2010 (Sweden) and Black Hat Europe 2010 (Spain). Last year, Wendel spoke in Troopers 09 (Germany), OWASP AppSecEU09 (Poland), YSTS 3.0 (Brazil), and has previously spoken in well known security conferences such as Defcon 16 (USA) and H2HC (Brazil). During the past 4 years he has been working as a penetration tester, where he has performed countless network, application and web application penetration tests for various organizations across government, banking, and commercial sectors, as well as the payment card industry.


A number of tools authored by Wendel have been featured in national magazines such as PCWorld Brazil and international publications like Hakin9 Magazine. In particular, Wendel developed the first tool to detect the infamous BugBear virus in 2002, before it was detected by popular anti-virus solutions. He is constantly providing content and development help to famous publications like Hakin9 magazine, tools like N-Stalker - Web Application Security Scanner, Acunetix Web Security Scanner and NetSparker - False Positive Free Web Application Security Scanner.

Traps of Gold by Andrew Wilson & Michael Brooks

Traps of Gold is a study which examines the offenses and defenses of web application security and introduces "maneuverability" - a new strategy for fighting back.


8PM EDT / 7:00 p.m. CST

Andrew specializes in application security assessment, penetration testing, threat modeling and secure development life cycle. Andrew is active as a leader of the Phoenix OWASP and is a Microsoft MVP in Windows Azure.

Michael works for SiteWatch, where he composes exploit code, which he considers a challenging and privileged art form. Michael is on PaulDotCom because he believes secure software is a luxury that should be shared.


Proper Bios

Wilson Bio:

Andrew Wilson is a Security Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 9 years experience building and securing software for a variety of companies. Andrew specializes in application security assessment, penetration testing, threat modeling and secure development life cycle. Andrew is active in the developer and security community as a speaker, a trainer, and as a leader of the Phoenix OWASP & Azure user groups. Andrew is recognized as a Microsoft MVP in Windows Azure.

Brooks Bio:

Michael Brooks writes exploit code because it is challenging and a privileged art form. He writes secure software and helps others do the same because secure software is a luxury that should be shared. He is the top answerer of security and cryptography questions on StackOverflow.com (Rook). Exploit Code: http://www.exploit-db.com/author/?a=628 He works for Sitewatch


8:30 PM EDT / 7:30 p.m.

Speaking with Cryptographic Oracles by Dan Crowley

Speaking with Cryptographic Oracles is a discussion of methods for finding and exploiting encryption, decryption, and padding oracles.

Daniel is an Application Security Consultant for Trustwave's SpiderLabs and is particularly focused on vulnerabilities caused by a failure to account for little known or even undocumented properties of the platforms on which applications run. He especially enjoys playing around with Web based technologies, enjoys rock climbing and makes a mean chili quite worthy of a PaulDotCom post-exploitation towel.


Proper Bio

Crowley Bio:

Daniel Crowley is an Application Security Consultant for Trustwave's SpiderLabs team. He has been working in the information security industry for over 6 years and has been focused on penetration testing, specifically on Web applications. Daniel is particularly interested in vulnerabilities caused by a failure to account for little known or even undocumented properties of the platforms on which applications run. He especially enjoys playing around with Web based technologies and physical security technologies and techniques. Dan also rock climbs and makes a mean chili.


Stories For Discussion

Larry's Stories

Paul's Stories