Difference between revisions of "Episode350"

From Security Weekly Wiki
Jump to navigationJump to search
Line 1: Line 1:
= Wings For Warriors =
= Wings For Warriors =

Revision as of 16:55, 24 October 2013

Wings For Warriors

Please help support our charity for this event, Wings For Warriors!
Donate By Clicking Here

Episode 350

October 25, 2013 9:00AM-6:00PM EDT

Welcome to our very special episode 350! We have a very special episode, all in support of wounded veterans in our armed services. Please take the time to donate using the links above. We've got an epic day in store for you, including contests, panel discussions, technical segments and more!

Intro 9:45AM-10:00AM

Crypto Challenge 10:00AM-10:10PM

Anthony Ameen - Wings for Warriors : Interview 10:10AM - 10:30AM


Active Defense: Taking The Fight To Attackers: Should We? 10:30AM-11:30AM


BenWright.jpg JoshCorman.jpg Dittrich dave.jpg RobGraham.png

Ben Wright:

Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With over 25 years in private law practice, he has advised many organizations, large and small, private sector and public sector, on privacy, computer security, e-mail discovery, outsourcing contracts and records management. Nothing Mr. Wright says in public is legal advice for your particular situation. If you need legal advice or a legal opinion, you should retain a lawyer.

Josh Corman:

Joshua Corman is the Director of Security Intelligence for Akamai. Mr. Corman’s cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives.

Dave Dittrich:

Dave Dittrich is an Affiliated Research Scientist with the Office of the Chief Information Security Officer at the University of Washington. He is also a member of the Honeynet Project and Seattle's "Agora" computer security group.

Rob Graham:

Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.


We've all heard the term "Hacking Back". We all have mixed feelings about this term. Lets be clear, its not about feelings! The revenge-based "hacking back" was doomed for failure from the beginning. On the flip side, we're losing the battle against attackers on many fronts. What can we do? Setting traps, tracking attackers, luring them into areas of the network and systems deemed "honeypots" is on the table, or is it? What are the legal ramifications to this activity?

  1. What is "hacking back" and how does it apply to our conversation?
  2. Should we "hack back"?
  3. What types of traps are suggested? What is different about setting traps than hacking back?
  4. What is active defense? How is it different?
  5. Where are the legal lines drawn?
  6. Should everyone implement active defenses?
  7. What is the future of active defense?

SCADA: Attack & Defense: Securing Critical Infrastructure 11:30AM -12:30PM


Justinsearle.jpg Joellangil.jpg Dale peterson.jpg PatrickMiller.png

Justin Searle:

Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing.

Joel Langill:

Joel Langill is the SCADAhacker. His expertise was developed over nearly 30 years through in-depth, comprehensive industrial control systems architecture, product development, implementation, upgrade and remediation in a variety of roles covering manufacturing of consumer products, oil and gas including petroleum refining, automation solution sales and development, and system engineering.

Dale Peterson:

Dale Peterson is the founder and CEO of Digital Bond, a control system consulting and research practice. He performed his first SCADA assessment in 2000, and Dale is the program chair for the S4 conference every January in Miami Beach.

Patrick C. Miller:

Patrick Miller provides services as an independent security and regulatory advisor for the Critical Infrastructure sectors as Partner and Managing Principal of the Anfield Group.


SCADA systems are being attacked and making headlines. However, this is not news, or is it? There is a lot of new found "buzz" around attacking SCADA and defending SCADA. Technology has evolved and many systems are Internet connected and more advanced than ever. Water, power, electric, manufacturing all have SCADA.

  1. What are the gaps in SCADA security?
  2. What systems are being targeted and why?
  3. What are some examples of "bad things" happening as a result of SCADA systems becoming compromised?
  4. What can SCADA vendors do better?
  5. How do we accurately and safely assess the security of SCADA systems?
  6. What can we do to raise awareness?

BREAK 12:30PM - 12:45PM

Stogie Geeks 12:45PM-2:00PM

Tech Segment with Greg Hetrick 2:00PM - 2:15PM


Java - Can't Uninstall? Whitelist it?

Tech Segment Angelo & Leon from The Honeynet.org 2:15PM - 2:30PM




Angelo Dell'Aera is currently employed as Information Security Officer at International Fund for Agricultural Development (IFAD), a specialized agency of the United Nations. He's currently Chief Executive Officer at Honeynet and leads the Sysenter Honeynet Project Chapter. His interests are mainly related to botnet tracking, honeyclient technologies and malware analysis. Angelo started working as an independent researcher in networking and security research in 1998 focusing his research both on attack and defense techniques mainly focusing on *NIX platforms. Meanwhile he worked as researcher in Politecnico of Bari until June 2004 where his main research argument was TCP congestion control algorithms. His research led to the design of the TCP Westwood+ algorithm and the implementation of its support in the official Linux kernel. He's the lead developer of the low-interaction honeyclient Thug.


Leon works an a Senior Analyst for a government based CERT team in The Netherlands. He's involved in infosec for more then 13 years. He likes to catch and analyse malware. He tries to be the Chief PR Officer and promote other peoples work :) He's been working with various type of honeypots for years.



facebook TheHoneynet Project




They can also be reached on twitter:




BREAK 2:30PM - 2:45PM

Tech Segment with Intern Dale 2:45PM - 3:00PM

Special Guest Interview: Jayson Street 3:00PM-3:30PM



Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. ;)

The best way to contact Jayson: @jaysonstreet

Special Guest Interview: Kevin Finisterre 3:30PM-4:00PM



Kevin Finisterre is a Senior Research Consultant with Accuvant, has hacked everything from utilities providers to police cars and is keen on disseminating information relating to the identification and exploitation of software vulnerabilities on many platforms.

Veteran Panel 4:00PM-5:00PM


MichaelFarnum.jpg Davekennedykatie.jpg RazorEQX.jpg

Nik Seetharaman:

Nik Seetharaman is a consultant for a government client in the DC area. He spent 11 years in the United States Air Force where he served in the intelligence and joint special operations communities.

Michael Farnum:

Michael Farnum has worked with computers since he got a Kaypro II and an Apple IIc during his middle school years. Michael served in the US Army, where he drove, loaded, and gunned on the mighty M1A1 Abrams main battle tank (which is where he got his "m1a1vet" handle).

Dave Kennedy:

Dave worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions. He also holds the World Record for most hugs given at a conference and is founder and principal security consultant of TrustedSec - An information security consulting firm located in Cleveland Ohio.



Episode 350 is dedicated to Veterans, so we found it only fitting to have a panel with InfoSec individuals who are also Veterans. We want to discuss how serving in the military has helped these people in their careers.

Privacy 5:00PM - 6:00PM


RobGraham.png Dan auerbach.jpg

Rob Graham:

Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.

Dan Auerbach - EFF:

Dan is a Staff Technologist who is passionate about defending civil liberties and encouraging government transparency. Dan works on EFF's various technical projects and helps lawyers, activists, and the public understand important technologies that might threaten the privacy or security of users.