Cybercriminals persistently challenge the security of organizations through the rapid implementation of diverse attack methodologies, state of the art malware, and innovative evasion techniques. In response, organizations deploy and rely on multiple layers of diverse security technologies and security threat feeds in an attempt to keep threats at bay and to better understand current threat trends. This workshop examines how NSS Labs’ is turning the hard data from our real-world testing of leading security technologies into actionable intelligence our clients can use to model and evaluate the security effectiveness of their organization’s specific security layers. It will also provide a demonstration of our patent-pending BaitNET technology, which provides proactive threat forecasting to show clients which threats are evolving or gaining momentum around the globe, and when combined with NSS Enterprise Threat Modeling, which are most likely to be a serious threat to their organization specifically.
Session 1:
What’s Getting Past Your Layered Security?
Most enterprises deploy multiple layers of security technologies assuming that more layers equals better security. Using data from actual testing, NSS found that only 3% of over 600 device combinations blocked all exploits. This session will show a live demonstration of NSS’ Threat Modeling which allows organizations to model their unique security layers, see which exploits successfully evade those layers, and then map back to crimeware toolkits that can be easily used to target holes in your specific environment.
Session 2:
Tracking & Understanding Modern Malware & Exploits
Modern malware and exploit campaigns continually evolve to avoid detection by security technologies. Because enterprises need to know what’s coming vs. what’s already happened, NSS Labs developed BaitNET, a suite of proprietary technologies, which allows our researchers to proactively locate and track modern malware and exploits around the globe as it evolves. This session will demonstrate how NSS can help clients understand what threats are coming and which pose the largest threat to their specific networks.
Unlike other analyst firms, NSS provides unique, data-driven recommendations to our clients based on both the vast amount of threat data collected from around the world and from our independent empirical testing of leading security technologies and vendors. By utilizing this data in new and unique ways such as our Enterprise Threat Modeling and Threat Forecasting, NSS provides enterprises the information they need to make critical security decisions
NSS Research Vice President Francisco Artes is a recognized information security executive who has helped form some of the motion picture & television industry’s best practices for securing intellectual property. Artes is also know for his work with on cybercrime, hacking and forensic security issues with various federal, state and local government and law enforcement agencies such as the US Dept. of Homeland Security, the FBI, the Texas Rangers, US Marshals and several others.
NSS Research Director Dr. Stefan Frei is a known veteran in the security space. Before joining NSS Labs, Frei was Research Analyst Director at Secunia where he was responsible for the Lab to identify trends and turn security data into business actionable information, as well as serving as the key spokesperson on evolving threats. Prior to joining Secunia he worked for the ISS X-Force (now part of IBM) security assessment services, executing high profile cutting edge attack-based consultancy services throughout EMEA.
NSS Director of Research and Development Mohamed Saher specializes in reverse engineering, windows internals and mathematics. His work and research spans numerous areas, including native software protection, copy protection technologies, compilers and virology. In his spare time, he enjoys contributing to various reverse engineering forums, solving crackmes and math problems in Project Euler where he is top-ranked nationally and internationally
NSS Research Vice President John Pirc is a well-known security intelligence and cybercrime expert who has held strategic positions at several leading security companies such as HP, McAfee, IBM/ISS, Cisco and began his security career at the Central Intelligence Agency. Pirc is a noted speaker who has presented at leading security conferences around the world such as RSA, AusCert, SecTor and Security B-sides, and is the co-author of two books: Blackhatonomics published in December 2012, and Cybercrime and Espionage published in February 2011.
It’s no secret that the proliferation of mobile applications has taken a stranglehold in today’s modern computing landscape. In this constantly changing environment of mobile applications and their distribution points—including mobile application stores themselves and “in the wild” mobile binaries—there’s very little that’s so obvious it’s black and white.
As the latest threat vector for malware distribution and phishing, it’s more important than ever before to quickly identify and track mobile applications across multiple platforms and app stores.
Lou Manousos, CEO and Founder, RiskIQ. Elias (“Lou”) Manousos is the CEO and cofounder of RiskIQ, a trailblazer in the field of Internet scale security analysis, providing global visibility into emerging threats across web and mobile platforms. Lou is also Co-Chair of the Online Trust Alliance (OTA) Anti-Malvertising Working Group and is responsible for Malvertisements.com, the first and only public database documenting malvertising incidents on a continuous basis.
Amid ubiquitous media attention and frantic finger-pointing at China, a new player in the lucrative world of cyber-espionage may be quietly emerging from another corner of Asia. Norman Shark, the global security leader in malware analysis solutions for enterprise, service providers and government, recently uncovered a large and sophisticated cyber-attack infrastructure that appears to have originated from India. These attacks, conducted by private threat actors over a period of three years and still ongoing, showed no evidence of state-sponsorship but the primary purpose of the global command-and-control network appears to be intelligence gathering from a combination of national security targets and private sector companies. Join us to learn more about the tools, tactics and methods employed by the Hangover exploit.
Jonathan P. Camp, co-author of Norman’s Operation Hangover Report, hails from 60 degrees north. As a bit-twiddler at Norman Shark's Norwegian headquarters, he leverages his 15 years of industry experience to oversee the technical development of Norman's malware analytics appliance. Previously he worked for the U.S. Department of Energy as a reverse engineer and helped to develop several software-defined radio products. Jonathan is an avid technologist and is currently researching various interaction methods for petabyte-scale malware collection and analysis systems
New techniques are emerging to distribute sophisticated malware and compromise legitimate, heavily trafficked websites. Predators target these “watering holes” because their reputations often keep them off black lists and they attract easy prey. Once discovered, these sites are often taken offline before there’s chance to gain an understanding of the scope of the attack, making it very difficult to prevent future similar attacks.
So, how do you know you are not being used as a watering hole? Join us at this workshop to learn how to detect watering holes and review how some of the biggest sites were exploited.
Lou Manousos, CEO and Founder, RiskIQ. Elias (“Lou”) Manousos is the CEO and cofounder of RiskIQ, a trailblazer in the field of Internet scale security analysis, providing global visibility into emerging threats across web and mobile platforms. Lou is also Co-Chair of the Online Trust Alliance (OTA) Anti-Malvertising Working Group and is responsible for Malvertisements.com, the first and only public database documenting malvertising incidents on a continuous basis.
In this session, the speakers will demonstrate techniques and tools for providing penetration test coverage widely across an enterprise. Building on the foundation provided by Pwnie Express tools, and focusing specifically on high value targets, the speakers will demonstrate methods for scaling your current testing procedures. Additionally, the speakers will show off new tools and techniques which can dramatically improve an enterprise’s visibility across all of its physical locaitons. Attendees will gain knowledge and insight into the unique challenges of testing for security issues across the ENTIRE enterprise.
David Porcello, Founder and CEO: Building on over 10 years of IT leadership, security, and entrepreneurial experience, Dave founded Pwnie Express in 2009 with a clear vision of providing unique hardware and unparalleled expertise to the global security industry.
Jonathan Cran, CTO: A tester by trade, Jonathan brings deep security expertise to the table. Working with some of the best teams in the industry at Rapid7, Metasploit, and now Pwnie Express, Jonathan has proven experience training, developing, and enabling penetration testers.
Booz Allen Hamilton is excited to announce their offering of “Kaizen”, a Capture the Flag event at Black Hat USA 2013. This interactive event is designed to build the skills of information security professionals through hands-on challenges in forensics, web exploitation, scripting, and binary reverse engineering. Kaizen was built to challenge participants of all skill levels. Whether you are a seasoned professional or new to information security and want a healthy environment to try your first CTF, come check out Kaizen!
Kaizen is split into separate levels with a variety of challenges. All equipment is provided, so just bring your brain! Our scoring server and leader board tracks your progress as you capture the challenge flags. Top scores will receive 1st, 2nd, and 3rd place prizes as well as challenge and achievement based prizes for the truly advanced! Additionally, top ranking participants will receive an invitation to our exclusive Booz Allen Hamilton sponsored networking event held on Thursday at the Seahorse Lounge, located in Caesars Palace. Come test your information security knowledge in a fun relaxed environment, and enjoy hands-on learning with various interactive challenges.
The promise of this Information Age is stifled by the relentless onslaught of cybercrime. Perpetually evolving zero-day threats undermine our trust in electronic systems. This workshop discusses how to address our weakest link: the browser.
Virtually all undetected breaches are infiltrating via the browser, and despite this, the myriad of solutions continue to perpetuate a false sense of security. To use a traditional browser is to run malware. We’ll explore the potential to browse the web fearlessly through network & hardware isolated virtual browsers.
Attendees of the workshop will be able to use several examples of remote browsing implementations, and can win up to $10,000 in cash, as well as prizes for breaking through the 11 layers of defense in this model. Workshop contestants will be able to submit URLs for our target PC to visit, and by exploiting this system with web malware, will be rewarded incrementally more awesome prizes for demonstrating unique ways through the layers of defense.
The 11 layers of defense in this model, and the planned prizes (with more TBA) are:
This will allow us to explore how true security can be achieved with a great user experience, potentially putting an end to browser malware, drive-bys, watering-holes, while preserving our privacy and online freedoms.
Branden Spikes has 20+ years of IT experience and was the first CIO at both SpaceX and PayPal. After sparing no expense on security, Branden noticed constant malware breaches through the browsers. In 2008, Branden invented the remote browsing model, and is founder & CEO of security company Spikes.
In this session, attendees will gain knowledge of, and access to plug & play tools that enable them to visualize the wireless spectrum, test the latest wireless vulnerabilities, and show just how vulnerable wireless clients can be. The session will start with an overview of wireless security and dive into a practical demonstration of how to test for known vulnerabilities.
David Porcello, Founder and CEO: Building on over 10 years of IT leadership, security, and entrepreneurial experience, Dave founded Pwnie Express in 2009 with a clear vision of providing unique hardware and unparalleled expertise to the global security industry.
Jonathan Cran, CTO: A tester by trade, Jonathan brings deep security expertise to the table. Working with some of the best teams in the industry at Rapid7, Metasploit, and now Pwnie Express, Jonathan has proven experience training, developing, and enabling penetration testers.
