Keynote Speakers

Ed Skoudis  

SANS, InGuardians

The Bad Guys Are Winning: So Now What?

Gregory Conti
West Point, Author of "Security Data Visualization"

Evil Interfaces: Violating the User

Daniel V. Hoffman
CTO SMobile Systems, EH-Net Columnist

Smartphones Aren't Currently Being Exploited - And the Titantic is Unsinkable

Billy Rios
John Walton
Microsoft Pen Testers (Blue Hat)

Mischievous Eyes and Malicious Mindsets

Bios and Keynote Descriptions

Ed Skoudis InGuardians, SANS

The Bad Guys Are Winning: So Now What?

With the continual release of zero-day exploits, ever-larger-scale botnets, and rampant spyware, attackers have compromised tens of millions of machines connected to the Internet. With clever attackers mixing social engineering, physical attacks, and phishing into their bag of tricks, their rate of successful penetration is both astounding and depressing. A central thesis of this talk is that a sufficiently determined (but not necessarily well-funded) attacker can compromise almost any organization with an Internet connection. The discussion will first analyze why this is so. We'll then look at the implications of such an environment for enterprises. How should information security priorities shift in light of this evolving threatscape and attack surface? What are the implications for system administrators, incident response teams, and even penetration testers? We'll also briefly look beyond the enterprise, and consider the military and national security issues associated with emerging threats and attacks.  

Ed Skoudis is a founder and Senior Security Consultant with InGuardians. Ed teaches SANS Track 4, "Hacker Techniques, Exploits and Incident Handling", on a regular basis. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, designed information security governance and operations teams for Fortune 500 companies, and responded to computer attacks for clients in financial, high technology, healthcare, and other industries. Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published several articles on these topics, as well as the Prentice Hall best seller, Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. His latest book is titled Malware: Fighting Malicious Code. Ed was also awarded a 2007 Microsoft MVP award for Windows Server Security, and is a member of the Honeynet Project.

Gregory Conti West Point, Author of "Security Data Visualization"

Evil Interfaces: Violating the User

In a perfect world, interfaces help users accomplish tasks quickly and efficiently. However, in the real world, interfaces are often designed to manipulate users into behaving according to the designer's calculated and suspect intent. Malicious interfaces abound on the web - employing trickery, misdirection of browsing, forced viewing of advertisements, and even animations designed to trigger epileptic seizures. Evil interfaces are seen virtually anywhere profit is at stake, from desktop applications and websites to gas pumps and toothpaste dispensers. This talk explores malicious interface techniques both on and off the desktop, and aims to energize the audience to pursue positive solutions. You'll leave with a better awareness and understanding of the problem, increased resistance to attack and ideas for generating solutions.  

Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy. His research includes security data visualization, usable security, and web-based information disclosure. He is the author of Security Data Visualization (No Starch Press) and the forthcoming Googling Security (Addison-Wesley). His work can be found at http://www.gregconti.com/ and http://www.rumint.org/.

Daniel V. Hoffman CTO SMobile Systems, EH-Net Columnist

Smartphones Aren't Currently Being Exploited - And the Titantic is Unsinkable

Many people think that threats to BlackBerry's, Symbian, Windows Mobile and iPhone devices don't exist. With 2 of the top 3 BlackBerry infectors and 3 of the top 4 Windows Mobile infectors being spyware, that's exactly what the hackers want you to think. The goal of malware and attacks in general have changed from simply being disruptive, to being financially motivated, non-disruptive and stealthy. By showing specific, current exploits, see how users and enterprises who are waiting to experience an infection or data loss before implementing security software for their smarthphones are placing themselves into the unsavory position of unknowingly becoming exploited and having absolutely no security software to address that exploitation.

Mr. Hoffman is a world renown mobile security expert. He joins SMobile Systems with more than 10 years of experience in mobile security. He has built his expertise as a Telecommunications Specialist with the U.S. Coast Guard, IT Director and as Senior Engineer at Fiberlink, architecting security solutions for the largest companies in the world. He has been the keynote speaker at numerous security events including Hacker Halted, InfoSec World and ChicagoCon and is known for his live hacking demonstrations and videos, which have been featured in the Department of Homeland Security's open source infrastructure report. Mr. Hoffman is the author of Blackjacking: Security Threats to Blackberry Devices, PDAs and Cell Phones in the Enterprise and Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control.

Billy Rios & John Walton Microsoft Pen Testers (Blue Hat)

Mischievous Eyes and Malicious Mindsets 

The browser is our window to your secrets… and we’ve got mischievous eyes. As organizations push to increase the “richness” of online user experiences, they are also unwittingly increasing attack surface for organizations and their users. Join two of the best looking security researchers in the world as we dissect the current state of client side and web application security. We’ll dive into the gory details and demonstrate the impact of client side vulnerabilities, blended threats, and targeted attacks. We’ll cover everything from benign application vulnerabilities that gave college hopefuls a sneak peak on their admissions status, all the way to vulnerabilities used to steal your data and compromise your machine.

Billy Rios is a Security Engineer with Microsoft where he is helping to secure software used by millions of people across the world. Before joining Microsoft, Billy was a penetration tester for both VeriSign and Ernst and Young. As a penetration tester, Billy was hired by numerous organizations within the Fortune 500 to assess the effectiveness of their organization's security posture. Billy made his living by outsmarting security teams, bypassing security measures, and demonstrating the business risk of security exposures to executives and organizational decision makers. Before his life as a penetration tester, Billy worked as an Information Assurance Analyst for the Defense Information Systems Agency (DISA). While at DISA, Billy helped protect Department of Defense (DoD) information systems by performing network intrusion detection, vulnerability analysis, incident handling, and formal incident reporting on security related events involving DoD information systems. Before attacking and defending information systems, Billy was an active duty Officer in the United States Marine Corps. Billy has spoken at numerous security conferences including: Blackhat briefings, Bluehat, RSA and Hack in the Box. Billy holds a Bachelors degree in Business Administration, Master of Science degree in Information Systems, and is currently pursuing his Master of Business Administration.

John Walton is a Lead Security Engineer with Microsoft, where he spends his time code auditing, penetration testing and managing the Microsoft Online security team. Prior to joining Microsoft, John started a security consulting company, Penetration Technologies, specializing in application and infrastructure security and worked as Lead Security Engineer at Avaya. While at Avaya John built the Avaya Product Security Support Team, hacked every piece of Voice over IP (VoIP) equipment imaginable and helped develop VoIP encryption and security technology. Admittedly John is a self proclaimed computer security nut who rarely ponders anything else. He hold a Bachelors degree in Computer Science and is a Certified Information Systems Security Professional. While not working on security at Microsoft John spends his time security consulting for major financial and government institutions and occasionally finds time to sleep.