| Evening Presentations 2007 |
|
|
|
The evening presentations are what makes the ChicagoCon experience different from the rest. This is where you get to see top professionals in their fields do what they do live and in person. From career advice to hacking PDAs, E-Voting Systems to malware deconstruction, live demos of hacking tools such as Metasploit and Cain & Abel... It's all here as yet another way for you to expand your knowledge. And while you're at it, why not have a little fun with some hacking contests. Let's call it your practical exam! And, as with most things in life, you will be rewarded with gifts from our Publishing Sponsors.
We know this is a lot for those going through boot camps, so to encourage participation, we will be giving away $1000s in door prizes and for contest winners including:
For specific times, please view the Daily Schedule for ChicagoCon 2007.
Monday Sept 17 - 7:00 PM
Security Policy: Are we doing it, or just talking about it?Annual Security Research Results and Reality (an audience participation session)Carol Balkcom, Security+ Product Manager - CompTIA
Each year, CompTIA conducts a study of IT security. This is the 5th year of the study, and the goal is to watch the trends in security: what IT managers are worried about, what they spend money on, the impact (if any) of security training or certification on breaches that are thought to be caused by human error. The goal of this session is to report briefly on some of the findings of the current study, and to discover through audience participation whether study results reflect reality in the environments where this year's ChicagoCon participants work each day. (Participation in the discussion will be anonymous.)
Carol Balkcom has more than 15 years in software marketing and development, starting with computer games and NEC's cool but short-lived TurboGrafx-16 videogame system in the late ‘80's. In recent years she moved to the computer-based testing business, and is currently product manager for CompTIA's Security+ and RFID+ exams. Her presentation about CompTIA's annual security research, while describing the key findings, is also designed to engage participants in open (anonymous) dialogue about how security policy is, or is not, preached and practiced in their own organizations.
Monday Sept 17 - 7:30 PMClient Side Penetration TestingAlex Horan, System Engineering Manager - Core Security
As securing the client-side network becomes an increasingly complex challenge, a mechanism is required to assess the security awareness of the users and evaluate the effectiveness of existing countermeasures as well as track progress. Traditional penetration testing can fall short of expectations within the users’ environment, especially if focused exclusively on the perimeter. In this presentation, Alex Horan will examine methodologies for penetration testing that evaluate a network's security from this new perspective, including findings from real-world penetration tests where this approach was taken.
Alex Horan is the System Engineering Manager for Core Security Technologies, helping to prove training and customer support for CORE IMPACT'S user base. Alex has well over 10 years of experience working with both software and hardware based security tools. He brings a deep knowledge and understanding of vulnerability assessment and penetration testing, systems administration, network administration and network audits to his work at Core. Alex has previously worked for mid and large sized companies helping to design and maintain their security posture.
Monday Sept 17 - 8:00 PM
Core Security Technologies Capture the Flag Contest Using Core IMPACT
Try your hand at compromising a network during the Core Security Hacker Challenge. Whether you’re an experienced pen tester or just starting out, this event will be a fun way to test your hacking knowledge while using our automated penetration testing product. A prize will be given to everyone who completes the challenge. Speed does have its advantages, since special prizes will go to the first 3 finishers, one of three Amazon.com gift certificates.
Tues Sept 18 - 7:00 PM
PCI Compliance: Regulatory Headache or Simplified Security?Joel Dubin, CISSP, Microsoft MVP
Everybody is running scared over PCI. To many companies, particularly small merchants and banks processing credit cards, it seems like a huge compliance headache and security burden. In fact, it's really a clean simple standard with common sense IT security directives that many companies are already following. But there are a few pain points and this presentation will go over both the easy parts, and the harder ones, to implement for PCI compliance.
Joel Dubin, CISSP, is an independent computer security consultant here in Chicago. He is a Microsoft MVP, specializing in web and application security, and is the author of The Little Black Book of Computer Security available from Amazon. He has a radio show on WIIT on computer security and runs The IT Security Guy Blog at http://www.theitsecurityguy.com/. He has worked in application security for credit cards and is well-versed in PCI compliance. He is also a regular contributor to TechTarget on security issues and is their Ask The Expert on Identity and Access Management.
Tues Sept 18 - 7:30 PM
Cain & Able: Windows Can Hack, Too!Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA
Cain & Able, a password auditing tool and so much more, is a great tool for the network administrator. This session will cover the basics and give you a few examples of how to use Cain & Able. Live demonstrations will also be presented.
Brian Wilson has over 12 years experience in IT starting with a tour in the United States Army. He has worked in and out of the US Government in many different organizations and technical roles including a stint as a Cisco Certified Instructor. Currently he works for one of the largest US broadband providers (ISP) as a Senior Data/Voice Engineer supporting over 3 million High Speed Internet/ VoIP subscribers. He has attained a number of industry credentials covering many aspects of IT including CCNA, CCSE, CCAI, MCP, JNCIA, Network+, Security+, and many DoD Certifications. He also uses his knowledge of IT to benefit a number of charitable organizations. Clearly Brian's knowledge and interests are wide, and his affinity for philanthropy will be the overiding theme of his vast set of articles and videos.
Tues Sept 18 - 8:00 PM
Metasploit Part 1: Just the FactsChris Gates , CISSP, CPTS, CEH, GCIH
Metasploit is great tool for the exploit developer and penetration tester. But, for a person new to the tool, it can be overwhelming. We will cover the basics of using the Metasploit Framework. We'll cover the interfaces, exploit types, payloads, auxiliary modules, and of course do a couple of demos.
Chris Gates is a columnist for The Ethical Hacker Network and the operations manager for www.LearnSecurityOnline.com and consultant for Aura Software Security. He also serves as a student mentor and course developer for LSO. Chris has over six years of experience with telecommunications and network security serving in various jobs in the U.S. Military. His computer security interests are in Windows and Web Application security. In addition to the above certifications, Chris also holds his CompTIA A+, Network+, Security+ Certifications and is a Microsoft Certified Professional (MCP) for Server 2003.
Tuesday Sept 18 - 8:30 PM
Root Wars Hacking Contest by LearnSecurityOnline.com
Bring your hands on hacking skills for a game of SpeedRoot. We will break up into several teams and attack a network with several vulnerable hosts. The team with the most roots at the end of the time wins. Bring your command line skills, no point and click hacking here. Prizes include books, t-shirts and other cool items.
Wed Sept 19 - 7:00 PM
Metasploit Part 2: The Fun StuffChris Gates , CISSP, CPTS, CEH, GCIH
Day 2 continues with a discussion of the Windows "super payload," meterpreter, some basic meterpreter scripts, and some fun demos that move us past the set RHOST, set PAYLOAD, exploit basics.
Chris Gates is a columnist for The Ethical Hacker Network and the operations manager for www.LearnSecurityOnline.com and consultant for Aura Software Security. He also serves as a student mentor and course developer for LSO. Chris has over six years of experience with telecommunications and network security serving in various jobs in the U.S. Military. His computer security interests are in Windows and Web Application security. In addition to the above certifications, Chris also holds his CompTIA A+, Network+, Security+ Certifications and is a Microsoft Certified Professional (MCP) for Server 2003.
Wed Sept 19 - 7:30 PM
Follow the Bouncing Malware - Live!Tom Liston, Sr. Security Consultant - Intelguardians
Walk through a live demonstration of reverse engineering an interesting piece of malware with Tom Liston, Handler from the SANS Internet Storm Center and Senior Security Consultant with Intelguardians. Learn the path for quickly analyzing a piece of malicious code while taking a few interesting and amusing side trips along the way.
Tom Liston is a Senior Security Consultant for the Washington, DC based security consultancy, Intelguardians. He is also an Incident Handler for the SANS Institute's Internet Storm Center as well as a founding member of the ISC's Malware Analysis Team. He is the developer of the Open Source security application LaBrea, and has written several other widely used security applications. He is the co-author (along with Ed Skoudis) of the best-selling computer security book, Counter Hack Reloaded, and is the author of the popular series of diaries on the SANS Internet Storm Center titled: “Follow the Bouncing Malware”.
Thurs Sept 20 - 7:00 PM
Election and E-Voting Security: Fact vs. FictionKeatron Evans, CISSP, MCSE: Security, CEH, CHFI
E-voting and Election Security has garnered much media attention over the last two years. Are we really in danger of security breaches that could possibly destroy our democracy? Is it as easy as it sounds? Just how bad is it? What are the solutions? All of these questions will be addressed in this presentation.
Keatron Evans, with more than 11 years experience in IT security, has worked in several capacities in the IT security industry. He regularly engages in consulting and training for several intelligence community agencies. He recently received the EC-Council Instructor Excellence award. Keatron has attained several industry credentials including CISSP, CEH, CHFI, CWNA, MCSE:Sec, and several other government specific certifications. Keatron is currently President and Chairman of a Chicago based Security Consulting firm. His work in E-voting security is considered cutting edge.
Thurs Sept 20 - 7:30 PM
Hacks and Threats to the Mobile WorkforceDan Hoffman, CISSP, CWNA, CEH
Companies spend millions of dollars implementing security technologies to protect their corporate networks. While this is certainly necessary, laptop computers and other mobile devices lose this protection once they leave the confines of the corporate office. Whether it's working from home, the airport or coffee shop, these mobile devices require the same protection they would otherwise have if they were physically sitting at their work desk. Not providing this protection can put companies at significant risk.
Daniel V. Hoffman is a senior systems engineer at Fiberlink Communications and possesses over 13 years of hands-on remote access security knowledge. He is the book author of "Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise," released in April 2007 by Wiley Publishing and is a frequent article contributor to the Ethical Hacker Network . Hoffman's depth of experience brings reality and education to his well-known live hacking demonstrations, which have been featured in the U.S. Department of Homeland Security's open source infrastructure report and are regularly presented at computer conferences worldwide. He has been interviewed as a security expert by numerous leading media outlets throughout the world including Forbes, Network World, Clear Channel Communications and NewsWeek.
Thurs Sept 20 - 8:00 PM
Providing End-To-End Security in a Linux EnvironmentHadi Nahari, Chief Security Architect - MontaVista Software
As mobility continues to be the real success story for Linux, manufacturers are globally looking to Linux as the platform for their next generation designs. For handset manufacturers, sustainable competitive advantage requires cost and time-to-market efficiencies and product differentiation. As software complexity increases, manufacturers are forced to seek out more robust software platforms that easily facilitate migration from voice-focused devices to much more multimedia intensive clients. With Linux, manufacturers are able to differentiate and create a cost effective phone design while giving operators the ability to leverage a single platform from the network to the device.
Currently, an estimated 70 percent of new semiconductor devices are Linux-enabled. Such high growth is accompanied by inevitable security risks. Primarily, Linux-savvy hackers who were once confined to standard computing devices are now presented with the opportunity to hack Linux-enabled mobile devices. Because of these increased risks there is great value in understanding how and why to implement an effective security measure in a mobile Linux environment.
Hadi Nahari is a software security professional with 14 years of experience in all aspects of software development lifecycle, including extensive work in design and architecture, verification, proof-of-concept, and implementation of software systems. Hadi has worked on large-scale high-end enterprise systems, as well as constrained-resources embedded systems, with primary focus and interest on Security, Cryptography, Complex Systems Design, and Vulnerability Assessment & Threat Analysis. Hadi has led and contributed to various security projects for Netscape Communications, Sun Microsystems, United States Government, Motorola, etc. |
| < Prev | Next > |
|---|
