Our second ChicagoCon saw a drastic change in the way the event is organized. We no longer did evening presentations just for the boot camp students. Instead, we moved the talks to Friday afternoon and all day Saturday, and turned it into a full-fledged conference focused specifically on Ethical Hacking. We still had a few keynotes just for the students, but the bulk of the talks were on the weekend. It was greeted so positively, that from here on out, we will completely separate the training from the conference.

Below you will find the same page of keynoters, some of whom spoke only to the boot camp students, some of whom spoke during the weekend conference. Only now you will find icons for each presentation with links to the freely available media files including slide decks and live audio recordings.

Slide Decks & Audio Recordings are now freely available.

Matthew Carpenter SANS, Intelguardians

Windows Command-Line Ninjitsu

Compromised a Windows box? Learn new ways to leverage the power of the Windows Command-Line. Did I just say "power" and "Windows Command-Line" in the same sentence? Come to the talk and find out how to use Windows own weight against itself to bend the 0wned box to your pen testing will.

Matthew Carpenter is a Senior Security Consultant with Intelguardians. With a background in telecommunications and server infrastructure, Matthew brings a great deal of technical and business perspective to any forum. Matthew is a Community SANS Instructor and mentor for SANS, teaching about hacker techniques, attacks, defenses and recovery. Having spent most of his early career consulting and teaching audiences ranging from network engineers to administrative staff, Matthew is able to effectively communicate technical security concepts at an appropriate level, and has spoken in many security/hacking venues, foreign and domestic.

Matthew's expertise is in security penetration testing, digital forensic analysis, security incident response, and vulnerability/risk assessments. Matthew has provided security audits at many levels, ranging from network vulnerability assessment to deep binary security analysis. He has released several tools to the community pertaining to wireless security auditing and binary analysis, designed and developed several network service appliances, and has written and released a Java application server. Prior to working with Intelguardians, Matthew spent eight years at a major manufacturing/ecommerce corporation where he provided many of the services he currently engages in for Intelguardians' clientelle.

Ralph R. Echemendia OPST, CEH, ECSA

Information Disclosure and the Art of Intelligence Gathering

Intelligence (abbreviated int. or intel.) is not information, but the product of evaluated information, valued for relevance rather than its detail or accuracy. Sometimes this kind of intelligence can be gathered passively or actively. In this presentation I will cover both the non-technical and technical means of gathering passive and active information about a target. This is one of the most essential steps in footprinting an organization's resources prior to attack.

Ralph Echemendia is a world-renowned Security Expert who has appeared on KTLA, CNN, FOX News and Animal Planet as well as in the pages of USA Today and Forbes Magazine to name a few. He has been involved in the research, development and deployment of several key security technologies currently powering some of the most powerful e-commerce sites on the Internet. Ralph is described as a security samurai whose experience began at the age of 14 with ham radio, phone phreaking and the old bulletin board systems. His interest in technology eventually led to jobs in the computer industry. For over 13 years, he has conducted security audits and penetration tests, and consulted for numerous organizations around the world, including the United Nations, Oracle, and various hospitals and financial institutions. Previously as Information Security Product Line Manager for Intense School, he authored the official EC-Council ECSA certification materials and acted as Lead Instructor and Information Security Consultant and researcher on a number of projects. He also held the position of Director of Web Operations for Yupi Internet (now MSN Latin America). He has been providing professional services for several years and has written and delivered training on “Hacking” and other information security topics to the US Marines Corp., Army, Navy, SPAWAR, Bristol-Myers Squibb, AMEX, Boeing, Intel, Microsoft, Symantec and IBM.

Special Agent Patrick M. Geahan FBI Cyber Crimes Division

The FBI/Business Community Relationship

Right or wrong, the FBI has been viewed by many affected by cybercrime as being unapproachable or unable to offer meaningful help. As such, Patrick will present on the constraints and possibilities available for the Bureau to work with private industry on crimefighting. He will be discussing what to do as the victim, as a subject, and as a service provider, and hopefully what your rights and duties would be. But most importantly, he will enlighten you on the Bureau's desire to reach out.

Patrick Geahan has served as an FBI Special Agent since 2004. Prior to that, he was an information and network security specialist for a Fortune 500 company, specializing in application security and investigations. He holds a Bachelor's Degree in Computer Science from Michigan Technological University and a CISSP certification. SA Geahan currently works on cyber crime for the FBI, primarily specializing in online child exploitation."

Luke McOmie CISSP, NSA-IAM, NSA-IEM (aka Pyr0)
Chris Nickerson, CISSP,CISA, NSA-IAM,17799 Lead Auditor

The Art of Espionage (Tactics, Defense, and your Corporation)

We have all heard the stories about looted laptops, misplaced media, and stupid user mistakes that have lead to losses in the millions. But what about the incidents that don’t get published or noticed? This upbeat presentation will discuss the role that espionage plays in today’s corporate world and will introduce many new attack and defense techniques. Previously unpublished case studies, a live demonstration, and audience participation will be used to help arm the audience with the basic knowledge needed to implement a multilayered security program that will help defend against these dangerous threats.

Luke McOmie is a Senior Security Consultant for Alternative Technology (an Arrow Company). Luke and the Security Services Team help protect and defend hundreds of the world’s largest companies and organizations. He specializes in Risk Analysis and Incident Response but is well versed in everything from Corporate Espionage to Physical Security. Formerly a senior consultant at the Department of the Interior (Bureau of Communications and Technology), he managed a national CSIRT responsible for Active Threat Defense, Risk Mitigation, and Incident Response. Luke is a senior staff member (goon) at the DEFCON Security Conference (http://www.defcon.org) and also contributes to several computer security organizations including the r00tcellar Security Team, 303, Security Tribe, and OSVDB.

Luke is also the coauthor of Aggressive Network Self Defense of Syngress Publishing and a featured member of TruTV's Tiger Team, a 30 minute reality television program showing the activites of actual penetration tests.

Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on information security in order to help companies better defend and protect their critical data and key information systems. He has created a Unique process to assess, implement, and manage information security strategy, architecture, policies, and procedures in the real world.

Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing and vulnerability assessments, to policy design, computer forensics, and regulatory compliance. Chris’s prior experiences include Developing and managing the Security Services practice at Alternative Technology, Chris was a Sr. Auditor for SOX compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris also served in the U.S Navy. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a 30 minute reality television program showing the activities of actual penetration tests and active assessments.

Mike Murray Director Neohapsis Labs

The Real Keys to Career Success in Information Security

Information security careers are often difficult to navigate - the speed of change and the myriad paths to success create a large amount of confusion and propagate significant myths throughout the industry. Beyond that, every success has their own story that seems radically different - unlike some careers, there just doesn't seem to be one path to the top. However, in his years of talking with and helping security professionals figure out how to succeed, Mike Murray has found some strategies that actually work to enable success in the confusing world of information security careers. This talk will enable you to cut through all of the confusion and figure out exactly how to get to the next step, and the step after that, and ultimately to fulfill your career goals.

PPT - 455k

Mike has spent his entire career in information security, starting in the late 90's as a penetration tester and vulnerability researcher up to his current position as the Director of Neohapsis Labs, where he heads up research, testing and analysis of security products.

His years of experience as a vulnerability researcher and leader of research teams have convinced him that the most important system to focus on in information security is the human system. His past few years, while continuing his work on the information security side with nCircle, LURHQ and Liberty Mutual, have been spent focusing extensively on the human side of security. His work helping other security professionals realize how to build a great career in security has been widely recognized, and his talks at major conferences about advanced social engineering techniques have been extremely well-reviewed. Mike's thoughts can be found on his blog at Episteme.ca, as well as his career site at ForgetTheParachute.com.