Ever wanted to deploy a drone from a grenade launcher? A lot of drones were harmed in the making of this talk. This talk will demonstrate a process for designing and 3D printing your own canister launched drones. Canister launched drones are compact and portable, however conventional designs lack sufficient wing area and deployment mechanisms, making payload capacity and flight times far lower than they could be. I’ve created a concept that makes use of low weight, high tensile fabric wings which allows small drones, such as the 40mm diameter unit depicted below, to have practical on-site flight times while carrying a useful payload.
While we continue to support the concepts of compliance, defense, governance, and prevention, it’s time to shift our focus beyond those measures with more emphasis on strategic response to incidents. This talk offers real stories of failure and practical, quick-win lessons on how to be prepared to respond quickly, accurately, and confidently when incidents occur. Because they will occur. Doing a few, important things well means opening our hearts and minds to a new way of thinking and learning about each other and what it means to be prepared for a crisis.
The talk I will be presenting is entirely my own work of research. While identifying vulnerabilities in web applications and participate in various bug bounty programs is interesting, I enjoy targeting platforms which are less popular as research topics. Having said that, while security for browsers is a known topic, I’ve been able to identify, through my research, several vulnerabilities which will help to secure it further. The issues I will be talking about during this talk would be – Same Origin Policy(SOP), Remote Code Execution(RCE) and Address Bar Spoofing (ABS).
For too long attackers have leveraged the built-in APIs and tooling on Windows systems against us. It’s time the tables are turned! Those APIs were made for Sys Admins and defenders… and we’re taking them back! We’re building a framework of response tools for defenders to wrestle control from threat actors without the risk of production outages. This talk will focus on techniques to turn the limited and traditional black-and-white incident response options into a full-color spectrum of alternatives for defending your turf.
Containers are the next big thing in virtualization technology. If configured properly they provide immense security. There are many different segments where a container deployment needs to be secured like Dockerfile , docker daemon, container images , monitoring within containers etc. Attending this talk will help you secure your deployments the container way. I will start this talk with a brief intro to containers, talk about how a typical container deployment pipeline looks like.
“I didn’t say that!” …The world will be forever changed by Deepfakes. A portmanteau of “deep learning” and “fake”, this trend refers to a new AI-assisted human image synthesis technique that generates realistic video face-swaps which can even be done in real-time. With modern face-swapping video technology, selfies can be used to create videos. A voice can be faked. A face can be faked. This is the new reality. What happens when we cannot trust what we hear and what we see?
Career development is typically seen as a progression of education, certification and job moves. For career development it is helpful to build both technical and non-technical skills in environments that challenge and support learning. One way to build these skills is through volunteering. Community involvement strengthens our community and provides opportunities to stretch and learn new skills. Our panel is made up of long-time community volunteers who will share their volunteering and career paths to illustrate their lessons learned and opportunities gained.
Many vendors try to sell you snake oil and wine/dine you during the review process then leave you high and dry afterwards. This talk focuses on how to do full tests of endpoint products to make sure you know what you are really getting into and not just being sold some fancy snake oil. The talk focuses on the technical aspects of the testing as well as the functionality of the product in your own environment.
Passwords have been used to secure user sessions in computing since the time sharing era. Cryptography, collaborative standards development, and persistent network connectivity have led to new options for authenticators, while determined attackers and ever-expanding computing power have minimized a password’s security value. Recently, NIST engaged with the identity community to substantially revise guidance around digital identities, authenticators, and federation security. This session will explore authenticators from passwords to the latest FIDO 2 standards, focusing on how to improve security while not negatively impacting user experience.
Nelson Mandela said, “Know your enemy - and learn about his favorite sport.” What does it mean to get to the know the enemy in 2019? Join us on a 5+ year journey of a CTI department and why a Fortune 500 decided to F! Attribution. In this talk, you’ll learn how the who and why of attribution means little when compared with TTPs in most company’s cyber threat intelligence programs.