Technical Tuesday – 6 December 2011 – Malware Analytics at Stream Rate – An Evolving Concept by Dr. Harold Jones

Posted on Dec 6, 2011 in Events Archive | No Comments
Technical Tuesday – 6 December 2011 – Malware Analytics at Stream Rate – An Evolving Concept by Dr. Harold Jones

Windows Portable Executables (PEs) are a workhorse for network operations – BAE Systems’ North American network sees roughly 5K unique PEs per day, the vast majority of which are associated with approved activities (e.g., patch downloads).

Read More

cybergamut SANS SEC 504 training – 28 November – 2 December 2011

Posted on Nov 28, 2011 in Events Archive | No Comments
cybergamut SANS SEC 504 training – 28 November – 2 December 2011

The week of 28 November – 2 December 2011, cybergamut sponsored a special offering of the SANS SEC 504: Hacker Techniques, Exploits & Incident Handling training class along with a GCIH certification exam attempt at a tremendous savings for cybergamut members.

Read More

Technical Tuesday Workshop – 15 November 2011 – Ancient Alien Hypervisor Password Reset Utility Workshop by Eric Fiterman of Rogue Networks

Posted on Nov 15, 2011 in Events Archive | No Comments
Technical Tuesday Workshop – 15 November 2011 – Ancient Alien Hypervisor Password Reset Utility Workshop by Eric Fiterman of Rogue Networks

Virtualization provides the backbone to many of the cloud computing services you hear about today. If you manage virtual or cloud infrastructure, there may come a time when you realize you’ve lost the password for a hypervisor or virtual data center cluster and need to get back in without reinstalling or destroying anything. 

Read More

Technical Tuesday – 18 October 2011 – Hacking Windows 7 by Jesse Varsalone

Posted on Oct 18, 2011 in Events Archive | No Comments
Technical Tuesday – 18 October 2011 – Hacking Windows 7 by Jesse Varsalone

Conventional Wisdom says that if you forget your Window’s Password, it is time to reinstall your operating system. Things like a Windows Password are little barrier to hackers. During this demonstration, you see how a hacker is able to break into Microsoft operating systems like Windows 7 with very little effort.

Read More

Technical Tuesday – 30 August 2011 – Government Cyber Technical Directors’ Panel

Posted on Aug 30, 2011 in Events Archive | No Comments
Technical Tuesday – 30 August 2011 – Government Cyber Technical Directors’ Panel

Our Technical Director Panel members were:

  • Al Holt of the NSA/CSS Threat Operations Center (NTOC)
  • Greg Wessel of the NSA SIGINT organization
  • Chip Willard of the NTOC Analysis Shop

Read More

Technical Tuesday – 9 August 2011 – Cellular Security by Jason MacLulich of Endace

Posted on Aug 9, 2011 in Events Archive | No Comments
Technical Tuesday – 9 August 2011 – Cellular Security by Jason MacLulich of Endace

Conventional IP networks are well understood in terms of security vulnerability, and how to protect against attacks. Even so, specific attacks (Stuxnet, etc) have shown that well engineered attacks are still viable.

Read More

Technical Tuesday – 19 July 2011 – Our Security Status is Grim (and the way ahead will be hard) by Brian Snow

Posted on Jul 19, 2011 in Events Archive | No Comments
Technical Tuesday – 19 July 2011 – Our Security Status is Grim (and the way ahead will be hard) by Brian Snow

Brian gives his view of why the current state of cyber security is so wretched, and draw parallels between the recent “Fiscal Debt Bubble” that led to our current recession and a current disturbing “Trust Bubble” in cyber security technologies.

He describes high level conceptual flaws in current cyber security architectures that many are not aware of, as well as detailed implementation flaws we frequently see.

Read More

SANS Training – 11 – 15 July 2011 – SEC 504

Posted on Jul 11, 2011 in Events Archive | No Comments
SANS Training – 11 – 15 July 2011 – SEC 504

Great class.

Read More

Technical Tuesday – 28 June 2011 – Deep Packet Inspection by Peder Jungck of CloudShield Technologies, Inc and SAIC

Posted on Jun 28, 2011 in Events Archive | No Comments
Technical Tuesday – 28 June 2011 – Deep Packet Inspection by Peder Jungck of CloudShield Technologies, Inc and SAIC

Information assurance and cyber security has changed quite a bit since the days of access control lists, firewalls and intrusion prevention systems. Today, in countering modern malicious attacks, leveraging bulk filtering and blocking solutions can result in a significantly degraded network and drive a threat scenario that is more complex than can be easily countered. This presentation covers many forms of attacks that require active mitigation that is not focused on filtering but rather adapting the threat through manipulation of transactions. 

Read More

Technical Tuesday – 24 May 2011 – APT Intrusion Remediation: The Top Do’s and Don’ts by Rob Lee of MANDIANT and The SANS Institute

Posted on May 24, 2011 in Events Archive | No Comments
Technical Tuesday – 24 May 2011 – APT Intrusion Remediation: The Top Do’s and Don’ts by Rob Lee of MANDIANT and The SANS Institute

During Incident Response, Advanced Persistent Threat (APT) remediation is challenging because from the first day the attacker selected your network as a target, they have operated knowing that they will someday be caught. Because of that, they attempt to cover their tracks and make it as difficult as possible for you to find them and extricate them from your network.

Read More

Technical Tuesday – 19 April 2011 – Stuxnet Redux: Malware Attribution & Lessons Learned by Tom Parker of Securicon

Posted on Apr 19, 2011 in Events Archive | No Comments
Technical Tuesday – 19 April 2011 – Stuxnet Redux: Malware Attribution & Lessons Learned by Tom Parker of Securicon

Recent incidents commonly thought to be linked to state sponsored activities have given rise to much discussion over the reliability of technical analysis as a source for adversary attribution – specifically in regards to what is commonly termed as the Advanced Persistent Threat (or APT).

Read More

Technical Tuesday – 29 March 2011 – Deep Packet Inspection for Cybersecurity ASW&R by Jeff Kuhn of Pangia Technologies

Posted on Mar 29, 2011 in Events Archive | No Comments
Technical Tuesday – 29 March 2011 – Deep Packet Inspection for Cybersecurity ASW&R by Jeff Kuhn of Pangia Technologies

ASW&R is an acronym for Attack Sensing, Warning, and Response. It is an expansion of an earlier term, Attack Sensing and Warning (AS&W), used in some circles to define the activity of identifying cyber attacks and providing actionable information about them.

Read More

Technical Tuesday – 8 February 2011 – Network Device Exploitation with Universal Plug & Play by Terry Dunlap of Tactical Network Solutions

Posted on Feb 8, 2011 in Events Archive | No Comments
Technical Tuesday – 8 February 2011 – Network Device Exploitation with Universal Plug & Play by Terry Dunlap of Tactical Network Solutions

Universal Plug & Play (UPnP) is a convenience technology found in many embedded devices such as home routers and wireless access points. The purpose is to allow various heterogeneous, network-enabled devices (i.e. phones, video game consoles, DVRs, etc.) to seamlessly communicate to the outside world without user configuration. To this end, UPnP devices automatically make firewall changes to a user’s network without their knowledge.

Read More

Technical Tuesday – 4 January 2011 – Network Monitoring by Josh Goldfarb of 21st Century Technologies, Inc.

Posted on Jan 4, 2011 in Events Archive | No Comments
Technical Tuesday – 4 January 2011 – Network Monitoring by Josh Goldfarb of 21st Century Technologies, Inc.

Proper monitoring of a large enterprise network is a critical component of the overall cyber security picture. However, data generated by network monitoring equipment is extremely cumbersome and presents the human analyst with numerous challenges. This talk aims to share successful techniques for streamlining analyst workflow, allowing organizations to get a handle on their data to better protect and defend their networks.

Read More

Technical Tuesday – 30 November 2010 – Insider Threat and Real-World Incident Study by Michael Collins & Greg Virgin of RedJack along with Jim Downey of DISA PEO-MA

Posted on Nov 30, 2010 in Events Archive | No Comments

Technical Tuesday – 9 November 2010 – Why Security People S#ck by Gene Bransfield of Tenacity Solutions

Posted on Nov 9, 2010 in Events Archive | No Comments

Technical Tuesday – 5 October 2010 – The Rise of the Social Web by Aaron Barr of HBGary Federal

Posted on Oct 5, 2010 in Events Archive | No Comments

Technical Tuesday – 10 August 2010 – Advanced Cyber Collection Techniques; Extracting and Analyzing Information from the Domain Name System by Tim Cague of The CYAN Group

Posted on Aug 10, 2010 in Events Archive | No Comments

Technical Tuesday – 25 May 2010 – Malware reverse engineering at ITT by Paul Frank of ITT

Posted on May 25, 2010 in Events Archive | No Comments

Technical Tuesday – 27 April 2010 – Aurora by Aaron Barr of HBGary Federal

Posted on Apr 27, 2010 in Events Archive | No Comments

Technical Tuesday – 9 March 2010 – A Tale of Two Departments – How Commerce and State Dealt With Chinese Intrusions: Lessons Learned Plus: Security Heroes and the 20 Critical Controls by Alan Paller of the SANS Institute

Posted on Mar 9, 2010 in Events Archive | No Comments

Technical Tuesday – 3 November 2009 – VoIP Security – Attacks, Threats and Countermeasures by Stuart McLeod of Global Knowledge

Posted on Nov 3, 2009 in Events Archive | No Comments

Technical Tuesday – 22 September 2009 – Silence of the RAM by Sean Bodmer of Savid Corporation

Posted on Sep 22, 2009 in Events Archive | No Comments

Technical Tuesday – 18 August 2009 – Windows Forensic Analysis: Dissecting the Windows Registry by Rob Lee of MANDIANT and the SANS Institute

Posted on Aug 18, 2009 in Events Archive | No Comments

Technical Tuesday – 14 July 2009 – Dirty Secrets of the Security Industry by Bruce Potter of Ponte Technologies

Posted on Jul 14, 2009 in Events Archive | No Comments

Technical Tuesday (Spec Tech on a Thursday) – 11 June 2009 – No-Tech Hacking by Johnny Long

Posted on Jun 11, 2009 in Events Archive | No Comments

Technical Tuesday – 26 May 2009 – Examining the Storm Worm by Nico Lacchini of TDI

Posted on May 26, 2009 in Events Archive | No Comments

Technical Tuesday – 14 April 2009 – Defending Against BGP Man-In-The-Middle Attacks by Earl Zmijewski of Renesys

Posted on Apr 14, 2009 in Events Archive | No Comments

Technical Tuesday – 24 March 2009 – Distributed Systems Technologies and Internet Intelligence by George Economou of Akamai

Posted on Mar 24, 2009 in Events Archive | No Comments

Technical Tuesday – 24 March 2009 – Analytic and IO Tools by Clift Briscoe and Nat Cooper of Edge

Posted on Mar 24, 2009 in Events Archive | No Comments