Technical Tuesday – 14 May 2013 – Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals by Jeff Kuhn of CACI
A significant and growing percentage of legitimate Internet traffic is now encrypted – a problem for signature-based and other content-based network exploitation detection systems. Encrypted packet content is not available for analysis and the large amount of legitimate activity provides cover for exploitation activity. Enterprise level TLS/SSL proxy is one solution, using a network gateway appliance to intercept TLS traffic and decrypt it for analysis.
The week of 29 April – 2 May 2013 (Monday – Thursday, 9 am – 5 pm daily), cybergamut sponsored a special offering of a Security+ Boot Camp at the incredible price of $995 per person.
When we offered this class late last year all the students passed the test on their first attempt.
Technical Tuesday – 23 April 2013 – Secure VoIP & Messaging for Mobile Platforms by Phil Zimmermann of Silent Circle
Phil’s interest in secure telephony predated secure email, but he had to wait for technology infrastructure to mature. This presentation will show you how to communicate securely without relying on PKI.
Technical Tuesday – 12 February 2013 – Are We There Yet? . . . Security and the Cloud by Dr. Susan Cole of Exceptional Software Strategies, Inc.
Many organizations are moving to the Cloud. The reason is obvious: it can create a huge cost savings. Depending on how moving to the cloud is implemented, companies can save on system administrator resources because software no longer needs to be installed locally, and servers no longer need to be managed locally. System administrators are also freed from deployment and maintenance activities and can now focus on more strategic objectives of the company.
Technical Tuesday – 22 January 2013 – Finding Splunk Before Splunk Finds You by Rob Frazier of Whiteboard Federal Technologies
Splunk is a software product that has been around for almost a decade. Most people think of Splunk as a log aggregator with some security monitoring functions thrown in. The truth is, Splunk is all that and a whole lot more. Right out of the box Splunk is a product that can provide useful information that justifies its deployment. It is easy to use and set up, and can collect machine data right away.
The week of 10 – 14 December 2012, cybergamut sponsored a special offering of the SANS SEC 504: Hacker Techniques, Exploits & Incident Handling training class along with a GCIH certification exam attempt at a tremendous savings for cybergamut members.
Technical Tuesday – 4 December 2012 – Sandboxing finally becomes mainstream – the new security paradigm for host based security by Alan Bollinger of OnSystem Logic
Least privilege application control (often referred to as sandboxing and more formally called mandatory access control) is emerging as this decade’s leading approach to securing host systems and applications. This technology, based on trusted operating system principles developed in the mid-90’s, is finally making its way into commercial IT environments and applications and significantly improving host security using non-signature based techniques.
This was an incredible opportunity to save money on an industry recognized class and certification that satisfies some of the DoD 8570.01-M requirements.
The week of 3 – 6 December 2012 (Monday – Thursday, 9 am – 6 pm daily), cybergamut sponsored an offering of a Security+ Boot Camp.
cybergamut is a group of industry, academic, and government professionals that works on cyber challenges. We address all phases of the cyber lifecycle and we’re continuously seeking talented individuals with creative, inquisitive minds to engage in this critical security imperative. As a follow up to our August Technical Tuesday event, we hosted a special Teen Tech on Saturday, 3 November 2012.
cybergamut was featured at the CyberMaryland conference held 16 – 17 October 2012, in Baltimore, Maryland.
The Chief Suit participated in a panel discussion where he revealed part of the solution to our Virtual Easter Egg Trail. If you had always wondered how the trail works, but have never found time to solve the steps, this was a chance to get a head start.
Technical Tuesday – 16 October 2012 – Infosec Rock Star: How to be a More Effective Security Professional by Ted Demopoulos
Why are some of us much more effective than others? A very few of us are so effective, and well known, that we might even be called the rock stars of our industry. Now we personally may never be swamped by groupies, but we can learn the skills to be more effective, well respected, and well paid.
Technical Tuesday – 18 September 2012 – Effective Decision Support to Achieve Cyber Situational Awareness by Bill Elm
Managing the challenges of Cyber involves almost every dimension of problem difficulty: immense scale, internet pace, thinking adversaries, complex functional dependencies, a geographically distributed problem space, contradictory mission objectives, collaborative & multiorganizational decision making, etc. The primary foci of most Cyber solutions tend to concentrate on data availability, automation, and analytics.
Due to the success of previous programs, the Capitol College Critical Infrastructure and Cyber Protection Center offers to cybergamut members their Capitol College Community rate of $990 for the CISSP Preparation Program beginning 15 September 2012.
Our world is increasingly embedded — from smart phones to smart appliances to toys with features more amazing every year.
The good news is that our world is also increasingly hobby friendly!
Technical Tuesday – 17 July 2012 – Accumulo Project Panel Discussion – co-sponsored with Open Source Software Institute (OSSI)
This was an in depth technical panel discussion on the Accumulo Project led by Adam Fuchs from the National Security Agency. The moderator was Adam Suri, Sr VP Cyber Technologies, Secure Technologies Group and board member of the Chesapeake Regional Tech Council.
Due to the success of this program last year, the Capitol College Critical Infrastructure and Cyber Protection Center offered to cybergamut members their Capitol College Community rate of $990 for the CISSP Preparation Program beginning 16 June 2012.
One of the major problems concerning information security is malicious code. To evade detection, malware (an unwanted malicious piece of code) is packed, encrypted, and obfuscated to produce variants that continue to plague properly defended and patched systems and networks with zero-day exploits.
Technical Tuesday – 22 May 2012 – Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security by Dr. Gary Jackson
Network attacks are in the process of crippling organizations. Over the years, such attacks have grown in sophistication and ever increasing damage or extensive theft of sensitive or classified data/information has been the result. Although adversarial threat has increased in effectiveness including higher numbers of first-time attacks, network protection methodologies have remained essentially the same for decades.
Technical Tuesday – 3 April 2012 – Does Locard’s Exchange Principle Apply in Digital Forensics? by Ken Zatyko
In this presentation, we present a challenge question for today’s cyber experts, cyber scientists, and cyber analysts. Does Locard’s Exchange Principle apply in digital forensics? The dramatic increase in cybercrime and the repeated cyber intrusions into critical infrastructure demonstrate the need for improved security.
Technical Tuesday – 21 February 2012 – An Introduction to the (Ninja) Art of Data Carving and Steganography by Keith Bertolino
Since 2001 we’ve all heard the media buzz about “nameless U.S. officials” claiming that terrorists and foreign intelligence services have been using “steganography” applications to facilitate covert communication between their operatives. Steganography applications attempt to conceal digital data within other benign-appearing digital files.
Technical Tuesday – 6 December 2011 – Malware Analytics at Stream Rate – An Evolving Concept by Dr. Harold Jones
Windows Portable Executables (PEs) are a workhorse for network operations – BAE Systems’ North American network sees roughly 5K unique PEs per day, the vast majority of which are associated with approved activities (e.g., patch downloads).
The week of 28 November – 2 December 2011, cybergamut sponsored a special offering of the SANS SEC 504: Hacker Techniques, Exploits & Incident Handling training class along with a GCIH certification exam attempt at a tremendous savings for cybergamut members.
Technical Tuesday Workshop – 15 November 2011 – Ancient Alien Hypervisor Password Reset Utility Workshop by Eric Fiterman of Rogue Networks
Virtualization provides the backbone to many of the cloud computing services you hear about today. If you manage virtual or cloud infrastructure, there may come a time when you realize you’ve lost the password for a hypervisor or virtual data center cluster and need to get back in without reinstalling or destroying anything.
Conventional Wisdom says that if you forget your Window’s Password, it is time to reinstall your operating system. Things like a Windows Password are little barrier to hackers. During this demonstration, you see how a hacker is able to break into Microsoft operating systems like Windows 7 with very little effort.
Our Technical Director Panel members were:
- Al Holt of the NSA/CSS Threat Operations Center (NTOC)
- Greg Wessel of the NSA SIGINT organization
- Chip Willard of the NTOC Analysis Shop
Conventional IP networks are well understood in terms of security vulnerability, and how to protect against attacks. Even so, specific attacks (Stuxnet, etc) have shown that well engineered attacks are still viable.
Technical Tuesday – 19 July 2011 – Our Security Status is Grim (and the way ahead will be hard) by Brian Snow
Brian gives his view of why the current state of cyber security is so wretched, and draw parallels between the recent “Fiscal Debt Bubble” that led to our current recession and a current disturbing “Trust Bubble” in cyber security technologies.
He describes high level conceptual flaws in current cyber security architectures that many are not aware of, as well as detailed implementation flaws we frequently see.
Technical Tuesday – 28 June 2011 – Deep Packet Inspection by Peder Jungck of CloudShield Technologies, Inc and SAIC
Information assurance and cyber security has changed quite a bit since the days of access control lists, firewalls and intrusion prevention systems. Today, in countering modern malicious attacks, leveraging bulk filtering and blocking solutions can result in a significantly degraded network and drive a threat scenario that is more complex than can be easily countered. This presentation covers many forms of attacks that require active mitigation that is not focused on filtering but rather adapting the threat through manipulation of transactions.
Technical Tuesday – 24 May 2011 – APT Intrusion Remediation: The Top Do’s and Don’ts by Rob Lee of MANDIANT and The SANS Institute
During Incident Response, Advanced Persistent Threat (APT) remediation is challenging because from the first day the attacker selected your network as a target, they have operated knowing that they will someday be caught. Because of that, they attempt to cover their tracks and make it as difficult as possible for you to find them and extricate them from your network.