Technical Tuesday – 21 June 2016 – SS7, SWIFT, and Checking: Closed Network Evolution and Exploitation by Jeff Kuhn of Amches, Inc.
A recent 60 Minutes article on extracting mobile phone information from the SS7 telephone carrier signaling network crystalized some thoughts I’ve had for a while on the evolution of closed networks over time and the security implications of opening closed networks.
Technical Tuesday – 22 March 2016 – Providing Consistent Security Across Virtual and Physical Workloads by Gregory Stemberger and Rob Chee of Force 3
Data centers today are being tasked with many more requirements. This has been increasing as companies leverage server virtualization in new ways. This has made the data center a rich source of information for attackers. It is commonly accepted that protection of data center workloads is important, but in many cases security takes a back seat to data center performance.
Technical Tuesday – 23 February 2016 – Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain by Jason Christman and Dr. Alenka Brown of InLitics
Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment.
Technical Tuesday – 5 January 2016 – The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Orgnaization by John McLaughlin of IBM Security
The cyber security universe remains an increasing and dynamic threat to the American national infrastructure. This presentation provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged, attack patterns, and trends seen in these attacks. In addition, these attacks are characterized by targets, time, and degree of success.
Technical Tuesday – 1 December 2015 – It’s a Target Rich Environment: Understanding the IIoT Attack Surface by Mike Anderson of The PTR Group, Inc.
The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices like the Nest Thermostat. While those are worthwhile markets, the majority of the money will be involved with machine-to-machine communications in the Industrial Internet of Things (IIoT).
Technical Tuesday – 17 November 2015 – Hackproof Signal Processing for Wireless Communications by Dr. Joseph Mitola III
Conventional computing and communications expose myriad attack surfaces because of the Turing-equivalence of the instruction set architectures and the mathematical impossibility of forming a complete set of monitor functions to protect the contents of the registers from insightfully designed malware such as what NIST terms Advanced Persistent Threats. This talk describes how to throw out the general purpose computers via dataflow computing on FPGAs.
What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion.
Technical Tuesday – 9 June 2015 – Using EMET to Defend Against Targeted Attacks; presented by Robert Hensing of Microsoft
0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by adversaries seeking to gain a foothold in your enterprise via spear-phishing and watering hole style attacks leveraging 0-day vulnerabilities in commonly used applications such as Internet Explorer, Adobe Reader and Oracle’s Java.
Technical Tuesday workshop – 12 May 2015 – An Hour in the Life of a Cyber Analyst by Ryan Harvell of OPS Consulting and Marcelle Lee of AACC CyberCenter
Challenge: Organizations of all shapes and sizes are engaged in an ongoing balancing act to protect their data and intellectual property while at the same time making sure that employees, partners and customers have access to necessary network resources and information. There are a variety of tools and technologies that aid in this endeavor, but as we have seen with some of the recent high profile breaches, the human element is an essential component of cyber security.
When faced with the challenge of identifying, understanding and mitigating network security risks, Tor and the Deep Dark Web present obstacles that are increasingly difficult to overcome.
The week of 2 – 4 February 2015 (Monday – Wednesday, 9 am – 5 pm daily), cybergamut sponsored a special offering of an ITIL® v3 Foundations class at the incredible price of $1400 per person.
Technical Tuesday – 2 December 2014 – Receiver Operating Characteristic (ROC) statistics and their successful use in medical studies, Nigerian scams, and APT detection by Jeff Kuhn of Amches, Inc.
Receiver Operating Characteristic (ROC) statistics have been a practical tool in the field of clinical medicine for more than 50 years, an area where stakes can be very high and test results are understood to be inherently uncertain. ROC statistics and that half-century body of knowledge also usefully inform networked system security across a range of activities including system design, analytics tuning, and operational tactics.
Technical Tuesday – 28 October 2014 – Software Defined Networking Security by Joel King of World Wide Technology
Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting.
Technical Tuesday – 6 May 2014 – Malware Reverse Engineering – An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware by Dale Robson of CyberPoint
Industry standard cyber security products do a good job in blocking and defending against recognized or suspicious malware. Industry leading security solutions employ a mix of sandboxing, signatures, heuristics, and reputation analysis to identify binaries and their behaviors at scale and typically at network speed.
Technical Tuesday – 11 March 2014 – Virtualization Technologies in Cyberwarfare by Jason Syversen of Siege Technologies
Virtualization is often talked about in the context of cloud computing, cost savings and enterprise environments. In this talk, Mr. Syversen introduces Intel, AMD and ARM virtualization architectures and describe novel approaches to implementing virtualization technology / hypervisors for offensive and defensive cyber security applications. Case studies are presented for malware detection, reverse engineering, code protection, security testing, stealthy code and other applications.
Technical Tuesday – 10 December 2013 – Dumping in the Dark: Gaining Insight into your Memory Acquisition Tools and Techniques by Alissa Torres of the SANS Institute
Digital forensic and incident response professionals unanimously agree on the vital importance of physical memory acquisition and analysis in investigations, whether they center around the reconstruction of user activity or the isolation of malicious code. Most computer incident response teams have preferred tools for such acquisition that are part of their standard operating procedures invoked during live response or evidence acquisition.
Technical Tuesday – 12 November 2013 – Location Based, Context Aware Services for Mobile – Today and Tomorrow by Guy Levy-Yurista, Ph.D.
As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they’re interested in, and what they’re going to do.
Technical Tuesday – 22 October 2013 – Cyber Security Strategy — Why We’re Losing and What’s Needed to Win by Steve Chabinsky of CrowdStrike
Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting worse, and current strategies show no indication of reversing that trend.
Technical Tuesday – 24 September 2013 – Malware Analysis for the Masses by Brian Baskin of Newberry Group, Inc.
With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With modern technology and tools, it’s now possible for junior security analysts to gather detailed malware indicators to craft defense and alert signatures. More enticing, all of this can be done with free tools and applications, some written by this presenter.
Technical Tuesday – 13 August 2013 – A Cloud Computing Introduction for Managers by Dr. Patrick Allen of JHU/APL
Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and non-cloud alternatives to accomplish their projects. This talk provides a brief and basic introduction to cloud computing, what managers need to know about cloud computing, what are some of the myths, and what they need to ask about cloud computing from service providers.
Technical Tuesday – 18 June 2013 – Buzzword Forensics: Mobile is the Future…and the Future is Now by Al Holt, Adjunct Professor at Towson University
Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In this talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere.
Due to the success of previous offerings of this program, the Capitol College Critical Infrastructure and Cyber Protection Center is offering to cybergamut members a rate of $899 for their CISSP Preparation Program beginning 15 June 2013.
Technical Tuesday – 14 May 2013 – Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals by Jeff Kuhn of CACI
A significant and growing percentage of legitimate Internet traffic is now encrypted – a problem for signature-based and other content-based network exploitation detection systems. Encrypted packet content is not available for analysis and the large amount of legitimate activity provides cover for exploitation activity. Enterprise level TLS/SSL proxy is one solution, using a network gateway appliance to intercept TLS traffic and decrypt it for analysis.
The week of 29 April – 2 May 2013 (Monday – Thursday, 9 am – 5 pm daily), cybergamut sponsored a special offering of a Security+ Boot Camp at the incredible price of $995 per person.
When we offered this class late last year all the students passed the test on their first attempt.
Technical Tuesday – 23 April 2013 – Secure VoIP & Messaging for Mobile Platforms by Phil Zimmermann of Silent Circle
Phil’s interest in secure telephony predated secure email, but he had to wait for technology infrastructure to mature. This presentation will show you how to communicate securely without relying on PKI.
Technical Tuesday – 12 February 2013 – Are We There Yet? . . . Security and the Cloud by Dr. Susan Cole of Exceptional Software Strategies, Inc.
Many organizations are moving to the Cloud. The reason is obvious: it can create a huge cost savings. Depending on how moving to the cloud is implemented, companies can save on system administrator resources because software no longer needs to be installed locally, and servers no longer need to be managed locally. System administrators are also freed from deployment and maintenance activities and can now focus on more strategic objectives of the company.
Technical Tuesday – 22 January 2013 – Finding Splunk Before Splunk Finds You by Rob Frazier of Whiteboard Federal Technologies
Splunk is a software product that has been around for almost a decade. Most people think of Splunk as a log aggregator with some security monitoring functions thrown in. The truth is, Splunk is all that and a whole lot more. Right out of the box Splunk is a product that can provide useful information that justifies its deployment. It is easy to use and set up, and can collect machine data right away.
The week of 10 – 14 December 2012, cybergamut sponsored a special offering of the SANS SEC 504: Hacker Techniques, Exploits & Incident Handling training class along with a GCIH certification exam attempt at a tremendous savings for cybergamut members.
Technical Tuesday – 4 December 2012 – Sandboxing finally becomes mainstream – the new security paradigm for host based security by Alan Bollinger of OnSystem Logic
Least privilege application control (often referred to as sandboxing and more formally called mandatory access control) is emerging as this decade’s leading approach to securing host systems and applications. This technology, based on trusted operating system principles developed in the mid-90’s, is finally making its way into commercial IT environments and applications and significantly improving host security using non-signature based techniques.
This was an incredible opportunity to save money on an industry recognized class and certification that satisfies some of the DoD 8570.01-M requirements.
The week of 3 – 6 December 2012 (Monday – Thursday, 9 am – 6 pm daily), cybergamut sponsored an offering of a Security+ Boot Camp.