Talks

• Updates on the tech and security
• A new tool release
• Some crowd-sourcing research

The security community has heavily adopted social-media such as Twitter. However, the ratio of valuable information to noise is very high which makes it hard to use efficiently and has many limitations

This presentation will demonstrate an online tool which can identify trending IT security items amongst the global community and can also build dynamic timelines of public vulnerabilities to help overcome limitations of manually maintained vulnerability repositories such as NVD. This presentation will also take a look at demographic specific trends, measuring vulnerability hype, and identifying technical vulnerability write-ups over many languages and social networks.

What's the point in sending your latest 0day exploit module down the wires when the shellcode decoder stub can be generically discovered. Generic ROP chains extenuate this issue as they end up becoming lengths of static DWORDS that can be easily detected through network monitors or AV signatures.

ROP and ROLL is a proof of concept demonstration of ROP chain mutation or modification in an attempt to remove likelihood of easy detection and the loss of your latest java bug.

Phishing has been going on forever, but of late it's gone from 419 scams to exploit kits, while becoming more prevalent and (occasionally) more sophisticated in the process. This talk will break down, from an attacker's perspective:

• * Getting your phish past Gmail, Yahoo, Hotmail, etc.: spam traps are for suckers
• * How to make people more likely to click your phish
• * Not getting busted by pesky web filters and IDS systems
• * Picking a quality host for your payload

Live examples will be used to demonstrate points of phisher failure and general "doing it wrong and getting busted by network security pros" throughout. The audience will also be given a chance to poke fun at legitimate emails that look phishy, and thus help blur the line between "it's OK to click on everything I get in my inbox!" and "maybe I should be suspicious of this link randomly delivered to my email address." White hats throughout the room should take notice of subtly delivered, newly proposed logic for generic detection of phishing attacks.

P.S. Those curious about the proposed speaker's style are encouraged to read http://www.shitmylogssay.com/?p=10 for an example of him trolling a 419 scammer. Equivalent technically oritented lulz will be present throughout this talk.

Open source means that commits are publicly visible, patches are shared upstream and discussion is via public forums. This is antithetical to the needs of embargoed security flaws, where opacity and secrecy is key prior to releasing a patch. Handling patches in a secure fashion using the open source model is a balancing act between openness and confidentiality. This talk will explain how it is done, covering the handling of embargoed flaws, private communication channels used by open source developers, committing patches upstream and communicating with users. The result is significantly greater transparency around released patches, with full source code and documentation available, as opposed to patches for proprietary software which are often limited to a mysterious updated binary, a CVSS score and a vague description.

Video with hand puppets outlining the talk: http://www.youtube.com/watch?v=EXMsJ-ypf0M