Pen Test Hackfest Europe #PenTestHackfestEU
|
|
- Francis Higgins
- 5 years ago
- Views:
Transcription
1 2 2 n d J U LY BERLIN Pen Test Hackfest Europe 2019 #PenTestHackfestEU
2 Agenda We strive to present the most relevant, timely and valuable content. As a result, this Agenda is subject to change. Please check back frequently for changes and updates. Sunday 21 st July :00 20:00 Pre-Summit Meet and Greet This optional session offers the opportunity to meet and network with your fellow attendees the night before the Summit kicks off. We highly recommend you attend if possible. Monday 22 nd July :30 09:30 Registration and Coffee This is another great opportunity to meet, greet and interact with your peers so come down early. 09:30 09:45 Welcome and Introduction by Summit Chair Erik Van Buggenhout, Certified Instructor & Author, SANS 09:45 10:30 Keynote Speech James Lyne, Head of Research & Development, SANS 10:30 11:05 Blame Wars - How to Attribute Responsibility In November 2018, Austrian security consultancy SEC Consult published a security advisory concerning a vendor of ID solutions using the German national ID card. Authenticating with a real ID card, the researchers had been able to trick a web app into believing they were Johann Wolfgang von Goethe. Technically the bug leading to the vulnerability is easy to describe and reproduce (it is a well-known mishandling of the complex SAML authentication mechanism). Still, a fierce debate between researchers, vendor and circles of German government contractors erupted - not so much about the impact of the vulnerability itself, but more about where to place blame. Since the bug was contained in an accompanying SDK, it could be both the vendor's as well as users' fault. Others blamed SAML itself - and therefore either the standards authors or the German government for picking the standard. In the presentation, I will track the origin of the bug both technically and historically/"politically" to generate some insights into the question who should be to blame for vulnerabilities and security incidents: a sketch for a theory of attribution. David Fuhr, Head of Research, HiSolutions AG 11:05-11:35 Networking Break: Drinks and snacks will be served
3 Monday 22nd July :35 12:10 Pillaging Modern Windows User Profiles Sure, dumping hashes, grabbing user tokens and BloodHound-ing your way to domain admin is great but, there are all kinds of juicy postexploitation morsels helpfully left behind by users if you know where to look for them. This talk explores these avenues and will give you a newfound appreciation for Outlook data, command history, temp files and more! Jason Nickola, Director of Technical Services, Pulsar Security 12:10 12:45 A Journey Through Adversary Emulation During this talk, NVISO will take you on a journey through adversary emulation, from its inception to its adoption and application. They will show you how they integrated adversary emulation into their red teaming approach using MITRE s ATT&CK framework. Next to the more classic red teaming assessments, other adversary emulation flavors such as purple teaming and integration with the TIBER framework will be covered as well. To top things off, concrete examples from recent assessments and lessons learned will be shared. After this talk, you will have a structured overview of everything adversary emulation and enough inspiration to tackle every adversary emulation challenge coming your way. Jonas Bauters, Senior Security Consultant, NVISO 12:45-13:45 Networking Luncheon Lunch is served onsite to maximize interaction and networking among attendees. 13:45 14:20 Well, that escalated quickly! - A Local Privilege Escalation Approach Companies engage security experts to penetrate their infrastructures and systems in order to find vulnerabilities before malicious users do. During these penetration tests, security experts often encounter Windows endpoints or systems and gain low privileged access to these. To fully compromise the system, privileges have to be escalated. Windows contains a great number of security concepts and mechanisms. These render privilege escalation attacks difficult. Penetration testers should have a sound knowledge base about Windows components and security mechanisms in order to understand privilege escalation concepts profoundly and apply these. This talk imparts knowledge on Windows required to understand privilege escalation attacks. It describes the most relevant privilege escalation methods, techniques and names suitable tools and commands. These methods and techniques have been categorised, included into an attack tree and were tested and verified in a realistic lab environment. Based upon these results, a systematic and practical approach for security experts on how to escalate privileges was developed. Khalil Bijjou, Senior Security Consultant, SEC Consultant
4 Monday 22nd July :20 14:55 Pentesting Cars Given the increasing popularity of automotive hacking, more and more bug bounty programs are setup by vehicle manufacturers, enabling researchers to collect a nice reward for reporting new vulnerabilities they find in their cars. A car pentesting apprentice will inevitably raise the question: How can I be part of this and how do I start doing some research on my own car? In this presentation, we will provide a quick walk-through of our penetration testing methodology for embedded systems, specifically tailored to automobiles. The interested audience will get to know a framework they can utilize to perform a full blown penetration test, starting on individual control units, i.e. the computers that are the basic building blocks of a car's electronics system, and from there work the way up to analysing the car as a whole. The methodology, will of course touch on the vehicle s backend communication, as connected features are an integral and especially from a pentester s perspective - very attractive part of the modern vehicle s extras. Practical examples will be used to demonstrate how the methodology can be put to work in real life scenarios. With the framework at hand, attendees will have the necessary tool to get started with car security research in a structured and comprehensive manner. Oliver Nettinger, R&D, NVISO 14:55 15:30 With Just a Search Engine & Cup of Coffee: Hunting Vulnerabilities on the Web Our security team conducted several security studies in 2018, intended to discover vulnerabilities and weaknesses in web servers in the Czech Republic (or in the.cz cctld and on IPs located in Czech Republic, to be more specific). Two of these studies (1. Identification of servers with open/ browsable directories and sensitive files and 2. Search for open redirection vulnerabilities) were conducted with not much more than a search engine. Given how simple it is (at least in theory) to identify and remove these vulnerabilities, one might assume they wouldn't be too common. Yet the results proved otherwise - in a quite interesting turn, we've managed to identify sensitive data and open redirection vulnerabilities on more that 250 servers, number of which were running fairly high-profile sites or belonged to a critical service providers. In the end, although we weren't looking for them, we found some interesting vulnerable servers outside the Czech Republic as well. The presentation would cover our methodology for conducting both of the studies, discussion of what we found/what was the impact of what we found, and how well (or less so) things went when we informed the subjects responsible for the impacted servers. Jan Kopriva, CSIRT Team Leader, Alef Nula a.s. 15:30-16:00 Networking Break Drinks and snacks will be served
5 Monday 22nd July :30 17:05 Erik Van Buggenhout, Certified Instructor & Author, SANS 17:05 17:20 Closing Remarks by Summit Chair Erik Van Buggenhout, Certified Instructor & Author, SANS Social events and informal networking activities are hosted after the Summit.
6
Live Adversary Simulation: Red and Blue Team Tactics
SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2
More informationCyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET
DATASHEET Gavin, Technical Director Ensures Penetration Testing Quality CyberSecurity Penetration Testing CHESS CYBERSECURITY CREST-ACCREDITED PEN TESTS PROVIDE A COMPREHENSIVE REVIEW OF YOUR ORGANISATION
More informationOPERATIONAL ANALYTICS AND ACQUISITION FOCUS DAY MONDAY, APRIL 30
OPERATIONAL ANALYTICS AND ACQUISITION FOCUS DAY MONDAY, APRIL 30 Operational Analytics is an interactive day dedicated to delivering overmatch capabilities and actionable intelligence to decision makers.
More informationIMEC Cybersecurity for Manufacturers Penetration Testing and Top 10
IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10 Christian Espinosa, Alpine Security www.alpinesecurity.com 1 Objectives Learn about penetration testing Learn what to consider when selecting
More informationShiftLeft. Real-World Runtime Protection Benchmarking
ShiftLeft Real-World Runtime Protection Benchmarking Table of Contents Executive Summary... 02 Testing Approach... 02 ShiftLeft Technology... 04 Test Application... 06 Results... 07 SQL injection exploits
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationLeasing Life Conference & Awards 30 th November 2017 Hotel Krasnapolsky Amsterdam, Netherlands
Leasing Life Conference & Awards 30 th November 2017 Hotel Krasnapolsky Amsterdam, Netherlands Leasing Life s conference provides the ideal setting for the industry to come together to discuss its progress
More informationCyber Security Congress 2017
Cyber Security Congress 2017 A rich agenda covering both technical and management matters with targeted presentations and hands on workshops. Day 1 Conference Morning Session 8.30 9.00 Registration & Coffee
More informationSensePost Training Overview 2011/2012
Training 08 July 2011 About SensePost Information Security... 3 Training Overview... 3 A. Cadet Edition... 4 B. Bootcamp Edition... 6 C. BlackOps Edition... 8 D. Combat Edition... 10 E. W^3 Edition...
More informationSecurity Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE
Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Cyber Security Services Security Testing - a requirement for a secure business ISACA DAY in SOFIA Agenda No Agenda Some minimum theory More real
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationLeasing Life Conference & Awards 30 th November 2017 Hotel Krasnapolsky Amsterdam, Netherlands
Leasing Life Conference & Awards 30 th November 2017 Hotel Krasnapolsky Amsterdam, Netherlands Leasing Life s conference provides the ideal setting for the industry to come together to discuss its progress
More informationA Passage to Penetration Testing!
A Passage to Penetration Testing! EC-Council Cyber Research This paper is from EC-Council s site. Reposting is not permitted without express written permission. What Is Penetration Testing? A penetration
More informationTraining on CREST Practitioner Security Analyst (CPSA)
1 Training on CREST Practitioner Security Analyst (CPSA) Objectives This programme introduces to you to the CPSA, CREST Practitioner Security Analyst, and certification. This instructor led course covers
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationSponsorship Packages Digital Ethics Summit
Digital Ethics Summit 12 December 2018 Sponsorship Packages Digital Ethics Summit Etc Venues County Hall, London techuk represents the companies and technologies that are defining today the world that
More informationRastaLabs Red Team Simulation Lab
RastaLabs Red Team Simulation Lab LAB OUTLINE Description RastaLabs is a virtual Red Team Simulation environment, designed to be attacked as a means of learning and honing your engagement skills. The focus
More informationSecurity!Maturity Oc O t c o t b o er r 20 2, 0,
October 20, 2010 Security!Maturity About me - Joshua Jabra Abraham Security Consultant/Researcher at Rapid7 LLC. Past speaking engagements BlackHat, DefCon, ShmooCon, Infosec World, CSI, OWASP Conferences,
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationTrain as you Fight: Are you ready for the Red Team?
Train as you Fight: Are you ready for the Red Team? An inside look at Red Teaming Yves Morvan Twitter: @morvan_yves Email: Yves@securenorth.ca Agenda Introduction What is Red Teaming? VA s vs. Penetration
More informationTraining and Certifying Security Testers Beyond Penetration Testing
Training and Certifying Security Testers Beyond Penetration Testing Randall W. Rice, CTAL (Full), CTAL-SEC Director, ASTQB Board of Directors www.astqb.org Most organizations do not know the true status
More informationExperience Security, Risk, and Governance
Experience Security, Risk, and Governance Agenda and recommended event path 26 28 March Vienna, Austria Contents 3 Welcome 4 Overview 5 Evening Programs 6 Sessions at-a-glance 11 Digital Transformation
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationCertificate in Security Management
Certificate in Security Management Page 1 of 6 Why Attend This course will provide participants with an insight into the fundamentals of managing modern and effective security operations. It will address
More informationCertified Cyber Security Specialist
Certified Cyber Security Specialist Page 1 of 7 Why Attend This course will provide participants with in-depth knowledge and practical skills to plan, deliver and monitor IT/cyber security to internal
More informationMARKETPLACE 2015: Buyer Guide
MARKETPLACE 2015: Buyer Guide Chile 2015 Introduction Welcome to Tour Operator MARKETPLACE 2015. Use this packet to plan and maximize your experience at the 2015 Adventure Travel World Summit, including
More informationBeyond Your Device. Control, Connect, Experience. BT GS Analyst and consultant call 2 July 2013
Beyond Your Device Control, Connect, Experience BT GS Analyst and consultant call 2 July 2013 Agenda Welcome & situation in the market Neil Sutton, Vice President Portfolio Our solution Connect Jayne Smith,
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationEffective Threat Modeling using TAM
Effective Threat Modeling using TAM In my blog entry regarding Threat Analysis and Modeling (TAM) tool developed by (Application Consulting and Engineering) ACE, I have watched many more Threat Models
More informationICS Security Rapid Digital Risk Assessment
ICS Security Rapid Digital Risk Assessment Identifying, Measuring, Understanding Dieter Sarrazyn dieter.sarrazyn@toreon.com @dietersar SANS EUROPEAN ICS SECURITY SUMMIT Stephen Smith Stephen@ONRIX.eu Agenda
More informationHands-On Hacking Course Syllabus
Hands-On Hacking Course Syllabus Version 0. 1 Hands-On Hacking 1 Table of Contents HANDS-ON HACKING... 1 TABLE OF CONTENTS... 2 COURSE SYLLABUS... 3 Course... 3 Student Pre-requisites... 3 Laptop Requirements...
More informationSPONSORSHIP OPPORTUNITIES JULY 25-26, 2018 SANTIAGO, CHILE #ISC2CONGRESSLATAM LATAMCONGRESS.ISC2.ORG
SPONSORSHIP OPPORTUNITIES JULY 25-26, 2018 SANTIAGO, CHILE #ISC2CONGRESSLATAM LATAMCONGRESS.ISC2.ORG THE WORLD S LEADING CYBERSECURITY AND IT SECURITY PROFESSIONAL ORGANIZATION How to face the immense
More informationCyber Security School
Cyber Cyber Security School FUTURE PROOF Y SECURITY TALENT "The UK needs to tackle the systemic issues at the heart of the Cyber skills shortage..." National Cyber Security Strategy 2016-2021, HM Government
More informationCYBERSECURITY PENETRATION TESTING - INTRODUCTION
CYBERSECURITY PENETRATION TESTING - INTRODUCTION Introduction Pen-testing 101 University Focus Our Environment Openness and learning Sharing and collaboration Leads to Security Weaknesses What is Penetration
More informationProtect Your Organization from Cyber Attacks
Protect Your Organization from Cyber Attacks Leverage the advanced skills of our consultants to uncover vulnerabilities our competitors overlook. READY FOR MORE THAN A VA SCAN? Cyber Attacks by the Numbers
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationPenetration Testing! The Nitty Gritty. Jeremy Conway Partner/CTO
Penetration Testing! The Nitty Gritty Jeremy Conway Partner/CTO Before I Start What qualifies me to speak about this? It s all important and relevant! Brief History The Past! US Active Army DoD Contractor
More informationEC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1
EC-Council Certified Incident Handler v2 Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1 THE CRITICAL NATURE OF INCIDENT HANDLING READINESS An organized and
More information2 days. Certified UX & Usability Professional User Experience & Interaction Design with Lean UX & Agile UX
2 days Certified UX & Usability Professional User Experience & Interaction Design with Lean UX & Agile UX Description What to expect User experience has become the most important factor for designing successful
More informationPenetration testing.
Penetration testing Penetration testing is a globally recognized security measure that can help provide assurances that a company s critical business infrastructure is protected from internal or external
More informationInstructor-led Training Course Catalog
Instructor-led Training Course Catalog January 2018 800.873.8193 sig-info@synopsys.com synopsys.com/software GENERAL DISCLAIMER This document presents details about the training offerings from Synopsys
More informationA YEAR OF PURPLE. By Ryan Shepherd
A YEAR OF PURPLE By Ryan Shepherd WHOAMI DETECTION and RESPONSE Investigator for Countercept Threat Hunter PURPLE Team Consultant Offensive Security Certified Professional (OSCP) Crest Registered Intrusion
More informationSecure DevOps. Program Guide. Summit
Secure DevOps Summit 2018 Program Guide Monday, October 22 Agenda All Summit Sessions will be held in the Silverton 2/3 Room (unless noted). All approved presentations will be available online following
More informationCyber Security - Information Security & Testing
Cyber Security - Information Security & Testing Strategic delivery: Setting standards Increasing and informing choice Demonstrating efficiency economy and value Details: Meeting AGC Agenda item 11 Paper
More informationCYBER THREAT INTELLIGENCE TOWARDS A MATURE CTI PRACTICE
CYBER THREAT INTELLIGENCE TOWARDS A MATURE CTI PRACTICE Richard Kerkdijk December 7th 2017 A WORD ABOUT TNO Dutch innovation and advisory body, founded by law in 1932 and currently comprising some 2800
More informationAdvanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector
Advanced Threat Defense Certification Testing Report Trend Micro Deep Discovery Inspector ICSA Labs Advanced Threat Defense July 12, 2016 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg,
More informationData-Driven Policing Summit
Reduce Crime and Manage Risk in Policing with Data Analysis Data-Driven Policing Summit Using Data Analytics and Predictive Modeling to Mitigate Risk and Reduce Crime September 18-19, 2017 Washington,
More informationMARKETPLACE 2015: Media Guide
MARKETPLACE 2015: Media Guide Chile 2015 Introduction Welcome to Tour Operator MARKETPLACE 2015. Use this packet to plan and maximize your experience at the 2015 Adventure Travel World Summit, including
More informationExpertise that goes beyond experience.
Pre-Conference Training and Certification Expertise that goes beyond experience. OKTANE18.COM Monday, May 21 - Tuesday, May 22 ARIA Resort & Casino, Las Vegas Contents 03 04 05 Okta Education Services
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More information26-27 November, 2018 AUDI Forum Neckarsulm, Germany
26-27 November, 2018 AUDI Forum Neckarsulm, Germany Transform Now! The automotive industry is undergoing the biggest change in its entire history. Germany will ban the sale of new cars with internal combustion
More informationProfessional Services Overview
Professional Services Overview Internet of Things (IoT) Security Assessment and Advisory Services IOT APPLICATION MOBILE CLOUD NETWORK Company Overview HISTORY HISTORY Founded in 2010 Headquartered in
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationCyberVista Certify cybervista.net
ONLINE CYBERSECURITY CERTIFICATION TRAINING CyberVista Certify ONLINE CYBERSECURITY CERTIFICATION TRAINING CyberVista Certify CyberVista offers the industry s most comprehensive cybersecurity training
More informationSANS Vendor Offerings Detail
SANS Vendor Offerings Detail After working with SANS for a few years now, the audience at SANS events and webinars continues to represent some of the most forward thinking IT security practitioners looking
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationBCS London Office Southampton Street, London, WC1.
The British Computer Society Information Security Specialist Group Announce a Seminar Penetration Testing Day Thursday, 16 th July, 2009. BCS London Office Southampton Street, London, WC1. This event will
More informationAll the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too?
All the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too? Exploring Different Approaches to Penetration Testing Cara Marie NCC Group ISSA-LA Aug 2017 Obligatory About Me NCC Group Principal
More informationResearching New Ways to Build a Cybersecurity Workforce
THE CISO ACADEMY Researching New Ways to Build a Cybersecurity Workforce Pamela D. Curtis, Summer Craze Fowler, David Tobar, and David Ulicne December 2016 Organizations across the world face the increasing
More informationExpand Your Cyber Expertise. Secure Your Future.
Expand Your Cyber Expertise. Secure Your Future. CSX 2018 Europe will help you stay on top of the latest cybersecurity trends, further your cyber career, and make new connections with professionals around
More informationChoosing the Right Security Assessment
A Red Team Whitepaper Choosing the Right Security Navigating the various types of Security s and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationAccelerating CCUS: A Global Conference to Progress CCUS
Accelerating CCUS: A Global Conference to Progress CCUS 28-29 November 2018 EDINBURGH, SCOTLAND, UNITED KINGDOM There is broad international consensus that CCUS has a vital role to play in meeting global
More informationTransparency & Trust: A guide for landlords & tenants to data protection and privacy
Transparency & Trust: A guide for landlords & tenants to data protection and privacy 20 June 2017 Novotel Leeds Publication by HouseMark in association with Anthony Collins Solicitors and AmicusHorizon
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationPartnership Information
SECOND INTERNATIONAL CONFERENCE ON ISO 31000 STANDARD USING ISO 31000 RISK MANAGEMENT STANDARD TO ACHIEVE OPTIMAL PERFORMANCE Conference Date: 28-29 May 2013 Master Classes Date: 30-31 May 2013 Location:
More informationRBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
More informationMaria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security
Migrant Student Information Exchange (MSIX) Security, Privacy and Account Management Webinar Deloitte Consulting LLP. February 22, 2018 Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor
More informationIBM s approach. Ease of Use. Total user experience. UCD Principles - IBM. What is the distinction between ease of use and UCD? Total User Experience
IBM s approach Total user experiences Ease of Use Total User Experience through Principles Processes and Tools Total User Experience Everything the user sees, hears, and touches Get Order Unpack Find Install
More informationSecure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO
Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO tom.stiehm@coveros.com 1 About Coveros Coveros helps organizations accelerate the delivery of business value through
More informationExcel Professionally.IMPACT Urban Youth
TM Basic Etiquette/Protocol Certification Information Packet Excel Professionally.IMPACT Urban Youth NAUEP * P.O. Box 3641 * Cedar Hill, Texas * 75106 * 800.291.6492 * cert@urbangirlz.org 2010 2014. NAUEP.
More informationCENTRAL TAKE THE STAGE REGIONAL CONFERENCE MAY 1 4, 2016 / NASHVILLE, TN
CENTRAL REGIONAL CONFERENCE MAY 1 4, 2016 / NASHVILLE, TN TAKE THE STAGE Members: Register by Feb. 29 to save US$100. Take the Stage The IIA and IIA Nashville Chapter are excited to host the 2016 Central
More informationEDA documentation. EUROPEAN DEFENCE AGENCY COMMUNICATION No. EDA
Martin KONERTZ Director Capability, Armament & Technology e-mail: CAT@eda.europa.eu Tel: +32 (0)2 504 2850 Brussels, 31 May 18 EUROPEAN DEFENCE AGENCY COMMUNICATION No. EDA201805184 Ref: Land & Logistics/MK
More informationEstablishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security
Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Michael John SmartSec 2016, Amsterdam www.encs.eu European Network for Cyber Security The European
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationPenetration Testing. Strengthening your security by identifying potential cyber risks
Penetration Testing Strengthening your security by identifying potential cyber risks ...is a trusted and recommended provider of Cyber Security Services. Our Certified security consultants will deliver
More informationPenetration Testing and Team Overview
ATO Trusted Access Penetration Testing and Team Overview PRESENTED BY Name: Len Kleinman Director ATO Trusted Access Australian Taxation Office 18 May 2011 What is Vulnerability Management? The on-going
More informationBerlin Sponsorship Prospectus. Berlin Summit May 18, 2017 Station Berlin
Berlin Sponsorship Prospectus Berlin Summit May 18, 2017 Station Berlin Event Overview AWS Summit Berlin Date: May 18, 2017 Location: Station Berlin Agenda format: 6 Tracks, Expo Hall Targeted audience:
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationInternet Scanner 7.0 Service Pack 2 Frequently Asked Questions
Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationConference Overview. w w w. s p a t i a l c o. e v e n t s / b c m. Who should attend? Conference Topics. Officially Sponsored by.
Officially Sponsored by Supported by Sponsored by Knowledge Partner Conference Overview Business Continuity Management and Disaster Recovery BCM & DR are fundamental to the wellbeing of an organization.
More informationHigh School. Welcome to the 12 th Annual. Visits. Session 4C Tuesday, July 21 st. Summer Institute
High School Welcome to the 12 th Annual Visits Session 4C Tuesday, July 21 st Summer Institute Presenter(s)/Panelist(s) Presenter/Panelist Renee Norden Highland School Contact information rnorden@highlandschool.org
More informationSecurity Pitfalls. A review of recurring failures. Dr. Dominik Herrmann. Download slides at https://dhgo.to/pitfalls
Security Pitfalls A review of recurring failures Dr. Dominik Herrmann Download slides at https://dhgo.to/pitfalls Research on security, privacy, online tracking, forensics. Postdoc researcher University
More informationCyber Security Audit & Roadmap Business Process and
Cyber Security Audit & Roadmap Business Process and Organizations planning for a security assessment have to juggle many competing priorities. They are struggling to become compliant, and stay compliant,
More informationAtlasCamp & Partner Day Sponsorship Prospectus. 4 May 2017 Fira Barcelona Gran Via
AtlasCamp & Partner Day Sponsorship Prospectus 4 May 2017 Fira Barcelona Gran Via Atlassian in Europe Europe s Atlassian These eight countries make up nearly 30% of our total and global customer count.
More informationEthical Hacking Series: 0x01 - Hacking Methodologies. JaxHax Makerspace Travis Phillips
Ethical Hacking Series: 0x01 - Hacking Methodologies JaxHax Makerspace Travis Phillips About Me Member of Jax Hax since it opened. Specializes in Ethical Hacking, IT Security, and penetration testing.
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationAPNIC 35 Conference Sponsorship Proposal
35 CONFERENCE SINGAPORE 9 February - March 03 APNIC 35 Conference Sponsorship Proposal APNIC, the Asia Pacific Network Information Centre, offers a wide range of sponsorship opportunities for the APNIC
More informationThe fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS
The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS WELCOME SANS Institute is presenting the SANS VetSuccess Immersion Academy in the DC Metro area. For transitioning
More informationCourse Catalog: Webex Teams + Webex Meetings + Jabber
Course Catalog: Webex Teams + Webex Meetings + Jabber Webex Meetings, Webex Teams, and Jabber End User and Administrator Training Meet Me In The Cloud, Inc. https://meetmeinthecloud.com San Francisco Bay
More informationAUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response
AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationBypassing Web Application Firewalls
Bypassing Web Application Firewalls an approach for pentesters KHALIL BIJJOU SECURITY CONSULTANT 17 th November 2017 BYPASSING A WAF WHY? Number of deployed Web Application Firewalls (WAFs) is increasing
More informationAn ICS Whitepaper Choosing the Right Security Assessment
Security Assessment Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More information