Meeting Information

May 2017 Quarterly Meeting

>> Register Here<<
 

 

Speaker: Daniel Sweet - Director Endpoint Detection and Response Team

 

Title: Needle in the Heap Stack - Spotting Anomalies in Memory

Abstract: This talk will focus on using open source memory forensics tools such as Rekall or Volatility to look through memory structures and spot artifacts that are out of place. In this talk we will examine an advanced piece of malware that is built to hide from the native operating system, then examine the constructs it creates in memory and how to find them with repeatable hunting techniques. Last we will take a look scaling these techniques to the enterprise for practical hunting at scale.

 

 

Speaker: Daryl Cox - Checkmarx

 

Title: Could a few lines of code <F!#ck> it all up!

Abstract: Recently, an anonymous open source developer decides to remove his code (left-pad) from a public repository.  Shortly thereafter, several large organizations felt the impact of his actions. Facebook, AirBnB and others experienced errors impacting the functionality of their services. Packages using “left-pad” wouldn’t properly execute.

 
Today, we embrace both the open source community and the growth of open source projects, modules and packages but… Dependencies and recursive dependencies might become a risk or even a new attack vector which we didn’t foresee.

Could there be other cases of common and popular open source packages depending on open source modules that might not be there tomorrow or, even worse, could they be maliciously modified?

 
Join us for an insightful session that will reveal our research on this topic where you will learn:
  • Which common open source packages might not be there tomorrow and how this can affect you?
  • How packages you use could be maliciously modified impact on your app Discuss the risks introduced by hybrid application development
  • How intertwined and complex dependencies have become

 



 

Speaker: John Byers - CISO @ IBC


Title: The Religion of Security

AbstractIs security the religion of IT or has it become the religion of business.  There is a bit of dark humor imbedded in today’s “I’m all about Security” talk from folks today.  Senior IT (CIO/CTO) have all caught the religion of security.  What’s more interesting is these are the same folks that 5 or so years ago, not only couldn’t spell security it was the farthest from the minds.  The last thought of any project, application or system deployment.  And while some might take issue with that, the truth is it was all about getting the technology out the door.  Today, things have changed, business and the real driver for technology is Security.  Security is the enabler of business in this 21st century.


 


Where
Maggiano's
 

Maggiano's Little Italy

 
 



 


Mixer to follow at Maggiano's Bar
4:30 to 6:30
2 Free drinks plus appetizers


Comments