Freddy Krueger, Dunning Kruger, and incident response tactics. So you say you can setup a vlan, change dns, and restore files. But what happens after dark?
Watch more videos on my YouTube channel.
Archive for October, 2015
Stuck in Traffic – Time based Security
Posted byIT security teams have watches. Criminals have time. Let’s waste their time on our watch. Quick overview of Winn Schwartau’s security model.
Watch more videos on my YouTube channel.
Stuck in Traffic – Project Planning
Posted byConvert a security framework into a roadmap using project planning. It’s like alchemy.
Watch more videos on my YouTube channel.
Stuck in Traffic – Assessing Incident Response
Posted byGrab a table, start on the table top, walk thru the attack, discuss the defense, and then run it as an assessment. How well prepared is the organization to respond to a security incident?
Watch more videos on my YouTube channel.
Security Culture in Development
Posted byThe majority of security vulnerabilities come from flaws in software code. While the rate in which these flaws occur remains constant, we are now developing more code than ever before as well as deploying software to many more devices. We must address the software development process and it can only be done by creating a culture of security. This session presents the Security Culture Framework (SCF) and applies it to an entirely fictional development organization. We will discuss awareness training and tying the training to tangible improvements in code. By using the SCF Topics/Planner/Metrics approach, we will move the organization toward developing every more secure code. The presentation will conclude with take-aways for applying the SCF to your software development team.
Presented at CircleCityCon in June 2015.
Watch more videos on my YouTube channel.
Stuck in Traffic – Capturing USB
Posted by29c3 capture the flag, Point of Sale card swipes, and Wireshark. You’d be surprised at how much is on a USB wire.
Watch more videos on my YouTube channel.
Punch and Counter-punch Part Deux: Web Applications
Posted byApplications today account for 75% of all attacks on corporate resources. Whether injection, XSS, poor crypto or the general ignorance of secure coding techniques, applications need our help! In “Punch and Counter-punch Part Deux”, Wolfgang and NerdyBeardo present a poorly secured application and how to properly utilize secure coding techniques to defend it. Our attacker demonstrates active attacks against the application including using SQL Injection, Cross Site Scripting, CSRF, and Broken Crypto. Demonstrations will be written in C# however concepts will work with any programming language. All code will be made available on github.
Presented at GrrCON 2015 with @NerdyBeardo.
Watch more videos on my YouTube channel.
Stuck in Traffic – Vigilantes
Posted byRobin Hood. Batman. Hacktivists. Let’s chat about vigilantes and the latest benevolent malware, Wifatch.
Watch more videos on my YouTube channel.
Stuck in Traffic – Siem
Posted bySiem as the Fitbit for your IT team’s security behavior. Tune the network, not the Siem.
Watch more videos on my YouTube channel.
Stuck in Traffic – Footprints
Posted byLive from GrrCon. Footprints of This Year’s Top Attack Vectors, by Kerstyn Clover. Don’t trust the experts and the trolls. Look closely on what’s actually happening.
Watch more videos on my YouTube channel.