The University of Maryland University College (UMUC) and EC-Council, a world leader in IT Security Certification and Training, held a 2015 Capital Region TakeDownCon training and conference, June 1 and 2.
TalaTek Security Analysts Joshua Grove and Brian Thiellen attended the two-day EC-Council Foundation event, which provided a forum for researchers to display cutting-edge techniques of attack and methods for defense.
Michael Peters of Lazarus Alliance gave a presentation on the state of cyber security and stated that 96% of breaches can be avoided by implementing simple or moderate security controls.
Bruno Gonclaves de Oliveira of Trustwave gave a presentation on how they conduct penetration tests via phishing campaigns. Mr. Oliveira stressed the importance of employee security training, saying that no matter which tools are used, people are the weak link in the security chain because of social engineering.
Kevin Cardwell gave a presentation about his latest book on building cyber ranges for practicing penetration testing and defending networks. Mr. Cardwell reaffirmed that defense-in-depth with network segmentation should always be the foundation of any secure network. Flat networks, he stated, no matter which vendors are charged with defense, will never be as secure.
Robert Wood of Cigital compared the effectiveness of typical attack techniques on cloud systems versus traditional, on-premise data centers. Dustin Noe of UMUC gave a presentation and live demonstration on how to obtain leaked data using the recent heartbleed vulnerability. Steven Tessler of Raytheon | Websense gave a presentation on using their product, SureView Threat Protection, to map and investigate attacks on organizations.
Wayne Burke, CSO for Sequrit CSI, demonstrated the ease and affordability of configuring a rogue access point to intercept communications and exploit systems through Man-in-the-Middle (MitM) attacks. Mr. Burke also stressed the importance of only connecting to secure, trusted wireless routers.
Dr. Emma Garrison, of UMUC, gave a presentation on why security should be built-in in products.
On day two, Alvaro Sato gave a presentation on how firmware on hard drives can be used to hide data by putting data in sectors marked as bad and permanently bad, turning off drive heads, and deleting the adaptive hard drive data. He recommended hashing the firmware of all devices to aide in the detection of these types of attacks.
Dr. Jim Chen, Professor of Cybersecurity in the Information Resource Management College at the U.S. Department of Defense National Defense University and Adjunct Professor of Cybersecurity and Information Assurance in the Graduate School at UMUC, discussed the principles of deception and detection. Solomon Sonya from the US Airforce Academy discussed his project, “Excalibur,” designed to combine and present Threat Intelligence information from open sources.
Dr. Stephen Gantz of Cognosante discussed the differences between architecting security solutions in the cloud versus the corporate data center. Benjamin Brown discussed Doxxing, which is the posting of a person’s private information on a public Web site. Gregory Carpenter, owner of Gregory Carpenter Enterprises LLC, discussed the topic of CyberMedical Terrorism with the concepts of nanobots.
“Grecs” (his handle, not his name) from NovaInfosec gave a talk on using Evernote to organize information from Threat Intelligence sources. Michael Kobett of UMUC gave a live demonstration of using virtual box to conduct static and dynamic analysis of a real life virus.
TalaTek Security Analyst Joshua Grove summed up his reaction, “The demo of Kali (Linux hacking distribution) was also very good, showing how it’s possible to put it on Android phones and press ‘3’ to get peoples’ WPA2 passwords.”
TalaTek Security Analyst Brian Thiellen’s takeaways were: “Almost all attacks (96%) can be prevented by effective security training for personnel and basic security best practices such as secure passwords and multi-factor authentication. Government and corporations are trending towards cloud technology, which will create new security issues as more data is potentially accessible to attackers.
“We learned that security architects with an understanding of both traditional security architecture and cloud architecture are necessary to safeguard data if cloud models are to be used. The prevalence of exploit software and custom Linux builds, such as Kali, provide users with useful tools for security professionals to harden their network, but also provide weapons to potential malicious users.
“Finally, firmware is the new frontier for exploits. Hard drives or other devices with modified firmware can be undetectable by current forensic tools.”
