Northeast Ohio Information Security Forum

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday January 18, 2011
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly meeting at the above date and time. It will be held in the lower level of the Park Center Plaza #1 building (in the large room on lower level) off of Rockside Road in Independence. I’ve included links to maps and directions in this email.

Talks (descriptions below):

Security Economics and the Battle Against Patience by Rockie Brockway
More TBA

Don’t forget to come early, starting at 6:00 PM, for pizza and pop courtesy of NEOISF (http://www.neoisf.org/).

Another great meeting from NEO Info Sec Forum – we hope to see you there!
– NEOISF Board –
Follow us on Twitter: http://twitter.com/neoisf
Our website: http://www.neoisf.org

———————————————————————————-
[Location]
Park Center Plaza 1
6100 Oak Tree Blvd
Google maps link: http://bit.ly/ndIDBZ

[Directions]
1. I-77
2. Rockside Road exit
3. West on Rockside Road
4. 2nd light go South onto Oak Tree Blvd
5. Pull into the 3rd driveway on the right
6. Go to lower level
Signs will be posted on the building.

————————————-
Security Economics and the Battle Against Patience by Rockie Brockway

This talk focuses on many of the latest attack trends and goals, the parties responsible and the responsibility of the InfoSec community in not only protecting our own direct business assets but associative economic impact of doing so on our collective national economies. Alternate methodologies of protecting the business model will be presented and open to discussion/debate.

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday December 21, 2011
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly meeting at the above date and time. It will be held in the lower level of the Park Center Plaza #1 building (in the large room on lower level) off of Rockside Road in Independence. I’ve included links to maps and directions in this email.

Talks planned (abstracts and bios at bottom of this email)…

• Homemade Hardware Keylogger/PHUKD Hybrid by Irongeek
• The Penetration Testing Execution Standard (PTES) – Changing an Industry by Dave Kennedy

Don’t forget to come early, starting at 6:00 PM, for pizza and pop courtesy of NEOISF (http://www.neoisf.org/).

Another great meeting from NEO Info Sec Forum – we hope to see you there!
– NEOISF Board –
Follow us on Twitter: http://twitter.com/neoisf
Our website: http://www.neoisf.org

———————————————————————————-
[Location]
Park Center Plaza 1
6100 Oak Tree Blvd
Google maps link: http://bit.ly/ndIDBZ

[Directions]
1. I-77
2. Rockside Road exit
3. West on Rockside Road
4. 2nd light go South onto Oak Tree Blvd
5. Pull into the 3rd driveway on the right
6. Go to lower level
Signs will be posted on the building.
———————————————————————————-

- – – – – – – – – – -
TALK INFORMATION

TALK TITLE : Homemade Hardware Keylogger/PHUKD Hybrid
SPEAKER    : Irongeek

ABSTRACT:
He has been doing some work recently on making homemade keyloggers of both the USB and PS/2 persuasion that will take keystrokes, record/replay them, and modify programmable HID payloads accordingly.  This hardware and software is not exactly ready for prime time, but he figured he would share it with you.

Here are just a few of the possibilities:
    * Log all the keys using a MicroSD card
    * Vary payloads based on keystrokes
    * Log username/password and use them later
    * Screw with the person who is typing

————————————————–
TALK TITLE : The Penetration Testing Execution Standard (PTES) – Changing an Industry
SPEAKER    : Dave Kennedy, CISO @ Diebold Inc.

ABSTRACT:
The Penetration Testing Execution Standard (PTES) was just released in its first draft form at DerbyCon 2011. Since then, there has been an overwhelming amount of input placed on changing the way the industry does Penetration Testing. This talk will cover what defines a penetration test, what they are used for, and how you can change the industry for the better.

BIO:
Dave Kennedy (ReL1K) is a Vice President and Chief Security Officer at Diebold Incorporated. Dave is responsible for ensuring the overall physical and logical security of a Fortune 1000; publicly traded company. Dave also runs the security consulting practice at Diebold which is focused on enhancing and building security for large and mid-sized organizations. Dave is the creator of the Social-Engineer Toolkit (SET), an open-source penetration testing tool for social-engineering. Dave is the co-founder of DerbyCon, a large-scale security conference located in Louisville Kentucky. Dave is the co-author of Metasploit: The Penetration Testers Guide book which has been number one in security on Amazon for over 6 months. Prior to Diebold, Dave worked for the United States Marine Corps (USMC) and the intelligence field working on information warfare activities.

————————————————–

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday August 17, 2011
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road,
Independence, Ohio
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly
meeting at the above date and time. It will be held in the lower
level of the Park Center Plaza #1 building (in the large room on lower
level) off of Rockside Road in Independence. I’ve included links to
maps and directions in this email.

Talks planned (abstracts and bios at bottom of this email)…

Topic TBA by Rob Hartstein

Breach Laws by Glenn Brzuziewski

Don’t forget to come early, starting at 6:00 PM, for pizza and pop
courtesy of NEOISF (http://www.neoisf.com/training).

Another great meeting from NEO Info Sec Forum – we hope to see you there!
– NEOISF Board –

———————————————————————————-
[Location]
Park Center Plaza 1
6100 Oak Tree Blvd
Google maps link: TinyURL link http://tinyurl.com/neoisfmtg

[Directions]
1. I-77
2. Rockside Road exit
3. West on Rockside Road
4. 2nd light go South onto Oak Tree Blvd
5. Pull into the 3rd driveway on the right
6. Go to lower level
Signs will be posted on the building.
———————————————————————————-

–
Follow us on Twitter: http://twitter.com/neoisf
Our website: http://www.neoisf.org

============================================================
You are receiving this because you are on the
Northeast Ohio Information Security Forum mailing list.
To unsubscribe or edit your subscription send
an email to board@neoisf.org
============================================================

- – – – – – – – – – -
TALK ABSTRACT:
TBA

SPEAKER BIO: Rob Hartstein
Rob’s experience in the network security industry began approximately
20+ years ago during the infancy of Corporate America’s initial roll
out of Internet access to their end users as well as protecting WAN
network traffic traveling between remotely disparate locations over
POTS lines. Over the years since then he has transitioned from IT
Manager on the corporate side to “hands on” management of Technical
Support organizations for vendors of encryption technology and network
security appliances and is now National Accounts Sales Engineer at
WatchGuard Technologies.

Breach Laws
Glenn Brzuziewski

TALK ABSTRACT:
In light of the recent Epsilon and Sony breaches, Congress is at it
again. Congress once again is considering a bill that will unify the
patchwork of state breach notification laws. Plus, they just
completed hearings grilling Epsilon executives and talking about the
need for a federal statute covering breach notification & data
security. I’m sure you all saw this on CSPAN on June 2 This
talk will present and discuss the state of breach notification laws,
including examples & stories of state legislation, federal industry
egulations and caselaw. In talking to security managers & CSO’s,
this is an area creating much anxiety. This talk will attempt to
clarify the myriad of legal things revolving around PII and breaches.
This is not a technical talk, but promises get your head spinning and
be every bit as confusing as any technical presentation at NEOISF.

SPEAKER BIO:
TBA

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday June 15, 2010
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road,
Independence, Ohio
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly
meeting at the above date and time. It will be held in the lower
level of the Park Center Plaza #1 building (in the large room on lower
level) off of Rockside Road in Independence. I’ve included links to
maps and directions in this email.

Talks planned (abstracts and bios at bottom of this email)…

Ten Ways to Fail at Information Security by Chris Clymer by Chris Clymer, Senior Security Consulant SecureState

Building a completely evasive backdoor without any detection rules by Dave Kennedy “ReL1K”, Dude that breaks things

Don’t forget to come early, starting at 6:00 PM, for pizza and pop
courtesy of NEOISF (http://www.neoisf.com/training).

Another great meeting from NEO Info Sec Forum – we hope to see you there!
– NEOISF Board –

———————————————————————————-
[Location]
Park Center Plaza 1
6100 Oak Tree Blvd
Google maps link: TinyURL link http://tinyurl.com/neoisfmtg

[Directions]
1. I-77
2. Rockside Road exit
3. West on Rockside Road
4. 2nd light go South onto Oak Tree Blvd
5. Pull into the 3rd driveway on the right
6. Go to lower level
Signs will be posted on the building.
———————————————————————————-

–
Follow us on Twitter: http://twitter.com/neoisf
Our website: http://www.neoisf.org

============================================================
You are receiving this because you are on the
Northeast Ohio Information Security Forum mailing list.
To unsubscribe or edit your subscription send
an email to board@neoisf.org
============================================================

- – – – – – – – – – -
TALK ABSTRACT:
Since leaving corporate life to become a consultant 12 months ago I’ve had the opportunity to observe and assess security programs across a wide array of companies. Hospitals, banks, utilities, law offices and grocery stores…everyone does security a little bit differently. One common theme has been that there is no one “right” way to run an effective security program. There are however so many spectacularly different ways to do security wrong! In this presentation I will highlight ten different ways that I’ve seen security NOT work, and which likely WON’T work for anyone, anywhere.

SPEAKER BIO:
Chris Clymer is a senior security consultant with the Advisory Services practice at SecureState, a Cleveland-based security consultancy. Chris is a co-host of the Security Justice podcast, is an organizer of Security Bsides Cleveland, a founding member of the Cleveland TOOOL chapter, and of course a board member of the Northeast Ohio Information Security Forum. He specializes in taking the opposite side of any security argument

Building a completely evasive backdoor without any detection rules
David Kennedy

TALK ABSTRACT:
We all know Anti-Virus is failing us but what about other technologies? We have HIPS, behavioral, heuristics, IPS/IDS and others. This talk will be covering a recent interactive backdoor that I wrote for the Social-Engineer Toolkit (SET) that acts polymorphic in nature per each instance and leverages 256AES encryption with a randomized cipher key exchange per connection. Best part is it doesn’t get detected by anything out there and circumvents pretty much every protection mechanism I’ve seen. We’ll go into how it was built, the overall structure and how you can build your own very easily leveraging Python.

SPEAKER BIO:
David Kennedy (ReL1K) is a security ninja and Director of Information Security for a Fortune 1000. Dave is on the Back|Track and Exploit-Database development team and a core member of the Social-Engineer podcast and framework. David continues to contribute to a variety of open-source projects. David had the privilege in speaking at some of the nations largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET), Fast-Track, modules/attacks for Metasploit, and has released a number of public exploits. David heavily co-authored the Metasploit Unleashed course available online and has a number of security related white-papers in the field of exploitation. David has a book soon to be released in July from NoStarch Press, “Metasploit: A Penetration Testers Guide”. David is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky. Lastly, David worked for three letter agencies during his U.S Marine Corp career in the intelligence field specializing in red teaming and computer forensics.