Northeast Ohio Information Security Forum

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday December 17, 2014
—< 6:30 PM – 8:00 PM
—< Pizza and social starts 6:00 PM
—< Location: Freedom Square III at 4511 Rockside Rd.,
off Rockside Road, Independence, Ohio
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly
meeting at the above date and time.

Agenda:

Ten Tips Toward Better SQL Server Security by Craig Purnell

Abstract:
In this interactive and informative session, we will cover ten things you can do to better secure your SQL Server Database Server Infrastructure. We will cover how to require strong passwords, areas of historical privilege abuse, encryption toolkit, and separation of duties just to name a few.
Bio:
Craig Purnell is a Senior Database Administrator, Career Database Professional, Community Activist, and Microsoft Certified Trainer. He has been in IT for 15 years and has spent his entire career working with Enterprise Databases and back office ERP systems. Craig is an active member of the Ohio North SQL Server User Group and has presented at many user groups, SQL Saturdays, the Information Security Summit in 2014, and the PASS Summit in 2012 and 2014.

Cuyahoga County Cyber Support Initiative by Jeremy Mio

Abstract:
Bio:

We are at Freedom Square III at 4511 Rockside Rd., off Rockside Road, Independence, Ohio.

Map to the Location

Don’t forget to come early, starting at 6:00 PM, for pizza and pop.
Another great meeting from NEO Info Sec Forum – we hope to see you there!

– NEOISF Board –

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday December 21, 2011
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly meeting at the above date and time. It will be held in the lower level of the Park Center Plaza #1 building (in the large room on lower level) off of Rockside Road in Independence. I’ve included links to maps and directions in this email.

Talks planned (abstracts and bios at bottom of this email)…

• Homemade Hardware Keylogger/PHUKD Hybrid by Irongeek
• The Penetration Testing Execution Standard (PTES) – Changing an Industry by Dave Kennedy

Don’t forget to come early, starting at 6:00 PM, for pizza and pop courtesy of NEOISF (http://www.neoisf.org/).

Another great meeting from NEO Info Sec Forum – we hope to see you there!
— NEOISF Board —
Follow us on Twitter: http://twitter.com/neoisf
Our website: http://www.neoisf.org

———————————————————————————-
[Location]
Park Center Plaza 1
6100 Oak Tree Blvd
Google maps link: http://bit.ly/ndIDBZ

[Directions]
1. I-77
2. Rockside Road exit
3. West on Rockside Road
4. 2nd light go South onto Oak Tree Blvd
5. Pull into the 3rd driveway on the right
6. Go to lower level
Signs will be posted on the building.
———————————————————————————-

– – – – – – – – – – –
TALK INFORMATION

TALK TITLE : Homemade Hardware Keylogger/PHUKD Hybrid
SPEAKER    : Irongeek

ABSTRACT:
He has been doing some work recently on making homemade keyloggers of both the USB and PS/2 persuasion that will take keystrokes, record/replay them, and modify programmable HID payloads accordingly.  This hardware and software is not exactly ready for prime time, but he figured he would share it with you.

Here are just a few of the possibilities:
    * Log all the keys using a MicroSD card
    * Vary payloads based on keystrokes
    * Log username/password and use them later
    * Screw with the person who is typing

————————————————–
TALK TITLE : The Penetration Testing Execution Standard (PTES) – Changing an Industry
SPEAKER    : Dave Kennedy, CISO @ Diebold Inc.

ABSTRACT:
The Penetration Testing Execution Standard (PTES) was just released in its first draft form at DerbyCon 2011. Since then, there has been an overwhelming amount of input placed on changing the way the industry does Penetration Testing. This talk will cover what defines a penetration test, what they are used for, and how you can change the industry for the better.

BIO:
Dave Kennedy (ReL1K) is a Vice President and Chief Security Officer at Diebold Incorporated. Dave is responsible for ensuring the overall physical and logical security of a Fortune 1000; publicly traded company. Dave also runs the security consulting practice at Diebold which is focused on enhancing and building security for large and mid-sized organizations. Dave is the creator of the Social-Engineer Toolkit (SET), an open-source penetration testing tool for social-engineering. Dave is the co-founder of DerbyCon, a large-scale security conference located in Louisville Kentucky. Dave is the co-author of Metasploit: The Penetration Testers Guide book which has been number one in security on Amazon for over 6 months. Prior to Diebold, Dave worked for the United States Marine Corps (USMC) and the intelligence field working on information warfare activities.

————————————————–

Our next meeting is this WEDNESDAY September 15, 2010. Pizza and networking start at 6:00 PM. Talks start at 6:30 PM. Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio. Click here for a Google Map! Open to everyone and free as always! Here are the list of talks and agenda items for this months meeting:

Building Blocks for Building Docs
Alex Hamerstone will speak on the ways that IT Professionals can become more competent and comfortable writing policies, procedures, and related documentation. He will cover how to determine which policies are necessary, how to structure documents, how to store and distribute documentation, and additional areas relevant to documentation.

Well aware that documentation is not always the favorite subject of IT professionals, Hamerstone brings a lighthearted approach to this often stuffy topic.

PowerShell … It’s time to own
David Kennedy and Joshua Kelley will be giving the same talk as presented at Blackhat/Defcon on attack vectors utilizing PowerShell.

Powershell is as close to a programming language we are going to get through a command line interface on Windows. The ability to perform almost any task we want through Windows is a huge benefit for systems administrators… and hackers. During this presentation we’ll be covering the attack vectors you can use with PowerShell and demonstrate some new Metasploit modules that were released at Defcon.

Speaker Bios:

Alex Hamerstone
As a consultant in the Risk Management group, Alex Hamerstone has been providing security solutions to companies for close to two years at SecureState, and prior to SecureState has almost a decade of consulting experience around technology implementation as well as business process assessment and development. His work focuses on the business side of security.

During his career, Alex has developed literally thousands of policies and procedures for organizations of many sizes. With a solid understanding of business processes, human resources, finance, security, and technology he is uniquely positioned to provide a great deal of value to any organization.

Dave Kennedy (REL1K)
Dave is a security ninja that likes to write code, break things, and develop exploits when he has spare time. Heavily involved with BackTrack and the Social-Engineer Framework, David continues (and strives) to contribute to a variety of open-source projects. David had the privilege in speaking at some of the nations largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET), Fast-Track, modules/attacks for Metasploit, and has (responsibly) released a number of public exploits, including attacks that affect some of the largest software vendors in the world. David heavily co-authored the Metasploit Unleashed course available online and has a number of security related white-papers in the field of exploitation.

Josh Kelley (winfang)
Josh Kelley is a security analyst for an international Fortune 1000 company located in North Canton Ohio. Josh has helped write and author ground breaking attack vectors through PowerShell and the Teensy HID devices and has presented at Blackhat and Defcon. Josh has a number of strengths in the security industry including penetration testing, zero day research, buffer overflows, web application security, and exploitation.