August 16, 2010


      August 18th NEOISF Meeting Announcement

Our next meeting is this WEDNESDAY August 18, 2010. Pizza and networking start at 6:00 PM. Talks start at 6:30 PM. Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio. Click here for a Google Map! Open to everyone and free as always! Here are the list of talks and agenda items for this months meeting:

Overview of The Next HOPE Conference – Jody McCluggage
The HOPE (Hackers on Planet Earth) conference is a biennial conference held in New York City and sponsored by 2600. A high level overview will be given of the events, presentations, and politics at the most recent conference.

Return of the Social Zombies – Tom Eston
Tom Eston, the only survivor of the zombie apocalypse that took place at Shmoocon this year, examines the risks of social networks and discusses techniques and tools that can be used to exploit these issues. This presentation begins by discussing new twists on existing privacy concerns that are caused by the trust mass that is social networks. This privacy confusion is used to exploit members and their companies during penetration tests. The presentation then discusses social network botnets and bot programs. Both the delivery of malware through social networks and the use of these social networks as command and control channels will be examined. Tom then explores the use of browser-based bots and their delivery through custom social network applications and shows new social network applications can be used for malware delivery. Finally, the information available through the social network APIs is explored using third-party applications designed for penetration testing. This allows for complete coverage of the targets and their information.

Speaker Bios:

Jody McCluggage (CISSP, CCNA, CEH, MCTS, CHP, Network+) – Director of Operations and Compliance at a local government agency.

Tom Eston is a Senior Security Consultant for SecureState. Tom has previously served in many security roles for large enterprises including leading a penetration testing team for a Fortune 500 financial institution. Tom is actively involved in the security community and focuses his research on the security of social media. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is also a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national security conferences including Defcon, Shmoocon, OWASP AppSec and Notacon.



del.icio.us|Digg|Furl|ma.gnolia|RawSugar|reddit|Spurl|Google|StumbleUpon



July 21, 2010


      July 21st NEOISF Meeting Announcement

Our next meeting is this WEDNESDAY July 21, 2010. Pizza and networking start at 6:00 PM. Talks start at 6:30 PM. Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio. Click here for a Google Map! Open to everyone and free as always! Here are the list of talks and agenda items for this months meeting

Cradle to Grave Part 2 – FBI Special Agent Ryan MacFarlane
This is the continuation of last months talk in which Ryan will walk us through a forensic analysis and incident response of compromised systems using SIFT 2.0. Last month Dave Kennedy showed a demonstration of systems being exploited with Metasploit Express.

Overview of the REcon Security Conference – Tyler Hudak
Tyler gives a review of the REcon Security Conference that he recently attended. REcon is a conference focused on reverse engineering and is held in Montreal Canada.

Speaker Bios

FBI Special Agent Ryan MacFarlane, Cleveland Office, has spent the last six years investigating numerous criminal intrusions. With over 8 years of Internet security experience, previous work experience includes positions at IBM, i2 Technologies, Georgia Tech, and as a co-founder of an Internet security start-up in 2004.

Tyler Hudak is an Incident Handler for General Electric, specializing in malware analysis and reverse engineering. Prior to joining GE, Tyler worked for a number of corporations performing intrusion detection, incident response, forensics and, of course, malware analysis. He has presented at a number of local and national conferences, is on the board of the Northeast Ohio Information Security Forum and maintains a blog at http://secshoggoth.blogspot.com.



del.icio.us|Digg|Furl|ma.gnolia|RawSugar|reddit|Spurl|Google|StumbleUpon



June 16, 2010


      June 16th NEOISF Meeting Announcement

Our next meeting is this WEDNESDAY June 16, 2010.  Pizza and networking start at 6:00 PM.  Talks start at 6:30 PM.  Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio.  Click here for a Google Map! Open to everyone and free as always!  Here are the list of talks and agenda items for this months meeting:

Whose Afraid of the Big Bad Wolf: Embracing Audit as a Service
Let’s see if you have a picture in your head of auditors. Do see you them, sitting there in the darkness, with a maniacal look on their faces. They pour over your documentation and configuration files just hoping to find the red meat. If there is anything juicy they will find it and feed off it at your expense. Is this the image you have of auditors? Perhaps you were burned during an audit, or just didn’t have a very good experience at the auditor’s hands. With a bit of explanation, your next audit doesn’t have to be so stressful and adversarial. Maybe, just maybe, you can walk away with some value to help improve what you do that you hadn’t thought of before.

Starting from the beginning, we will walk through why IT auditors exist and what role they play in the organizations risk management process. Since we all can relate to risk, maybe we can find the common ground and start to derive value from what auditors provide. Given the right amount of attention and care, organizations can ultimately benefit from IT and Audit working together. Plus you will sleep better at night knowing the bogeyman is just a myth.

Speaker Bio
Jeff Kirsch is an IT auditor by day and ghostnomad, an infosec geek alter ego, every chance he can get. Always trying to learn new things drives him to find better ways to help others learn about technology. His passion for technology also drives him to help those in technology understand auditors and the audit process.

Part 1: Metasploit Express – Dave Kennedy
Metasploit Express was newly released by Rapid7 and is a web-based exploitation suite built on top of the Metasploit Framework. During this presentation we will be discussing how this tool can be incorporated into your daily use within vulnerability management and penetration testing within your organization and how this tool can revolutionize how you currently perform your own testing. Metasploit Express is now one of my favorite toolset’s to utilize and after this talk, it may be yours too.

Part 2: Cradle to Grave – FBI Special Agent Ryan MacFarlane
Following an attack run from Metasploit Express through incident response and forensic analysis using SIFT 2.0.

Speaker Bios
Dave Kennedy is a security expert that has over ten years of experience in the Information Security arena. He has presented at several large conferences including BlackHat, DefCon, ShmooCon, Information Security Summit, InfoSecWorld, and other well known speaking engagements. David is the author of the Social-Engineer Toolkit, a well known and established attack framework for Social-Engineering. David has published a number of exploits, whitepapers, and contributed to the widely popular Back|Track security distribution and the Metasploit Framework. Currently, David is a director of security for an international Fortune 1000 company located in North Canton, Ohio.

FBI Special Agent Ryan MacFarlane, Cleveland Office, has spent the last six years investigating numerous criminal intrusions.  With over 8 years of Internet security experience, previous work experience includes positions at IBM, i2 Technologies, Georgia Tech, and as a co-founder of an Internet security start-up in 2004.



del.icio.us|Digg|Furl|ma.gnolia|RawSugar|reddit|Spurl|Google|StumbleUpon



May 18, 2010


      May 19th NEOISF Meeting Announcement

Our next meeting is this WEDNESDAY May 19, 2010.  Pizza and networking start at 6:00 PM.  Talks start at 6:30 PM.  Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio.  Click here for a Google Map! Open to everyone and free as always!  Here are the list of talks and agenda items for this months meeting:

Into the Rabbit Hole: Execution Flow-Based Web Application Testing
Since the caveman first fashioned a spear humans have been using tools to make them more efficient and effective. Unfortunately, today’s analysts often misunderstand the role tools play in testing web applications. While tools can be quite good at mapping a web application’s attack surface there is still much human analysis that must be done to find the elusive defects that lie just below the surface. That human analysis is daunting and irregular … until now. The answer is an execution-flow-based approach to application security testing. By first understanding application logic and execution flow it is possible to completely map a web application’s attack surface, and therefore fully test the application. Along the way, we will cover the principles of data-flow analysis, application process mapping and building execution-flow diagrams (EFDs), which together form a complete picture of the web application and allow an analyst to uncover potentially critical defects.

Speaker Bio
Senior Security Specialist and Web Application Security evangelist with Hewlett-Packard’s Application Security Center (ASC), Rafal Los has more than thirteen years of experience in network and system design, security policy and process design, risk analysis, penetration testing, and consulting. For the past eight years, he has focused on information security and risk management, leading security architecture teams, and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously, Rafal spent three years in-house with GE Consumer Finance, leading its web application security programs.

A Survey of Security Certifications:  Which Regex Should You Match?
The IT industry has long been a maze of myriad technology certifications, and the security industry is no different.  CISSP, CISA, CEH, GCIH, OSCP…you’ve seen the letters, and probably even have a few on your business card.  In this presentation, Chris will breakdown popular security certifications, categorizing them by both educational and resume-building value.

Speaker Bio
Chris Clymer is a senior security consultant for a Fortune 500 financial services institution, a co-host of the Security Justice podcast, and currently sits on the NEOISF board.  He’s been working hard on his cert regex in recent years, current patterns matched include: CISSP, CISA, GPEN, and GWAPT.

This months meeting is sponsored by HP.  Come early, at 6:00 PM, for pizza, pop, water and social networking with your peers.  We hope to see you there!



del.icio.us|Digg|Furl|ma.gnolia|RawSugar|reddit|Spurl|Google|StumbleUpon



« Newer PostsOlder Posts »

Local Security Jobs @ our LinkedIn Group!


Support our Sponsors:


Visit our friends: