Speakers:
Antti Karjalainen discoverer of Heartbleed
Talk: How I Discovered Heartbleed ?
Antti Karjalainen was simply doing his job when he stumbled upon one of the biggest security holes the Internet has ever seen-the Heartbleed bug.Heartbleed is a security bug disclosed in April 2014 in the OpenSSL cryptography library, which is a widely used implementation of theTransport Layer Security (TLS) protocol. At the time of disclosure, Heartbleed bug left half a million of the Internet's secure web servers certified by trusted authorities vulnerable to the attack, allowing theft of the servers 'private keys and users' & passwords.
Daniel Chechik discoverer of BitCoin Maleability Vulnerability
Talk: Bitcoin Maleability
A mysterious vulnerability that almost made the Bitcoin network collapse. Silk Road, MTGox, and potentially many more trading websites claim to be prone to "Transaction Malleability."Among other things, Chechik specializes in malware analysis, web exploits detection, Trojan and botnet detection and neutralizing and defining security requirements for the Secure Web Gateway product. Prior to that, he served in a technological unit as a security specialist in the IDF. During his service, he specialized in CheckPoint Firewall equipment, AntiVirus products and other IT security products. Among other things, he has spoken at the BlackHat conference, holds CEH and CCSE certificates and has a patent pending for 'Detecting Malware Communication on an Infected Computing Device'.
Alexander Polyakov - The father of ERPScan
Talk: 5 Real ways to destroy business by breaking SAP Applications
The father of ERPScan. President of EAS-SEC. Expert in business applications such as ERP, CRM, SRM and others, from SAP to Oracle. Published 200+ vulnerabilities thus receiving a worldwide recognition. Author of multiple SAP Security whitepapers, including an award-winning "SAP Security in Figures". Took part in 50+ conferences in 20+ countries and made lots of trainings for Fortune 2000 companies.
Nir Valtman Discoverer of Point-of-Sale Vulnerabilities
Talk: A journey to protect POS
Valtman is a renounced security researcher employed at NCR Corporation as Enterprise Security Architect of NCR Retail, and also works as Co-Founder and CTO of his start-up company, Crowdome. Before the acquisition of Retalix by NCR, he was Chief Security Officer of R&D at the company. As part of his previous positions in the last decade, he worked as Chief Security Architect, Senior Technology Consultant, Application Security Consultant, Systems Infrastructure Security Consultant, and a Technological Trainer. During these positions, Nir was not only consulting, but also performing hands-on activities in various fields, i.e. hardening, penetration testing and development for personal internal applications. In addition, Nir released an open source anti-defacement tool called AntiDef and has written a publication about QRbot, an iPhone QR botnet POC he developed. Nir has a BSc in computer science but his knowledge is based mainly on cowboy learning and information sharing with the techno-oriented communities.
Deb Maes Neuro-Linguistic Master Practitioner & Trainer
Talk: Intrinsic Leadership
Deb Maes has worked successfully in the Personal Development environment for over 20 years in a variety of Government and Private Training Organisations internationally.Deb’s natural ability to inspire individuals and motivate teams, creating remarkable results, is often revered by the directors of the companies with whom she works. With an outcome driven and results focused mindset, Deb has successfully consulted with companies including; Xstrata Coal (NSW), Unimin (Lime Mine), Optus and Mitchell Hanlon Consulting, and government organizations including: UNE, Centrelink, CRS Australia, TAFE NSW, DOCS, NSW Police and Tamworth Regional Council.
Beau Woods - Creator of IOT Security Framework
Talk: Top Attacks on IOT
He is a information security veteran specializing in Mobility Security, Internet of Things, Cloud Security, Hacktivism, Advanced Persistent Threat, Industrial Controls Systems Security among many others. He has over a decade in the information technology and computer security industry, having advised several organizations, including several in the Global 100 on security practice, strategy and technology.
Moshe Ferber - Cloud Security Entreprenuer
Talk:
Moshe is a Cloud Security entrepreneur and lecturer. In the past, he served as Security Department Manager for the Global IT services company Ness technologies (NASDAQ: NSTC) and founded Cloud7, a Managed Security Services Provider with unique cyber and web security portfolio (currently known as 2bsecure cloud services).
Jacob Torrey Discoverer of TLB-Splitting on x86
Talk: More Shadow Walker- The Progression Of TLB-Splitting On X86
Jacob Torrey is a Senior Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. He has spoken at many top-tier security conferences such as Black Hat USA, THREADS and ORNL's CISRC.
Jacob Holcomb - Discoverer of several NAS vulnerabilities
Talk:
Residing in Baltimore, MD, Jacob works as a Security Analyst for Independent Security Evaluators. At ISE, Jacob works on projects that involve penetration testing, application security, network security, and exploit research and development. In addition to projects at work, coding, and his favorite pastime of EIP hunting, Jacob loves to hack his way through the interwebz and has responsibly disclosed several 0-day vulnerabilities in commercial products.
Through extensive analysis, Independent Security Evaluators (ISE) has identified dozens of previously undisclosed, critical security vulnerabilities in numerous network storage devices from a handful of goto manufacturers (manufacturers: e.g.,Seagate, D-Link, Netgear). Vulnerabilities of network-attached storage not only expose stored data, but also provide a vantage point for further PWNAGE of the network infrastructure on which the storage system sits. Our research efforts focused on identifying vulnerabilities that obtained administrative access (such as command injection, directory traversal, authentication bypass, memory corruption, backdoors, etc.), and quantifying the associated risk.
Paul Raines - CISO, UNDP
Talk: Ants and Elephants in the CISO's Office
Paul Raines is the Chief Information Security Officer for the United Nations Development Programme. In that capacity he is responsible for the information security and disaster recovery planning for the Organisation’s 177 locations around the world. He has spoken extensively at many security conferences including the RSA Conference,CSO40 …etc. Previously, he worked for the Organisation for the Prohibition of Chemical Weapons (OPCW) and, like all current and former members of the organization, shared in the 2013 Nobel Peace Prize. Prior to working for the United Nations he was the Chief Informations Security Officer for Bloomberg LP and the Federal Reserve Bank of New York. He is a graduate of the United States Air Force Academy and Harvard’s Kennedy School of Government.
He will show how ISO 9001 and ISO 27001 can be used together to deliver business value and demonstrate to executive management and key stakeholders that you are exercising due diligence in protecting your organisation's information assets. The talk will briefly discuss the requirements of the two standards and show how ISO 27001 and ISO 9001 can be used to address both the tactical challenges of information security (the ants) as well as the strategic challenges of delivering business value (the elephants).
Ron Gutierrez at Analysis of Mobile Application Wrapping Solutions
Talk:
One of the latest trends of BYOD solutions is to employ Mobile Application Management (MAM).We'll reverse engineer how these application wrapping solutions work , analyze their authentication, cryptography, IPC & client-side security control implementations.
Comments