|
Whether it's someone impersonating an irate executive, or a Nigerian phishing scam, the majority of today's attacks rely on Social Engineering to get your users to do something out of the ordinary. When coupled with a Client-Side Exploit, this one-two punch can compromise the security of your company, regardless of the usual security hardware, software, and policies in place. As security expert Bruce Schneier likes to put it: Amateurs hack systems, professionals hack people. Come listen to the experts share their insight on Social Engineering and Client-Side Attacks and learn how your worst nightmare can already be living on your own network, namely your fellow employees, business partners, and consultants. Event Date: April 21 12:00-4:30 Location: Rennselaer, Hartford, CT Speakers to Include: Chris Nickerson, CEO Lares Technical: Layer 8 Attacks (Social Engineering)
Joan Goodchild, Senior Editor, CSO Magazine and CSO Online.com Dan Marcil, Information Security Administrator, Fuel Cell Engergy, Inc. Topic: Take a walk on the client side with Metasploit
Fee is $40 for members and $70 for non-members when registering in advance. Fee is $50 for member walk-ins and $80 for non-member walk-ins the day of the event. Cash and check only on the day of the event. Refund available when handled through the online registration process before 12:00 noon on Friday, April 17th.
Chris Nickerson, CEO, Lares
Technical: Layer 8 Attacks (Social Engineering)
The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that opportunity is quickly drying up as well. As attackers creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way to the unspoken 8th layer, the end user. After years of hardening physical systems, networks, operating systems, and applications, people are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads, quite literally. Join Chris for a technical discussion of ‘wetware hacking’ techniques, and strategies to defend against it.
Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on Red Team Testing and Social Engineering. In order to help companies better defend and protect their critical data and key information systems, he has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing, Application Testing and Vulnerability assessments, to policy design, Social Engineering, Penetration Testing, Red Team Testing and Regulatory compliance testing. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a reality television program showing the activities of actual penetration tests and active assessments.
Joan Goodchild, Senior Editor, CSO Magazine and CSO Online.com
Joan Goodchild has written extensively on the topic of social engineering and awareness training. Goodchild has more than a decade of experience as a journalist. Before joining CSO she was an editor with the Boston Business Journal. Prior to that she was a television reporter and anchor with stations in Maine, Massachusetts and Vermont. She is the recipient of an Edward R. Murrow award and a Scripps Howard National Journalism award, both for investigative reporting.
Dan Marcil, CISSP, CISA, OSCP, Information Security Administrator, Fuel Cell Energy, Inc.
Topic: Take a walk on the client side with Metasploit
Dan Marcil has over 10 years of experience designing, administering, and securing network systems. He is certified in multiple aspects of security and holds CISSP, CISA, MCSE as well as Offensive Security Certified Professional (OSCP) from the creators of Backtrack and OSSTMM Professional Security Tester/Analyst (OPST/OPSA) from the Institute for Security and Open Methodologies (ISECOM). He is a member of CT Infragard, ISACA Hartford, and has held multiple positions on the board of ISSA CT.
The open source Metasploit Framework has enabled both security researchers and script kiddies alike to “0wn" machines remotely for a few years now, however developments to this framework have enabled several new client side exploit techniques which bypass multiple layers of security. Watch step-by-step as Dan shows you exactly how attackers can quickly perform end-runs around common internal security defenses to compromise machines, and how you can defend against these types of attacks.
Charles Kaplan, Chief Security Strategist. Riverbed Technology (Formerly Mazu Networks)
Topic: Looking inside the perimeter: Cutting box count and improving security at the same time with Network Behavior Analysis (NBA).
A security veteran for over 15 years, Mr. Kaplan has spent his career protecting electronic assets. With years under his belt as both a CISO (Verisign and Breakaway Solutions), as well as an executive for security product and services vendors (Guardent, Mazu, norSEC), Mr. Kaplan is fluent in both the regulatory expectations placed upon practitioners today, as well as how to implement and run an effective security program. |
