"Futility March"
Futility March refers to the security industry and how we all keep making the same mistakes, and as a result a few simple metrics can create havoc by adjusting those metrics. Even more disturbing is that some metrics can only go so far to protect systems, and many technologies and processes to mitigate risks to systems are simply 'running out of runway'. Hopefully those that are currently controlling the metrics themselves (black hat or white hat) can gain insight into making gains for their side.

Simple Nomad is the founder of the Nomad Mobile Research Centre, an international group of hackers that explore technology. He has spent years developing and testing various computer systems for security strengths. He has authored numerous papers, developed a number of tools for testing the security and insecurity of computer systems, a regular lecturer at popular hacker and security conferences, and has been quoted in various media outlets regarding computer security.

Simple entropy-based heuristics for log analysis.
Entropy and related information measures provide a way to describe the overall shape of data distributions in logs. This makes it easier to notice anomalous values, to cluster and summarize records for convenient browsing and to notice correlations that may be hard to find otherwise. For large logs, it is easy to get lost scrolling down the many screens of records; with entropic measures one can get the general idea of the composition of a data set and the most likely places to look for an anomaly. Together, these simple heuristics can significantly speed up log analysis. I will show of a prototype log viewing tool that incorporates them.

Sergey Bratus is a Senior Research Associate at the Institute for Security Technology Studies at Dartmouth College. His research currently focuses on applications of machine learning and AI techniques to intrusion analysis. His other interests are in Unix security (in particular Linux kernel security, and detection and reverse engineering of Linux malware). He received his undergraduate education at the Moscow Institute of Physics and Technology. His Ph.D. thesis was approximately equal parts Mathematics and Computer Science (Northeastern University, 1999). Before coming to Dartmouth he worked on text understanding and similar topics at BBN Technologies.

Reverse engineering 101 Workshop

• Introduction to common free tools
• basic reverse engineering
• determining program flow
• binary code auditing

Reverse engineering 201 Workshop

• defeating reversing techniques
• recovering from these methods
• binary code patching

"Google: Don't Be Evil or Don't Be Good"
Have you ever searched for something you wouldn't want yourmother (or your employer) to know about? Does this online fingerprint ever go away? By providing free services such as web search, news alerts, desktop search, mapping, mail, location based mobile information and chat you and your organization's employees are rapidly giving away personal information as well as long term strategies. This talk will address threat vectors, countermeasures, threat severity, trend analysis and user fingerprinting in order for you help to stem this steady flow of critical information.

High Bandwidth Visual Analysis of Security Data Flows
Security analysts and network administrators are faced with tremendous amounts of security related data. Unfortunately current tools quickly overwhelm us with too much or the wrong type of information. This talk explores solutions to this problem using carefully crafted security visualization systems that produce insightful images, animations and movies of security data. If properly constructed, the results can be dramatic and will help you quickly perform analysis and better communicate your results to clients, management and other analysts.

Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy. He holds a Masters Degree in Computer Science from Johns Hopkins University and a Bachelor of Science in Computer Science from the United States Military Academy. His areas of expertise include network security, information visualization and information warfare. Currently he is on a Department of Defense Fellowship and is working on his PhD in Computer Science at Georgia Tech. His work can be found at http://www.cc.gatech.edu/~conti and http://www.rumint.org.

Circumventing Censorship

Nick Feamster is an assistant professor in the College of Computing at Georgia Tech. He received his Ph.D. in Computer science from MIT in 2005, and his S.B. and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in 2000 and 2001, respectively. His research focuses on many aspects of computer networking and networked systems, including the design, measurement, and analysis of network routing protocols, network security, anonymous communication systems, and adaptive streaming media protocols. His honors include award papers at the NSDI 2005 conference (fault detection in router configuration), Usenix Security 2002 (circumventing web censorship using Infranet), and Usenix Security 2001 (web cookie analysis).

Detecting Rootkits by Tracking Kernel Execution Paths
User-level rootkits can be detected by comparing the current files on the file system with the latest known good state for those files. This comparison can be accomplished with a file integrity program that computes hashes of the files at a known good state and later checks the current hashes of the files. This same methodology can be applied to the kernel in order to detect kernel-level rootkits. It is more challenging to check the integrity of the kernel because it is dynamic and changes when modules are loaded and unloaded. This talk describes a method to learn all possible paths that the kernel can take and then monitor the kernel's machine code to ensure that a kernel-level rootkit has not been installed. To protect the monitor from being compromised, it can run in an isolated virtual machine and observe the main operating system that runs in a separate virtual machine. The detection method can immediately detect the installation of new kernel-level rootkits that were previously unknown and immediately halt the operating system.

Sergey Bratus is a Senior Research Associate at the Institute for Security Technology Studies at Dartmouth College. His research currently focuses on applications of machine learning and AI techniques to intrusion analysis. His other interests are in Unix security (in particular Linux kernel security, and detection and reverse engineering of Linux malware). He received his undergraduate education at the Moscow Institute of Physics and Technology. His Ph.D. thesis was approximately equal parts Mathematics and Computer Science (Northeastern University, 1999). Before coming to Dartmouth he worked on text understanding and similar topics at BBN Technologies.

Hacking 101 Workshop
This will be a 5hr class , and we suggest to those that plan on attending to bring their laptop. This class will be info intensive ! The latest exploits publically available, and perhaps a few "0days" will be discussed. This course will be a way to learn attack and defense skills required to function in today's IT world. (please note, this hacking 101 class is an abbreviated version of GrayArea's Info Warfare course.)

HACKER !

Wireless Hacking Workshop

CHRIS HURLEY (known in some circles as Roamer) is a Senior Penetration Testing Engineer working in the Washington DC area. He is the founder of the WorldWide WarDrive, a four year survey conducted by information security professionals and hobbyists to document the security posture of currently deployed wireless networks and generate awareness of the insecurities associated with them. Primarily focusing his efforts on penetration testing, he also performs vulnerability assessments, forensics, and incident response operations on both wired and wireless networks. He has spoken at several security conferences, been published in numerous online and print publications, and has been the subject of several interviews and stories related to wireless network security. He is also the primary organizer of the WarDriving contest held at the annual DEF CON hacker conference and is the author of WarDriving: Drive, Detect, Defend from Syngress Publishing.

Secure and Scalable Network Design Workshop (4hr)
This workshop will cover an advanced design philosophy for secure and scalable network infrastructure design. This vendor-neutral in-depth discussion will detail the problems with current infrastructure designs, and presents an overall architecture that allows for growth, security, and scalability of a network that requires the utmost in uptime and flexibility. A working knowledge of network design and architecture is highly recommended to get the most from this talk.

"Myth Busting"
Is security getting better, or just better marketed? This talk will challenge some of the most sacred cows of the security world. Come join us for an interactive discussion given by a veteran and grizzled network security engineer that will enrage some, enlighten others. Pen tests are useful in improving security, right? Guess again. Regular patch releases increases the security stance of a system? Not so much. Some software vendors can't get security right, while others do it perfectly. Not in this world...

Andrew Kalat has ten years experience in the computer industry as a security consultant, network infrastructure and security engineer, technical manager, and sales engineer working for well known security companies. Background includes designing and implementing networking and security solutions for organizations ranging in size from small companies to Fortune 500 firms. Currently employed by Check Point Software as a Security Engineering Manager.

Enterprise Intrusion Detection - The Matrix has you!
Most organizations have little or no Intrusion Detection or Prevention systems. The relatively few that have deployed these solutions, underutilize them. This talk focuses on one methodology for implementing and effectively utilizing IDS/IPS systems.

Coding 101 Workshop (4hr)
Coding 201 Workshop (4hr)

All your firewalls are belong to us!

A Coder with a mission

"The Power of Media Conglomeration"
WPP Group, Omnicom Group and to a lesser extent IPG have emerged as power-houses of global media dissemination. More than 80% of all paid messaging in the United States is engineered, produced and disseminated through media purchased through one of these three companies.

Advertising agencies sprung up in the 19th century, and media became a big business in the 20th century. As media grew in importance, so did media specialty businesses. At first, it was public relations offices, garnering media mentions without specific ads. Later, it was consumer research, allowing marketers to monitor consumer perceptions, a consumer application of political polling. Then came specialty media companies such as design houses and efficiency consultants who needed to communicate their new systems to employees.

However, virtually all communications to the public and to employees was managed through the client's ad agency or public relations partner. By the 1960s, media budgets were beginning to fractionalize. WPP Group, Omnicom Group and IPG emerged as a means to harness and orchestrate all the media needs of big business. These are relatively young companies that rapidly grew and expanded in 1990s. Their expansion continues as they develop media surveillance technology products, that monitor employee communications at work and home.

Forensics Workshop : 4 hr introduction to Computer Forensics
Anti-forensics : How to defeat forensic efforts (1hr)

In the emerging field of computer forensics, few people have the expertise to understand not only how to recover missing or corrupted information from computer equipment and other media, but also how to administer painstaking precautions so the recovered evidence remains applicable in an audit or admissible in court. Scott Moulton, president of Forensic Strategy Services, LLC, is one of those experts. With a deft blend of high-tech FLASH and true crime stories, Mr. Moulton's presentations are always lively and informative. He demonstrates how computer forensics works to recover seemingly lost evidence that can help establish guilt - or innocence - without a shadow of doubt.

I am a programmer, age 23, living in Texas. I am an aquarius, enjoy long walks on the beach, and like reading Knuth while sipping a glass of Macallan's. (Optyx has been a good friend of interz0ne since the beginning, and interz0ne says THANKS Optyx!)

Wireless Hacking Workshop

MIKE PETRUZZI is a Penetration Testing Specialist with Eagle Research Group. Mr. Petruzzi has 7 years of experience with information systems and networking with focus on Information Assurance and Security. He has published a white paper entitled Security Concerns with Peer-to-Peer Software. He is a Certified Information Systems Security Professional (CISSP). He enjoys long walks on the beach, holding hands and puppies. His turn-offs are bad breath, stinky people and bios.

Jason Spence has been, at times, a security consultant, a Sun missionary, a network engineer, a flaming Linux zealot, a process manager, a VMS cleric, a radio operator, a Windows proselytizer, a (bad) cook, a Mac evangelist, a classical pianist, a BSD proponent, a swordsman, a Netware administrator, a 3-D graphics programmer, a Perl monk, and is sometimes seen wearing a funny red hat. During his time in between security conventions, Jason consults for a few Bay Area companies in need of someone with the Ponytail of UNIX Wisdom. In whatever spare time he has left, he maintains the only publicly accessible quad Xeon FreeBSD machine on the Internet and thinks about epistemology.

"The Art of Electronic Deduction"
Information from visual inspection and metadata analysis of files to incriminate people more precisely than people may realize.

StankDawg is a senior programmer/analyst who has worked for Fortune 500 companies and large universities. He is a staff writer for 2600 Magazine as well as editor of blacklisted411 magazine. His time is spent working on numerous projects, writing articles, and anything that will help the community. He is founder of "The Digital DawgPound" (the DDP) which is a group of white-hat/gray-hat hackers who produce their own magazine, radio show, TV show, and other projects at http://www.binrev.com/.

"Stronger Cryptographic Defense Means Stronger Cryptovirological Offense"
In this lecture, we'll cover the art of cryptoviral extortion, emphatically, as well as introduce other avenues of using cryptography in malicious protocols. An efficient refinement of the original cryptovirological information extortion attack, by Young and Yung, will be elaborated upon, based only on standardized symmetric primitives, such as AES in CTR mode, for a block cipher, and CMAC-AES, for a message authentication code, along with the first details of upcoming research which will yield cryptovirus benchmarks and new directions in game-theoretical, IND-CCA2 and INT-CTXT-secure arbitrated protocols for shifting trust and ensuring fairness in the information exchange of the cryptoviral extortion process. In conclusion, the open problem will be discussed; that is, "the stronger defensive cryptography gets, the stronger offensive cryptography gets."

Justin Troutman is an independent contract cryptographer and cryptanalyst, based in North Carolina, who sports a forte consisting of a specialization in the structural design semantics of cryptographic primitives and their mathematical cryptanalyses, on which he has authored publications and lectured abroad. On a contract basis, his array of engagements include consulting, conceptualizing, constructing, and cryptanalyzing tactful cryptographic protocols and their respective algorithmic components. On an academic basis, he is pursuing doctorate-level research in the pure mathematical corpus of cryptology. More information, including his concise curriculum vitae, is located at his autobiographical site, http://www.justintroutman.org.

Lockpicking
Forensics

Wireless Hacking Workshop
Wireless networks are insecure. They must be, because every day a new story comes out telling us that they are and we all know how accurate the media is. Well, in this case, for once they are right. Wireless Attack and Defense 101 presents the most common attack methods utilized to gain access to wireless networks. From the most basic attacks on default systems through attacks against secondary authentication mechanisms, each attack is detailed, and demonstrated along with countermeasures that WLAN Administrators can implement to protect themselves from the attack. Live CD Security ISO to be provided to atendees, BRING a laptop for labs !

Xaphan is the leader of a US gubmint red team, making the world safe for democracy for the past 4 years. Over his ten year career he has cultivated a variety of skills that have enabled him to violate the security of countless client networks. Inherently lazy, xaphan is particularly adept at identifying the path of least resistance into a target.