Dallas, TX (PRWEB) May 18, 2011
Over 30 leading security researchers will present their latest discoveries at TakeDownCon, EC-Council’s new technical IT security conference series, in Dallas, May 18-19. TakeDownCon will showcase the latest research in security issues ranging from mobile banking fraud malware, to weaponized, espionage-ready mobile devices and SMS-controlled smart phone botnets.
Featured presentations include:
Dani Creus, of S21sec, shows a real bank fraud case in which man-in-the-mobile attacks were used to captures the mTANs (mobile Transaction Authorization Numbers) that a bank sends to a customer via SMS, in order to authenticate financial transactions. The attack does this by covertly transmitting all of the SMS messages on the victim’s phone to a phone in the possession of a criminal.
- Georgia Weidman, of Reverse Space, demonstrates the use of transparent SMS to command and control botnets made up of zombie smart phones that have been taken over by malware, without the victims’ knowledge. She looks at the ways attackers would get the botnet malware onto the smart phone, as well as what they can do once they’re in control.
- Shawn Merdinger, of the University of Florida, describes how mobile devices are ideally suited to act as low-cost, low-power espionage devices, innocuously capturing audio and video. From smart phones, to iPods, to home wireless routers, he shows how easy it is to turn consumers products into surveillance tools.
- Sean Bodmer shows how deception and disinformation can be used to lure attackers into monitored honeynets that can build “digital dossiers” of criminal groups, which can then be passed along to law enforcement. Despite these proactive techniques, he also discusses the reasons why criminals continue to be successful.
- Scott Moulton discusses how the architecture of SSDs (Solid State Drives) complicates forensic examination and can make data recovery painfully difficult, due to purging algorithms that reset areas of the drive without instruction of the computer or knowledge of the user. As an expert witness in numerous court cases, from child pornography to homicide, he also looks at the impact this has on criminal and civil cases.
Day 1 will also see the following cutting-edge presentations:
- Josh Shaul and Alex Rothacker explore the various techniques hackers use to invade enterprise databases.
- Sean Arries demonstrates techniques and automated methodologies for finding web application vulnerabilities.
- Dillon Beresford and Brian Meixell demonstrate how to build industrial grade SCADA malware without access to the target hardware.
- Jayson E. Street discusses easy and cheap social engineering strategies that he’s used on assignments and the financial ruin that victim’s can incur because of it.
- Francis Brown discusses tools for hacking the Google and Bing search engines to identify vulnerable systems and sensitive data in corporate networks.
- Rodrigo Rubira Branco discusses architecture for conducting automated malware analysis.
- Zachary Wolff examines the use of logs for analyzing malware, as well as the effects of hardware-based botnets and physical penetration.
- Tim Shelton demonstrates a new methodology for breaking into critical IBM AIX UNIX operating systems.
- Joseph McCray shows how SQL injection, cross-site scripting, and file handling vulnerabilities can be used to get command-line access.
- Shane Lawson and Babak Javadi demonstrate the custom tools and specialized techniques used to pick high security mechanical locks.
Day 2 will wrap things up with dual attack and defense tracks:
- Andrew Whitaker demonstrates a live SEH (Structured Exception Handler) remote shell exploit that gains remote access to a server via stack-based buffer overflows.
- Justin Searle examines how the increased functionality and complexity of the Smart Grid can increase the potential for compromise by attackers.
- Wayne Burke shows the latest techniques, weapons, and payloads that attackers are using to target hardened government systems.
- Dave Chronister discusses a first-hand Trojan attack investigation, from initial detection to eventual neutralization.
- Bobak Jack Mortazavi demonstrates tools and techniques for stealing or manipulating data stored in medical devices, from EKGs to pulse oximeters.
- Robert Rounsavall discusses advances in trusted computing, trusted execution, and hardware validation.
- Tim Pierson examines techniques for installing malware, accessing the kernel, and installing a root kit, simply by plugging in a USB device.
- Michael Berman looks at ways to stop worms, malicious insiders, and other attacks within a virtual data center.
- Edward Haletky shows how data flows through a hypervisor and how this is used to build secure hypervisor, virtual, and cloud environments.
- Kevin Cardwell demonstrates how forensics is applied to live data, by dissecting processes and analyzing RAM images.
- Chuck Easttom discusses the various methods of steganography, alternative mediums, such as steganophony, and his own contribution, distributed steganography.
- Paymon Yamini Sharif discusses a philosophical approach to better assessing risk and information security in general.
EC-Council President Jay Bavisi, along with Tim Rosenberg, will close the event by introducing the brand new “Global Cyberlympics” as an exercise for unifying global cyber defense.
TakeDownCon Dallas, taking place May 18th and 19th, at the InterContinental Dallas, will mark the premiere of EC-Council’s new technical IT security conference series, which will be hosted again in Las Vegas this December. TakeDownCon Dallas is sponsored by Application Security, Element K, SAINT Corporation, and Damballa, among others. Some of the Supporting Organizations of the event includes the FBI InfraGard’s North Texas Chapter and NAISG’s Dallas Chapter. The conference also enjoys the support of (ISC)2 as its Lead Global Education partner. For more information, including a complete program, presentation synopses, and registration details, please visit http://www.takedowncon.com.
TakeDownCon is a new technical IT security conference series that provides advanced, highly technical research, presentations, and training to accomplished information security professionals. Developed by EC-Council, it debuts in 2011 with two conferences in Dallas and Las Vegas. TakeDownCon focuses on technical research in cutting-edge exploits and vulnerabilities and also provides EC-Council certification training, including the renowned Certified Ethical Hacker (CEH) program (a recently accepted certification of DOD Directive 8570.01M Change 2). Website: http://www.takedowncon.com.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at http://www.eccouncil.org.