Duo Exhibits & Presents at GrrCON 2014!
Hosted by MidWest InfoSec, GrrCON is an information security and hacking conference held at the DeVos Place convention center in downtown Grand Rapids, MI on October 16 & 17 this year.
Open to the infosec community, the conference brings together CISOs, hackers, security practitioners and researchers to share the latest ideas in the industry, with three presentation tracks, workshops and training.
Our own Duo Security team will be in attendance as well - visit us at Booth #35 for free swag and demos!
Duo Security’s own security researcher Mark Stanislav will be presenting Security for the People: End-User Authentication Security on the Internet, with insight into his recent research on the state of end-user-facing authentication security as it relates to password policies, strong authentication, and complementary browser security features.
This addresses the continued success by attackers brute-forcing accounts and phishing credentials, showing that consumers still don’t take authentication security seriously. His presentation will also analyze which services are best poised to secure consumers and defend against attackers. Don’t miss his talk Friday at 2PM ET as part of the Stegosaurus track!
Other popular topics and questions in the infosec community include:
David Kennedy will discuss the infosec industry today, as well as how current attack methods work, and the type of defensive strategies that can stop them in Finding Our Way - From Pwned to Strategy.
Tim Crothers will present Infosec in the 21st Century, describing how most organizations are using an old security model developed in the 1960s, which can allow attackers to blend into legitimate user activity and steal data undetected. In this talk, he’ll discuss how modern attacks that bypass outdated security controls and infrastructure can be thwarted by leveraging available data in a new way.
Joel Cardella will present Security on the Cheap, providing commentary on the real causes of major data breaches - poor internal network security, not custom malware. He’ll discuss how to increase security controls with common practices and community resources with a low monetary investment.
Hacking Culture & The People
Jason Street will present on the perspective of hackers and hacking around the world, shedding light on the global image that Americans often are unaware of. He will share his own experiences being a foreign hacker attending cons in different countries, and how we all face common threats in Around the World in 80 Cons (A Tale of Perspectives).
J. Wolfgang Goerlich will present Lulz Per Employee and Other Key Metrics, focusing on how to take a new approach to building great security teams full of miscreants, misfits, hackers and troublemakers, with advice from real and aspiring team leaders.
Networked Home Automation Devices
Matt Burch & Alain Iamburg will discuss the growth of mobile devices and the availability of connected home automation devices in Glass Homes – The Transparency of Home Automation. While corporate solutions may undergo a rigorous QA process to ensure security, many consumer products do not, putting them at risk of exploitation.
They will demonstrate how to reverse engineer many name-brand solutions available on the market today, as well as the areas of risk and how you can protect yourself from similar attacks. Chris Roberts will discuss the segmented and fragmented parts of the various electronic domains within our lives - and how to maintain end-to-end connectivity while securing each domain in Security Hopscotch.
Remote Hacking Drones
Phil Polstra will cover scripting for remote hacking drones in Autonomous Remote Hacking Drones, with a focus on Python scripting for devices running The Deck, a custom penetration testing Linux distro. Other topics include detecting wireless networks, automatically performing wireless attacks, finding and attacking wireless routers and more.
Aditya K. Sood and Dr. Richard Enbody will discuss the model of Socioware, the term used to describe online social network (OSN) malware (worms) like Koobface, Ramnit, Lilly Jade and more in Socioware: Dissecting Online Social Network Worms – Insidious Analysis and Design. The researchers will describe how OSN worms are designed and how they are used to trigger chain infections. They’ll also discuss reverse engineering of bots that have similar Socioware functionality, with demos of how OSNs like Facebook and Twitter are infected by these worms, and how to defend against Socioware.
Gavin ‘Jac0byterebel’ Ewan will also give his take on social engineering, including why the term is wrong, and how the infosec industry has indulged in bad practices and viewpoints in Social Engineering Can Kill Me, But It Can’t Make Me Care.
This is only a sample of the tons of talks scheduled for GrrCON 2014 - check out the full list of presentations.