Month: September 2015

Spotlight on   “All your data belongs to us.” workshop speaker Chris Roberts

“All your data belongs to us.”

This simple statement is becoming more of a reality as both technologies accelerate and we (the soggy human element) get left behind.  The variety of means and methods for storing and transmitting data have increased exponentially over the past few years and the tidal wave that is the Internet of Things (or IofE) is set to continue that trend. We have found ever-inventive means for distributing our data and our very lives across the electronic spectrum that we no longer really understand the extent of the saturation. This trend is not constrained to our personal lives as those delineation marks between personal and “work” have significantly blurred with both society and technological shifts. It is these traits among others that make the art of human engineering and intelligence gathering so much more involved.

Outline:

• We have simply become walking attack vectors…
• Digital footprints, what are they, why are we talking about feet and what use are they to us as we work through the masses of data?
• We are going to take a look at the core of an organization…its data. We will strip away the misconceptions that the data still is in the control of the organization and begin to understand WHERE the data is, HOW it got there and how WE can access it, learn from it and ultimately use it against our intended targets.
• Targeting and attack vectors, looking beyond the perimeter. Reviewing an organizations structure, it’s VAR’s, partners, suppliers and other entities that are either trusted or shared resource entities.
• We all love the IT department, the developers and the resources they use without thinking.
• When YOU and YOUR work bleeds into your personal life…and the reverse. Why your E-Mail is one of the best fingerprints you leave behind. Why your HOA or your kids soccer team should never have your company mail address.
• Targeting it outside of the borders, how much easier it is to attack in certain territories.
• What public tools are out there, how GoogleFu is good, but not always adequate.
• CLEAR/LEXIS NEXIS, what data can you gather from there vs. other entities, what works and what needs supplemental sources. At this point we’ll take a look at the other options open to individuals doing their own research.
• The Darker side of the Internet, what it is, how to get to it and how useful it CAN be (if only the Feds would stop closing down sites!)
• Making sure the DarkNet doesn’t follow you home, HOW to search, what tools to use and when to throw the computer away… The art of the VM and how to anonymize yourself.
• All this and we’ve yet to actually “touch” the company, no CFA violations, no laws bent and nothing that’s going to show up on the radar…all this legally done, above board and simply piecing together the jigsaw. We now have our target, our attack vectors and our plans, what’s next?
• Reversing the mindset, how we can take ALL of this and use it in a defensive manner, how to actually be PROACTIVE in security and start to consider the preemptive capabilities of intelligence gathering in the commercial world.

This session  will be offered as a pre-conference workshop on Tuesday, October 13th at

NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010

Register here this will sell out and no walking will be allowed.

 

Sponsored by InfraGard ∴ ISACA ∴ (ISC)2 ∴ ISSA ∴ OWASP ∴ HTCIA ∴ ACFE .

The conference will be opened with a keynote address by Tim Rains, Chief Security Advisor, WW Cybersecurity & Data Protection, Enterprise & Partner Group, Microsoft Corporation followed with a keynote by Ron Ross, Fellow at the National Institute of Standards and Technology (NIST).

You can and should register here this will sell out and no walking will be allowed

The event will be held at

 Microsoft NYC Office
11 Times Square, New York City, NY

The schedule includes

You can and should register here this will sell out and no walking will be allowed

 

Sponsored by InfraGard ∴ ISACA ∴ (ISC)2 ∴ ISSA ∴ OWASP ∴ HTCIA ∴ ACFE

NYMJCSC is also offering a pre-conference workshop on Tuesday, October 13th featuring four in-depth full-day hands-on classroom-style educational courses to expand your knowledge and foster security discussions.

Register here this will sell out and no walking will be allowed.

Workshops will be offered at

NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010

Workshop 1: PowerShell for Auditors

Speaker Guy Hermann

Hand on PowerShell for IT security and auditors … requires BYOD Instructor: Guy Hermann PowerShell is a remarkably powerful tool that can be used by administrators to automate many aspects of their environment. PowerShell really starts to shine when used to audit and secure a Microsoft Windows ecosystem. Starting with an introduction to PowerShell, this brief overview explores PowerShell and exposes how it can be used to help secure Windows. This one-day session covers PowerShell from beginning to end, exposing participants to the wide range of tools available through PowerShell.

Workshop 2: Wireless Shock and Awe 

Speaker Tim Singletary

Be worried about what exposed via Wireless Instructor: Tim Singletary The ease of use, mobility, and convenience has made wireless technologies not only prevalent but the defacto standard for most individuals as well as corporate America. Wireless throughout the years has not become magically secure just because it is more often used than not. Both companies and individuals are at risk of many variants of wireless attacks, from basic war driving to rogue access points.

Workshop 3: Privacy and the Dark Net

Speaker Chris Roberts

What the Internet knows about you and your company

Workshop 4: Application Security

Speakers

Tom Brennan, Ken Belva, Vladislav Gostomelsky 

Part 1: Take a tour of the OWASP foundation:

Part 2: Live hacking demonstration using OWASP ZAP and OWASP WebGoat to find vulnerabilities.

Part 3: Deep dive into specific application threat surfaces.

Register here this will sell out and no walking will be allowed.

 

If you are a user of Apple IOS devices like iPhone and iPad please be aware that legitimate apps in the App Store were made with an infected copy of Xcode .

Xcode is used for developing iOS and OS X apps by developers.  If you are a user of Apple IOS devices like iPhone and iPad please be aware that legitimate apps in the App Store were made with an infected copy of Xcode.  This malicious code infected an unknown number of iOS apps and reports range from 0v34 80 apps depending on the news media report you read. 

If you find you have installed one of the infected apps, the solution is to uninstall the app or update if available and some of the infected have not been replaced and are currently unavailable in the App Store. Once you have removed or updated all the infected apps you should change your iCloud password and any other passwords inputted on your iOS device as a precaution.

http://bgr.com/2015/09/21/app-store-hack-iphone-malware-apps-list/

http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/

 

Device Guard relies on Windows 10’s virtualization-based security to allow only trusted applications to run on devices.

Microsoft Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security. Windows 10 employs Device Guard as well as code integrity and advanced hardware features such as CPU virtualization extensions, Trusted Platform Module, and second-level address translation to offer comprehensive modern security to its users.

You can learn more about this feature here

Credential Guard protects corporate identities by isolating them in a hardware-based virtual environment. Microsoft isolates critical Windows services in the virtual machine to block attackers from tampering with the kernel and other sensitive processes. The new features rely on the same hypervisor technology already used by Hyper-V.

Credential Guard offers the following features and solutions:

Using hardware-based virtualization to extend whitelisting and protecting credentials. Hardware-Based security has the advantage of platform security features, such as Secure Boot and virtualization to increase security

Microsoft has also fixed the issue that could result in to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket, with, Credential Guard. This new technology uses virtualization-based security to isolate secrets so that only privileged system software can access them when they are stored on disk or in memory.

You can learn more about Credential Guard here

Windows Hello is a more personal, more secure way to get instant access to your Windows 10 devices using fingerprint, face, or eye recognition. Most PCs with fingerprint readers are ready to use Windows Hello now, and more devices that can recognize your face and iris are coming soon. For face recognition you will need a special camera like the Intel® RealSense™ .

You can learn more about Hello here

 

 

 

 

 

 

 

Download all formats (PDF, Mobi and ePub) at the Microsoft Virtual Academy.

July 15, 2015 update: You can now get this eBook with interactive features by downloading the free Microsoft Press Guided Tours app from the Windows Store.

 

Getting Started with Azure Security for the IT Professional If you’re an IT Professional interested in cloud security options you will want to watch this course. Get the information and the confidence you need from Rick Claus and a team of security experts and Azure engineers, as they take you beyond the basic certifications and explore what’s possible inside Azure. Find out how to ensure that your cloud solution meets (and exceeds!) your own personal and your organization’s bar for security, including industry standards, attestations, and International Organization for Standardization (ISO) certifications.

Click Here for the class

Windows 10: Update for IT Pros

Watch this course as Australia Senior Evangelist, Jeff Alexander explores Windows as a Service, and what it means for your business. He discusses Windows 10 deployment, and the new and updated ways to update devices. You’ll learn what’s new in management and the Windows Store, the new runtime provisioning feature in Windows 10, and the new era of security features in Windows 10. ​

Click Here for the Class

 

The conference will be opened with a keynote address by Tim Rains, Chief Security Advisor, WW Cyber security & Data Protection, Enterprise & Partner Group, Microsoft Corporation followed with a keynote by Ron Ross, Fellow at the National Institute of Standards and Technology (NIST).

For 2015, NYMJCSC is offering a pre-conference workshop on Tuesday, October 13th featuring four in-depth full-day hands-on classroom-style educational courses to expand your knowledge and foster security discussions.

NYMJCSC: Who We Are
The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters.

• InfraGard (New York Metro)
• ISACA (New York Metro, New Jersey and Greater Hartford Connecticut)
• (ISC)2 (New Jersey)
• ISSA (New York)
• OWASP (New York Metro, Long Island, Brooklyn)
• HTCIA (North East Region)
• ACFE (New Jersey)

Driven by the collaboration between members of this coalition, the strength of organizational membership, the provision of desirable CPE credits and the concurrence of National Cyber Security Awareness Month, the NYMJCSC promises — once again — to be a well-attended by members of the information technology, information security, audit, academic, and business communities.

As part of our educational mission as a coalition of non-profit organizations, registration fees are only to cover the costs of the facility, food and refreshments.

Schedule for workshops OCT 13 is Here

Schedule for Oct 14 is Here