My buddy Aamir Lakhani from dcchaos.com put together a list of the best cyber security talks of 2014. The rankings and opinions are purely his own. Some of these were based on technical knowledge, others were entertaining, and lastly some of these are a shout out to my friends and colleagues. You can find the original post HERE.
Special shout out to my friend Dan Catalano for creating the awesome cover picture!
10) Defcon 22 – Scanning the net
Robert Graham, Paul McMillian, Dan Tentler — This talk will discuss how to do it, such as how to get an ISP that will allow scanning, tools to do the scanning (such as ‘masscan’), tools to process results, and dealing with abuse complaints. We Internet, such as all the SCADA/ICS systems we’ve found. We’ve only scratched the surface — the Dark Internet of Things is waiting for more things to be discovered. We expect the audience to have a working knowledge of existing portscanners, namely nmap.
9) TakeDown Con – Hijacking Label Switched Networks in the Cloud –
Paul Coggin discusses Internet vulnerabilities in within BGP, MPLS, and service provider networks. Paul is one of my closest friends and the only reason he isn’t number 1 is because everyone would blame me for stacking the deck. Check out the talk below!
BONUS: Give me Your Data: Obtaining Sensitive Dat without Breaking In
Dave Chronister – We hear new stories daily about a malicious hacker compromising the sensitive data of corporations, governments and individuals. But that is only half of the story. The genesis of this talk was from the idea that even today, data is still not stored securely. Ethical Hacker conducted a research project in which he wanted to find out if he could gain access to sensitive data. The catch? He would not hack any systems, all data must be collected legally. From buying devices on Facebook and bidding for Hard Drives on Ebay, to monitoring public photo sharing sites; Dave will discuss the methods to retrieve the information. Dave will show his findings, some of which is very surprising.
8) SecTor 2014 – Human Metrics – Measuring Behavior
Lance Spitzner this is an excellent talk that highlights to aspects of security awareness. Don’t miss this one. Click on the link to view the presentation on SecTor’s 2014 website. Click here to view.
7) ShmooCon 2014 – AN Open and Affordable USB Man in the Middle Device.
Dominic Spill – With the introduction of FaceDancer, there has been a surge of interest in USB security. USBProxy is an open framework for the BeagleBone Black to make it simpler for anyone to monitor, inject or modify data carried over a USB connection. While the FaceDancer will allow devices to be written on a host system, we are able to go further and man-in-the-middle connections to existing devices as well. The BeagleBone Black also enables us to operate at USB 2.0 Hi-Speed.
6) Louisville Metro InfoSec Conference – Lockade Electronic Games for Locksport
Adrian Crenshaw – The Iron Geek – I cannot say enough good things about Adrian, and how valuable his site his. Most of these videos are posted because of the direct efforts of Adrian. Thank you Iron Geek for everything you do.
If you want to become an expert on Cyber Security spend lots of time on his site. If you want to know about lock picking and physical security check out this talk.
5) Blackhat 2014 – SCADA: Brining Software Defined Radio to the Penetration Testing Community
Jean Michel, Amaud Lebrun, and Jonathan-Christopher Demay presents a tool they develop to help pen testers assess radio frequency communication objects and showcase the vulnerability in smart meters.
4) DefCon 2014 – Optical Surgery; Implanting a DropCam
Patrick Wardle DIRECTOR OF RESEARCH, SYNACK and Colby Moore SECURITY RESEARCH ENGINEER, SYNACK – DropCam users may want to know, any malicious software can be installed on it and someone might just be tapping into your video stream. Dropcam is a cloud based wifi video monitoring service allowing you to be connected from anywhere. This talk demonstrates complete takeover of your Dropcam and manipulation from the brain. Your tracker can see you, hear you and probably much more.
3) DerbyCon 2014 – How not to suck at Pen Testing
John Strand – The Man, The Myth, The Legend – gives practical advice and techniques on how to do Red Teaming Pen Test scanning. John nails the frustrations and dangers of vulnerability and network penetration testing and how to fix them.
BONUS: How to give the best Pen Test of Your Life
Ed Skoudis gives on the best talks regarding pen testing and red teaming. This is one of the most informative, and entertaining talks I heard all year. Don’t miss it.
2) DerbyCon 2014 Adaptive Penetration Testing
Kevin Mitnick (Social engineer and hacker) & Dave Kennedy (developer of Social Engineering Toolkit for BackTrack). A must see presentation for any Penetration testers.
1) How Not to Do Security –
Kellman Meghu original 2012 SecTor talk is better than ever. I heard it this year at TakeDown con 2014 in Rocket city. Kellman’s Rocket city talk can be found on the Iron Geek website at: by clicking here
I personally prefer Kellman’s original talk recorded at SecTor 2012 – check it out below:
Check out the original talk at http://2012.video.sector.ca/video/51119497