Earlier this month I had the privilege of speaking at BSides Augusta. I gave a lightning talk on working with the Viper Framework for static analysis.
Here's the talk:
I also released the module and API scripts I wrote for the talk.
I cannot say enough about the talent and quality technical content in the BSides Augusta talks. This is easily a "Top 5" defensive security event. I seriously have no idea how I managed to sneak into this speaker lineup. Definitely going back next year.
Showing posts with label shameless self-promotion. Show all posts
Showing posts with label shameless self-promotion. Show all posts
Saturday, September 19, 2015
Tuesday, August 20, 2013
BSides Detroit Presentation
In June I gave a presentation at BSides Detroit entitled, "Broke, Note Broken: An Effective Information Security Program With a $0 Budget." Here's the video:
I have teased the BSides Detroit organizers that they ought to rename their conference to ASides Detroit because, unlike other BSides events, it doesn't coincide with another security conference, and also because it is has the best content and activities of any security conference in Detroit. If you're in Michigan or the Great Lakes region at all, I recommend making plans to attend next year. I'll be there.
Also, here are some other upcoming security-related events taking place in Michigan:
I have teased the BSides Detroit organizers that they ought to rename their conference to ASides Detroit because, unlike other BSides events, it doesn't coincide with another security conference, and also because it is has the best content and activities of any security conference in Detroit. If you're in Michigan or the Great Lakes region at all, I recommend making plans to attend next year. I'll be there.
Also, here are some other upcoming security-related events taking place in Michigan:
- GrrCON (Sep 12-13, Grand Rapids)
- mi4n6 meeting (Sep 19, Livonia)
- Michigan Cyber Summit (Oct 25, Novi)
Friday, October 10, 2008
SecureWorld Expo Detroit
SecureWorld Expo Detroit is coming up at the beginning of next month. I will be presenting on operationalized malware analysis and response. In this case "operationalized" means, "without a debugger.
Cathy Luders, a friend and colleague that I met through the local ISSA chapter, is also presenting at SecureWorld. On the same day. At the exact same time. Which has me bummed out more than a little because I've not gotten to see her present before. But now that I know she's got a talk in her back pocket, I'll probably ask her to present at an upcoming ISSA meeting. :-)
Cathy Luders, a friend and colleague that I met through the local ISSA chapter, is also presenting at SecureWorld. On the same day. At the exact same time. Which has me bummed out more than a little because I've not gotten to see her present before. But now that I know she's got a talk in her back pocket, I'll probably ask her to present at an upcoming ISSA meeting. :-)
Thursday, March 20, 2008
Prior Art
OK, I don't have anything resembling a patent claim here, but a year ago I described a need and a potential solution for targeted phishing attacks against Credit Unions. Today, Brandimensions announced StrikePhish, a service offering in that very space.
So instead of the millions of dollars I deserve, I'll settle for StrikePhish buying me a beer at the next con I see them at. ;-)
So instead of the millions of dollars I deserve, I'll settle for StrikePhish buying me a beer at the next con I see them at. ;-)
Thursday, March 13, 2008
Abstract
I've asked to be considered for presenting at this year's ArcSight User Conference. Today I sent my abstract over and will hopefully be on the agenda this year to talk about ArcSight Tools.
I've blogged about Tools before and this presentation aims to be an expansion of that concept. The truth is, there's lots of great data in your environment that isn't in a log flow somewhere. And while it maybe doesn't belong in your SIM, you want it at your fingertips when investigating a potential incident. It's good to have answers to questions like, "What does this server do?," or "Is this user a local admin?," or "What is this person's boss' phone number?" close at hand.
Anyway, I hope to have more to say about ArcSight Tools soon.
The incident handlers at [my company] use ArcSight Tools in their investigations as a way to quickly and easily collect additional intelligence from existing data stores in their environment. Come see how, with very little custom code, they have harnessed existing applications and services to quickly gather in-depth information about servers, users, workstations, and external hosts during an investigation. In addition to seeing how [my company] has leveraged ArcSight Tools, learn some of the simple tricks that will help you go back to your office and do the same.
I've blogged about Tools before and this presentation aims to be an expansion of that concept. The truth is, there's lots of great data in your environment that isn't in a log flow somewhere. And while it maybe doesn't belong in your SIM, you want it at your fingertips when investigating a potential incident. It's good to have answers to questions like, "What does this server do?," or "Is this user a local admin?," or "What is this person's boss' phone number?" close at hand.
Anyway, I hope to have more to say about ArcSight Tools soon.
Friday, December 21, 2007
On a Personal Note...
If you're one of the people that has my blog in your feeds list, then you've no doubt noticed that I have not been posting much lately. At all. I hope to get back to it in the new year, but Q407 has been insanely crazy for me, and I had to prioritize my time across the board.
But it's not bad news. Quite the contrary, actually. Made official just this week, I am now the head of infosec as well as the corporate infosec officer at the company where I work. My good friend and mentor, Tim, is returning to his technical roots but otherwise staying put. It's pretty much a job swap for the two of us, with Tim becoming the infosec team's technical lead.
I thought long and hard about the offer before accepting, and I came to a realization. I haven't worked on a team this talented in a decade. My mentor and the man I am succeeding will remain on staff as a resource to me and I to him. I will never get a better opportunity to step up to leadership. I will never have more support and more talent behind me than I do now. It's a little much to digest, really, and I think the rambling nature of this post gives you a hint at just how much my head is still swimming at the idea.
Anyhow, I hope to resume blogging in the new year as time permits. I have a couple of ideas that, if I find some time over the next few weeks, I may polish enough to post. Anyway, I hope that wherever you are, that you find peace and prosperity in the New Year.
PaulM
But it's not bad news. Quite the contrary, actually. Made official just this week, I am now the head of infosec as well as the corporate infosec officer at the company where I work. My good friend and mentor, Tim, is returning to his technical roots but otherwise staying put. It's pretty much a job swap for the two of us, with Tim becoming the infosec team's technical lead.
I thought long and hard about the offer before accepting, and I came to a realization. I haven't worked on a team this talented in a decade. My mentor and the man I am succeeding will remain on staff as a resource to me and I to him. I will never get a better opportunity to step up to leadership. I will never have more support and more talent behind me than I do now. It's a little much to digest, really, and I think the rambling nature of this post gives you a hint at just how much my head is still swimming at the idea.
Anyhow, I hope to resume blogging in the new year as time permits. I have a couple of ideas that, if I find some time over the next few weeks, I may polish enough to post. Anyway, I hope that wherever you are, that you find peace and prosperity in the New Year.
PaulM
Friday, September 21, 2007
Expert Advice
I feel a little strange about being proud of this achievement, but anywhere my name appears along with the word "expert" in the same context as folks like Kevin Kadow and Lenny Zeltser, it makes my head swell.
Friday, July 13, 2007
Guest Spot on Security Skeptic
Security Skeptic Dave Piscitello has reposted to his blog (with my blessing) one of my posts to the fw-wiz mailing list. It's a couple of lessons-learned from my days of implementing Entercept and CSA for clients. I recommend that you read Dave's blog. He's like Mike Rothman without the book deal. To say he's a veteran is to understate his expertise and experience. He was doing network programming for Unisys back in '82, when I was still watching the Electric Company and wearing my Members Only jacket. :-)
Thursday, May 24, 2007
Like an Orange on a Toothpick
My ego's going to have to do some sit-ups this weekend. It's getting huge. I'm on CNN via the WOODTV WiFi Arrest story.
Supastah!
Supastah!
Friday, February 2, 2007
Friday, January 26, 2007
Gonna be famous
Not really, but I finally did a TV news piece I'm proud of.
If you're in West Michigan, WOOD TV8 (and probably WOTV 4) will be airing a news piece on wireless security with myself, Matt Carpenter of Intelguardians, and Dick Murray of the US Attorney's office. Despite the potential for overuse of the term 'wardrive,' we talked about and demonstrated MitM attacks against wireless clients. Hardly rocket science, but hopefully it opens some eyes. And it's certainly cooler than kismet with a cantenna (though we did that, too).
Plus it was great to work with Matt and Dick. I always feel like I gain IQ points by osmosis when I talk with Matt. He's teaching Hacker Techniques at SANS Detroit at the end of February. You should go.
UPDATE: The story will air during the news at 11pm EST on Thursday 02/01/2007
If you're in West Michigan, WOOD TV8 (and probably WOTV 4) will be airing a news piece on wireless security with myself, Matt Carpenter of Intelguardians, and Dick Murray of the US Attorney's office. Despite the potential for overuse of the term 'wardrive,' we talked about and demonstrated MitM attacks against wireless clients. Hardly rocket science, but hopefully it opens some eyes. And it's certainly cooler than kismet with a cantenna (though we did that, too).
Plus it was great to work with Matt and Dick. I always feel like I gain IQ points by osmosis when I talk with Matt. He's teaching Hacker Techniques at SANS Detroit at the end of February. You should go.
UPDATE: The story will air during the news at 11pm EST on Thursday 02/01/2007
Subscribe to:
Posts (Atom)