Thursday, February 17, 2011

Today is the first day of the AIDE Winter Meeting

You can register at the door.

Information Security

09:30 am

Opening Remarks

Bill Gardner (oncee) is the InfoSec coordinator of AIDE and an AIDE Board Member, a co-founder and Vice President of 304Geeks, an organizer of Hack3rCon, and an information security evangelist and educator. By day Bill is the IT Manager at one of West Virginia’s larger law firms.

You can follow Bill on Twitter at

Rob Dixon (GPEN, GWAPT, GAWN, C|HFI, ESSE-D, SnortCP, TNAP, TNCP, TECP, A+) is no stranger to the cyber security world. Ask Rob what he does for a living and he might say, "During the day, I lead my state's Security Operations Center, but at night, I Hack Charities!".

By day, he leads the State of West Virginia’s Cyber Security Operations Center, whose mission includes Security Threat Monitoring, Intrusion Detection, Forensics Investigations, Vulnerability Management, Internet Monitoring and Filtering, Security Standards and Architecture, E-mail Encryption, E-Discovery actions, supporting the mission of the West Virginia - Information Sharing Analysis Center, Incident Response, Network Violation Management, and more.

Rob's expertise ranges from Intrusion Control Design, Cyber Forensics, Incident Management and Response, Risk Management and most recently the art of Penetration Testing. Rob participated in the 2009 DHS/MS-ISAC Defend/Capture the Flag team, with his team winning both the attack and the defend portions of the competitions, besting security teams from state governments around the United States.

Rob is also a leading member of Hackers for Charity, a non-profit organization helping to empower some of the world's neediest citizens through education and training. Rob is also the Founder and President of the 304 Geeks and AIDE supporter.

10:00 am

Where we at? A look at Information Security

The Information Security field has grown into something few imagined. From regulatory and compliance to dedicated security personnel, security is a field that technology birthed and it's not going away anytime soon. Like any new field, it has its share of concerns and problems but how are we looking as a whole? We have more and more budget being spent every year on protecting our organizations from hackers, and yet we continuously see a large trend of breaches and attacks largely successful. As an industry we are getting there slowly, but with anything in technology we have to be fluid, responsive, and proactive. This talk is a look at the Information Security field, what we are doing to protect ourselves and where we need to go. In this speaker’s traditional fashion, he will be showing some cutting-edge hacks and breaking things, and a look at what's to come. Welcome to 2011, a new year, a new set of breaches, a new set of regulations, and a new set of attacks.

David Kennedy (ReL1K) is a security ninja and penetration tester that likes to write code, break things, and develop exploits. Dave is on the Back|Track and Exploit-Database development team and a core member of the Social-Engineer podcast and framework. David continues (and strives) to contribute to a variety of open-source projects. David had the privilege in speaking at some of the nations largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET), Fast-Track, modules/attacks for Metasploit, and has (responsibly) released a number of public exploits.

David heavily co-authored the Metasploit Unleashed course available online and has a number of security related white-papers in the field of exploitation. David has a book being released in June from NoStarch Press, "Metasploit: A Penetration Testers Guide". Lastly, David worked for three letter agencies during his U.S Marine career in the intelligence field specializing in red teaming and computer foreniscs.

11:00 am

Radio Reconnaissance in Penetration Testing

Tired of boring old pentests where the only wireless traffic you see is 802.11 and maybe a little Bluetooth? With this amazing new invention, the radio, your eavesdropping options can be multiplied! Come to this talk to learn techniques for discovering, monitoring and exploiting a wide array of radio traffic. Real world examples illustrate how these techniques have been used to gather information on a target's physical security, personnel, and standard operating procedures.

Matt Neely (CISSP, CTGA, GCIH and GCWN) is the Profiling Team Manager at SecureState, a Cleveland Ohio based security consulting company. At SecureState, Matt and his team perform traditional penetration tests, physical penetration tests, web application security reviews, and wireless security assessments. His research interests include the convergence of physical and logical security, cryptography, and all things wireless.

Matt has spoken in the past at a number of security conferences including Rochester Security Summit, Louisville Metro InfoSec Conference, Notacon, Northeast Ohio Information Security Forum, Ohio Information Security Forum to name a few. Matt is also a host on the Security Justice podcast.

Noon - Lunch

1:00 pm

Social Engineering In-Depth

Social Engineering exploits the most vulnerable piece of your network, the user. People are naturally trusting, especially if they are interacting with someone of "power". A hacker that is a good social engineer can, in most cases, extract more information verbally than technically. Users should be trained in identifying social engineering attempts and what to do if they think they might have been duped.

Stephan Looney is a co-owner of Layer2 Security and a passionate hacker. He holds the CEH/ECSA/MCSA and various other industry certifications. Stephan's career began as an AIX administrator and evolved into development in numerous languages and eventually hacking as a profession versus a hobby. He has been doing this for about 10 years and has worked in environments as small as 5 nodes all the way to 60000+ nodes with worldwide infrastructure. Recently he had the opportunity to help write the network security exam for Brainbench as well as help write the course ware and exam for the Security and Mobility course for Apple.

Wayne Porter is a recognized expert on spyware analysis, botnets, online fraud, virtual world security and emerging social media security issues. He was the co-founder of Xblock Systems, a dedicated malware research firm. Xblock was acquired by Facetime Communications. While at Facetime he worked as the Senior Director of Greynet Research, guiding an international team of security researchers to discover and solve complex, high profile security cases such as the Orkut Worm, KMeth Worm, and the SpazBox Puzzle.

Accolades include three consecutive Microsoft Security MVP awards as well as receiving Google's Responsible Security Disclosure Recognition. He served as an expert panelist at the FTC Spyware Work shop in 2004, has presented research at RSA on botnet attacks based in the Middle East, he also holds two patents for software designed to inoculate machines against rogue software. Wayne is also a co-owner of Layer2 security.

Chris Criswell is co-founder of Xblock Systems LLC in 2002. Chris has been a professional malware buster for 10 years. Trained and lead team of specialty researchers and helped produced, Regblock and BlockList lines. Development of two patent pending policy based inoculation technologies to harden system security. Xblock Systems LLC was acquired by FaceTime Communications in May 2005. After leaving Facetime, he created his own consultancy helping companies set up enterprise level infrastructure and systems for malware remediation. He's been hooked to technology since my school unloaded the first Apple II. Chris is also a co-owner of Layer2 security.

2:00 pm

Penetration Testing - The Continuing Failures of an Industry

The Continuing Failures of an Industry: During this presentation we explore the recurring common issues of general performance irregularities in the performance of penetration tests and vulnerability assessments, failures in providing value through understanding risk, impact and vulnerabilities and finally common reporting failures.

Keith Pachulski a.k.a. sec0ps is an independent security consultant in Sterling, VA. He has been involved in the IT and Physical Security scene for over 15 years with focus on regulatory compliance, operational security management, managed IT security services, physical & IT security training, executive security, penetration testing and assessments.

Keith is also a host of the InfoSec Daily Podcast, and has spoken in the past at ShoeCon and at Hack3rCon.

3:00 pm

Blue team is sexy - refocusing on defense

The Pen Testers (aka Red Team) get all the glory... and they shouldn't! It's time the defenders get their due. This talk will illustrate the most effective defenses currently employed and provide tips and tricks for how any organization can up their game to make things much rougher on the bad guys, and better prove their worth to management so limited funding is protected appropriately.

Mick Douglas (CISSP, GCIH, GSNA) is the Consulting Systems Engineer for Information Security at OCLC - an international library cooperative. He is a community level instructor for the SANS institute and has taught SANS 504 "Hacker Techniques, Exploits and Incident Handling" and SANS 507 "Auditing Networks, Perimeters & Systems". He is a senior contributor to the PaulDotCom weekly security podcast. While Mick enjoys and actively participates in penetration testing, his true passion is defense tweaking existing networks, systems, and applications to keep the bad guys out.

In addition to his technical work, Mick jumps at every chance to participate in a social engineering engagement. Mick has a bachelor's degree from The Ohio State University in Communications. In his spare time, you'll likely find him fleeing all things electronic by scuba diving, trying in vain to improve his photography skills, and either hiking or camping.

You can follow Mick on Twitter at

Digital Forensics

Peer-to-Peer Network File Sharing Investigations
Presented by: Corporal Robert J. Boggs, West Virginia State Police

The explosive growth of the internet and peer-to-peer networks has spawned a threat far greater than pirated music and movies. Images of child sexual exploitation are traded over this network in staggering amounts. Understanding peer-to-peer file sharing programs that utilize the Gnutella network protocol is a critical skill for digital forensics professionals. This in depth presentation will cover all aspects of case development from end to end including recovery of artifacts from the Windows Registry and operating system.

Corporal Robert J. Boggs is a 13 year veteran of the West Virginia State Police and is assigned to the Crime Against Children task force. Cpl. Boggs had been assigned to the Digital Forensic Unit for 5 years and is responsible for all examinations for the southern part of West Virginia. Cpl. Boggs assists many local, state, and federal law enforcement agencies with high tech criminal investigation and digital forensics analyses. Cpl. Boggs has attended many advanced course regarding digital forensics from both government and private entities.

iOS File Systems and Artifacts
Presented by: Christopher Vance, Marshall University Forensic Science Center

Apple devices are everywhere and as such need to be understood by digital evidence professionals. This presentation will explore the process of uncovering the artifacts hidden among the iOS file systems. Chris’s presentation will include an overview of iOS devices, the file system structure, acquiring the file system, and artifact recover including preferences, SMS messages, calendar, notes, web history, etc. In addition, he will also examine the changes in the file system between different versions, getting around password protection, and understanding the backup process.

Christopher Vance is a Digital Forensic Specialist employed by Marshall University. Chris is a graduate of Marshall University (Cum Laude), receiving a BS degree specializing in Digital and Multimedia Forensics. Chris currently works in the West Virginia State Police Digital Forensics Unit. Chris specializes in mobile device forensics, having analyzed over 150 devices.

LET Credit Pending

AIDE Winter Meeting Information:

The conference will be held at the Marshall University Forensic Science Center. Registration is required as seating is limited. Registration fees are due on the first day of attendance, fees are based on AIDE membership as follows:

Non-member Professional $50

Non-member Student $20

Current Member $0