Cut the Crap
Up in the Clouds
EC-Council Certification Training
Advanced Security Training (CAST)
Other Infosec Training
HH2011 Post Event Report
HH-2012 Post Event Report
What’s Hot provide cutting-edge presentations on key factors of details security, such as virtualization and cloud security, software security, finish point security, physical security and far more.
Sean is an active Threat Intelligence Analyst at Damballa specializing in the analysis and attribution of signatures and behaviors used by cyber criminal operators and malware purveyors. Sean focuses his time learning the tools, techniques, and procedures behind attacks and intrusions related to various advanced and persistent threats. Sean has worked in several Information Systems Security and cyber counter-intelligence roles for various firms and customers over the past fourteen years across United States. Most notably he has spent several years performing intrusion, and intruder analysis/attribution for Fortune 100, Defense Department, and 'other' Federal Agencies and has shared numerous accounts of his findings at various Industry conferences relating to the inner-workings of advanced and persistent threats. Sean has lectured at several Industry conferences over the years such as Defcon, PhreakNIC, DC3, NW3C, Bluehat, Hacker Halted, ISSA, MAAWG, and CERT/CC discussing his interest in analyzing, understanding, and manipulating the minds and morale of persistent threats without their knowledge...
Sean has focused his research over the past several years developing systems that enable the analysis of attackers through various advanced machine learning and enterprise platforms mixed of various public and private Honeynet technologies. Sean recently co-authored Hacking Exposed: Malware and Rootkits (the definitive Computer Security book series) with McGraw-Hill. Sean is currently working on his next book 'SpyJack: Countering Advanced Cyber Threats' a comprehensive manual that illustrates how-to employ various methods of counter-intelligence, disinformation, and deception against advanced and persistent threats in order to lure malicious actors into areas where it can be possible to learn the 'who' and 'why' behind the breaching of your enterprise and counter their mission or objectives.
“Counter Exploitation of Cyber Threats”
Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu, a security consulting firm providing IT security services to the Fortune 500 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients.
Francis has presented his research at leading conferences such as Black Hat USA, DEFCON, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications.
Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.
“Tenacious Diggity – Skinny Dippin’ in a Sea of Bing”
– ESET Security Researcher Cameron Camp has been building critical technology infrastructures for more than 20 years, beginning as an assembly language programmer in 1987 and eventually becoming an evangelist for Linux and Open Source technologies with an emphasis on the security sector.
After working with low level languages, he progressed into embedded technology, with microprocessors, FPGA's (Verilog), DSP's, SOC's and ASIC's in test, prototyping and research, along with industrial process control through PLC's and scripting test environments in high availability/critical infrastructure like the fiber optic signal communications for the London underground, FAA in the U.S. and many other custom one-off installations. Wanting to return to the pure software world, Camp started building Linux/BSD custom servers from the ground up, eventually joining ESET in this capacity. Working in IT and building research facilities, he worked through more advanced languages and scripting for internal one-off proof-of-concepts, heavily relying on data mining and event correlation, progressing through the full technology gamut.
“How to create an Open Source multi-OS interoperable microSD/USB drive live distribution with encrypted data storage, forensics capabilities and remote backup”
Dave Chronister – C|EH, CISSP, MCSE, C|HFI is the founder and Managing Technology Partner of Ethical Hacking firm Parameter Security. Growing up in the wild world of 1980’s BBSes and early Internet, Dave obtained a unique firsthand look at the mind, motives, and methodology of the Hacker. Dave has provided Auditing, Forensics, and Training to clients world-wide. Dave’s expertise has been featured in many media outlets including; Computer World, Popular Science, Information Security Magazine, St. Louis Post Dispatch, and KTVI Fox News, to name a few.
“Advanced SQL Injection: IDS/WAF evasion”
Jenn Lesser is the Head of Security Operations at Facebook. In her current role, Jenn is responsible for budget, roadmap and organization management, along with Program Management for key cross functional initiatives, both inside and outside Facebook. A jack of all trades, she also works on awareness campaigns, most notably Facebook “Hacktober” events for Cyber Security Awareness month. Prior to her employment at Facebook, Jenn was Chief of Staff for the CISO at PayPal. She has over 10 years industry experience, holds her PMP and CRISC certifications and is a graduate of St. Mary’s College of California where she received a B.A. in Communications.
“Winning the Security Awareness Game”
Rafal Los, Chief Security Evangelist for
, combines nearly 15 years of subject-matter expertise in information security with a critical business risk management perspective. From technical research to building and implementing enterprise application security programs, Rafal has a track record with organizations of diverse sizes and verticals. He is a featured speaker at events around the globe, and has presented at events produced by OWASP, ISSA, Black Hat, and SANS among many others. He stays active in the community by writing, speaking and contributing research, representing HP in OWASP, the Cloud Security Alliance and other industry groups. His blog, Following the White Rabbit, with his unique perspective on security and risk management has amassed a following from his industry peers, business professionals, and even the media and can be found at
Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization's security and risk-management strategy internally and externally. Rafal prides himself on being able to add a 'tint of corporate realism' to information security.
Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill.
“House of cards - How not to collapse when bad things happen”
Gary S. Miliefsky is the Editor of Cyber Defense Magazine, which he recently founded after years of being a cover story author and regular contributor to Hakin9 Magazine. In partnership with UMASS, he started the Cyber Defense Test Labs to perform independent lab reviews of next generation INFOSEC products. He also founded NetClarity, Inc., the world's first next generation agentless, non-inline network access control (NAC) and bring your own device (BYOD) management appliances vendor based on a patented technology he invented. He is a member of ISC2.org, CISSP® and Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. A dynamic speaker, he's presented at two White House Summits on cyber security, the RSA Conference, CSI, and many others.He served as an informal advisor to President Clinton and helped the President's Critical Infrastructure Protection Board, under the Bush Administration, which is now known as the National Infrastructure Advisory Council (NIAC) and operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace.Miliefsky is a Founding Member of the US Department of Homeland Security (
), serves on the advisory board of MITRE on the CVE Program (
) and is a founding Board member of the National Information Security Group (
). Visit Gary online at
“Bulletproof Network Security”
Gunter Ollmann has a long-held passion for threat research and currently serves as Vice President of Research at Damballa, where he is focused on inventing new crimeware mitigation technologies and the identification of criminal operators behind botnets and other advanced persistent threats. Prior to joining Damballa, he held the role of Chief Security Strategist at IBM, was responsible for predicting the evolution of future threats and helping guide IBM's overall security research and protection strategy, and was the key IBM spokesperson on evolving threats and mitigation techniques. Ollmann also served as the Director of X-Force at Internet Security Systems where he was responsible for the company's R&D advancements and the development of security technologies in the field of vulnerability scanning, intrusion prevention, web application protection, and malware detection.
“The Next Generation of DGA-based Crimeware”
Chris is responsible for leading or conducting social engineering,internal and external penetration testing; host, network architecture,firewall and VPN reviews as well as enterprise security architecture and design projects. He serves as the service line lead for the social engineering practice, maintaining and developing the methodology as well as continuously enhancing techniques to reflect the threat environment. Chris also provides client education services as an instructor of the Ultimate Hacking Foundstone courses, most recently teaching at the 2011 Blackhat security conference in Las Vegas, NV.
Chris has over 14 years of information security and risk management experience in a variety of industries. Prior to working at Foundstone, Chris held the position of Security Architect at a Fortune 15 Company. While serving as a consultant for affiliate companies, Chris implemented process improvements through the use of discovery templates, process standardization and automation that saved the company over 50% in travel costs and reduced the information risk management assessment timeframe by over 80%.
While working at a major central bank, Chris helped establish an inter-divisional team of penetration testers that continues to provide world-class service to that organization. Most recently, Chris was awarded second place in the Defcon 19 Social Engineering Capture The Flag (CTF) competition. He continues to develop and deliver business oriented as well as technical presentations on Social Engineering at many internationally recognized security conferences.
“Go with the Flow: Strategies for successful social engineering”
John Weinschenk is the CEO and president of Cenzic. John has led several companies to unprecedented success. John's career is marked by an unusually broad background in both engineering and business. John has led technical groups in key security and enterprise software firms, and has brought his in-depth understanding of the latest technologies, market dynamics, and business models to leadership roles in business-strategy and marketing divisions at leading corporations. He brings a unique and rich experience to his role in leading Cenzic from technology innovator to market leader.
“The Persistent Threat of Mobile Apps – Why Continuous Testing is Key”
Copyright 2013 by EC-Council