Come listen to the visions and ideas of some of the best and brightest minds in the security community.
After the talks, network with your peers and the security pros.
Learn from the best with a two day hands-on training. These trainings are of a DefCon caliber, right here in Madison!
David started TrustedSec with the vision in building a world-class information security consulting company. David is considered a thought leader in the security field and has presented at over three hundred conferences worldwide. David has had guest appearances on FoxNews, BBC, and other high-profile media outlets.
David is the creator of several widely popular open-source tools including “The Social-Engineer Toolkit” (SET), Artillery, and Fast-Track. David has also released several zero-day exploits and focuses on security research.
Eric Smith (@InfoSecMafia) is a Senior Partner and Principal Consultant at LARES. Eric specializes in penetration testing with over 15 years of experience in the IT/IS industry. Eric is well versed in a variety of Risk Assessment services and has extensive experience in penetration testing, insider threat assessments, Social Engineering, physical security and Red Team engagements. When Eric isn’t compromising large scale, heavily protected fortresses, he goes on retreats in search of unicorns, horseshoes and hidden treasures that many claim to be “suicide missions”. Eric was also born with invisible gills and is referred to by close friends and closer enemies as the “phish whisperer”.
Tyler is a cyber intelligence analyst for Salesforce. His research interests are in reverse engineering, malware analysis, digital forensics, network security, and incident response. He is currently working on his doctorate in computer science, is a SANS Lethal Forensicator, and holds several industry certifications including the CISSP, GREM, CCNP-Security, and others.halfpop
Scott Erven is an Associate Director at Protiviti. He has over 15 years of information security and information technology experience with subject matter expertise in medical device and healthcare security. Scott has consulted with the Department of Homeland Security, Food and Drug Administration and advised national policymakers. His research on medical device security has been featured in Wired and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field internationally. Scott also has served as a subject matter expert and exam writer for numerous industry certifications. His current focus is on research that affects human life and public safety issues inside today’s healthcare landscape.
Jared DeMott is a seasoned security researcher who has spoken at conferences such as DerbyCon, Blackhat, DefCon, ToorCon, etc. Notable research relates to helping stop an exploit technique (ROP), by placing as a finalist in Microsoft’s BlueHat prize contest, and by more recently showing how to bypass Microsoft’s EMET protection tool. Jared teaches his AppSec course, has co-authored a book on Fuzzing, has been on three winning Defcon CTF teams, has been an invited lecturer at prestigious institutions such as the United States Military Academy, previously worked for the National Security Agency, and holds a PhD from Michigan State University.
Joe Grand is a product designer and the founder of Grand Idea Studio, Inc. He specializes in the invention and licensing of consumer devices and modules for electronics hobbyists. Joe is a former member of the legendary hacker collective L0pht Heavy Industries, where he helped set the standard for computer security vulnerability research and disclosure. He is a sought after speaker for his work on reverse engineering and hacking embedded systems.
Joe holds a Bachelor of Science degree in Computer Engineering from Boston University in Boston, Massachusetts and a Doctorate of Science in Technology (Honorary) degree from the University of Advancing Technology in Tempe, Arizona.
Michael has been researching VoIP security and developing systems since 2004. Originally focused on IMS proof-of-concept applications, he founded the AskoziaPBX project in 2007 and led its development until 2011. It is currently being deployed and used in over 100 countries worldwide.
In 2011, he joined Ubiquiti Networks to architect their upcoming VoIP product line and since 2012 has been with Range Networks, the creators of OpenBTS. OpenBTS is an Open Source project which utilizes SDRs (software defined radios) to create GSM and UMTS cellular networks, converting their traffic directly to VoIP.
The first day at DakotaCon is all about the talks. The day starts at 9am in the Dakota Prairie Playhouse on the campus of Dakota State University. No need to register, just come on out for the talks!
We will be holding a Reverse Engineering contest throughout DakotaCon. Click here for more details!
The purpose of this session is to demonstrate via a case studies approach the wealth of information that can be obtained from memory to better detect and understand malware in order to improve incident response and digital forensics capabilities. The problem faced by many defenders searching via traditional methods is that malware often attempts to hide its existence and capabilities from these techniques. A solution to this problem is to analyze the memory of systems in order to bypass most of a malware's camouflage and armor. Evidence will be presented from malware case studies showing some of the amazing capabilities of Volatility, a free open source memory forensics framework. It is my hope that participants will gain the skills to immediately start or improve their use of this outstanding capability of memory forensics.
There is no question that medical devices save countless lives, but is insecure design or deployment of these devices putting patients at risk? Join me for an in-depth presentation on a three year research project that shows numerous medical devices and healthcare organizations are vulnerable to direct attack vectors that can impact patient safety and human life. Medical devices touch almost every one of us, whether through personal experience or that of a close friend or family member. They save countless lives and ensure a better quality of life for many. Although medical devices are key to quality care and undergo rigorous testing, many are not sufficiently tested for adversarial resiliency. Some question whether our dependence on these life-saving medical devices has grown more quickly than our ability to secure them.
Memory corruption has plagued computers for decades. These software bugs can often be transformed into working cyber-attacks. High-level protections, such as anti-virus, have done little to stop the tide. Recent low-level protections such as non-executable memory and module randomization have helped. Yet a new variant called return-oriented programming (ROP) has survived these protections. Medium-level protections, such as Microsoft's anti-ROP add-on called EMET, has helped some. But a particularly troublesome bug known as Use-after-Free (UaF) has been used in conjunction with other techniques to bypass EMET. Thus, another low-level mitigation is required. This talk will describe Heap Isolation and Delayed Free, two such new mitigations, aimed at preventing UaFs. We will demo the protection in action. We will also walk through a bypass for the new protection. We wrap up by discussing trends to watch for in the next couple years as it relates to these and other similar software attacks.
Software Defined Radios (SDRs) have been exclusive to the military and intelligence communities for over 20 years. They are now becoming available at consumer prices with a wide variety of Open Source software sprouting up around them. Physical waveform and protocol logic can now be implemented as user space software instead of developing custom hardware. Additionally, radio devices and protocols already deployed in the field do not have the luxury of a software upgrade to patch an exploit. They will remain vulnerable until hardware is replaced. A very new, very dangerous attack vector has been born.
In addition to the SDR introduction, security aspects of GSM and UMTS cellular network protocols will be discussed.
The second day at DakotaCon starts our two-day trainings. The trainings will be held in East Hall on the campus of Dakota State University. These require registration, so don't forget to register early!
Check back here for specific location details.
Trainings will pause for the day. Don't worry, they will resume again on Saturday!
The final day of DakotaCon is when we will wrap up our trainings. The trainings are held in East Hall on the campus of Dakota State University. Be sure to register for the trainings!
Check back here for specific location information.
Our first ever two-day trainings end. See you next year!
The nearest airport is Sioux Falls, SD (FSD). Then a 45 mile drive to Madison.
From points East or West, take SD-34. North or south, take US-81. If in doubt, GPS!
1205 N. Washington
Madison, SD 57042