Back Patio [clear filter]
Saturday, June 25

10:00am EDT

Elementary, my dear Watson – A story of indicators
A real story of the cyber attack on the Israeli Police Department during 2012 and the effort in identifying the tools and infrastructure used by the adversary. A look, behind the scene, of the threat intelligence analyst work and investigation process and lesson learned.

avatar for Nir Yosha

Nir Yosha

Nir started his career as a squad leader in the Israeli Intelligence Corps. He helped with gathering intelligence tracking the growth of terrorist organizations. Nir has over 10 years of experience as a security engineer both in visual and network security areas. He worked for multiple... Read More →

Saturday June 25, 2016 10:00am - 10:30am EDT
Back Patio

10:30am EDT

Crime Prevention Through Environmental Design
Learn how to use non-traditional design elements to enhance physical security. Capitalizing on environmental aspects of design can help you reinforce traditional measures, often with little investment, and by using existing budgeted items.


Michael Mendez

After crashing, then successfully restarting a Radio Shack demo computer at the age of around 9 or 10 (a much more impressive feat in those days), Michael continued to break, fix, upgrade, and debug his systems enough to believe he knew what I was doing. Followed by studying programming... Read More →

Saturday June 25, 2016 10:30am - 11:30am EDT
Back Patio

12:00pm EDT

Free Taco Truck for attendees

Saturday June 25, 2016 12:00pm - 1:00pm EDT
Back Patio

2:00pm EDT

The Art of Bit-Banging: Gaining Full Control of (Nearly) Any Bus Protocol
Most buses have dedicated hardware that a system uses to communicate with attached devices. This hardware generates the appropriate waveforms to implement the bus' protocol. Bit-Banging is the set of techniques that allows one to generate these waveforms directly from software using little to no extra hardware.

Controlling these waveforms from software has many advantages:
-Protocol Violations - transmitting sequences on the bus that the hardware would not normally permit opens up a whole new vector for attacking a system.
-Monitoring - passively observe traffic going across a bus, good for reverse engineering, and debugging.
-Packet Injection/Suppression - waiting until a device sends a packet, stopping the packet in its tracks, writing your own in its place.
-Access Non-Standard Protocols - some devices use proprietary protocols for which there is no standard hardware to interface to it.

This paper presents the primitive operations used for bit-banging, introduces some of the common strategies involved, looks at some of the common pitfalls encountered, and gives an overview of some advanced techniques that can be used when software is not fast enough to meet the required protocol.


aaron waibel

For the last six years, Aaron has worked as a Development Engineer for Quintech Electronics. A great deal of his job is writing firmware and the applications that communicate with that firmware. Outside of work, he likes to write virtual machines, assemblers, and compilers, as well... Read More →

Saturday June 25, 2016 2:00pm - 3:00pm EDT
Back Patio

3:00pm EDT

A Rookie PoV: The Hollywood Fallacy
Most people have seen TV Shows such as CSI Cyber or Scorpion, just to name a few, where security appears to be something magical and for the gifted. Thanks to places like Hollywood, there has become this facade surrounding cyber security careers, which leads to false expectations towards the field. As current students at the very beginning of building our careers in computer security, we will share what it has been like to start learning the difference between our preconceived expectations and the actual reality of the career options available to us as we prepare to graduate. We will also share what types of things we are being exposed to as students by participating in various events such as Capture the Flag (CTF) competitions, the Collegiate Cyber Defense Competition (CCDC), and through Internships/Work-Studies.


Raquel Milligan

Raquel Milligan is a Junior at Baldwin Wallace University majoring in Computer Networking and Security while simultaneously working on her Master's in Business Administration (MBA). Prior to attending Baldwin Wallace, she served in the United States Coast Guard for a total of 5 years... Read More →

Saturday June 25, 2016 3:00pm - 3:30pm EDT
Back Patio

3:30pm EDT

Splunk for IR and Forensics
Data Analysis: it sucks. Make it not suck with Splunk, a 21st century approach for analyzing mountains of data as it relates to digital forensics and incident response. Learn how Splunk can enable you to quickly search, examine, and visualize any data from anywhere. The presenters will also give you useful insight on how to best use this tool to streamline forensic processes, incident scoping, and initial triage. Further, see how much time, effort, and money can be saved by using splunk for analysis instead of typical forensic tools.


Tony Iacobelli

Lead Incident Responder, University of Cincinnati
Tony Iacobelli is the Incident Response Team Lead for the IT@UC Office of Information Security at the University of Cincinnati. He enjoys security data analytics, kicking bad people off networks, and Cleveland Indians Baseball. Furthermore, Tony is an active member of the Cincinnati... Read More →

Saturday June 25, 2016 3:30pm - 4:00pm EDT
Back Patio

4:00pm EDT

SafeCracking on a Budget Redux
Lesson learned in applying knowledge from the "SafeCracking on a Budget" presentation. http://2014.ruxcon.org.au/assets/2014/slides/rux-safe-cracking.pdf.

We had a problem: no combination to a safe. The solution was to build a automatic our own safe dialer. We will review the steps we followed, Information gathered, Vulnerability Analysis, Exploitation, Post-Exploitation, and Reporting. (PTES Technical Guidelines style). Along the way we will share knowledge learned and stories of success and failure.

avatar for David Hunt

David Hunt

Has worked in software development for several years. Switched to focus on application security, vulnerability and penetration testing. Recently picked up the bug for safe cracking.

Zack Nagaich

Zack Nagaich is a Recent Ohio State computer science graduate working in cyber security for a variety of companies in the central Ohio area with a passion for software and security.

Saturday June 25, 2016 4:00pm - 4:30pm EDT
Back Patio

4:30pm EDT

The Digital Beginning of the Analog End
"Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony."

Hide yo' kids, Hide yo' SCADAHZ. lulz - j/k. Despite the somewhat ominous title, this is not a FUD (Fear/Uncertainty/Doubt) talk, but rather an in depth discussion of what an industrial/ICS/DCS/SCADA/IoT environment is, it's evolutionary progression, and most importantly why it matters.

Its time to set the record straight. This discussion will break down the differences and nuance in these common infrastructures and discuss why most people are flat out wrong in their understanding and assumptions of the environments. If time permits, we can discuss/Q&A the stuxnet package - as much as I hate talking about it (STILL), most people get this wrong too.


Brad Hegrat

Brad has more than 20 years non-standard* offensive/defensive security experience (*as in not vanilla IT, more like classified, blowupable environments, etc) with16 years in industrial/ICS/DCS/SCADA as a singular focus - in other words, back when nobody cared about industrial, and... Read More →

Saturday June 25, 2016 4:30pm - 5:30pm EDT
Back Patio

5:00pm EDT

Cleveland Locksport
An overview of physical security - How locks work and how we pick them.


Doug Hiwiller

IT professional with a keen interest in physical security. As a co-organizer of Cleveland Locksport, he enjoys teaching others how to pick locks and improve their own security.

Jeff Moss

An IT professionals with a keen interest in physical security. A co-organizer of Cleveland Locksport, he enjoys teaching others how to pick locks and improve their own security.

Saturday June 25, 2016 5:00pm - 5:30pm EDT
Back Patio
Filter sessions
Apply filters to sessions.