NOvember 17, 2015 at 6:30 PM

ISSA National Capital Chapter November meeting topic:

“The Craft” – Cyber Threat Intelligence from the Analysts Perspective 


In the current cyber security environment, the organization does not stop at the perimeter, but extends to all facets and operations of the organization. This session will focus on how threats to any organization can manifest themselves in many ways, often with tell-tale signs in the digital landscape of OSINT and less open arenas such as specialized forums, IRC, paste sites and Dark Web. With the proper skills and tools, analytical craft and intelligence can act as not only a warning signal to concerned parties, but in many cases act as a disruptive capability that can severely limit damage to brand, assets, customers, personnel or IT systems. Come learn how some of your most crucial defenses start beyond the perimeter and are not simply a matter of the newest IDS, Firewalls, or IT defense-of-the-day.

Better understand the ways and means bad actors leverage to meet their goals
Real world examples of how proper intelligence can win early and often
Understand what is at stake if threat intelligence is not part of your current efforts

About the Speaker
Jeff Daisley has a long history of managing and delivering cyber threat intelligence and analysis to the U.S. Secret Service, large Government and NGO institutions, and Fortune 500 companies. Range of work encompasses anything from high-profile government leadership, to disaster and crisis efforts as well as threats to leading private sector companies and executives. Jeff had the special privilege of serving as the chief analyst on-site to the USSS, specializing in reports and analysis to protection of the President of the United States, and subjects of interest or groups possessing threats to USSS protectees. Currently, Jeff is the leading Cyber Threat Intelligence analyst at BrandProtect, a leader in detecting, analyzing and mitigating online incidents and cyber activity that threatens business, people and customers across private and public institutions.



Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.


Tuesday, November 17, 2015 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
Washington, DC, 20005

Click here for details.

December 16, 2015 starting at at 5:30 PM

ISSA National Capital Chapter invites you to a special event:

ISSA -DC at SANS@Night Cyber Defense Initiative 2015 


The National Capital Chapter has partnered with the SANS Institute again this year to offer exclusive access for its members to SANS@Night events at Cyber Defense Initiative 2015. The chapter meeting will take place at Grand Hyatt Washington on Monday, December 16, 2015. 

Please note that the event is free but you must RSVP at least 24 hours before the event so we can have your badge ready for you. 

The chapter members and their guests will have access to the following events:

5:30pm - 7:30pm
Vendor Showcase — Vendor Event
7:15pm - 9:15pm
Malware Analysis for Incident Responders: Getting Started - Lenny Zeltser
7:15pm - 8:15pm
The Tap House Phil Hagen
8:15pm - 9:15pm
The Plinko Board of Modern Persistence Techniques - Alissa Torres
8:15pm - 9:15pm
Debunking the Complex Password Myth - Keith Palmgren
8:15pm - 9:15pm
ICS/SCADA Cyber Attacks - Fact vs. Fiction - Robert M. Lee

Malware Analysis for Incident Responders: Getting Started - Lenny Zeltser
Knowing how to analyze malware has become a critical skill for incident responders and forensic investigators. A good way to get started with such efforts involves examining how malicious software behaves in a controlled laboratory environment. In this two-hour seminar briefing, Lenny Zeltser demonstrates key aspects of this process, walking you through behavioral analysis of a malware specimen by using several free tools and even peeking into the world of code analysis.
You will see practical techniques in action and understand how malware analysis will help you to triage the incident to assess key capabilities of the malicious software. You will also learn how to determine ways of identifying this malware on systems in your environment by establishing indicators of compromise (IOCs). This seminar will help you start learning how to turn malware inside out.

The Tap House - Phil Hagen
Packets move pretty fast. The field of Network Forensics needs to move fast, too. Whether you are investigating a known incident, hunting unidentified adversaries in your environment, or enriching forensic findings from disk- and memory-based examinations, it's critical to stay abreast of the latest developments in the discipline.
In this @Night series, Phil Hagen will discuss some of the latest technologies, techniques, and tools that you will want to know in pursuit of forensication nirvana.
Phil is also an avid craft beer fan, so there's a good chance you will learn something about a new notable national or interesting local beer in the process.
This presentation will be helpful for those that wish to keep up-to-date on the most cutting-edge facets of Network Forensics.

The Plinko Board of Modern Persistence Techniques - Alissa Torres
No matter what techniques an attacker employs to hide and persist on compromised remote systems, we must be up for the challenge, to detect, analyze and remediate. This session focuses on the latest techniques modern malware is using to ensure continued presence in your network. As detailed in recently released industry threat intelligence reports, these methods are increasing in sophistication and are often times missed by forensics tools developed to only enumerate common autorun and service persistence methods. In this presentation, we will cover advanced detection techniques, pivoting from physical memory analysis to the examination of remnants found on the file system.

Debunking the Complex Password Myth - Keith Palmgren
Perhaps the worst advice you can give a user is "choose a complex password". The result is the impossible-to-remember password requiring the infamous sticky note on the monitor. In addition, that password gets used at a dozen sites at home, AND the very same password gets used at work. The final result ends up being the devastating password compromise. In this one-hour talk, we will look at the technical and non-technical (human nature) issues behind passwords. Attendees will gain a more complete understanding of passwords and receive solid advice on creating more easily remembered AND significantly stronger passwords at work and at home, for their users, for themselves and even for their children.

ICS/SCADA Cyber Attacks - Fact vs. Fiction - Robert M. Lee
Industrial Control Systems (ICS) play a huge role in almost every aspect of modern day life. Supervisory control and data acquisition (SCADA) as an example play a large role in monitoring and controlling the power grid, oil pipelines, and more. It's understandable then that they gain attention in national headlines when they come under attack. Due to this ability to grab attention and the complexity behind getting the technical details right though there have been cases where the stories have just been down right wrong. These inaccurate case-studies push hype and confusion which drives the investment of resources into trying to solve the wrong problem. The threat is real, but plenty of the stories are not.
In this presentation, Robert M. Lee, the ICS515 author and FOR578 co-author will break down a number of high profile stories that are fiction and then deconstruct real threats to show the actual issues in the community and what can be learned towards defense.


Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.


Wednesday, December 16, 2015 starting at 5:30 PM

Grand Hyatt Washington
1000 H Street NW
Washington, DC 20001 US

Additional information