December 16, 2015 starting at at 5:30 PM

ISSA National Capital Chapter invites you to a special event:

ISSA -DC at SANS@Night Cyber Defense Initiative 2015 

The National Capital Chapter has partnered with the SANS Institute again this year to offer exclusive access for its members to SANS@Night events at Cyber Defense Initiative 2015. The chapter meeting will take place at Grand Hyatt Washington on Wednesday, December 16, 2015. 

Please note that the event is free but you must RSVP at least 24 hours before the event so we can have your badge ready for you. 

The chapter members and their guests will have access to the following events:

5:30pm - 7:30pm
Vendor Showcase — Vendor Event
7:15pm - 9:15pm
Malware Analysis for Incident Responders: Getting Started - Lenny Zeltser
7:15pm - 8:15pm
The Tap House Phil Hagen
8:15pm - 9:15pm
The Plinko Board of Modern Persistence Techniques - Alissa Torres
8:15pm - 9:15pm
Debunking the Complex Password Myth - Keith Palmgren
8:15pm - 9:15pm
ICS/SCADA Cyber Attacks - Fact vs. Fiction - Robert M. Lee

Malware Analysis for Incident Responders: Getting Started - Lenny Zeltser
Knowing how to analyze malware has become a critical skill for incident responders and forensic investigators. A good way to get started with such efforts involves examining how malicious software behaves in a controlled laboratory environment. In this two-hour seminar briefing, Lenny Zeltser demonstrates key aspects of this process, walking you through behavioral analysis of a malware specimen by using several free tools and even peeking into the world of code analysis.
You will see practical techniques in action and understand how malware analysis will help you to triage the incident to assess key capabilities of the malicious software. You will also learn how to determine ways of identifying this malware on systems in your environment by establishing indicators of compromise (IOCs). This seminar will help you start learning how to turn malware inside out.

The Tap House - Phil Hagen
Packets move pretty fast. The field of Network Forensics needs to move fast, too. Whether you are investigating a known incident, hunting unidentified adversaries in your environment, or enriching forensic findings from disk- and memory-based examinations, it's critical to stay abreast of the latest developments in the discipline.
In this @Night series, Phil Hagen will discuss some of the latest technologies, techniques, and tools that you will want to know in pursuit of forensication nirvana.
Phil is also an avid craft beer fan, so there's a good chance you will learn something about a new notable national or interesting local beer in the process.
This presentation will be helpful for those that wish to keep up-to-date on the most cutting-edge facets of Network Forensics.

The Plinko Board of Modern Persistence Techniques - Alissa Torres
No matter what techniques an attacker employs to hide and persist on compromised remote systems, we must be up for the challenge, to detect, analyze and remediate. This session focuses on the latest techniques modern malware is using to ensure continued presence in your network. As detailed in recently released industry threat intelligence reports, these methods are increasing in sophistication and are often times missed by forensics tools developed to only enumerate common autorun and service persistence methods. In this presentation, we will cover advanced detection techniques, pivoting from physical memory analysis to the examination of remnants found on the file system.

Debunking the Complex Password Myth - Keith Palmgren
Perhaps the worst advice you can give a user is "choose a complex password". The result is the impossible-to-remember password requiring the infamous sticky note on the monitor. In addition, that password gets used at a dozen sites at home, AND the very same password gets used at work. The final result ends up being the devastating password compromise. In this one-hour talk, we will look at the technical and non-technical (human nature) issues behind passwords. Attendees will gain a more complete understanding of passwords and receive solid advice on creating more easily remembered AND significantly stronger passwords at work and at home, for their users, for themselves and even for their children.

ICS/SCADA Cyber Attacks - Fact vs. Fiction - Robert M. Lee
Industrial Control Systems (ICS) play a huge role in almost every aspect of modern day life. Supervisory control and data acquisition (SCADA) as an example play a large role in monitoring and controlling the power grid, oil pipelines, and more. It's understandable then that they gain attention in national headlines when they come under attack. Due to this ability to grab attention and the complexity behind getting the technical details right though there have been cases where the stories have just been down right wrong. These inaccurate case-studies push hype and confusion which drives the investment of resources into trying to solve the wrong problem. The threat is real, but plenty of the stories are not.
In this presentation, Robert M. Lee, the ICS515 author and FOR578 co-author will break down a number of high profile stories that are fiction and then deconstruct real threats to show the actual issues in the community and what can be learned towards defense.

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

Wednesday, December 16, 2015 starting at 5:30 PM

Grand Hyatt Washington
1000 H Street NW
Washington, DC 20001 US

January 18, 2011

The Armitage Project
Armitage - Cyberattack Management for Metasploit
by Raphael Mudge

Abstract
How are your hacking chops? This month, Raphael introduces us to Armitage, a new graphical user interface for Metasploit. Armitage makes it easy for security professionals to carry out complex cyber attacks. In this session, Raphael will show us how to scan our network, choose the right exploit, and compromise our own hosts. He will also show us how to launch attacks from a compromised host and carry out sophisticated post-exploitation activities. Whether you're a CSO responsible for network security or a practitioner who uses Metasploit every day, you'll want to see the Armitage perspective on the network attack process. You can find more on the open source Armitage project at http://www.fastandeasyhacking.com

About the speaker
Raphael is a Washington, DC based penetration tester and the developer of Armitage. He also created and sold, After the Deadline, an artificial intelligence that checks grammar and spelling for WordPress.com users and other internet sites. Previously, he was a USAF Communications Officer involved in network operations and cyber security research. You can find more about Raphael at http://www.hick.org/~raffi/

 Please RSVP if you plan to attend.

January 18, 2011 6:30 PM

Government Printing Office
Room A138
732 N. Capitol St.
Washington, DC, 20401

Click here for details

December 21, 2010 .

The State of Software Security
by Jeff Ennis, Veracode, Inc. 

Abstract
Application vulnerabilities are steeply on the rise. At $350 billion per year software is the largest manufacturing industry in the world yet there are no uniform standards or insight into security, risk or liability of the final product.  The development environment is becoming increasingly complex - application origin ranges from internally developed code, outsourced, 3rd party, Open Source, and Commercial Off the Shelf software.  Ensuring that these entities are creating secure software is becoming a daunting task.  Lots of emphasis is placed on IT controls, patching, etc, but the new attack vector is your application.  During this presentation we will review the state of software security today, discuss some initiatives which are requiring application risk management, and provide suggestions on how you can begin managing the application risk at your organization.

About the Speaker

Jeff Ennis is a Solutions Architect for Veracode, Inc.  He has more than 20 years experience in information technology.  He recently served as Security Solutions Manager for the Federal Division of IBM Internet Security Systems, where he and his team of security architects assisted DoD, Civilian, and Intel agencies with addressing their security requirements as  they dealt with an ever-changing threat landscape. Throughout his career he has represented both the end user and vendor communities, including Nortel Networks, UUNET, and Lockheed Martin. 

 Please RSVP if you plan to attend.

December 21, 2010 6:30 PM

Government Printing Office
Room A138
732 N. Capitol St.
Washington, DC, 20401

Click here for details

November 16, 2010

How I learned to stop worrying and love compliance

Ron Gula - Chief Executive Officer and Chief Technical Officer Tenable

Abstract
Ron Gula will discuss how the use of compliance standards can be used to simplify your network management and auditing with many real-world examples. 

About the Speaker
Mr. Gula is known in the global security community as a visionary, innovator and engineer of extraordinary talent. He traces his passion for his work in security to starting his career in information security at the National Security Agency conducting penetration tests of government networks and performing advanced vulnerability research.

Since co-founding Tenable in 2002, Mr. Gula has been CEO and CTO at Tenable, maker of the world renowned Nessus Vulnerability Scanner and Unified Security Monitoring enterprise solution. As CEO/CTO of Tenable, he is responsible for product strategy, research and development, and product design and development. Mr. Gula is also a leader in his community and a passionate advocate for education and scientific research.

Prior to Tenable, Mr. Gula was the original author of the Dragon IDS and CTO of Network Security Wizards which was acquired by Enterasys Networks. At Enterasys, Mr. Gula was Vice President of IDS Products and worked with many top financial, government, security service providers and commercial companies to help deploy and monitor large IDS installations. Mr. Gula was also the Director of Risk Mitigation for US Internetworking and was responsible for intrusion detection and vulnerability detection for one of the first application service providers. Mr. Gula worked for BBN and GTE Internetworking where he conducted security assessments as a consultant, helped to develop one of the first commercial network honeypots and helped develop security policies for large carrier-class networks. Mr. Gula began his career in information security while working at the National Security Agency.

Mr. Gula has a BS from Clarkson University and an MSEE from the University of Southern Illinois. Ron Gula was the recipient of the 2004 Techno Security Conference "Industry Professional of the Year" award. In SC Magazine's 20th Anniversary Edition, he was named as one of the top market entrepreneurs for the past 20 years. 

 Please RSVP if you plan to attend.

November 16, 2010 6:30 PM

Government Printing Office
Room A138
732 N. Capitol St.
Washington, DC, 20401

Click here for details