This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Israel June 2015"

From OWASP
Jump to: navigation, search
(added abstract)
m (Updated timing)
Line 8: Line 8:
 
   
 
   
  
''' 17:00 – 17:30 <br/>  '''
+
''' 17:00 – 17:45 <br/>  '''
 
'''Gathering, food, and drinks (KOSHER)'''   
 
'''Gathering, food, and drinks (KOSHER)'''   
  
  
''' 17:30 17:45 <br/>  '''
+
''' 17:45 18:10 <br/>  '''
'''Opening note '''
+
''' Introductions and Opening Notes '''
  
  
''' 17:45 – 18:25   <br/>  '''
+
''' 18:10 – 18:50   <br/>  '''
 
''' One Key to Rule Them All: Detecting the Skeleton Key Malware ''' <br/>
 
''' One Key to Rule Them All: Detecting the Skeleton Key Malware ''' <br/>
 
''' Itai Grady & Tal Be’ery, Microsoft '''     
 
''' Itai Grady & Tal Be’ery, Microsoft '''     
Line 28: Line 28:
  
  
''' 18:30 – 19:10   <br/>  '''
+
''' 18:50 – 19:30   <br/>  '''
 
''' Software Defined Networks are emerging  – How will it affect security? ''' <br />
 
''' Software Defined Networks are emerging  – How will it affect security? ''' <br />
 
''' Almog Ohayon, Javelin Networks '''   
 
''' Almog Ohayon, Javelin Networks '''   
Line 42: Line 42:
  
  
'''19:10 – 19:30   <br/>  '''
+
''' 19:30 – 19:50   <br/>  '''
'''Coffee break'''
+
''' Coffee break & desserts '''
  
 
+
'''19:30 – 20:10   <br/>  '''
+
''' 19:50 – 20:30   <br/>  '''
 
''' Outsmarting researchers: Fraudsters and their security practices ''' <br />
 
''' Outsmarting researchers: Fraudsters and their security practices ''' <br />
 
''' Julia Karpin, F5 Networks '''     
 
''' Julia Karpin, F5 Networks '''     

Revision as of 09:52, 8 June 2015

Our second meeting in 2015 for the Israel chapter of OWASP will take place on June 16, at 17:00, in Microsoft's Herzeliya office, 13 Shenkar St., Building Gev-Yam 5.

Attendance is free, but registration is required: https://owasp-israel-june-2015.eventbrite.com.

This time, OWASP Israel is joining forces with the Israel chapter of CSA! This will be a joint meeting, with both chapters hosting. This will give us an opportunity to expand our horizons, hear different relevant topics, and network with slightly different group of people.

Agenda:

17:00 – 17:45
Gathering, food, and drinks (KOSHER)


17:45 – 18:10
Introductions and Opening Notes


18:10 – 18:50
One Key to Rule Them All: Detecting the Skeleton Key Malware
Itai Grady & Tal Be’ery, Microsoft

Identity is one of the cornerstones of application security. On Windows domains, identity is managed through Active Directory (AD) Domain service on the Domain Controller (DC), and many applications are integrated with AD. Therefore, it should come as no surprise that attackers are actively targeting the DC in order to gain rogue access to applications and servers.

Earlier this year, Dell Secureworks had shared a report on an advanced attack campaign utilizing a dedicated DC malware, named “Skeleton Key” Malware. The Skeleton Key malware modifies the DC behavior to accept authentications specifying a secret ”Skeleton key” (i.e. “master key”) password, thus enabling the attackers to login to any application as any domain user without installing any additional malware while keeping the original users’ authentication behavior.

In this talk, we will explore the unique interaction between such malware functionality and the Kerberos authentication protocol; We will put a special emphasis on its manifestation over the network traffic. We will also share a script that implements the remote detection of the skeleton key malware functionality.


18:50 – 19:30
Software Defined Networks are emerging – How will it affect security?
Almog Ohayon, Javelin Networks

Software-Defined Networking beyond its technological impact is first of all a mindset changer, it makes network engineers think like developers and push them into a world of API’s and automation.

SDN and NFV will help companies to achieve faster deployments, better security, better performance, and reduction of capital and operational expenses.

We live in a world where business growth and agility are strong requirements from investors and owners and no one wants infrastructure slower him down.


I spent 4 months in the Silicon Valley trying to have better understating from the world most advanced business and technical leaders, people who created the SDN “world”, startup companies who are trying to disrupt the market with new solutions and I will share with you my technical and business perspective of the last 2 years.


19:30 – 19:50
Coffee break & desserts


19:50 – 20:30
Outsmarting researchers: Fraudsters and their security practices
Julia Karpin, F5 Networks

TBA