July hasn’t been hot enough for me and some of the other Tenable staffers, so we will be heading to the desert of Las Vegas in a few weeks to attend Black Hat USA 2010! Since 1997, the Black Hat conference has provided a neutral ground for security researchers, government agencies and information security professionals to integrate their varied perspectives. This will be my ninth year at Black Hat and I’ve always found it to be an intense couple of days meeting up with almost everyone I know in the Infosec field. I’m delighted that Tenable will be represented in the Black Hat Trainings, Black Hat Briefings, Black Hat vendor area and DEF CON this year.
Tenable’s Product Evangelist, Paul Asadoorian, will be teaching two sessions of a brand-new (seriously – we’re still editing it) Advanced Nessus Training Class.
This class is intended for those who are already familiar with Nessus and will cover special techniques and testing situations that you may not be familiar with. There will be a lot of hands-on lab work, assisted by Tenable’s lead Trainer, David Poynter (so that Paul can keep talking, one of his favorite activities). The first session will be held on Saturday and Sunday (July 24 & 25) and the second session on Monday and Tuesday (July 26 & 27). There are still a few seats open in both sessions, but they are filling up fast!
I will once again be running the Hacker Court mock trial on the opening day of the Black Hat Briefings. Hacker Court is a live demonstration of a computer crime case based on emerging technology and the legislation that tries to keep up with it. The Hacker Court team, comprised of former Department of Justice attorneys as well as attorneys from the Electronic Frontier Foundation (EFF), spends months coming up with a plausible case that either side could win. Technical “evidence” is manufactured by various security geeks who have an off-color sense of humor. This year’s case involves a fictional social networking site, MyTwitFace. MyTwitFace has deployed the “Ambiguous Manage” monitoring software to help them monitor every employee’s laptop via the webcam and see what they are really up to when they are “working from home.” In our fictional case, an open source competitor exploits a vulnerability in the “Ambiguous Manage” code and gathers videos and screenshots from the CEO’s computer, exposing MyTwitFace to public ridicule. The CEO calls in the REACT task force to investigate the alleged “wiretapping” even though the captured video does not include audio. This is a fine legal point that we look forward to arguing. Hacker Court is always a lot of fun and a great opportunity to learn about the legal implications of technology, in a matter of hours, not months.
Tenable security researcher Dennis Brown will be presenting two talks at Defcon: “How Hackers Won the Zombie Apocalypse” ( Friday, July 30 at 13:00) describes the Zombie Invasion game that was embedded into the QuahogCon 2010 conference badges and “Resilient Botnet Command and Control with Tor” ( Saturday, July 31 at 17:00) describes how Tor helps hide the command and control channels of botnets.
Another Tenable security researcher, Jeremy Brown (no relation to Dennis) will be giving a presentation at 10:00 am on Saturday, July 31 titled “Exploiting SCADA Systems”. This presentation shows how SCADA software is just as vulnerable to attack as it was 10 years ago and explores why SCADA software vendors seem to be incapable of understanding the concept of secure programming.
If you are attending Black Hat USA 2010, stop by Tenable Booth #48 in the Expo Hall for a demonstration of the latest Tenable products or just chat about security.
We look forward to seeing you at Black Hat!