Austin ISSA

How New Features Affect the Windows 10 Attack Surface

Upcoming 17 July 2019, Austin ISSA Chapter Meeting

ISSA Members avail early bird discount. New to Austin ISSA? Send an mail to our membership director for a complimentary code for registration

Microsoft released Windows 10 to the public four years ago and the operating system has evolved rapidly since then. This presentation will provide an overview of several features that have been introduced and how they increase or decrease the operating system attack surface.

Most of the features addressed in this presentation are available in all Windows 10 editions and Windows Server 2016 and 2019. We will especially focus on Containers and the Windows Subsystem for Linux and how these features can help or hinder your security posture.

Speaker for July,2019 – Dan Teal, Principal Engineer, Sophos

Dan is a consummate computer security professional. He has watched the security field grow over his career and is accomplished in many of the facets of security today. As a US Air Force Officer in the early 1990s, he helped develop the technologies and techniques for offensive and defensive information warfare. Dan has long proposed that you cannot adequately secure something unless you know how to attack it. He has developed penetration testing tools; researched and developed host and network-based intrusion detection systems, tested the efficacy of security products, architected next generation security products, and mentored security development teams. Dan’s primary objective is to develop advanced security products to stop the threats of today and mitigate the threats of tomorrow..

June 19, 2019 Chapter Meeting Recap

Sponsor – Kudelski Security

Patrick Charters gave a short presentation on Kudelski Security. He can be reached at 512-740-6502 or Patrick.Charters@KudelskiSecurity.com.

Presentation – Daniel Crowley, Intro to Python for Security Professionals

Daniel Crowley is the Research Baron at IBM X-Force Red. He belongs to Austin Hacker’s Anonymous and encouraged our membership to attend a meeting. Information about AHA meetings is posted at http://takeonme.org/.

He gave an introduction on Python, which was geared toward someone who knew at least 1 language. He introduced several terms, such as “duck typing,” which means that type declarations are not used. He recommended reading the official Python documentation at https://www.python.org/doc/. He discussed differences between Python 2 and Python 3. He showed some methods for converting Python 2 code to Python 3. Then he segued into how to leverage that into scripts than an Infosec professional would find useful, such as how to fingerprint a server, write Scapy modules (documentation available here: https://scapy.readthedocs.io/en/latest/), build a ICMP tunnel to send data, which could evade detection, and how to print all ICMP payloads. It was a fascinating overview! Slides are not available for this meeting.

Raffle

Don’t forget that the Austin ISSA chapter meeting has a raffle every month for chapter members. Someone is going to win! Join us next month and it could be you.

Introduction to Python for Security Professionals

Upcoming 19 June 2019 Austin ISSA Chapter Meeting

Register here today! If you are new to Austin, TX or Austin ISSA and wants to check out our meeting before becoming a member, send a note to membership@austinissa.org for information on getting a complimentary ticket.

Python is a popular scripting language with a wide range of useful features for many tasks. Notably, there are several security-focused Python modules with no equivalent in other languages. This presentation will provide an introduction to Python and its idioms, with mention of some “gotchas” that may surprise even people already familiar with one or more programming languages. Following that, we will discuss several useful security-related Python modules and how to use them.

About Speaker

Daniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool.

Daniel enjoys climbing large rocks and is TIME magazine’s 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel’s work has been included in books and college courses. Daniel also holds the noble title of Baron in the micro nation of Sealand.

CHAPTER MEETING LOCATION: Norris Conference Center, 2525 W Anderson Ln #365, Austin, TX 78757

May 15 Meeting Recap

Scott Parker – Symantec Internet Security Threat Report

Scott Parker, Sr Principal Systems Engineer at Symantec, presented some of the intriguing findings from the 24^th Symantec Internet Security Threat Report. He compared last year’s results with previous years. He explained 2018 highlights, such as supply chain, Web, and targeted attacks, as well as form jacking and ransomware, crypto jacking attacks are on the increase. He also examined attack timelines and the increase and decrease of different types of attacks.

ISSA members can download his slides here. The actual report, as well as other information, can be downloaded here.

Austin ISSA President Seth Robertson (L) thanks Scott Parker (R) for his presentation

Raffle

Don’t forget that the Austin ISSA chapter meeting has a raffle every month for chapter members. Someone is going to win! Join us next month and it could be you. Ben Flores was the lucky winner for the May 2019 meeting.

Seth Robertson (R), Austin ISSA President, congratulates Ben Flores (L) on winning this month’s Amazon Gift Certificate.

Symantec Internet Security Threat Report (ISTR) 2019

Upcoming 15 May 2019 Chapter Meeting

Click here to Register today !

Symantec’s Internet Security Threat Report (ISTR) 2019, Vol. 24 has been released! If you’re not familiar with the report, it’s a crown jewel of intelligence Symantec publishes each year, which provides an overview and analysis of the year in global threat activity. The report is based on intel from the world’s largest civilian threat network, including 123 million sensors which record thousands of threat events per second from 157 countries and block 142 million threats daily. The 2019 Internet Security Threat Report takes a deep dive into the latest trends in cyber security attacks, including:

Formjacking: The Breakthrough Threat of 2018
Living Off the Land Attacks and Supply Chain Weaknesses are Here to Stay
Cryptojacking Down, But Certainly Not Out
Cloud Security is Organizations’ Achilles Heel
IoT in the Crosshairs of Cyber Criminals and Attack Groups

About our Speaker for May 2019

Scott Parker, CISSP, CISM, SCS Sr Principal Systems Engineer ISSA Distinguished Fellow Symantec Corporation

Scott has been with Symantec for 20 years and is an Information Systems Security Association Distinguished Fellow with over 30 years of tactical and strategic information security experience across multiple control points – data centers, endpoints, and gateways with a focus on threat protection, information protection, cyber security services and security analytics.

April 17, 2019 Recap

We had a full house for our April 2019 Chapter Meeting. Thanks for a great attendance.

Rick Handley, Data Security Manager at Schlumberger, gave an interesting and informative overview on steps to protect data in Microsoft Office 365. He covered licensing, the ecosystem of Office 365, SharePoint, recommended practices and available tools (Azure Rights Management Services, Information Rights Management, Azure Information Protection, and DRM), and leak opportunities and mitigation. Lastly, he went over lessons learned during Schlumberger’s implementation.

ISSA members can download his slides here.

Raffle

Don’t forget that the Austin ISSA chapter meeting has a raffle every month for chapter members. Someone is going to win. Join us next month and it could be you.

Seth Robertson (right), Austin ISSA President, Congratulates Ben Flores (left) on winning this month’s Amazon Gift Certificate!

Protecting Microsoft Office 365 Workloads, Find and Plug Your Data Leaks

Upcoming 17 April 2019 Meeting Topic

Click here to Register today.

Register by April 10, 2019 to avail ISSA member discounts!.

Microsoft Office 365 can represent an excellent opportunity to improve collaboration and productivity in your organization. The myriad of workloads (apps), development tools, connectors and sharing options also represent a great way to leak data.

During this session we’ll explore some of these opportunities to lose control of your data. You will also walk away with practical strategies for maintaining control, even if your budget isn’t big enough to purchase a top tier license.

Rick Handley, CISSP, Data Security Manager, Schlumberger

April 2019 – Speaker: Rick has been an Information Security practitioner for 20 years. Previous roles at Schlumberger include Integration Security Manager and Endpoint Security Manager. Prior to Schlumberger he was Director of Network Security and Integration for Smith International. Rick has also been a speaker at IBM’s Focus Conference and is currently Communications Director for South Texas ISSA having served on the board since 2012. Other interests include a passion for restoring and collecting Pontiac muscle cars, raising funds for wounded veterans, and working on family ancestry.

March 2019, Chapter Meeting Recap

Josh Van Cott was unanimously ratified as the Austin ISSA Sponsorship Director. Congratulations Josh!

Our presentation this month, given by Robert Kern, a Regional Sales Director for Tempered Networks, was called “Segmentation Made Simple, Utilizing Zero Trust via Host Identity Protocol (HIP).” The HIP protocol was developed in 1999 and ratified by the IETF in 2015. Instead of using an IP address for identity, this protocol identifies a device on the network based on a public key security infrastructure to create a provable machine identity. A very interesting presentation! Thank you very much Robert!

Robert Kern, March 2019 Speaker on Host Identity Protocol

If you’re an ISSA member, access the presentation slides from here.

Dietch Dietrich was the winner of the raffle this month. Congratulations!

Seth Robertson (right) Austin ISSA President, congratulates Dietch Dietrich on winning this month’s Amazon Gift Certificate

Segmentation Made Simple

Wednesday March 20, 2019

Learn how the industry is moving from ‘address defined networking’ to ‘identity defined networking’ and using provable machine identities instead of spoof-able IP addresses. Understand how segmentation through zero-trust networking cloaks your network while simplifying your environment. Learn about the Host Identity Protocol (HIP) that combines the powerful attributes of three different protocols (VXLAN, LISP and IPsec) into one -while eliminating their complexity and limitations. INTENDED AUDIENCE(S): IT Director, Network Architect, Security Architect, Enterprise Architect, CIO, CSO, Risk and Compliance Manager

Robert Kern, Director, Regional Sales Tempered Networks

About our speaker for March 2019 : Robert Kern is a Regional Sales Director for Tempered Networks with nearly thirty years of experience providing network and security solutions for customers in multiple market verticals throughout the central United States as well as Mexico. Robert has tenure with several notable and innovative companies, including SynOptics (Bay Networks) and F5 Networks. With his pioneering attitude and keen sense of business, Robert was instrumental in bringing their disruptive solutions to market. Based in Dallas, Robert has cultivated long-standing relationships with Fortune 500 accounts, from oil and gas to global transportation companies, and is well-respected for his ability to map solutions to meet critical business challenges.

Feb 2019, Chapter Meeting Recap

Jason Sheffield, Sr. Sales Engineer at Netskope, made several great points about how enterprises can implement cloud security. Some highlights included:

Data flows like water!
Data exposure from mis-configured settings that does not constitute a breach.
Is that cloud application your enterprise is thinking about using really enterprise ready?
Think about shadow IT:
- Who’s buying it?
- What is the risk exposure?
- From a compliance perspective, how does shadow IT impact audits and compliance?

Larry Moore, Austin, ISSA Past President, thanks Jason Sheffield for this presentation

He suggested three quick wins for Enterprise IT:

DLP policies for downloading sensitive data from the cloud, make sure you scrub test data, and don’t worry about nonsensitive data.
Assess the security of your IaaS environment continuously.
Consider using the same security policies against all your cloud data.

He told us about a great resource to check out – Adrian Grigorof’s article on Peerlyst, Mapping of On-Premises Security Controls vs Major Cloud Providers Version 3.2 Feb 2019.

Thank you, Jason, for a very informative meeting! If you’re an ISSA member, his slides are available here: https://www.issa.org/global_engine/download.aspx?fileid=8ED909AC-BCE6-4DB0-A67B-32DC463DA918&ext=pptx