Event co-organised with OWASP: Georgia Weidman and Joe McCray Print
Thursday, 13 September 2012 00:00

We are pleased to announce our next event, co-organised with OWASP's Belgian Chapter, with Georgia Weidman and Joe McCray on Wednesday 26 September

The Schedule:

18h00 - 18h30: Welcome at PwC (Ghent)
18h30 - 19h30: Introducing the Smartphone Penetration Testing Framework (Georgia Weidman)
19h30 - 19h45: Networking break
19h45 - 20h45: Why Your Security Products Suck... (Joe McCray)
20h45 - 21h30: Networking & closure


With special thanks to PwC for hosting the event and offering drinks.


Registration procedure: through the OWASP registration page on https://owasp-belgium-2012-09-26.eventbrite.com/

 

The Venue :
Pwc Ghent (Wilson) - Club
Wilsonplein 5G
9000 Gent

Roadmap: http://www.pwc.be/en/map/index.jhtml


Introducing the Smartphone Penetration Testing Framework (Georgia Weidman):

As smartphones enter the workplace, sharing the network and accessing sensitive data, it is crucial to be able to assess the security posture of these devices in much the same way we perform penetration tests on workstations and servers. However, smartphones have unique attack vectors that are not currently covered by available industry tools. The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. We will look at the functionality of the framework including information gathering, exploitation, social engineering, and post exploitation through both a traditional IP network and through the mobile modem, showing how this framework can be leveraged by security teams and penetration testers to gain an understanding of the security posture of the smartphones in an organization. We will also show how to use the framework through a command line console, a graphical user interface, and a smartphone based app.

Demonstrations of the framework assessing multiple smartphone platforms will be shown.

Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding CISSP, CEH, NIST4011, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally.

She has presented her research at conferences around the world including Shmoocon, Hacker Halted, Security Zone, and Bsides. Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews. Building on her experience, Georgia recently founded Bulb Security LLC a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.

 


Why Your Security Products Suck... (Joe McCray):

Joe McCray will be demonstrating a series of advanced hacking techniques focused on the areas of IDS/IPS/Web Application Firewall Bypass, SRP bypass and several other ways to defeat popular security mechanisms.
Bring your laptop, and hack with him. Joe will bring a wireless access point and allow the attendees to play with the security products as well.
Let's hack!!!!

Joe McCray is an Air Force Veteran and has been in security for over 10 years. Joe has been involved in over 150 very high level pentesting assessments and has some major hacking accomplishments that he can share with his classes. His extensive experience and deep knowledge, mixed with his comedic style has lead Joe to be one of the most highly sought after speaking experts in the industry. Joe makes speaking appearances and gives seminars at major events in the security community such as Black Hat, DefCon, BruCon, Hacker Halted and more. Joe is the recipient of the 2009 EC-Council Instructor Circle of Excellence Award and the 2010 EC-Council Instructor of the Year Award. Joe is the founder and CEO of Strategic Security, Inc. an IT Security consulting firm that provides in-depth technical security assessments of your network, web application, and regulatory compliance gap analysis.