September TASK Meeting - Back to the Basics (Python and BotNets!)
Wednesday, 29 September 2010 6:00PM – 9:00PMUniversity of Toronto, Health Sciences Building Room 610155 College Street, Toronto, Ontario M5T 3M7
Talk 1: Python for Network & Security AdminsPresenting simple python that can be applied by network and security administrators to ease the daily grind and simplify repetitive tasks.This talk will begin with a 5 minute intro to python followed by real world problems and easy to implement python solutions to simplify the tasks at hand. From gathering data from Cisco devices to updating DNS configs to quickly looking for a problem port on systems across your network. Everyday tasks that eat up precious time for network and system administrators will be covered.Tyler Reguly is a Lead Security Research Engineer with nCircle, the leading provider of automated security and compliance auditing solutions. At nCircle, Tyler is a key member of nCircle VERT (Vulnerability and Exposure Research Team) where he focuses on web application security and vulnerability detection and has lent his expertise on various projects that include reverse engineering and OS X vulnerability detection. Tyler is involved in industry initiatives such as CVSS-SIG and WASSEC and has spoken at security events including Toronto Area Security Klatch (TASK), OWASP Toronto and SecTor. Additionally, he has contributed to the Computer Systems Technology curriculum at Fanshawe College in London, Ontario by developing and teaching a security course entitled “Hacker Techniques-Advanced & Exploits”. Tyler is frequently quoted in industry trade press and is a prolific blogger.
Talk 2: A New Look at BotnetsBotnets are a pervasive part of the Internet today. They are used for generating spam email, hacking into secured databases to steal confidential data, create DDoS attacks against public infrastructure and almost any other function that people are willing to pay for. Botnets are created, grown, managed and used via various means. It is important to understand the different components of a botnet. One must know how a botnet propagates, is managed by their owner and how they are used to carry out their various tasks. These are known as the Infection Vector, Command and Control, and Attack Vector. Once the aspects of a botnet are decoded, it is possible to identify ways to detect and potentially mitigate the threat that they pose to individuals and public infrastructure alike. There are some fairly general and easy to implement procedures to detect and stop botnet threats in your network.Frank Yue is currently a Systems Engineer for BreakingPoint Systems, a company that specializes in high performance traffic simulation and security threat analysis. His first computer was a RadioShack Tandy Model I with 16K of RAM and a cassette tape player as a storage device. Mr. Yue has worked in key roles for companies such as America Online, Citigroup, Foundry Networks and CloudShield Technologies. Mr. Yue is experienced in complex routing environments, high performance application load balancing, network traffic behavior analysis and deep packet inspection technologies in addition to security design and implementations. Mr. Yue specializes in application behavior from a network perspective. Mr. Yue has a BA in Biology from the University of Pennsylvania.Writing the CISSP exam in Toronto or Ottawa on 04 December? Prepare for the "gold standard" in information security certifications by attending a TASK-sponsored CISSP Preparation Workshop. This 4-day program, held over 2 weekends, will provide an intense review of the 10 domains of the Common Body of Knowledge. The last workshop of this year will be offered at $1250, including study materials. Contact robert.beggs@digitaldefence.ca for additional information.
This event is sponsored by BreakingPoint Systems ( www.breakingpoint.com ). BreakingPoint pioneered the first and only Cyber Tomography Machine (CTM) to measure and harden network and data center resiliency under high-stress application load and attack. The BreakingPoint Storm CTM exposes previously impossible-to-detect stress fractures within cyber infrastructure components before they are exploited to compromise customer data, corporate assets, brand reputation, and even national securitySource: task