Free

NCC Group Seattle Open Forum at Unity, Aug 24

Event Information

Share this event

Date and Time

Location

Location

Unity Technologies

110 110th Avenue Northeast

#520

Bellevue, WA 98004

View Map

Friends Who Are Going
Event description

Description

Please join NCC Group Seattle and our hosts at Unity Technologies for an evening of security talks and good discussion.

The event will be hosted on the 3rd floor of Unity Technologies office in downtown Bellevue. Free on-street parking or paid garage parking available.

Doors will open at 6:00pm and the first talk will begin promptly at 6:30pm. Light refreshments will be served. A Unity employee will be available to let guests into the building.

Questions or comments can be directed to Mike+dot+Warner+at+nccgroup+dot+trust. You're welcome to forward this invitation to friends or colleagues you believe may be interested.

There is a tight seating limit of a maximum of 50 people and we will have a waiting list. Please update your RSVP if you are unable to attend.



AGENDA



SPEAKER: Mike de Libero

TITLE: Tales from an AppSec Practitione

ABSTRACT: Instead of talking about a cool new bug or tool, I will bring up some lessons learned from being part of and/or running internal AppSec teams for the past few years. We will cover how those teams have or have not changed over the years, actions learned to help get buy-in from executives and development teams, and ways we as a security team make achieving our own security goals both tougher and easier. This won't be the most technical discussion, per se, but my aim is to share information that helps teams accomplish technical work.

BIO: Mike de Libero started his professional career as a developer with an interest in security. He has now been doing AppSec since 2006 and currently runs the AppSec team at Unity Technologies.


----------------------------------------------------------------------

SPEAKER: Sarah Squire

TITLE: What's new in NIST Digital Identity Guidelines

ABSTRACT: NIST released an entirely rewritten version of their Digital Identity Guidelines (SP 800-63) at the Cloud Identity Summit in June. Co-author Sarah Squire will explain why levels of assurance are now a thing of the past and what new guidance and recommendations NIST is proving to federal agencies in terms of identity proofing, authentication transactions, and federated identity management.

BIO: Sarah Squire is the Founder and Principal Consultant at Engage Identity. She has acted as a subject matter expert in identity and access management to several open standards groups including NIST, OpenID Foundation and the Internet Engineering Task Force. She is co-founder and Vice President of IDPro - the first professional organization for identity practitioners. Sarah holds a Bachelor of Science in Physics and a Master of Science in Information Management from the University of Washington where she was a NASA Space Grant Scholar. She is also a Certified Information Security System Professional (CISSP).


----------------------------------------------------------------------

SPEAKER: Keegan Ryan

TITLE: Firmware Hacking of Cell Phone Embedded Systems

ABSTRACT: In 2015, Kaspersky Lab announced its discovery of the Equation Group, along with covert malware developed by the Equation Group which had the ability to take over hard drive control chips and become invisible to the host computer. It's clear why such chips make for good targets, as these embedded systems have direct access to underlying hardware and have not been subject to the same scrutiny as code running on the main processor. Similar to desktop computers and laptops, cell phones are also full of potentially exploitable embedded control chips. This presentation follows the process of reverse engineering the PN544, the chip handling NFC on many cell phones. Ultimately, we present a firmware level attack against the PN544 which converts a cell phone into a card cloner compatible with iCLASS Legacy security badges. By examining the development of this attack in detail, this presentation will propose a general methodology for researching firmware security and will demonstrate the unique but powerful attacks which can be performed as a result.

BIO: Keegan Ryan has been a security consultant with NCC Group since June 2016, working primarily from Seattle. Keegan has experience with wireless protocols, reverse engineering embedded systems, TrustZone exploitation, virtualization, and cryptography. Prior to joining NCC Group, Keegan attended the California Institute of Technology, studying machine learning and applied mathematics.


Share with friends

Date and Time

Location

Unity Technologies

110 110th Avenue Northeast

#520

Bellevue, WA 98004

View Map

Save This Event

Event Saved