All Videos Tagged Conference (CISO Platform) - CISO Platform

Practical Forensics - Tools & Techniques by Sachin Deodhar (Part-2)

2015-01-09T13:15:54.408Z

This lecture introduces security professionals to Forensics and includes - Forensic basics,Locard's principle,PGP,Public Key Cryptoraphy,symmetric key crypto...

Practical Forensics - Tools & Techniques by Sachin Deodhar (Part-1)

2015-01-09T13:14:15.418Z

This lecture introduces security professionals to Forensics and includes - Forensic basics,Locard's principle,PGP,Public Key Cryptoraphy,symmetric key crypto...

The Notorious 9 in Cloud Security

2014-12-23T12:31:48.910Z

The Notorious 9 in Cloud Security by Moshe Ferber.

Cloud Computing presents major opportunities and benefits for the organization worldwide. It is scalable, flexible and efficient. But along with those major advantages, comes the threats. Most Cloud Computing threats and risks are well documented, but we are missing information regarding how those threats can be put into practice in the real world, what are the attack vector used and what is the risks and results for those events. In the presentation we will elaborate the notorious nine Cloud computing threats as described by the Cloud Security Alliance, and for each threat we will provide recent examples for known incidents, the attack vectors used and the damage resulted from the incident. By understanding the risks and case studies, we can better prepare our organization for cloud adoption. Among the recent events we will explore: Supply chain attacks, Attacks for Bitcoin mining, Attacks on the management GUI, API manipulation and more. We will talk about recent incidents for such as Code-spaces.com hack, Buffer and Mongo DB OAUTH credential theft, attacks on Twitter and Microsoft and many more.

Antti Karjalainen on How we discovered Heartbleed?

2014-12-22T14:49:04.517Z

How the Heartbleed bug was found by Antti Karjalainen discoverer of Heartbleed.
The Heartbleed bug was a catastrophic vulnerability in widely used OpenSSL TLS implementation. This talk at CISO Platform Annual Summit, will give background how the Heartbleed bug was found by Codenomicon. The mechanism that initially detected the vulnerability is presented. It is also discussed what made the Heartbleed bug so severe, and what kind of factors would have mitigated the consequences of the vulnerability.

More Shadow Walker The Progression of TLB Splitting On X86 Jacob Torrey

2014-12-16T12:47:49.881Z

This talk will cover the concept of mis-using the hardware (x86 translation lookaside buffer) to provide code hiding and how the evolution of the Intel x86 architecture has rendered previous techniques obsolete and new techniques to perform TLB-splitting on modern hardware. After requisite background is provided, the talk will then move to the new research, the author's method for splitting a TLB on Core i-series and newer processors and how it can again be used for defensive (MoRE code-injection detection) and offensive purposes (EPT Shadow Walker root-kit). This talk will be very high-level but aims to convey the complexities of the hardware and possible attack vectors that can happen at the lowest-levels of an organization's IT infrastructure.