POWERED BY THE MICHIGAN CYBER RANGE
Associate Dean for Research, College of Engineering Professor, Electrical and Computer Engineering Professor, Computational Mathematics, Science, and Engineering, Michigan State University
Ph.D., CISSP of Cyber and Secure Autonomy, Soartech
Phishing for Shells: Reducing the Attack Surface
DDEs, HTAs, Macros- Windows is plagued with different ways to execute code through attachments and Microsoft ‘features’. This talk dives into different techniques used from a red team perspective to execute command and control payloads through phishing campaigns, all while bypassing the latest ‘Next-Gen AV’ solutions. Then, with an understanding of the techniques, we will discuss how organizations can reduce their overall phishing attack surface through smart configuration changes.
Capture The Flag Unplugged
Capture the Flag competitions give participants the opportunity to gain experience in securing a machine, conducting research and reacting to cyber attacks that can be found in the real world. This “unplugged” version developed by the NSA and NSF is designed to help non cybersecurity experts understand the concepts behind Capture the Flag security exercises. Test your reconnaissance skills, forensic abilities, code breaking and more in this interactive activity.
CIS Critical Security Controls – Security for Compliance vs. Compliance for Security
Attendees will learn how to dispel the “Fog of More” by implementing an effective cybersecurity improvement program using a concise, prioritized set of cyber practices. These were derived from the CIS Controls that will set out the core, foundational steps a CISO can take to get the most out of their security value and stop real-world attacks.
Live Takedown -Hacking A Site in Real Time
Hacking a WordPress or Drupal website live! This will replicate a real attack with the presenter narrating the actions and explaining the thought behind each step. Take away the knowledge of how to protect your own environment.
Disruptive Academic Collaboration to Meet Business and Nonprofit Cybersecurity Needs
Universities have long been known for their “ivory towers” or “silos.” In contrast, we will present how faculty from two different disciplines worked with three colleges to deliver a professional Information Security graduate certificate, Master’s program, and are currently planning a bachelor’s program, all delivered online.
We will outline our framework for the graduate programs, an ABET accredited B.S. in Information Security, and our partnership with Merit to offer professional certifications. Our approach takes the Merit materials and infuses them with additional components so that students not only can pass the exams but also understand how they should approach various information security challenges.
Most important to the discussion is feedback from industry so that we may continue to improve our offerings. We will solicit feedback both during and after our presentation, welcoming suggestions so that our degrees and programs can best meet Michigan’s organizations’ cybersecurity needs.
Professor, Electrical and Computer Engineering
Professor, Computational Mathematics, Science, and Engineering, Michigan State University
Hacking and Protecting IoT Devices
Code is now running on just about everything. Threats from around the world, would like to damage our data, reputation, finances, and more. As such, we need to be as secure as possible. There’s lots of arrows to that quiver. One of them is application security. But more broadly we need to look at the whole product and ecosystem. We need to find security bugs in the products and systems we build, before bad actors do. In this presentation, cyber expert, Dr. DeMott, will walk us through the process of how developers and security pros should be conducting product pentests. In particular, DeMott will guide us through the tools and techniques VDA engineers used to quickly find multiple zero-day vulnerabilities in a common IoT device.
Who is Helping the Cybercrime Victims?
The impact of cybercrime on the economy, personal lives and our critical infrastructure is growing exponentially each year. Loss estimates are in the trillions worldwide. Two questions are not being address on a national level in the US. Where does a consumer or small business call to report a crime and get help? And, what coordinated resources are available from federal, state and local law enforcement and consumer protection agencies? The Cybercrime Support Network is providing a voice for the victims and building a national program to improve victim services and response for consumers and small businesses.
MITN: Cheap and Easy Implementations for Actionable Threat Intelligence
It is easy to download lists of bad IP addresses or bad domain names, but how can a resource-constrained IT security team make effective use of the data? We will discuss how the University of Michigan has implemented “Michigan Intelligence for Threat Negation” (MITN), A framework for consuming, generating, sharing, and using threat intelligence. We will demonstrate the value of generating local threat intelligence data with “Modern Honey Net” (MHN) honeypots and log data from systems & security devices, and how this has amplified the value of existing security protections for U-M IT infrastructure as well as providing value to peer institutions across the Big Ten.
Session participants will walk away from the talk with knowledge how to:
– Use threat intelligence to improve your organizational security posture
– Identify cost-effective ways to use threat intelligence in existing security systems
– Share threat intelligence with peers in an automated way
Go Fast, Stay Secure – Evident.io Security For Public Schools
Maintaining holistic cloud security and compliance isn’t easy. If you thought it was just you…it’s not.
Organizations around the world struggle with implementing the various aspects of cloud security, such as threat detection, misconfiguration management and risk remediation, all while complying with industry standards.
Evident.io, now part of Palo Alto Networks, adds functionality and flexibility to your cloud security capabilities, allow you to easily:
Accelerate cloud adoption while maintaining security
Avoid common cloud security roadblocks
Protect and segment cloud workloads
Securely adopt a cloud-native DevOps model
We live in a time of disruptive technology, constant connectivity, and information overload. Managers, technicians, and analysts have to address the impacts of these influences on their organizations, their employees, and their business information. Security Summit, powered by the Michigan Cyber Range, is the place to learn from subject matter experts, share experiences and network with peers and other professionals. Join us on November 13, 2018 at the Henry!