Pumpcon 2014 Speakers:
Speakers: Scott VanZant, Joe Coladonato and Aunshul Rege
How Terrorists Use Social Media: An Analysis Through Twitter APIs
Abstract / Bio
This particular research (in progress) examines how terrorists are using Twitter to recruit, spread ideology, plan events, and interact with the public. A twitter API application was created through an open source framework called STT Twitter. The program was designed through xcode which is an Integrated Development Environment, which was used to write the application. This research focuses on the twitter accounts of the Islamic State, Hamas, Al Shabaab, and Islamic Front. The Twitter APIs allowed us to aggregate mass quantities of twitter data, such as tweets, retweets, favorites, mentions, and responses; a sample size of 200 tweets was used for each group. We are exploring patterns and relationships between the four groups, and would like to get feedback on our technical methodology and approach to researching the topic. We think this is a fun topic, as it integrates Information Science Technology and Criminal Justice, and is an innovative means to study the phenomenon.
Bios:
Scott VanZant is a Criminal Justice major at Temple University working as a Research Assistant under Professor Aunshul Rege.
Joe Coladonato is pursuing his Bachelors degree in Information Science and Technology at The Pennsylvania State University.
Aunshul Rege is a junior professor with the Criminal Justice Department at Temple University
Speakers: John "GeekSpeed" Stauffacher and Matthew "mattrix" Hoy
Are You a Janitor, or a Cleaner?
Abstract / Bio
Building on a number of successful runs through different cons ( LA 2600, LayerOne, CircleCity Con, GrrCon ), and meetings - Matt and John have put together a presentation that not only packs a house - but gives attendees something to walk away with. A renewed passion for "active" incident response.
We dive into Prepare, Identify, Contain, Eradicate, Recover, Re-Tool - and focus on what makes our enemy so successful, and different unique ways we can not only stop the attacks -- but proceed to identify our attacker, and launch counter offensives. Take the IR model up a notch -- lets not be so content to just re-image a box and go back to our daily duties -- lets stop being the victim and start being an ACTIVE responder in the Incident Response game.
This presentation has grown since the first day we gave it -- we have added content, removed content, and molded it based not only on audience response, peer response, and our own ongoing experiences. Both of the presenters are actively working on IR and security related activities for companies of all sizes, the trends and methods outlined in this presentation are things being asked for - but nobody is talking about.
What makes it interesting Since the breach of Target, Nieman Marcus, and others - Incident Response and IR in general have been a really hot topic. Everybody is struggling to understand what IR is -- how to staff an IR team, or what exactly the need to do from a compliance standpoint, a legal standpoint, and an operational standpoint to handle the next big breach. Its not an if - its a when. Our talk aims at giving our listeners the ammunition needed to return back to their respective employers and start those conversations -- they may not adopt our methods totally - but its just crazy enough to get people talking.
The final installment of our talk. We drop the logos, we drop the pretty slides. We may even drop our pants. Shit is gonna get ugly, and we are going to bust out all the stuff - that our corporate overlords have deemed too "sensitive" to put on display. Its so bad, one of us actually got pulled out by his manager, and told not to come. Its bare knuckle - its gritty...we're gonna go out with a bang...and may loose our jobs in the process. Put your drinks on the bar, and buy another round for the whole crowd -- we are going to go to the far ends of the interwebs to show you a side of DFIR that your grandmother warned you about. lets stop playing the victim and have ourselves a little fun.
Bios:
Redacted 'cause my wife thinks dick pics make Pumpcon a hostile place for anyone other than adolescent young white men, and we're finially coming into the 21st century and agreeing with her.
Speakers: @alexmuentz & @sambowne
When Vuln Disclosure Turns Ugly
Abstract / Bio
Sam and his students have been cold-calling companies and individuals for years, surprising them with warnings about their security problems. Most of them ignore these warnings, but a few (about 20%) actually fix them.
And occasionally, the recipients go ballistic and shoot at the messenger. Sam will present a brief summary of previous disclosures, leading to the LSU Health one that resulted in the SC Magazine article "Professor hacks University Health Conway in demonstration for class". That article made a mess so big, it took a real lawyer, Alex Muentz, to clear it up.
Alex will then explain how he handled this, and offer informed advice on the laws around vuln disclosure, and how to use the media effectively.
Of course, heckling is always encouraged.
Dr. Phil
Obligatory Drone Hacking Talk (possibly with LIVE DEMO over Independence Hall and the frickin' Liberty Bell!)
Abstract / Bio
This talk will cover scripting for remote hacking drones. While the focus will be on Python scripting for remote drones running The Deck, a custom penetration testing Linux distro described in Dr. Phil?s book Hacking and Penetration Testing With Low Power Devices, the techniques described can be applied to other pentesting scenarios as well. Topics covered will include detecting wireless networks, automatically performing wireless attacks, finding and attacking wireless routers, automated scanning, and automated cracking of logins. Knowledge of Python is helpful, but not required.
Bio:
Dr. Phil is an Associate Professor teaching Digital Forensics at Bloomsburg University of Pennsylvania. He has spoken at numerous conferences around the world including repeat performances at BlackHat, DEFCON, 44CON, GrrCON, and ForenSecure to name a few.
PLUS Special Surprise Guests!!! (might be Josh...)