March Chapter Meeting: Two Topics
How the SEC Cybersecurity Guidelines will Impact Us
How Automating CVE Analysis Led to Dozens of New DLL Hijacking Flaws
- 12:00p-12:10p Chapter Business/Announcements
- 12:10p-01:10p CPE Session 1
- 01:10p-02:00p CPE Session 2
Session 1 - How the SEC Cybersecurity Guidelines will Impact Us
- New SEC proposals for Cybersecurity Disclosure – how these suggestions are impacting your security program reporting with the Board and Executive Staff
- Effectively communicating to your organization what your security program is comprised of and how you navigate managing it as the business changes
- Skillfully partnering, advising and influencing senior leadership on how to why to invest in specific areas of your program with the shared business goal of adapting to digital transformation.
Laz (Demetrios Lazarikos), Blue Lava
Laz is 3x CISO, the President and Co-Founder of Blue Lava._ A recognized global authority for building cyber security, fraud, and data analytics solutions, Laz has more than 30 years’ experience in building and supporting some of the largest InfoSec programs in financial services, technology, retail, hospitality, and transportation verticals._ Past roles include: CISO at vArmour, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), Director of Technology at SGI, and the Director of Technology at EDS (acquired by HP). No stranger to the boardroom, analyst, and investor community, Laz is an early stage investor and advisor to some of the most innovative companies in technology and cyber security. He is a Tech Partner at Rally Ventures and advises companies about trends with technology, cyber security, and go-to-market strategies. Laz is a twice-decorated veteran, inventor of several patents, published author, and an Adjunct Professor at Pepperdine University’s Graziadio School of Business and Management. He holds a Master’s degree in Computer Information Security from the University of Denver, an MBA from Pepperdine University, and has earned several security and compliance certifications.
Session 2 - How Automating CVE Analysis Led to Dozens of New DLL Hijacking Flaws
As any seasoned security professional knows, many published security vulnerabilities and attacks are over-hyped. What makes something newsworthy is not always that it poses a significant risk to most organizations. One type of attack technique that often fails to receive enough attention is DLL sideloading (or DLL hijacking). Due to their widespread nature and the ease of exploit development, these flaws are unappreciated gems for digital adversaries.
The DeepSurface research team regularly performs analysis of thousands of CVEs to help understand how these impact customer environments. In order to save ourselves time analyzing a certain class of flaw, we developed a tool to automatically identify Windows services that are vulnerable to DLL sideloading. What we were surprised to find was that a shocking number of Windows services are vulnerable to these attacks in real world deployments.
- In this talk, we provide an overview of DLL sideloading,
- the variety of ways it can be exploited, and
- just how big of a problem it is, based on our analysis of several customer environments.
- We conclude with a discussion of how to detect and defend against these issues.
Speaker 2: Timothy D. Morgan
Founder, CTO of DeepSurface Security, and designer of a risk-based vulnerability management platform that helps security teams gain a much deeper understanding of the complex relationships present in their digital infrastructures.
Tim started his career as a software developer, then spent 15 years as in application security, vulnerability research, and penetration testing. Tim has also worked as an incident responder and digital forensics researcher.
Some of Tim's cutting edge research includes work on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP's AppSec USA, BSidesPDX, and BlackHat USA.