Category: PRESENTATION

PRESENTATION | August 17, 2022

Vulnerability and Patch Management: Every Day is a Zero Day

By John Sheehy

SC Media on-demand presentation | John Sheehy, SVP of Research and Strategy, participated as a panelist on the CyberRisk Alliance’s eSummit live broadcast.
Patch management can be an especially precarious proposition when you’re operating in a work environment where machines and devices must constantly remain operational. Hospitals, factories and power plants are among the many examples of settings where security professionals need to “keep the lights on,” even as they strive to ensure that software and hardware are hardened against the latest vulnerabilities and exploits. The discussion focused on the challenges of patching in ICS/OT/IoT environments, and strategies for balancing security with operational continuity. access it here

PRESENTATION, VIDEO | September 30, 2020

Breaking Bluetooth Low Energy – A Deep Dive (Breaking BLE series – part 2)

Maxine Filcher, Security Consultant at IOActive, continues from her ‘Introduction to Bluetooth Low Energy Exploitation,’ and presents a deep dive into the key components and tools for breaking BLE devices, from the perspective of a pentester and researcher.

PRESENTATION, VIDEO | May 28, 2020

Introduction to Bluetooth Low Energy Exploitation (Breaking BLE series – part 1)

Bluetooth, especially Bluetooth Low Energy (BLE), has become the ubiquitous backbone that modern devices use to interact with each other.
From mobile, to IoT, to automotive, most smart devices now support Bluetooth connections.

This enhanced connectivity expands the attack surface making this attack vector an increasingly necessary aspect of security testing.

PRESENTATION, VIDEO | April 22, 2020

Hacking and Securing LoRaWAN Networks

LoRaWAN is becoming the most popular low-power wide-area network (LPWAN) open standard protocol used around the world for Smart Cities, IIoT, Smart Building, etc. LoRaWAN protocol has “built-in encryption” making it “secure by default.” This results in many users blindly trusting LoRaWAN networks without being diligent in assessing security concerns; the implementation issues and weaknesses can make the networks vulnerable to hacking.

Currently, much of the cybersecurity problems of LoRaWAN networks, are not well known. Also, there are no available tools for LoRaWAN network security testing/auditing and attack detection, which makes LoRaWAN deployments a vulnerable target for attackers.

In this webinar, we’ll explore the current cybersecurity problems, including the possible attack scenarios, and provide useful techniques on how you can detect them.

PRESENTATION, VIDEO | April 9, 2020

Using Red Team and Purple Team Services to Strengthen Enterprise Security

Red team exercises provide organizations a real-world perspective on the efficacy of their security operations and incident response capabilities. The ability to identify a security incident quickly and respond efficiently is critical to protecting the information and assets most important to your company’s bottom line.

In this webinar, John Sawyer, Director of Services at IOActive, will discuss the collaborative benefits of red team and purple teams and how it enhances the ability for enterprise blue teams to fully understand the visibility into each stage of a targeted attack from beginning to end.

PRESENTATION, VIDEO | January 21, 2020

Secure Design and Secure System Architecture Webinar Series

By Brook S.E. Schoenfield

Brook Schoenfield, author, Master Security Architect and Director of Advisory Services for IOActive, will be sharing deep insights to Secure Design, and Security Systems Architecture concerns in this four-part webinar series.

Brook will cover Threat Modeling, DevOps Security, and the myriad challenges facing Secure Design implementations.

PRESENTATION, VIDEO | April 25, 2019

Critical Infrastructure: Hack the Smart City

By Cesar Cerrudo

Cesar Cerrudo, CTO, IOActive, provides a webinar presentation on the ever-growing risks of using technology that enables smart cities. With the advancement of information, communication, and IoT technologies, come new vulnerabilities, and opportunities for cyber attacks, resulting in disruption and denial of services.

PRESENTATION, VIDEO | April 16, 2019

Application Security: Security Testing Stock Trading Applications

By Alejandro Hernandez

In this two-part webinar series, Alejandro Hernandez, IOActive Senior Security Consultant, provides insight to security testing stock trading applications.

Part 1 gives an overview of stock trading platforms technology and risks, and application security testing, and Part 2 provides a deeper dive into the technical aspects of the application security testing methods and discoveries.

PRESENTATION, VIDEO | April 3, 2019

Thoughts on Supply Chain Integrity

In this video presentation, John Sheehy, VP, Sales and Strategy at IOActive, shares his comprehensive view on the myriad considerations facing business as they undertake supply chain integrity assessments. 

He delves deeply into the pertinent details of: industry definitions of what a supply chain is; potential supply chain disruptions; real-world examples of attacks; various approaches to ensuring supply chain integrity; and  thoughts on solutions and what can be done.

PRESENTATION | September 12, 2018

Reverse Engineering & Bug Hunting on KMDF Drivers

By Enrique Nissim

Enrique Nissim’s presentation from 44CON. September 12, 2018.

  • The focus will be on finding bugs and not on exploitation.
  • This will highlight interesting functions and how to find them.
  • See MSDN and references for full details on KMDF.