John Sheehy, IOActive SVP of Research and Strategy, is a featured guest for the online webinar.

This MTS-ISAC webinar will introduce penetration testing, a methodology to attack a system or environment using similar techniques and tools adopted by real threat actors. It will cover the specialized vocabulary and the different types of testing, and how to use the results most effectively. Guidance will be shared on how to choose the appropriate type of cybersecurity testing for your organization and specific situation – ensuring the appropriate type of penetration/vulnerability testing solution. The webinar will conclude by covering best practices, tips and tricks to get the most value out of your penetration testing efforts, and insight into advanced testing methodologies and threat intelligence applicable to the transportation sector. 

The Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders. Our mission is to effectively improve cyber risk management across the entire MTS community through effective information sharing for the improved identification, protection, detection, response and recovery efforts related to cyber risks.

John Sheehy, SVP of Research and Strategy, will be presenting: ‘Penetration Testing Engagement Best Practices’ at the NMFTA webinar series.

The webinar will provide an overview of penetration testing engagement practices – penetration testing is a methodology to attack a system or environment using similar techniques and tools adopted by real threat actors. The presentation will feature the different types of testing, the value of the results, and how to use the results most effectively will be featured; guidance on how to choose the appropriate type of testing for your organization and specific situation – to ensure you get the appropriate type of testing solution; best practices and tips and tricks to get the most value out of your penetration testing efforts, and conclude with insights into advanced testing methodologies and threat intelligence applicable to the transportation sector.

The webinar will take place May 4, 2023, 1pm – 2pm ET.

Decentralized Finance (DeFi) is moving billions of dollars around the world and growing in popularity daily; highly innovative solutions to managing cryptocurrency are constantly built and deployed and many are making a fortune from their investments – which oftentimes gets reinvested into more crypto projects with no end in sight. But, as the DeFi world continues to evolve and expand furiously, so does the challenge of maintaining manageable security postures. Hacks and attacks are increasing by the day with many losing millions of dollars of their investments.

In this webinar, Cesar Cerrudo, IOActive Labs CTO, will provide an overview of the common challenges and concerns for DeFi security and offer some possible solutions in making DeFi more secure.

The webinar will be held: Tuesday, March 8th, 1pm ET.

John Sawyer, Director of Services, Red Team, will be the featured speaker on this DarkReading webinar.

COVID-19 did more than just transform communications between employees and internal enterprise systems. For many enterprises, it also transformed interactions with customers and suppliers, adding new risks and cybersecurity challenges. In this webinar, experts discuss potential vulnerabilities in the new supply chain, and potential threats from online attackers. They also discuss the impact of these changes on compliance with industry and regulatory rules that govern the supply chain. You’ll learn how to protect your data from suppliers or customers whose systems or end users might be at risk. And you’ll get advice on how to protect your sensitive data from third-party vulnerabilities.

John Sawyer, IOActive Director of Services, Red Team, is the featured speaker for the InformationWeek webinar: “Network Security: The Attacker’s Point of View,” Thursday, September 17th, 1:00 pm ET.

More information here.

Continuing from her first part webinar: ‘Introduction to Bluetooth Low Energy Exploitation,’ Maxine Filcher, IOActive Security Consultant, will present a deep dive into the key components and tools for breaking Bluetooth Low Energy devices—from the perspective of a pentester and security researcher.

As BLE continues to take the spotlight in low energy RF communications, expanding to an exponentially growing number of devices, Bluetooth security has largely been relegated to small pockets within the researcher community. However, the SweynTooth vulnerability set, among many others, demonstrates that there are still fundamental issues within the BLE stack, and that the attack surface may be more relevant now than it has ever been previously.

Maxine will delve into the key components of BLE communications and cover:

• Introduction to Bluetooth mesh
• The tools required for breaking BLE devices
• Suggested approaches for testing BLE devices
• A demo of a simple dev project using the nRF52840 dongle
• Providing insight to understanding the basic skills required to exploit BLE

The webinar will be held: Wednesday, September 30, 2pm ET.

Maxine Filcher, IOActive Security Consultant, will be giving a webinar presentation on wireless security, May 28, 2020, 2pm E.T.

Bluetooth, especially Bluetooth Low Energy (BLE), has become the ubiquitous backbone that modern devices use to interact with each other. From mobile, to IoT, to automotive, most smart devices now support Bluetooth connections. This enhanced connectivity expands the attacks surface making this attack vector an increasingly necessary aspect of security testing.

In this talk, Maxine will:

• cover various phases of Bluetooth exploitation
• dive into the communication between BLE devices and companion mobile applications, with an emphasis on sniffing connections, spoofing targets, and exploiting services
• demonstrate the use of basic BLE security research tools
• discuss common security issues and recommendations the for a security-focused implementation of BLE for connected products

Cesar Cerrudo, IOActive CTO, will be presenting an IOActive webinar, April 22, 2020, 2pm ET.

LoRaWAN is becoming the most popular low-power wide-area network (LPWAN) open standard protocol used around the world for Smart Cities, IIoT, Smart Building, etc. LoRaWAN protocol has “built-in encryption” making it “secure by default.” This results in many users blindly trusting LoRaWAN networks without being diligent in assessing security concerns; the implementation issues and weaknesses can make the networks vulnerable to hacking.

Currently, much of the cybersecurity problems of LoRaWAN networks, are not well known. Also, there are no available tools for LoRaWAN network security testing/auditing and attack detection, which makes LoRaWAN deployments a vulnerable target for attackers.

In this webinar, we’ll explore the current cybersecurity problems, including the possible attack scenarios, and provide useful techniques on how you can detect them.

John Sawyer, IOActive Director of Services, will be presenting a webinar on using Red and Purple Team Services as an effective tool to increase security and operational resiliency.

Red team exercises provide organizations a real-world perspective on the efficacy of their security operations and incident response capabilities. The ability to identify a security incident quickly and respond efficiently is critical to protecting the information and assets most important to your company’s bottom line. In this webinar, the topic of red and purple teams will be discussed and how the collaborative aspects enable our customer’s blue teams to level up and fully understand their visibility into each stage of a targeted attack from beginning to end.

Brook Schoenfield, author, Master Security Architect and Director of Advisory Services for IOActive, presents the fourth and final installment of the Secure Design webinar series.

Secure design remains one of the least understood branches within software security practices. Design practices for security are often ad hoc or performed at the wrong points during development. Software security requires a collection of overlapping, interlocking practices some of which have significant dependencies between each other. Secure design comprises a substantial portion of software security practices. Without these critical design activities, software will lack key security features and may offer attackers exploitable conditions that cannot be corrected by typical security verification tools.

This final installment of the Secure Design webinar series, will pull together the learnings presented in the previous three IOActive secure design webinars, placing secure design into its larger, software security and development context: “A Whole Secure Design Enchilada”. Secure design practices will be explained as a key part of rigorous software security. Get the holistic view of secure software development practices such as threat modeling and design patterns, as well as how to build successful strategic security design programs that integrate well with continuous development practices such as DevOps.