1. Name: Branson Matheson (sand)
Bio:
Branson is a 23 year veteran of unix and security. He started as a cryptologist for the US Navy and has
since worked on NASA Shuttle Projects, TSA security and monitoring systems, internet search engines
and continues to support many open-source projects. He founded sandSecurity to provide policy and
technical audits, support and training for IT Security, System Administrators and internet and unix
Developers. Branson has his CEH, GSEC, GCIH and several other credentials, but generally likes to
spend time answering the question 'I bet you can't.. '.
TOPIC: TTL of a Penetration
Abstract
In the world of information security, it's not a matter of how anymore.. it's a matter of when. With the
advent of penetration tools such as Metaspolit, AutoPwn, etc.; and day-to-day use of in-secure
operating systems, applications and websites; reactive systems have become more important than
proactive systems. Discovery of penetration by out-of-band processes and being able to determine the
when and how to then mitigate the particular attack has become a stronger requirement than active
defense. I will discuss the basic precepts of this idea and expand with various types of tools that help
resolve the issue. Attendees should be able to walk away from this discussion and apply the
knowledge immediately within their environment.
Outline
1. Who I am
2. Us vs Them – statistics on users, sysadmins and hackers reinforcing the need to be involved
3. Anatomy of a penetration in 3 steps: hacker, hacked and then sysadmin getting oinvolved.
4. Minimizing impacts: specific steps to take to lower risk in a production environment
5. Q&A
Previously Given
I gave this talk at CarolinaCon about 1 year ago, and teach this as a topic at local events in the
Tidewater area. I have been constantly updating and refining the talk with current news and
information, and feel it's ready for a larger conference.