I Will Be Teaching At SnowFROC ’19

For those of you in the Denver Metro area, SnowFROC ’19 is the premier applications security conference. The one day conference is held annually at The Cable Center in Denver, CO. This year the conference is on Thursday, March 14, 2019.

See here for more information on the conference, schedule and location.

Headlining the conference is internationally recognized security researcher, Troy Hunt.

Troy Hunt is a Microsoft Regional Director & MVP and security expert from Australia. His talks take a fascinating look into the dark and sometimes funny world of hacking. His blog, Troy Hunt, is filled with information on how we often make hacker’s jobs easy by building vulnerabilities into our own systems.

Earlier last year Troy and I appeared on Cpp.Chat with Jon Kalb. You can find the video here.

I will be teaching a workshop on Threat Modeling that is part of my day long training course on Threat Hunting. Below is the abstract for the workshop:

Threat Hunting

Often overlooked in software security strategies is Threat Modeling. And yet we constantly model threats in our everyday lives:

  • Crossing a busy street, we look for cars to see if they’re going to stop or keep going.
  • Walking down an unfamiliar city street after dark, we ask ourselves if the group coming towards us is gang bangers or just kids out having fun.
  • A women on a blind date is constantly analyzing her date’s words and actions to see if he’s a good guy or a bad guy.

Threat Modeling is the foundation of everything else we do when securing our software and hardware systems. It tells us where our attack surfaces are, what possible attack vectors there are, where we aren’t verifying who we’re communicating with, where we’re holding data and more importantly where we holding data we don’t use. Threat modeling forces us to analyze our designs and focuses our thinking to that of an attacker. Without it we have little to go on when looking for areas of vulnerability.

In this workshop, we’ll begin by looking at Intrusion Kill Chains, a simple but effective way to describe the process that attackers use to penetrate systems. We’ll look at one of the most famous and successful attacks in cyber history through the lens of a kill chain.

Using this knowledge we’ll then do a hands-on Threat Modeling exercise against an everyday system using the STRIDE approach (and discuss others as we go). We’ll look at:

  • how Spoofing can be used to gain unauthorized access to data within our system,
  • how Tampering is used to affect system behavior and how to protect against it,
  • how Repudiation is used to ensure that all systems behavior is verified,
  • how Information leaks give an attacker vital information on how to attack our systems,
  • how to defend against Denial of service attacks, and
  • how privilege Escalation attacks give attackers access to more than just our systems.

We’ll also discuss how we have come to live in a Zero Trust world and how that affects systems design. We’ll see how Threat modeling allow us to:

  • expose attack surfaces,
  • uncover architectural flaws early,
  • identify attack vectors,
  • balance risks and usability, and
  • document mitigation strategies.

See you there!