Several members of NCC Group’s expert research team have had talks accepted at Black Hat USA 2015.
Briefings
Andy Davis, research director at NCC Group
Andy Davis has worked in the information security industry for more 20 years, performing a range of security functions throughout his career. Recently, Andy has been leading security research also been developing new techniques for software vulnerability discovery.
Talk title: Broadcasting Your Attack: Security Testing DAB Radio in Cars
Daniel Mayer, senior consultant at NCC Group, formerly Matasano Security
Daniel is an expert on iOS application security and developed a tool for iOS application penetration testing called ‘idb’. He has presented his research at various security conferences including Black Hat, ShmooCon, SOURCE Boston, Toorcon, THOTCON, and several international academic venues.
Talk title: Faux Disk Encryption: Realities of Secure Storage on Mobile Devices
Drew Suarez, security consultant at NCC Group, formerly Matasano Security
Drew specializes in mobile application testing and research. Besides facilitating the installation of custom code such as Cyanogenmod, Drew likes working on unloved, problem devices with strange or nonstandard setups. Drew also writes and maintains the Cyanogenmod wiki which helps users install CM on their stock Android devices using a variety of different exploits and techniques.
Talk title: Faux Disk Encryption: Realities of Secure Storage on Mobile Devices
Jon Barber, security consultant at NCC Group
Jon’s interests lie in the realm of web and network penetration testing. When he’s not finding bugs in software, Jon can be found drinking coffee, hiking, and life hacking.
Talk title: SAMLyze
Tyler Colgan, security engineer at NCC Group
Prior to joining NCC Group, Tyler spent three years working for Microsoft. Despite his Windows-centric past, Tyler likes to think he is about as comfortable in Unix environments, as he is in Windows. He enjoys spending time in IDA Pro.
Talk title: Linux-Inject
DEF CON 23
NCC Group has had six talks accepted for this year’s DEF CON 23.
Justin Engler, senior security engineer, NCC Group
Justin is a principal security engineer with NCC Group. He’s been involved in application security assessments of many open and closed source messaging applications and other related technologies. Justin has been involved in security, software development, and IT professionally for more than ten years
Talk title: Secure Messaging for Normal People
Daniel Crowley, security consultant, NCC Group
Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities and has been working in the information security industry since 2004.
Talk title: Bugged Files: Is Your Document Telling on You?
Damon Smith, associate security consultant, NCC Group
Damon specialises in web application assessments, embedded device/point of sale assessments, network penetration testing, and mobile testing. Damon graduated with a BS is Computer Science from the University of Texas, with a focus on Information Security. He has experience working as an IT consultant in the legal and retail industries and further as a security consultant focusing on application assessments.
Talk title: Bugged Files: Is Your Document Telling on You?
Aaron Grattafiori, principal security consultant, NCC Group
Aaron is a principal security consultant and research lead with NCC Group. He leads projects dealing with complex system analysis, mobile and web application security to network, protocol, and design reviews to red teams and other hybrid testing.
Talk title: Linux Containers: Future or Fantasy?
Jose Selvi, senior security consultant, NCC Group
Jose has 11 years of expertise performing advanced security services and solutions in various industries (government, telecom, retail, manufacturing, healthcare, financial, technology). He is also a SANS Institute community instructor for penetration testing courses and a regular speaker at security conferences (mostly in Spain)
Talk title: Breaking SSL Using Time Synchronisation Attacks
David Schuetz, senior consultant at NCC Group
A Survey of iOS Application Authentication Approaches
More details to follow
Social engineer village
Noah Beddome, senior security engineer, NCC Group
Noah is former Marine. His professional focus is on attack simulation with special emphasis on physical and interpersonal social engineering.
Talk title: Yellow Means Proceed with Caution -Applied De-escalation for social engineering
.trust Advisory Board
Gunter Ollmann, CTO of NCC Group’s Domain Services Division will be available for interview during Black Hat. The members of the .trust Advisory Board will be revealed on 30 July.
Gunter has almost three decades of experience in information security, working as an industry luminary in an array of cyber security consultancy and research roles. He is currently CTO of Domain Services at NCC Group, where he drives strategy behind NCC Group’s new gTLD, .trust; with a focus of bringing the domain to market in order to make a lasting and game-changing impact on the Internet.
About NCC Group NCC
Group is a global information assurance specialist, passionate about making the Internet safer and revolutionizing the way in which organisations think about cyber security. Through an unrivalled and unique range of services, the company provides organisations across the world with freedom from doubt that their most important assets are protected and operational at all times. Listed on the London Stock Exchange, NCC Group is a trusted advisor to more than 15,000 clients worldwide. Headquartered in Manchester, UK, NCC Group has over 20 offices across the world and employs over 1,000 specialists in information security, assurance and technology. NCC Group delivers security consulting, software escrow and verification, website performance, software testing and domain services.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.