1. Thursday October 24, 2013 2:00pm - 2:45pm

    WhiteHat Security Ballroom (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)
    Developer Track

    Establishing Electronic Trust is becoming a more important part of the digital landscape than ever before. This presentation aims to do two things: One is to use allegory and a story like approach to explain what PKI is without the math. The other seeks to paint a picture of the impact to doing business and where the road looks to be going.

    Part One: What is PKI in practical terms. It may seem commonplace in the industry by now, but believe you me, there are plenty who don't know a Relying Party from a hole in the ground. We'll cover some of the common terms above and beyond Digital Certificates, how they interact, and how things are managed. An attempt will be made to inject some humor as gravy to what is seen as an otherwise dry topic.

    This isn't to say this that finger puppets will be used, but for the people want to learn, demystifying information in plain English should be a welcome change. An explanation of the trusted roles involved in deploying certificates, the governance of the system, and the management and distribution of keys will be offered afterwards.

    Part Two: A few real world examples of how to apply these concepts will then be offered, having established a basic understanding of how the pieces of the jigsaw fit together. Once these topics are briefly covered, it will be time to suggest where things are going based on key events taking place in this ever active and growing industry of Identity Management. Included will be some observed happenings regarding the National Strategy for Trusted Identities in Cyberspace (NSTIC) and the much sought after on-the-fly provisioning methods.

    # vimeo.com/79894011 Uploaded 174 Plays 0 Comments
  2. Thursday October 24, 2013 10:00am - 10:45am

    WhiteHat Security Ballroom (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)
    Culture & Management Track

    In the Internet of Things, security issues have grown well beyond our day jobs. Our dependence on software is growing faster than our ability to secure it. In our efforts to find the grown-ups who are paying attention to these risks, one painful truth has become clear: The Cavalry Isn¹t Coming. Our fate falls to us or to no one. At BSidesLV and DEF CON 21, a call was made and many of you have answered. At DerbyCon, we begin the work of shaping our futures. Here at LASCON, we have the opportunity to level-up and reframe our role in all of this. As the initiated, we face a clear and present danger in the criminalization of research, to our liberties, and (with our increased dependence on indefensible IT) even to human safety and human life. What was once our hobby became our profession and (when we weren¹t looking) now permeates every aspect of our personal lives, our families, our safetyŠ Now that security issues are mainstream, security illiteracy has lead to very dangerous precedents as many of us are watching our own demise. It is time for some uncomfortable experimentation.

    # vimeo.com/79894010 Uploaded 42 Plays 0 Comments
  3. Thursday October 24, 2013 9:00am - 9:45am

    WhiteHat Security Ballroom (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)

    Keynote with Nick Galbreath

    # vimeo.com/79894009 Uploaded 86 Plays 0 Comments
  4. Friday October 25, 2013 2:00pm - 2:45pm

    HackersForCharity.org Room (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)
    Mobile Track

    While iOS apps downloaded from the AppStore are packaged in binary format and usually encrypted, there is a lot of information one can glean by reversing engineering iOS apps. This talk with cover reversing tools and techniques that can be used to reverse iOS apps to make them iPwn Apps.

    # vimeo.com/79894007 Uploaded 67 Plays 1 Comment
  5. Friday October 25, 2013 12:00pm - 12:45pm

    HackersForCharity.org Room (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)
    Mobile Track

    With the advent of Android 4.0+, we have seen the rooting landscape shift dramatically. This presentation gives a brief, but highly technical overview of the most ingenious new types of attacks on 4.0+. We will give an overview of Android's device protection mechanisms in 4.0+ and how they can be circumvented or unintentionally undermined by device manufacturers.

    Each device manufacturer and carrier can add or modify code from the Android Open Source Project (AOSP). This can include access to device memory, exploitable processes which run as the root user, initialization scripts which perform privileged actions without proper validation, or APKs which leak access to otherwise-protected information sources. This talk will examine what carriers and device manufacturers are doing to help customers root their devices. We will also detail /boot and /recovery differences between OEMs, how signature checks are performed, and demonstrate some of our tools to examine new devices and find potential security flaws.

    This talk is not about exploiting the AOSP, but rather identifying mistakes and misconfigurations due to customized builds and additional features.

    # vimeo.com/79887052 Uploaded 42 Plays 0 Comments



Videos from the presentations at LASCON (Lonestar Application Security Conference), an OWASP regional conference, in Austin, TX in October of 2013.

Browse This Channel

Shout Box

Heads up: the shoutbox will be retiring soon. It’s tired of working, and can’t wait to relax. You can still send a message to the channel owner, though!

Channels are a simple, beautiful way to showcase and watch videos. Browse more Channels.