[Owasp-louisville] Louisville OWASP Meeting with TOM ESTON!

Sullivan, Kristen (COT) Kristen.Sullivan at ky.gov
Thu Nov 10 10:44:30 EST 2011

Just a reminder about Friday. Tom is a fantastic speaker and really
interesting all around guy. I can't speak highly enough. We are so
pleased he is flying in just to talk with our group!


Please be aware that we've ordered 35 lunches to be served on a first
come first serve basis, so please arrive on time! As we find a better
RSVP process, this will change in the future, but for this meeting, this
seemed to be the best idea. 


From: Sullivan, Kristen (COT) 
Sent: Wednesday, October 19, 2011 12:21 PM
To: 'owasp-louisville at lists.owasp.org'
Cc: 'Tom A. Eston'
Subject: Louisville OWASP Meeting with TOM ESTON!


Announcement from OWASP Louisville Chapter - MEETING NOV 11TH - TOM

Meeting: Louisville OWASP - Nov 11th , 11:30 AM - 1 PM 

Meeting Location: 
Sullivan University Campus, 3101 Bardstown Road, Room 254, Louisville KY
40205 - (about 15 minutes from the airport...on I-264 East) 

When you arrive at the University's main building, Drive around past the
front visitor's doors to the parking area on the right side of the Main
Building. Room 254 can be accessed via a back stairway near a break area
on the back right-hand side of the building, very easy to spot. 

Desktop Betrayal: Exploiting Clients through the Features They Demand 
In this talk, Tom Eston will explore the use of client features to gain
privileged access to client systems. During previous talks around social
networks, Tom Eston and fellow security researcher Kevin Johnson
discovered that most of the damage they could perform against a target
didn't use an exploit against any vulnerable system. Tom and Kevin were
able to create various attacks that made use of features being used on
client machines. While this talk will not disclose any vulnerabilities
within popular client software, Tom will be releasing multiple attacks
that use these clients against their users. Tom will be discussing
attacks using JavaScript, HTML5, PDF files, Flash, Data URIs, Web
Workers and more. Tom will also discuss code to perform these attacks as
well as add-ons to popular tools such as BeEF (Browser Exploitation
Framework) that will enable these tools to make use of the attacks. 

Tom Eston is the manager of the SecureState Profiling Team. Tom leads a
team of highly skilled penetration testers that provides attack and
penetration testing services for SecureState's clients. Tom focuses much
of his research on new technologies such as social media, mobile devices
and new web technology. He is the founder of SocialMediaSecurity.com
which is an open source community dedicated to exposing the insecurities
of social media. Tom is also a security blogger, co-host of the Security
Justice and Social Media Security podcasts and is a frequent speaker at
security user groups and national conferences including DerbyCon,
Notacon, OWASP AppSec, Black Hat USA, DEFCON and ShmooCon.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-louisville/attachments/20111110/6809a739/attachment.html 

More information about the Owasp-louisville mailing list