Tuesday, 10 October 2017 (RSVP by Friday, 6 October 2017)
LIMITED SPOTS AVAILABLE
Edward Farrell of Mercury Information Security Services (Mercury ISS) will discuss how his team broke into a CEOs account and demonstrated harm to their company with little more than a LinkedIn password and good reconnaissance.
Data breaches and their disclosure have become commonplace and yet reusing contents from a breach for security testing or enhancing an organisation’s defences have been poorly explored. Whilst technical complexity and time of execution is not comparable to more elegant threats, the accessibility and ease of exploitation of passwords should be of concern to individuals and businesses. Having collected and analysed such information over the course of two years, it was only natural for Edward’s team to start reusing it in penetration testing.
This talk will go through some of the insights into the collection of data, its reuse in security testing, Mercury ISS’ development of an internal database for material from breaches, as well as how it can be used in a defensive function.
Edward Farrell is an independent information security consultant and penetration tester based in Sydney.
Having started his career as a network engineer, Edward joined the cybersecurity profession in 2009 where he has made numerous contributions to industry research and local security groups. He has presented at conferences in Australia and overseas, including Kiwicon, Besides Las Vegas, AusCERT 2017 & Ruxcon, to advance the body of information security knowledge.
In his day job he runs a team of cybersecurity professionals at Mercury ISS who service clients in Australia and abroad.
|Date||Tuesday, 10 October 2017|
L10 50 Martin Place,
Sydney, NSW, 2000
|Agenda||5:15 pm Registration
5:30 pm Presentation by Edward Farrell
6:20 pm Networking & drinks
8:00 pm Event concludes
|Payment||Click on the link below to register and pay via:
Groups (>10): please contact us by emailing email@example.com
Please note: you will be prevented from registering if registrations exceed capacity. If this occurs, please email firstname.lastname@example.org to be added to a waiting list.