BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Joint OWASP Cambridge Chapter& KPMG LLP – Security Seminar - Spe
 aker to be confirmed
DTSTART:20140204T173000Z
DTEND:20140204T203000Z
UID:TALK50692@talks.cam.ac.uk
CONTACT:Adrian Winckles
DESCRIPTION:\nHosted by the Department of Computing & Technology\, Anglia 
 Ruskin University\, OWASP (Open Web Application Security Project) Cambridg
 e Chapter & KPMG LLP\n\nGuest speakers: Yiannis Chrysanthou (KPMG)\n\nYian
 nis has been in the information security field for about 6 years now. Prio
 r to joining KPMG\, he was an Ethical Hacking Instructor and a Project Man
 ager for various infrastructure projects.\n\nHe is an active member of Tea
 m Hashcat. Winner of Crackmeifyoucan competition at Defcon (2nd place in 2
 013\,1st place in 2012\, 2nd place in 2011 and 1st place in 2010)\, Winner
  of Positive Hackdays / Hashrunner (1st place 2012\,2nd place 2013).\n\nIn
 terviewed by BBC http://www.bbc.co.uk/news/technology-24519306 and ArsTech
 nica http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are
 -fueling-the-next-frontier-of- password-cracking/2/ about password crackin
 g.\n\nTitle : Modern Password Cracking\n\nThis presentation briefly descri
 bes the most popular password cracking techniques. It then suggests an opt
 imized attack that combines several techniques with best performance in mi
 nd. The presentation suggests the use of Markov Chains for password recove
 ry\, in combination with a range of other modified versions of common atta
 cks.\n\nAll attacks work together and make use of common resources such as
  Dictionaries\, and Rulesets to achieve the most optimal output possible. 
 The result is a dynamic\, highly flexible and robust attack that can be us
 ed by anyone with average computer literacy and limited resources within r
 easonable time.\n\nGuest speakers: Damien King (KPMG)\n\nDamien has 1st cl
 ass BSc Applied Computer Science\; Distinction & MSc Information Security\
 ; Dissertation in Mobile Device Exploitation.\nHe is currently a Penetrati
 on Tester at KPMG and likes to hack “stuff”.\nHe also have an interest
  in automation/scripting in python - hence the exploitation tool he will p
 resent.\n\nTitle: Filename Enumeration with TildeTool\n\nIn certain versio
 ns of Microsoft IIS\, it is possible to detect the short names of files an
 d directories which have an 8.3 file naming scheme (e.g. FILENA~1.TXT) equ
 ivalent in Windows.\n\nThis issue particularly affects .Net websites that 
 are vulnerable to direct URL access\, as an attacker can find important fi
 les and folders that they are not normally visible.\n\nWe will first talk 
 through the steps of how to test for this vulnerability manually\, then de
 monstrate 'TildeTool' which automates the process.\n\nAgenda\n\n17:30 – 
 17:45 Welcome from the OWASP Cambridge Chapter Leader\, Adrian Winckles\, 
 Course Leader in Information Security & Forensic Computing\, Anglia Ruskin
  University\n17:45 – 18:30 Yiannis Chrysanthou (KPMG) - Modern Password 
 Cracking 18:30 – 19:15 Damien King (KPMG) - Filename Enumeration with Ti
 ldeTool\n19:00 – 19:15 Q & A\n19:15 – 20:00 Refreshments & Networking 
 (coffee\, tea\, juice) in LAB006\n\nRegistration\n\nTo register for this f
 ree event\, please register online at\n\nhttps://www.surveymonkey.com/s/OW
 ASP_Feb2014\n\nPlease note there is no automatic notification or confirmat
 ion.\n\nThe meeting will be held in the Lord Ashcroft Building\, Room LAB0
 03 (Breakout Room LAB006 for networking & refreshments).\n\nPlease enter t
 hrough the Helmore Building and ask at reception.\n
LOCATION:Lord Ashcroft Building (LAB 003)\, Anglia Ruskin University\, Cam
 bridge
END:VEVENT
END:VCALENDAR