WEDNESDAY, OCTOBER 2
09.00 - 09.25
Sponsor: ENDPOINT PROTECTOR by CoSoSys
Filip Cotfas, RO.
CoSoSys is a leading developer of endpoint centric Data Loss Prevention (DLP) solutions and security software. Its flagship product, Endpoint Protector, is an advanced DLP solution that puts an end to unintentional data leaks, protects from malicious data theft and offers seamless control of portable storage devices. Due to its cross-platform capabilities, it is the go-to solution for companies running hybrid OS networks. Endpoint Protector is a pioneer in the implementation of DLP for macOS, being one of the most trusted and granular solutions on the market, that provides zero-day support and is notarized under the new Apple notarization requirement.
09.35 - 10.30
SINGLE SIGN ON APP EXTENSIONS
Joel Rennich, US.
New to macOS Catalina and iOS 13 are Single Sign On (SSO) extensions that allow broker applications to intercept authentication redirects, in the case of OAuth or OpenID Connect authentication, or credential challenges, in the case of Kerberos. In this session you’ll learn about what these app extensions do, how you can administer them, and what’s required if you want to write your own.
The session will cover both types of extensions on both macOS and iOS. It should also come as no surprise that NoMAD may factor into this as an example of an app extension on macOS and maybe even iOS. Absolutely no bananas will be harmed during this session. However, we can not say the same for any pre-conceived notions about what SSO is or how these app extensions work. In addition attendees should expect at least two groan-inducing jokes and some bad Swedish puns. Apologies are provided in advance.
10.55 - 11.50
Kim Burton, US.
Security awareness is an important skill for any team: a security educated company protects its customers, the employees protect the business, and they take that knowledge home to protect their communities. But how do you encourage and enable that awareness?
This talk will explore the creation of a positive security culture and the development of a security education program, no matter the size of your team or resources. Using Duo Security’s program as an example, the audience will also become familiar with ideas and methods that have been successful at Duo, in the hope that in sharing our practices more teams can confidently work towards developing their team’s security knowledge.
A SUBTLE CODE-SIGNING ISSUE
Patrick Wardle, US.
The noted Mac security researcher Patrick Wardle recently stated, "In [macOS] Mojave, Apple blocks programmatically generated mouse clicks". Turns out he was wrong.
In this talk, we'll discuss an elegant way to exploit an architectural design flaw in macOS, that allowed unprivileged attackers or malware to programmatically interact with the UI. Armed with this capability, we'll illustrate how it was trivial to side-step Apple's "anti-click" protections to generically bypass a myriad of Mojave's foundational security mechanisms with a single (synthetic) click!
Zack Blum, US.
New-device setup, inventory, patching, and security—if you could automate all four, what would you do with all of your free time? Well, Fleetsmith does automate all four, and we can't wait to see what amazing, career-changing projects you'll ship next!
In this session, Zack Blum, Fleetsmith's Co-founder and CEO, will share a quick Fleetsmith walkthrough. We'll cover:
1. Our three click, secure-over-the-internet, no-manual-work macOS upgrade flow;
2. Automatic FileVault encryption with automatic key escrow that just works;
3. Fleet-wide deployment of Google Chrome, with client-side config sans hand-crafted mobileconfigs; and
4. Advanced security magic, like client-side deployment and configuration of security logging and alerting with osquery, centralized log aggregation via Filebeat, and binary whitelisting and blacklisting with Google Santa.
…all in just a few clicks.
SECURITY FROM AN INSIDE PERSPECTIVE
MS K, FI.
One morning, when Gregor Samsa woke from troubled dreams, he found himself transformed in his bed into a horrible vermin. He lay on his armour-like back, and if he lifted his head a little he could see his brown belly, slightly domed and divided by arches into stiff sections.
The bedding was hardly able to cover it and seemed ready to slide off any moment. His many legs, pitifully thin compared with the size of the rest of him, waved about helplessly as he looked. "What's happened to me? " he thought. It wasn't a dream. His room, a proper human room although a little too small, lay peacefully between its four familiar walls. A collection of textile samples lay spread out on the table - Samsa was a travelling salesman - and above it there hung a picture that he had recently cut out of an illustrated magazine and housed.
SOFTRAID: HIGH PERFORMANCE STORAGE
Tim Standing, US.
SoftRAID has been providing high performance, high reliability storage for Mac OS for more than 25 years. This talk will describe how SoftRAID protects your files before you create a SoftRAID volume, while you are using the volume and after a disk for the volume fails.
SoftRAID version 6 introduces some amazing new features including RAID 6 and RAID 6+ as well as our patented way of dramatically increasing write performance. Come hear how SoftRAID can make reading and writing at more than 4 GB/sec possible for your users.
With the introduction of SoftRAID for Windows and MacDrive, it is now possible to take your Mac OS SoftRAID volume and connect it directly to a computer running Windows. All your files are just there, it’s magic.
(SECURITY) RESEARCH TO IMPROVE THE WORLD
Ed Marczak, US.
This talk will speak to those who are curious about security research, research teams, and how their techniques can help you become a better technologist. We’ll cover what is security research? How does research work with a larger organization? What values are important to research? Most importantly, We’ll talk about how you can get started and weave these lessons into your work.
Liseberg, the biggest amusement park in Scandinavia opens up their Game Hall just for us. Challenge old and new friends to a game or hang around chatting with them in the nice surroundings with some food and a drink.
Tonights event is sponsored by FLEETSMITH