Kayla Kaplowitz

Founder, Mobili-T Media

Kayla's mobile advertising agency has won more awards than fit on her mantle, but she'll never brag about it. Instead, she'll share all their secrets. She's cool like that.

R. Harrison

R. Harrison

sunday, october 18

Do Well and Do Good

How do we find meaning in marketing? Is it possible to do more in this industry than help companies sell stuff? Sure is. Rachel Nevers of Fortunate Consulting will explain how marketers can use our insights and knowledge about the customer to influence and improve the bigger business strategy.

The 5th Annual A.G.M. Forum
Sun
–
Tue
 
Nov
13
–
15
 
7:00pm
–
8:00pm

Clear your calendar - It's going down! Splash Blocks kicks off on March 16th, and you're invited to take part in the festivities.

Sunday
 
November
 
13
 
Tuesday
 
November
 
15
 
 
 
 - 
 
Sun
-
Tue
 
Nov
13
-
15
7:00pm
–
8:00pm
RSVPs Closed
Text goes here
X

NBT3: A Hacker Con

NBT3

About the con

NBT3 is a technical security conference in SF that is attended by ~100 security engineers, hackers, and occasionally a CISO trying to blend in by wearing a black t-shirt.

 

It's *that* hacker con. We don't do very much planning, and we rely on the ultra awesomeness of the hackers in the Bay Area to make it fun. There will be some talks, some food & beer, a Toool Lock Picking Village, and a Watch Dogs 2 tournament. BYOHS: If you're expecting anything else, feel free to bring it!

 

RSVP is free. Use a real name and email address so you can check in at the reception desk. 


Speaker schedule below.

Who's who?

For the past five years, A.G.M has scoured the country to curate a best-in-class roster of speakers representing the hottest sectors, industries and disciplines in digital marketing.


The program for this year’s A.G.M. Forum is our best yet. For three incredible days, you’ll have a front-row seat to unscripted fireside chats, hands-on workshops, interactive presentations, and engaging keynotes from fearless marketers who are pushing boundaries and setting new standards.

Our Keynote Speakers

Kayla Kaplowitz

Founder, Mobili-T Media

Kayla Witz founded Mobili-T Media in late 2012 at the height of the mobile advertising boom. In just 3 years, the agency has emerged as the premier provider of unique mobile ad solutions and has won more creative awards than any agency in North America.

JOHN TAFF

Data Designer, Mobili-T Media

John Taff has studied the art of complex data design for more than a decade. Data Designer at Mobili-T Media, Saft works with the company's roster of Fortune 500 brands to make data more beautiful, relatable, and accessible across every screen.

RAQUEL EVERS

CSO, Fortunate Consulting

Raquel Evers leads sustainability initiatives at Fortunate Consulting, an agency founded on helping companies make good money while doing good things. She primarily focuses on inventing custom business models for companies who want a higher purpose without sacrificing profit.

You’ll also hear from:

travis nichols

Head of Content, Jackalope Communications

karina elise

Creative Strategist, Concentrate

adam sterl

ECO, The NonProfit Collective

What’s what?

Saturday, December 3rd


 Welcome to NBT3

9:30 - Registration at the Salesforce Reception Desk at 121 Spear St.  

10:00-10:30AM

Peter Kacherginsky - "FakeNet-NG"

FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. FakeNet-NG was inspired by the original FakeNet tool developed by Andrew Honig and Michael Sikorski. FakeNet-NG implements all the old features and many new ones; plus, it is open source and designed to run on modern versions of Windows. FakeNet-NG allows you to intercept and redirect all or specific network traffic while simulating legitimate network services. Using FakeNet-NG, malware analysts can quickly identify malware's functionality and capture network signatures. Penetration testers and bug hunters will find FakeNet-NG's configurable interception engine and modular framework highly useful when testing application's specific functionality and prototyping PoCs.

10:30-11:00AM

Daniel Meissler - "Adaptive Testing Methodology: Adjusting Your Methodology Based on Target Context"

How do we find meaning in marketing? Is it possible to do more in this industry than help companies sell stuff? Sure is. Raquel Evers of Fortunate Consulting will explain how marketers can use our insights and knowledge about the customer to influence and improve the bigger business strategy.

11:15-11:45AM

Dan Tentler - "Attacking OSX for fun and profit"

For the purposes of a documentary, I was approached to attack and compromise a journalist. This journalist was San Francisco Bay Area based, so that meant he was using a mac, an iphone, and his office was using google apps and likely 2 factor authentication for everything. No windows, no powershell, no ms08_067, no netbios, no backdoored ms office documents – how was I supposed to get in? Well, I did get in, but then I was faced with another problem – metasploit doesn’t work so well when attacking osx. At the time (Before Defcon last year) there were next to no tools available to do this – I had to build a toolkit for myself ON THE VICTIMS MACHINE, LIVE during the attack. And I’m going to tell you all how I did that, what I did, what worked and what didn’t work. And since then, there have been additional tools developed specifically to attack OSX that I’ll also be covering, as well as some fun tradecraft that talks about how to approach getting shells on OSX.

11:45-12:30pm

Paul Vixie - "Scaling Properties of Software and System Security"

Humanity has been building and programming general purpose computers for about six decades now, with spectacular results, mostly good. As we contemplate the Internet of Things in light of our collective experience, there are some disturbing conclusions to be drawn. Can we as a species safely place our economy and culture into a global distributed network of computers, if those computers are programmed by humans using commodity programming languages and tools?
Dr. Paul Vixie, CEO of Farsight Security, is personally responsible for more CERT vulnerability notifications than any other living programmer, and he'll share his thoughts on the likely results of Software as Usual as applied to 21st century society.

1:15-1:45pm

Joe Demesy (moloch)
Matthew Bryant (mandatory)
Shubham Shah (infosec-au) - "Out of the Browser Into the Fire"

The evolution of the web has blurred the line between traditional web applications and native clients. In an effort to allow web developers to build powerful desktop applications quickly, web technologies have been put into standalone client-side containers, all the while security has remained an afterthought. In this talk we will demonstrate a new class of attacks, that can be leveraged to exploit critical vulnerabilities in popular desktop applications implemented using embedded web technologies. We'll demonstrate leveraging XSS in native desktop applications to exfiltrate sensitive files, create messaging worms that can infect an entire organizations, and gaining arbitrary native code execution, all without the need to bypass DEP, ASLR and other modern operating system protections.


1:45-2:15pm

Tony Martin-Vegue - "Ransomware & Game Theory: To Pay, or Not to Pay?"

What do the San Francisco Giants, Cryptolocker and nuclear war all have in common? They all involve conflicts in which incentives, payouts and winning strategies can be analyzed with game theory. Game theory is a branch of mathematics that models conflict and cooperation between parties and is used in many real-world decision making scenarios, inside and outside the Information Security field. Game theory is particularly useful in analyzing the extortionist / victim dynamic present in ransomware infection scenarios.

Ransomware comes in many varieties and works in different ways, but the basic setting is the same: cybercriminals infect a computer with malicious software that blocks access to the system or important files until the ransom is paid.

The conventional wisdom in information security regarding ransomware is to never pay. But, why? The answer is a little more nuanced than “never pay” or “always pay.” The decision is a complex scenario of incentives and payoffs. Who stands to gain when ransomware is paid? Who gains when it is not paid?

This talk will use the familiar topic of ransomware to introduce participants to game theory concepts like rational decision-making, zero-sum games, incentives, utility and Nash Equilibrium – all important tools that can help solve security problems. By analyzing ransomware decision-making with a game theory mindset, participants will learn a new set of skills and a new way of incentive-driven thinking.

2:30-2:45pm lightning

Mike Ryan - "Hacking Smart Door Locks with Bluetooth Relay Attacks"

Smart Locks perfectly embody the crossroads of convenience and
technology represented by the Internet of Things. Chances are you've
seen one, perhaps used one in a hotel, or maybe even have one on
your front door. However, unlike many other IoT devices, the stakes
are high with Smart Locks: they protect our homes, our valuables,
and even our personal safety.

We will demonstrate practical attacks that allow an attacker to
unlock multiple Smart Locks from several vendors. Our attacks are
performed using commodity hardware and require no interaction from
the target. We will release our general purpose Bluetooth proxy
framework to allow users to implement attacks similar to those
described in this talk.

2:45-3:00pm lightning

Steve Lord - "The Human Interface Device Input/Output Toolkit (HIDIOT)"

The Human Interface Device Input/Output Toolkit (HIDIOT) is a
credit-card sized slow speed serial emulation device, not unlike the
teensy or USB armoury, but nowhere near as powerful. That might not
sound like a lot of fun, but unlike the teensy or USB armoury, the whole
purpose of the HIDIOT is to give people a unique opportunity to build an
open source general purpose computing platform and hardware hacking
device that actually does something, from scratch, even if they’ve never
soldered before.

3:00-3:15PM lightning

Ian Foster - "Introducing CertGraph: A tool to crawl the graph of certificate Alternate Names"

CertGraph crawls internet accessible SSL certificates creating a directed graph of domains, their certificates, and their certificate alternate names. This graph shows a different view on the "chain of trust" we are already familiar with in the SSL certificate ecosystem. CertGraph has already been used to identify internal and public domains an organization may not want public knowledge of, host enumeration for an organization and its related partners, and misconfigured SSL certificates for incorrect domains.

3:15-3:30pm lightning

Sebastian Tricaud - "Forward to the Past!"

New developers' tools are being built, among them, Golang from Google, Rust etc.

While it is great to change mindset and try new things, from a security point of
view new approaches are creating new risks.
Do you love the feature from Go which compiles a single binary you can share to
everyone and includes all the libraries you ever need? This talk is for you!
I will show a tool that introspects Go binary objects to grab all depencies and
check for vulnerabilities automatically.

4:00-6:00pm

Watch Dogs 2 Tournament Happy Hour

Sponsored by Flashpoint2d7.708544.jpg

Sponsors

Salesforce is our benevolent host for the 3rd year in a row. Thanks!

Check out their open security related jobs board,  https://bit.ly/sfdcjobs/.

 



Flashpoint is the global leader in delivering Business Risk Intelligence (BRI) from the Deep & Dark Web to empower organizations to make better decisions across the enterprise. For more information, visit http://www.flashpoint-intel.com.

Real-time contextual information to increase the value of threat data for the enterprise, government and security industries. For more information, visit https://www.farsightsecurity.com/.


TOOOL-SF will be hosting the lockpick village again this year. @tooolsf




 

Zimperium Enterprise Mobile Security: Continuous, Real-Time Threat Protection

 




The Venue

If we said much more than "It's where it was last year..." we'd probably just confuse everyone. 

121 Spear St - Salesforce Rincon Cafe

“Be so good, they can’t ignore you.”

– steve martin

Show off a little.

#AGMFORUM15

Let the countdown begin

The Final Countdown!
Time left for the event days hours minutes seconds
The countdown doesn't work if the event start date is set to TBD
referral link triangle icon
CONTACT THE ORGANIZER
Google   Outlook   iCal   Yahoo
Sorry, RSVPs have closed.