Educause Security Discussion mailing list archives
Canceled: [SECURITY] **[REMINDER]** TechBurst - September 13, 2016 - *School of Phish: Sink & SIEM to Seal Leaking Credentials*
From: Dennis Levine <dennis_levine () EMERSON EDU>
Date: Mon, 12 Sep 2016 19:19:23 +0000
BEGIN:VCALENDAR METHOD:CANCEL PRODID:Microsoft Exchange Server 2010 VERSION:2.0 BEGIN:VTIMEZONE TZID:Eastern Standard Time BEGIN:STANDARD DTSTART:16010101T020000 TZOFFSETFROM:-0400 TZOFFSETTO:-0500 RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=1SU;BYMONTH=11 END:STANDARD BEGIN:DAYLIGHT DTSTART:16010101T020000 TZOFFSETFROM:-0500 TZOFFSETTO:-0400 RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=2SU;BYMONTH=3 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT ORGANIZER;CN=Dennis Levine:MAILTO:dennis_levine () emerson edu ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=SECURITY@L ISTSERV.EDUCAUSE.EDU:MAILTO:SECURITY () LISTSERV EDUCAUSE EDU ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Bob Bayn:M AILTO:bob.bayn () usu edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Martel, Mi chael H":MAILTO:michael.martel () vsc edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Bob Wilson :MAILTO:bob.wilson () usm edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Monique Bu chanan:MAILTO:myeaton () mit edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Russell, K ate":MAILTO:KateRussell () austin utexas edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Alexander David Rydzak:MAILTO:adrydzak () syr edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Windham, G ary D - (windhamg)":MAILTO:windhamg () email arizona edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Hammond, J ohn W":MAILTO:hammondj () grinnell edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Jon Barcla y:MAILTO:Jon.Barclay () uvu edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Ullman, Ca therine":MAILTO:cende () buffalo edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Ladwig, Jo hn M":MAILTO:John.Ladwig () so mnscu edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Liliana Mo isa (lmoisa):MAILTO:lmoisa () memphis edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Natale, Mi chael J.":MAILTO:michael.natale () wright edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Birckelbaw , Carla":MAILTO:crbirck () ilstu edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Kurtz, Eri c":MAILTO:kurtz () susqu edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=George C. Dean:MAILTO:geodean () uw edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Escue, Cha rles E":MAILTO:cescue () iu edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Moore, Rod ney":MAILTO:rvmoore () pvamu edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Mark Reyno lds:MAILTO:reynolds () unm edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Tracy Mitr ano:MAILTO:tracy.mitrano () umass edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Rick Major :MAILTO:rick.major () usu edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Earl Fife: MAILTO:fife () calvin edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Patrick J. Flannery:MAILTO:pat () pomona edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Robert Hug hes:MAILTO:robert.hughes () uncp edu ATTENDEE;ROLE=OPT-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Brian G. L evin:MAILTO:Brian.G.Levin () dartmouth edu DESCRIPTION;LANGUAGE=en-US:\n\n____________________________________________ _\nFrom: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY @LISTSERV.EDUCAUSE.EDU] On Behalf Of Sarah Bigham\nSent: Monday\, Septembe r 12\, 2016 3:01 PM\nTo: SECURITY () LISTSERV EDUCAUSE EDU\nSubject: Re: [SEC URITY] **[REMINDER]** TechBurst - September 13\, 2016 - *School of Phish: Sink & SIEM to Seal Leaking Credentials*\n\n\nI have received several inqu iries asking how to access the presentation.\nThe instructions are at the end of the email so they were easily overlooked. Below are step-by-step di rections:\n\nHow to join the live session:\nGo to www.ren-isac.net and sel ect the "Events" tab on the left.\nOnce you are on the "Events" page\, cli ck on the "Connect to the live session" link. This will launch Adobe Conne ct where you will be able to access the presentation. **Please note that t he link will not be active until approximately 15 minutes before the prese ntation begins.\n\nQuestions for the presenter may be submitted via the Ad obe Connect Q&A window or e-mail to techburst () ren-isac net. REN-ISAC membe rs can also ask questions via the #techburst IRC channel. For instructions on connecting to the IRC\, see https://secure.ren-isac.net/ircd.html.\n\n Thanks!\nSarah\n\nOn 9/12/2016 10:18 AM\, Sarah Bigham wrote:\n> \n> Date: Tuesday\, September 13\, 2016\n> Time: Noon (1200) Eastern time\n> \n> Au dience:[1]: Public [Pb]\n> \n> Title: *School of Phish: Sink & SIEM to Sea l Leaking Credentials*\n> \n> Feeling like you’re “Sleepin’ with the Phishes” with Luca Brasi? \n> Witnessing more Whaling than Captain Ahab aboard the Pequod? Well \n> then…wade on into the Webinar and join the School of Phish!\n> \n> We’ll be presenting on what we hope are some cre ative angling \n> techniques to Sink\, SIEM\, and Seal up those leaking cr edentials and \n> perhaps even lure the Phishers themselves into our nets. What’s \n> included within our Phish story will be\n> \n> · How to uti lize your SIEM as a Phish Finder SONAR\n> \n> · How to reach into the Gm ail GAFE tackle box of tools that includes \n> a look at use of Content Co mpliance Filters\, Vault\, and alert notices\n> \n> · Explore a cast of o ptions to scale Phishes in a Phishtank or a \n> variety of other Sinks\n> \n> · Set some hooks in trolling Vault\n> \n> · Chum the attackers with honeypeeps to identify where you’re getting \n> snagged\n> \n> While som e of our charter boat tour will be what systems are utilized \n> at Lehigh specifically\, we feel all strategies and processes presented \n> will be useful no matter how your organization is outfitted! We also \n> expect t his to be a collaborative expedition as we hope to reel in new \n> ideas a nd automation into this process.\n> \n> \n> Speaker(s): Keith Hartranft\, CISSP\, CISM\, PCIP – Chief Information \n> Security Officer\; Lehigh Un iversity and Colin Foley\, Identity and \n> Access Manager\; Lehigh Univer sity\n> \n> ============================================================== ========\n> ===========\n> \n> Keith Hartranft is a Certified Information Systems Security \n> Professional (CISSP)\, ISACA CISM\, and Payment Card Industry Internal \n> Security Assessor (PCI-ISA) with over 25 years of In formation Security \n> and Systems Engineering experience.\n> Keith has ma nagement responsibility for the design\, development\, and \n> implementat ion of the information security program for Lehigh University.\n> This inc ludes responsibility for initiation of technical and \n> administrative co ntrols that include: campus wide information security \n> policy and proce dures creation\, data privacy and monitoring\, security \n> and compliance assessments\, training\, and awareness\, data traffic \n> monitoring\, in trusion detection\, incident response\, and forensic \n> investigations\, review of security strategies with risk management and \n> legal departmen ts\, and implementation of technical defense and \n> vulnerability assessm ent technology.\n> \n> Keith also teaches a Business Information Systems ( BIS333) Enterprise \n> Risk Management and Information Security class at L ehigh and has \n> instructed in a variety of Information Security topics o ver the past \n> 15 years at Northampton Community College as an Associate Professor. \n> Keith has presented as a keynote speaker at IT conferences and to \n> professional\, higher education\, and varied community groups\ , both \n> domestic and abroad\, on information security practices. Keith was also \n> a National Science Foundation grant awarded Principal Investi gator for \n> Projects Based Learning initiatives.\n> \n> ================ ======================================================\n> ===========\n> \ n> Colin Foley is the Identity and Access Manager at Lehigh University.\n> Colin joined Lehigh University in 2012 as a web application developer \n> specializing in the Drupal CMS. He has since transitioned into an \n> Inf ormation Security role within the Identity & Access Management \n> (IAM) d omain and is responsible for all electronic access control \n> provisionin g and monitoring at Lehigh. Colin brings a unique \n> background of DevOps \, GIS\, Data Migration\, and Web Application Development & Design to IAM at Lehigh.\n> He has co-presented at DrupalCon North America\, keynoted th e \n> ScienceOnDrupal track of the Federation of Earth Sciences Informatio n \n> Partners Summer Meeting\, and presented at many local Drupal meetups .\n> \n> -------------------------------\n> \n> [1] Information Sharing Gu idance: TechBursts marked with "MG" are open \n> to members and hosted tru sted guests of members. Because access to MG \n> TechBursts require authen tication with a REN-ISAC userid and password\, \n> guests must view the we bcast with the member present. One marked "Pb"\n> are open to the public. Ones not marked with MG or Pb are available to \n> members only.\n> \n> Ho w to join the live session:\n> Go to www.ren-isac.net and select the "Even ts" tab on the left.\n> Once you are on the "Events" page\, click on the " Connect to the live \n> session" link. This will launch Adobe Connect wher e you will be able \n> to access the presentation. **Please note that the link will not be \n> active until approximately 15 minutes before the pres entation begins.\n> \n> Questions for the presenter may be submitted via t he Adobe Connect Q&A \n> window or e-mail to techburst () ren-isac net. REN-I SAC members can also \n> ask questions via the #techburst IRC channel. For instructions on \n> connecting to the IRC\, see https://secure.ren-isac.n et/ircd.html.\n> \n\n-- \n\nSarah Bigham\n\nSecurity Analyst REN-ISAC\ n2719 E. 10th Street\, Suite 201 / Bloomington\, IN 47408\noffice: +1(81 2) 855-2267\nsarah () ren-isac net\nhttps://www.linkedin.com/company/ren-isac \n\nResearch and Education Networking – Information Sharing and Analysis Center / www.ren-isac.net\n24x7 Watch Desk: +1(317) 278-6630\, soc@ren-i sac.net\n\n\n"Distrust and caution are the parents of security" - Benjamin Franklin\n\n\n\n SUMMARY;LANGUAGE=en-US:Canceled: [SECURITY] **[REMINDER]** TechBurst - Sept ember 13\, 2016 - *School of Phish: Sink & SIEM to Seal Leaking Credential s* DTSTART;TZID=Eastern Standard Time:20160913T114500 DTEND;TZID=Eastern Standard Time:20160913T131500 UID:040000008200E00074C5B7101A82E00800000000605DF23A070DD201000000000000000 0100000005927487B5568B849AB790CB267CB4ACE CLASS:PUBLIC PRIORITY:1 DTSTAMP:20160912T191914Z TRANSP:OPAQUE STATUS:CANCELLED SEQUENCE:1 LOCATION;LANGUAGE=en-US: X-MICROSOFT-CDO-APPT-SEQUENCE:1 X-MICROSOFT-CDO-OWNERAPPTID:-380856352 X-MICROSOFT-CDO-BUSYSTATUS:FREE X-MICROSOFT-CDO-INTENDEDSTATUS:FREE X-MICROSOFT-CDO-ALLDAYEVENT:FALSE X-MICROSOFT-CDO-IMPORTANCE:2 X-MICROSOFT-CDO-INSTTYPE:0 X-MICROSOFT-DISALLOW-COUNTER:FALSE END:VEVENT END:VCALENDAR
Current thread:
- Canceled: [SECURITY] **[REMINDER]** TechBurst - September 13, 2016 - *School of Phish: Sink & SIEM to Seal Leaking Credentials* Dennis Levine (Sep 12)