NCC Group NYC Open Forum At Oscar Health!




NCC Group NYC Open Forum at Oscar Health!

10 September 2019

New York

Added 01-Jan-1970

We are excited to work with Oscar Health in putting on our next OF! Anyone in the NYC area is welcome to come eat, have a drink, and learn a thing or two from our guest speakers in the infosec community!

Food, drinks, & social to begin at 6pm, talks begin at 6:30pm. Please RSVP!
Once registered and when you enter the building lobby, you will need to show your ID and will receive a code to go through the turn stiles at the lobby and will then ride the elevator to Oscar Health's floor.

Speaker: Emily Wicki
Speaker Bio: Emily is a digital forensics examiner at Morgan Stanley on the Insider Threat Investigations team. In her role, Emily helps protect the firm against insider threats by conducting investigations and working to improve forensic tooling and techniques.
Title: Finding the Needle in the Needle Stack: Creative Approaches to Insider Threat Investigations
Insiders pose a unique threat by virtue of their knowledge of, and access to their employers’ systems and data. Because insiders’ everyday activity requires legitimate use of this knowledge and access, relying on anomaly detection alone to distinguish malicious activity is insufficient. This talk showcases how effective insider threat mitigation requires a digital forensics team enabled by solid tools and creative techniques.

Speaker: Grant SeltzerRichman - Oscar Health
Speaker Bio: Grant is a security engineer at Oscar Health. Previously he worked as a software engineer at Capsule8, and Red Hat before that. His security interests are mostly in mandatory access controls, sandboxing, and usability. Outside of software he enjoys brewing kombucha, playing video games, and exploring Brooklyn on his bike. Check out his blog at
Building a proper sandbox has become the holy grail of security. Being able to run an application in a completely isolated environment, with only the permissions and resources it needs would be a huge leap forward. We appear to have the building blocks in Namespaces, capabilities, cgroups, seccomp, MAC, or even virtualization but what’s the hold up? HUGE surprise, these kernel level security controls have usability issues. Engineers trying to lock down their applications typically hit an EPERM wall without explanation, and turn off the controls all together. No one thinks about applications in terms of system calls, it’s time we rethink usability in sandboxing, and security as a whole. This talk will delve into these ideas and offer a first step towards a solution.

Speaker: Andy Olsen - NCC Group
Speaker Bio: Andy is a NCC security consultant who loves stuff about Linux. He enjoys ultimate frisbee, chiptunes, and the French language.
Title: Fast and Easy pTracing with eBPF (and not ptrace)
Do you ever find yourself needing to instrument your whole Linux system? Well come on down to the International House of Discount kernel taps! We've got all your eBPF tracing needs covered, and none of the ptrace.

Want a quick way to see what the kernel is doing? Pick yourself up a bpftrace and start some high-level snooping.
Ready to do some processing with that information? Grab some eBPF C and take a test drive.

In this talk, we will provide a high-level introduction to using eBPF to observe your processes and the kernel running them by using existing eBPF and custom analysis tools to gain insight into how applications function and data flows through the kernel. As part of this, we will cover the bpftrace tool and eBPF-flavored C, and cover the best use cases for each. We will also briefly compare the capabilities of eBPF-based analysis tooling to other tools that can be used to trace processes.