Please join NCC Group Seattle and our hosts at Airbnb for an evening of security talks and good discussion.
The event will be hosted at Airbnb’s office in Seattle, Washington. Note that the space is limited to 75 people. Please only RSVP if you know you can attend, and update your RSVP status if you can no longer attend.
Information from Airbnb is provided below:
Parking: There are a few paid parking options for attendees: the Airbnb building, adjacent buildings and street parking (Airbnb is located downtown, so street parking is quite limited).
Upon arrival, head to the second floor.
Guests will need to bring a valid ID to check-in with the front desk security team. All guests must wear their printed name badges in a visible area at all times. We will have a check-in window from 6:00 – 6:30pm, please arrive on time during this window. Once you have checked-in, there will be an Airbnb host available to take guests to the event space.
Title: Where’s Waldo’s W-2? Building Data Discovery and Classification at Scale
By Pinyao Guo and Elizabeth Nammour , Airbnb
Abstract: As a company scales, keeping track of user data becomes an increasingly hard problem to solve, as data is constantly generated and propagated across different data stores. With the rise of new privacy laws such as GDPR and CCPA, tackling this problem is more important than ever before. To address this challenge, Airbnb’s Data Security team built a platform for data discovery and classification across all of our data stores, such as S3, MySQL, and Hive, providing powerful privacy and security engineering capabilities.
In this talk, Pinyao and Lizzy are going to share their experience building and operating this platform. They will present the high level architecture and technical specifics of the platform that allow it to leverage traditional algorithms and machine learning to scan petabytes of user data against growing numbers of data types every single day.
———-
Title: Up the Creek Without a Debugger
By Spencer Michaels, NCC Group
Abstract: Full-featured debuggers like GDB and LLDB are critical tools for binary reverse engineering and exploit development. But what if you can’t run a debugger on the system you’re auditing? It might be a bare-metal embedded program without an operating system, a unikernel with only a single hard-coded process, or an exotic OS on which common debuggers are difficult or impossible to compile. With the GDB Remote Protocol, there is still hope!
In this talk, I will introduce the GDB Remote Protocol and detail how to use it to write intermediate “stub” code that runs on the target system and performs low-level debugging operations on behalf of debuggers such as LLDB. This allows you to debug otherwise undebuggable remote targets from the comfort of your favorite local debugger, right on your own machine.
———-
Title: Seattle Surveillance Ordinance: Information for Tech Activists
By Cynthia Spiess, Security researcher
Abstract: The City of Seattle is undertaking important steps that impact the privacy and security of all persons living, working, and traveling in Seattle for likely many years to come. Each group of surveillance technologies is in a different stage of the process, with about half of the total surveillance technologies still awaiting public comment. This presentation will cover a brief overview of the Seattle Surveillance Ordinance and a deep dive of two technologies: Seattle Department of Transportation’s use of FLIR’s Acyclica & Seattle Police Department’s use of Lexis Nexis’ CopLogic/DORS. These deep dives are based on a public assessment (not a paid audit or pen test) and will cover both technical and contractual gaps. This will seem most similar to Security folks as an AppSec review or a third/external party review. While the focus will be on the technical findings, not the ordinance process, attendees are encouraged to reach out to the presenter at the Open Forum and/or subscribe to the communication channels noted in the presentation to learn more about how to get involved.
———-