2019 National Cyber Summit

Jeremy Conway, Chief Technology Officer, MAD Security and Scott Busby, Security Engineer, MAD Security

Conway talks about the IoT, vulnerability exploitations on IoT devices. He spent one week and $100 to prepare for this talk. The first thing he did was to go to Amazon and type in IoT. The first thing that popped up were Smart Plugs. The demo explained how he found the vulnerabilities. First he decrypted the AES Encryption UDP traffic to produce command and packet structure required to control the device. The application then sends a confirmation number to confirm the request was true. Replying to the request with the confirmation number executes the given command. Then wrote a Python script to automate the request. Mapped out the testing results.



Speaker Bios

Jeremy Conway

Jeremy Conway is the Chief Technology Officer (CTO) of MAD Security responsible for developing MAD Security’s vision for technology and security services. Jeremy has over 20 years of experience in the information security field and is recognized as an industry expert and innovator. Jeremy is a published author and renowned public speaker often sought after for his ability to present extremely technical cyber security research and subject matters in a simple and easy to digest format leaving audiences well educated and informed. He draws upon past experience and expertise of founding and building a highly successful and well respected cyber security assessment company, to having played an active and vital role in securing some of the largest networks in the world for customers such as NASA, US Army, and the US Department of Defense. Jeremy’s formal education includes a Master’s Degree in Information Security, and a Bachelor’s Degree in Computer Science with a Minor in Mathematics. He holds numerous industry and professional certifications.

Scott Busby

Scott Busby is a Security Engineer at MAD Security with over 6 years of relative industry experience and 10 years as an InfoSec hobbyist. During Scott’s professional term, he has worked with both former Navy SEAL and CIA operatives performing full red-team engagements, consulted and worked cyber security projects for the Department of Defense, as well as multiple other government and commercial entities. Daily, Scott performs security testing and vulnerability research on a wide array of technologies and solutions including networks, web applications, mobile applications, industrial control networks, voting and polling systems, IoT devices and applications, cloud services, and virtual environments. Scott holds multiple industry recognized certifications including the CEH and OSCP.