Presentations

Initial release of talks below, more to come


image description

Amanda ‘Infosystir’ Berlin

Thursday Keynote

 
 
 

 

 
image description

Rachel ‘Soul Crusher86′ G

Friday Keynote


 
 
 

 

image description

Arron ‘Finux’ Finnon

Bundespwn leak!!!! If you have noting to hide you have nothing to fear……
This talk takes a detailed look at the data recently leaked as part of the organised dump of Bundestag (German Parliament) politician’s information. Whilst some of the data is clearly the fruits of OSINT, some of the data leaked also comes from private sources. The information that was dumped was leaked in a difficult format to analyse, in turn this means that any tales to be told from this, will take some digging 😉 The real question is, how many of these politicians have told the citizenry; if you have nothing to hide you have nothing to fear?

 
This will be the FRIDAY WRAP UP presentation
 
 
 

image description

Dave Kennedy

Baselining Behavior Tradecraft through Simulations

With the adoption of endpoint detection and response tools as well as a higher focus on behavior detection within organizations, when simulating an adversary it’s important to understand the systems you are targeting. This talk will focus on the next evolution of red teaming and how defeating defenders will take more work and effort. This is a good thing! It’s also proof that working together (red and blue) collectively, we can make our security programs more robust in defending against attacks. This talk will dive into actual simulations where defenders have caught us as well as ways that we have circumvented even some of the best detection programs out there today. Let’s dive into baselining behavior and refining our tradecraft to evade detection and how we can use that to make blue better.  
 
 
 
 

image description

Matthew ‘Mattrix’ Hoy

Data Security – How to avoid an embarrassing breach
A history of Data Security, how we got to where we are now and insights on what it will take to secure your sensitive data to avoid an embarrassing breach.  
 
 
 
 

image description

Jayson E Street

I PWN thee, I PWN thee not!
Attackers love it when defenses fail. Implementing defenses without properly understanding the risks and threats is usually a waste of money and resources. This is a frank discussion of what control failures an attacker looks for when attempting to breach an enterprise, as well as how an effective control can help prevent an attacker from being successful. Jayson will walk through real-world scenarios that have led to successful compromise of different companies through control failures. He will also give detailed analysis of controls that led to his attacks being effectively thwarted. Learn how to understand and assess real-world risks, as well as simple defenses which can be implemented to better protect your organization.


 
 
 

image description

Kyle Shattuck

Power Detection
Today’s cyber landscape is littered with hackers trying to evade detection and defenders trying to improve detection. One aspect of this cyber landscape is the hardware devices that attackers plug into computer systems to gain access and perform malicious acts. In doing so, defenders build upon detection to find indicators of compromise in order to respond to this type of attack. Target’s Cyber Fusion Center has an innovative perspective on how to detect when hackers use malicious hardware. Amperage (power usage) is the key to detecting the hardware hackers use to bypass current security measures. This new method can help identify and reduce hackers gaining access to computer systems.


 
 

image description

Chris Roberts

TBA
TBA
 
 
 
 
 

 

image description

Jeff Man

What Are We Doing Here? – Rethinking Security
Have you ever noticed that much of the mission of cyber- and information security professionals seems to be focused on vulnerabilities? Have you ever heard of the risk equation? Perhaps you are familiar with one or more versions that help you derive the risk to your organization (sometimes referred to as residual risk). I have been wondering for a while how to suggest to our industry that there is perhaps TOO much focus on vulnerabilities and not enough attention or focus on the other elements that derive the standard risk equation. Remember how the disclosure of Meltdown/Spectre introduced a “perfect storm” scenario where the vulnerability wasn’t easy to patch or fix, and the solution seemed to be break things? This created a situation where the “security solution” wasn’t simply to apply the patch – and that left many organizations scrambling to figure out how to deal with this example of a persistent vulnerability. This is a great example of what I’ve wanted to discuss for a while – what else should we focus on in terms of security if/when the vulnerabilities still remain. Interested? Intrigued? Come join the discussion!


 
 
 

image description

Kelley Robinson

PSD2, SCA, WTF?!
The Payment Services Directive (PSD2) hit European financial institutions in 2018. As part of the regulation, Secure Customer Authentication (SCA) is required in 2019. If your company operates in Europe and processes financial transactions, you’ll need to be prepared.


 
 
 

J Wolfgang Goerlich

Inhumane: Making Security Hard on Criminals, Easy on Everyone Else
Security happens where man meets machine. Or, fails to happen, as we see all too often. Blame the users. They’ll click anything. Blame the developers. Half their code is riddled with vulnerabilities anyways. Blame the IT staff. You’d think they’d at least know better. But perhaps, we’ve been placing the blame on the wrong places. What exactly happens where people and technology meet? At that moment, that very moment, what factors in human psychology and industrial design are at play? And suppose we could pause time for a moment. Suppose we could tease out those factors. Could we design a better experience, design a better outcome, design a better path to the future? This session explores these questions and identifies lessons the cyber security field can learn from industrial design.


 
 
 

image description

Whitney Phillips

Beginner’s Guide to Mobile Applications Penetration Testing
In this talk, I introduce how to test mobile applications from an attacker perspective. I will discuss jail breaking software for both Android and iOS. I will also go over methods used to obtain both Android APKs and iOS IPAs. And I will finish the talk going over various tools used to perform testing.


 
 
 

image description

David “HealWHans” Schwartzberg

From Idea to Badge: Getting Started & Finished with badge making
Hacker and maker conference badges have evolved beyond the laser printout of a name on a piece of paper in a plastic sheath. Attendees are looking for something memorable and engaging. In some cases, art has evolved into a multi-dimensional visual and intellectual experience. Going from idea to badge can be a daunting and for some, an impossible task. Heal will be providing an overview of his lessons learned making the Hak4Kidz digital badge for 2019, and prior badges. For example, how to get started and controlling scope creep. In addition to going over how to actually build and prototype your badge, we’ll also touch on the soft skills required to actually make it through the mass production process. Anyone curious about how event badges are created or looking to get started with one, this talk is for you.


 
 
 

image description

Scott Thomas

MSSPs are great…and other lies I tell myself
Many orgs must deal with a MSSP at some point. They can be used for one-off pentests or up-to and including a managed front-to-back security service with a ‘virtual CISO’. It doesn’t matter if you’re the junior analyst having to work side-by-side with them to accomplish your tasks or if you signed the contract and are responsible for paying them, there are things you should be sure they provide to you. I’ve worked with multiple MSSPs from small to very large and I’ve been an MSSP consultant. I will present some ideas on how to contract with one, some of the tricks they may use when working with you and how to ensure they are giving you what you’re paying for overall. If all else fails, I’ll also detail some of the pain of the rip & replace method of switching MSSPs.


 
 
 

image description

Eric Wolff

Devaluing Cloud Breaches while Gaining Safe Harbor
The drumbeat of and cloud breaches continues unabated. This session will first review the leading causes of data breaches, discuss whether breaches can be stopped, and then cover the challenges of data protection for cloud computing. We will close with strategies for gaining safe harbor from data breach disclosure requirements.


 
 
 

image description

atlas 0f d00m

TBA
TBA


 
 
 

 

image description

Ken Westin

Black Hats & White Collars : Bitcoin, Dark Nets and Insider Trading
We know criminal hacking is big business, over the past decade, we have seen criminal syndicates get creative with ways of generating revenue, through markets selling stolen credit cards, selling of tools and services and more recently ransomware. With the rise of popularity in Bitcoin, there has been an increasing interest from those in the financial sector in the pseudo-anonymous currency as well as underground markets and sites sharing information via hidden services in the Tor network and other platforms. Financially savvy white collar criminals now have increased access to criminal hackers who can target, steal and share nonpublic data about companies, this paired with the anonymous nature of hidden services and Bitcoin reduces the risk of getting caught, but with large financial gains. In this talk we will review several cases where criminals have gained millions of dollars through compromising PR and legal firms and steps these organizations can take to protect this data.


 
 
 

image description

Nathan Dragun

*Topic Pending Legal Disclosure*
Come find out


 
 
   

image description

David Rose

Good Cyber Hygiene and using analytics to drive the need for it on Print
Cyber hygiene is an organizational challenge in which the threat landscape changes daily, and new variants of attacks on computer systems appear by the hour. The volume of security vulnerabilities in hardware, software, underlying protocols, the dynamic threat environment make it impossible for most organizations to keep pace. When we then look at the focus and data around organizations print environments, it is evident that poor hygiene is being practiced. We will discuss and dive deeper into the data of the IoT Security Framework that is being assessed and what those trends are showing us, and how organizations globally are starting to take action to close gaps with automation and compliance reporting.


 
 
 

image description
image description

GregB33f & James

Reverse Engineering Malware for N00bs
The goal is to not talk over people’s heads with advanced concepts. We’re not ninjas. The flow of the talk will be static analysis and then dynamic analysis on various malware samples. We’ll be analyzing malware samples and using tools like exeinfo PE to see if the file is packed. From there we’ll unpack and move it into pestudio and look at the strings in the malware. What are the warning signs of malicious strings? What are the resources being used? What is the timestamp of the file? These are some of the basic questions that we want engineers to ask themselves-that way they’re not YOLOing all over themselves when they actually have a to do a legit IR/malware analysis.


 
 
 

image description

EvilMog

Automating Hashtopolis for fun and Profit
Hashtopolis now has a user-API, which means you can now automate it. This talk will cover setup of your environment, a run through of the API and examples of taking a dump from crackmapexec, secrets dump etc and loading the hashes onto hashtopolis, automating the task creation, task status checking and even looking up cracked hashes for integration into other systems.


 
 
 

image description

Catherine Ullman

A Theme of Fear – Hacking the Paradigm
The InfoSec industry was born out of fear. Initially it was fear from virus infections and later, external attacks. We capitalized on that fear to build more secure environments. But fear is hard to manage: too much fear breeds paralysis, and too little fear breeds complacency. This talk will take a look at the history of fear in InfoSec, explore how its impact has shaped the industry, and how it is now getting in the way. Fortunately, we can provide the next generation a new paradigm to affect change. This talk presents some ideas on what the new security paradigm could be, and most importantly – how to enable a security-minded culture without using fear.


 
 
 

image description

Charles Herring

Breaking NBAD and UEBA Detection
Network Behavior Anomaly Detection (NBAD) and User and Entity Behavior Analytics (UEBA) are heralded as machine learning fueled messiahs for finding advanced attacks. The data collection and processing methodologies of these approaches create a series of new exploitable vectors that can allow attackers to navigate network and systems undetected. In this session, methods for poisoning data, transforming calculations and preventing alerts will be examined. Proof of concept Python code will be demonstrated and made available. Approaches to harden against these attacks will also be discussed as well as outlining needed changes in detection standards.


 
 
 

image description

Stefab ‘Lojikil’ Edwards

Symbolically executing a fuzzy tyrant
Code reviewers and penetration testers are familiar with the normal dynamic and static application security tools (DAST|SAST). These tools can provide varying levels of coverage with varying levels of false/true positives. However, there are other classes of tools that can provide deeper understanding and more vulnerabilities in the same amount of time as traditional tools. This talk covers two such classes: (smart) fuzzers and symbolic execution. As a practicum, it is focused on every-day scenarios that normal security analysts face, rather than theoretical attacks in an academic setting. The author’s current setup is provided as an example.


 
 
 

image description

Jose Hernandez

How to Make a Honeypot Stickier (SSH*)
One of the primary data sources we use on the Splunk Security Research Team is attack data collected from various corners of the globe. We often obtain this data in the wild using honeypots, with the goal of uncovering new or unusual attack techniques and other malicious activities for research purposes. The nirvana state is a honeypot tailored to mimic the kind of attack/attacker you are hoping to study. To do this effectively, the honeypot must very closely resemble a legitimate system. As a principal security research at Splunk, co-founder of Zenedge (Now part of Oracle), and Security Architect at Akamai I have spent many years protecting organizations from targeted as well as internet-wide attacks, and honeypots has been extremely useful (at times better than threat intel) tool at capturing and studying active malicious actors. In this talk, I aim to provide an introduction to honeypots, explain some of the experiences and lessons learned we have had running Cowrie a medium interaction SSH honeypot base on Kippo. How we modified cowrie to make it more realistic and mimic the systems and attack we are trying to capture as well as our approach for the next generation of honeypots we plan to use in our research work. The audience in this talk will learn how to deploy and use cowrie honeypot as a defense mechanism in their organization. Also, we will share techniques on how to modify cowrie in order to masquerade different systems and vulnerabilities mimicking the asset(s) being defended. Finally, share example data produced by the honeypot and analytic techniques that can be used as feedback to improve the deployed honeypot. We will close off the talk by sharing thoughts on how we are evolving our approach for capturing attack data using honeypots and why.


 
 
 

image description

Amber Welch

Data Access Rights Exploits under New Privacy Laws
New privacy laws such as the GDPR and CCPA have been great advances for personal data rights, although the ability to request access to all the personal information a company has on an individual has created new attack vectors for OSINT. These personal data access requests are usually managed by legal or compliance teams with minimal security review, increasing the potential for phishing, social engineering, and “legal DDoS.” This talk will discuss the personal data access options required in different regions, how most companies respond to data access requests, and the most effective exploits for privacy vulnerabilities. We’ll explore the psychology driving corporate responses to requests and ways these emotions can be exploited, as well as the most likely targets for a weak privacy program.
For the blue teamers, phishing detection and defense strategies will be presented. Rather than ignoring or fighting against the regulations, we’ll look at ways to use these laws to discourage, detect, and disrupt data access attacks. We’ll consider strategies for working with legal teams, getting security involved in the review process, and conducting red team reviews on the data access mechanism. Best practices for identifying data subjects, minimizing the data released, and legally denying abusive requests will be covered. Key sections of the laws you need to know for exploits and defense will be highlighted.


 
 
 

image description

Aamil AK

The Importance of Relevant, Timely, and Qualitative Intelligence Analysis
Every day, researchers and analysts are bombarded with new sets of data and information pertaining to threats and adversaries. This is not very different from what intelligence analysts encounter in physical terrain warfare. In both cases, intelligence can only succeed in looking beyond the ‘flavor of the week’ by applying timely, qualitative analysis to relevant information. In this presentation we will discuss:
  • Examples of observing common and older tactics and vulnerabilities that are actively being leveraged (instead of theoretical risks)
  • Using historical information to make well-informed assessments of future adversary courses of action
  • Applying qualitative-based risk assessments to adversaries based on observed capabilities and intent
  • Utilizing non-technical methods of intelligence collection such as human intelligence

  • We’ll also walk through real-life examples, including our hands-on experience in confirming tactics used by hacktivists during an actual campaign, and tracing suspected ties between a Middle Eastern paramilitary organization and a domestic cyber adversary.


     
     
     
    image description

    Fotios ‘ithilgore’ Chantzis

    Network exploitation of IoT ecosystems
    Internet of Things (IoT) ecosystems are comprised of a large variety of connected devices that are rife with “smart” features and textbook vulnerabilities. With the advent of ever growing interconnection and interoperability of all these devices, protocols that focus on automation have been developed throughout the years. These often assume an environment with cooperating participants – something that rarely happens in the real world. The fast market pace also leads manufacturers to marginalize security as having low return on investment. IoT devices are usually embedded with low-energy and low processing capabilities, deprioritizing security robustness as a result. All of the above combined make for ecosystems with lots of inherent weaknesses. In this talk we are going to present techniques and attacks on network protocols and insecure implementations commonly found in IoT ecosystems. We are going to explore how penetration testers can abuse zeroconf networking protocols like UPnP, mDNS, WS-Discovery and others and how to combine a chain of seemingly lower risk findings into an impactful attack. Other IoT security angles will be explored as well – from the default insecurity of video streaming protocols like RTP, heavily used by networked cameras, to the growing usage of IPv6 and what that entails in terms of the security posture of the IoT world.


     
     
     

    image description

    Alissa dnsprincess

    The Science of Breaking and Entering
    This is not a social engineering talk. This is a talk about the methodology you’ll need to break and enter into business and all the tech that you’ll run into; metal detectors, security doors, and cameras. This talk will show you common security tools used to keep out intruders and how to evade them, how to pick a good hideout, and planning your perfect entrance. Learn the tips and tricks of physical security evasions, and the solutions to protect a business or venue. This will cover how to improve security after all the secrets are shared.


     
     
     

    image description

    Trey Underwood

    Threat Hunting Like a Gutter Punk
    Do you feel like your security program is always broke? Is it messy, belligerent, and doesn’t seem to get anything done? Does it ask you for change saying something about catching a bus?
    Using open source I explore different ways to approach threat hunting with little to no budget. We will explore the available SIEMs and dive into how to configure elastic stack into a real-world practical SIEM ready made for threat hunting. We will focus mainly on practical hunting efforts with different scenarios found in my day to day and how they could be applied to your org. At the end you’ll walk away knowing how to fill in gaps in your security program and maybe a little bit more money in your pocket.


     
     
     

    image description

    Adam Compton

    Hillbilly Storytime – Pentest Fails
    Whether or not you are just starting in InfoSec, it is always important to remember that mistakes happen, even to the best and most seasoned of analysts. The key is to learn from your mistakes and keep going. So, if you have a few minutes and want to take a load off for a bit, come and join in as a hillbilly spins a yarn about his and sometimes other peoples’ misadventures in pentesting. All stores and events are true (but the names have been changed to prevent embarrassment).


     
     
     

    image description

    Brian Berk

    The Importance of IT Asset Visibility
    The Importance of IT Asset Visibility


     
     
     
    image description

    cyberGoatPsyOps

    Host-Hunting on a Budget
    First 100 days, I wanted to make a positive impact on the organization. I get a lay of the land and notice it was a majority Windows shop with no endpoint visibility. I go over how I prove to management and IT Operations when an opportunity presents itself. There is a suspicious beaconing of a known malicious domain. I quickly deploy Sysmon with PowerShell, as WinRM is enabled everywhere. Bam! I find Kovter fileless malware and break down the analysis. Now that I have buy-in, I go over the methods to get quick wins by deploying technologies like Sysmon, OSqeury, turn on auditing and Windows firewalls. I go over the benefits of Sysmon, how to deploy in the environment on a budget I do a post-mortem assessment and what I would have done differently.


     
     
     

    image description

    Mikhail Aksenov

    Atomic Threat Coverage: operationalized ATT&CK
    We will present our project — Atomic Threat Coverage framework (https://github.com/krakow2600/atomic-threat-coverage), which allows to automatically generate actionable analytics, designed to combat threats (based on the MITRE ATT&CK adversary model) from Detection, Response, Mitigation and Simulation perspectives. This way Atomic Threat Coverage represents a Core of Security Operations Center, creating analytics database with all entities, mapped to all meaningful, actionable metrics, ready to use, ready to share and show to leadership, customers and colleagues.


     
     
     

    image description

    Nick Maier

    Nerding out with machine data
    No matter if the data is being used at a personal or professional level, for good or for bad. This session will cover what the enterprise logging community has seen in the recent past and how to be best equipped in the near future.


     
     
     

    image description
    image description

    Ricardo Lafosse & Matthew Speakman

    Cloudy with a chance of SecOps
    This session will focus on the ever-changing Security Operations landscape…which changes every damn second. A significant disrupter in the past few years has been cloud and, in many shops, globally it has been blindly adopted without the proper security governance. In this session will discuss and provide examples on how to prepare your demoralized SecOps team into a Hogwart’s worthy team of cloud wizards. We will discuss our AWS cloud transformation, taking a cloud-native first methodology, automation, and retooling for cloud. Ultimately, the goal of this talk is that you will leave with concrete examples and templates, not just theory!


     
     
     

    image description

    Cat Self

    Dance, Fancy Bear. Dance!
    A Starving Artist’s Guide to Threat Emulation on MacOS
    Some of the most recognized artists began their career by copying other artists and creating convincing forgeries. Leveraging the parallels between the art of forgery and the art of offensive security, we will study Fancy Bear (APT28) using freely available intelligence sources to create a convincing forgery of their malware, X-agent, for defenders to study. The audience of this talk is defenders wanting to conduct threat emulation of a specific threat actor on a starving artist budget.


     
     
       

    image description

    Lee Wangenheim & Joshua Platz

    Hashes; Smothered and Scattered: Modern Password Cracking as a Methodology
    With the explosion of GPU enabled processing power password cracking has long grown beyond the standard wordlist. New tools and techniques are being used in order to effectively and efficiently crack passwords that just a few years ago would have be unfathomable. Just recently we build what we believe to be the world’s first Terahashing(one trillion attempts per second) distributed password cracking rig which could crack any 8 character password in under 2 hours. People often ask us, what is the best way to crack this hash, and the truth is it really depends. Let us introduce some of the more modern and best ways to attack passwords by analyzing the language structures and character patterns of passwords, as well as developing custom rules and rule chains to maximize effort. Password cracking is one of those things that has been around for a long time, however people often do not associate a methodology behind it and consider it just a tool.

    Our presentation has a large amount of content to cover within a 50-minute window, therefore our demos are light and quick showing the different tools built for cracking locally, in the cloud, or in a distributed environment. We feel that by passing along the knowledge of the ins and outs of the tools will be more valuable than having people watch us crack passwords on the screen. The slide decks can be made available to participants and contains sample commands for them to try out each technique we present. Key Topics:
  • Password Cracking as a Methodology
  • Types of attacks (Wordlist/Rules/Masks/Hybrid/Passphrase/Linguistic)
  • Common Pitfalls
  • Utilizing Cloud Systems for Password Cracking
  • Distributed Cracking Solutions
  • The various levels of threat actors and resources (from newbs to state actors)
  • Wordlists Vs Password Dumps



  •  
     
     

    image description

    Len Noe

    Understanding how public places introduce additional risks to business travelers & how the tools used by hackers continue to evolve
    The key to a successful attack is having the right tools for the job. In this session, the audience will learn about frequently-used tools and methods used by attackers. The session will feature live demonstrations of real team exploits and hacking hardware – and an in-depth look at how hackers can compromise and exfiltrate data from public areas, such as hotel lobbies and coffee shops, and unsuspecting victims. Learn how CyberArk can mitigate damage caused by cyber attacks.


     
     
     

    image description

    John Fatten

    Malicious Cryptomining is Exploding. Are you at risk?
    With a 200x increase in crypto-related traffic in 2019, there’s never been a better time to find out if computing resources in your organization are being used without your knowledge. You may be surprised to find out which organizations, regions and company sizes are most at risk. Attackers are leveraging malicious cryptomining in your network as a starting point to execute future attacks. Join us to find out how to stop it in its tracks.


     
     
     

    image description

    Todd Thorsen

    Departing Employees = Departing Data
    Last year, 40 million people changed jobs and 60% of them admitted to taking data when they left. 90% of these inside threats go undetected for months. By the time organizations find out, the damage is already done. Join this talk to learn about the market drivers behind the need for real time detection and response for a growing inside threat: departing employees


     
     
     

    image description

    Chloé Messdaghi

    The Hacker Hippocampus: Meet your brain on games
    Always on the edge of your seat when it comes to new exploits and tricks. From bug bounties, CTFs, live hacking events, simulations, and interactive educational modules, they have been proven to stimulate and enforce new tools and knowledge to become stronger red teamers, blue teamers, and purple teamers.


     
     
     

    image description

    John DeRyke

    Want to Play a Game…..
    Digital Security is not the same as Information Technology. We know it, but no one else seems to understand. Infrastructure, IAM, Application Development all have project plans and architectures that allow for 99.9999% success. We, as Digital Security Practitioners, know that we are going to fail at least 20% of the time for peoples expectations. Our responsibilities are completely out of our direct control. We can only due so much with what we have and always someone is trying to break it down or does not understand the real value of what we do. So, we are proposing a way to start allowing others to really experience what we have have to deal with in our day to day lives.


     
     
     

    image description

    Chris Russell

    The Past, Present & Future of Cyber Threats
    Join us to discuss new strategies today’s enterprises can employ to protect endpoints against ransomware, polymorphic malware, and threats that lurk inside email attachments, phishing links, file downloads and malicious websites.


     
     
     

    image description

    Ryan Wisniewski

    Hacking the Boardroom: How to communicate effectively to get your budget
    As information security professionals, we are often put into highly technical situations that only we can understand. We then have the challenge of explaining ourselves to those non-technical folks that control our budgets: the executives. This talk focuses on communication techniques to discuss our findings effectively to garner the respect and trust from the C-suite to further drive security improvements. Ryan will show real examples (both good and bad) and explain how the communication methods could be improved for the greater audience. Various tips will include (but not limited to) report formatting, visual diagrams, screenshot tips, audience tailoring, and message focus.


     
     
     

    image description

    Milan Patel

    A Day in the Life of a Security Operations Center: What do you get when you partner with cybersecurity experts?
    Cybersecurity threats are increasing, becoming more sophisticated, and creating more damage. Every week a typical Security Operations Center receives tens of thousands of alerts. Unfortunately, only the largest and most well-defended organizations have the resources to investigate and respond to these threats. If you are struggling to defend your organization with constrained internal resources, there is an alternative. Managed Security Services offer a partnership that allows organizations to leverage industry leading technologies and a level of expertise previously only available to the largest and most well defended organizations. But what exactly do these services offer? And how can your organization benefit? A Day in the Life of a Security Operations Center, looks at the capabilities provided through the BlueVoyant SOC and describes how partnering with us provides organizations with a better approach to alert investigation and response. During this presenation you will learn:
  • How you can cut your incident investigation time from 8 hours to 10 minutes
  • How our teams can focus on the most relevant threats — the ones that reach your endpoints
  • How we can automatically investigate all incidents, respond on your behalf, and learn from attacks so you are better prepared moving forward
  • How our Wavelength portal allows you to review reports, monitor activities and always know the status of investigations and response



  •  
     
     

    image description

    SciaticNerd

    Cons & Careers
    Demonstrate the possibilities of career enhancement by making use of the wide variety of conferences, conventions, and events that are put on in the wider Information Security community


     
     
     

    image description

    Colin Cowie

    Million Dollar Malware: Using the Viper Framework to Investigate and Track Ryuk’s Success
    Ever since it was first discovered in 2018, Ryuk ransomware has been extremely profitable and is known for expensive ransom payouts. Ryuk has changed in functionality the variety of Ryuk ransomware samples has been increasing. This talk explores what attributes make Ryuk successful and how custom modules for the Viper Framework can be leveraged to perform similarity analysis and track malware development.


     
     
     

    image description

    Adam Hogan

    The Spider Economy: Emotet, Dridex, and TrickBot, Oh My
    It’s not just malware; it’s an economy. Learn how the webs of eCrime threat actors twist and tangle downrange. While nation state actors grab headlines for their sophistication, eCrime actors have built a significantly profitable industry distributing trojans, ransomware, and other maladies. These threat actors not only develop new and sophisticated toolsets, they grow their business through sophistication and specialization


     
     
     

    image description

    Adam Ringwood

    Varna: Custom, robust AWS monitoring for cents a day using EQL
    Varna is a lambda based tool for monitoring Amazon Web Services (AWS) CloudTrail using Event Query Language (EQL) costing less than 10 cents a day to run. It supports fully customizable rules that get evaluated within seconds of a new log file being deposited. In addition, Varna supports EQL search over historical logs that were already archived in an AWS account. Upon finding an event to alert upon, it uses one or multiple alert methods to notify a security team of suspicion action. Varna supports 1-click temporary whitelisting as well to reduce alert fatigue for benign actions. Varna includes a web interface for configuration of rules and review of alerts.
    EQL provides some amazing benefits in being the query language of choice for Varna. EQL allows both joins and sequences over a series of log events, this allows writing rules that may require multiple events to fire or a specific chain of events. In addition, EQL is easy to learn and robust enough to handle complex queries. AWS accounts are becoming increasingly important in most organizations security model but sadly remain one of the least focused on from a security perspective. Risks include developers leaking credentials via code commits, 3rd party software exposing account credentials, or permission misconfiguration. Varna helps avoid this by alerting security teams quickly to suspicious behavior and increasing visibility into AWS accounts.

    Varna also comes bundled with a set of prewritten EQL rules designed to alert on suspicion behavior present in an AWS account.


     
     
     

    image description

    Dr. Jared DeMott & John Stigerwalt

    Using Next Generation Fuzzing Tools: Fixing Bugs and Writing Memory Corruption Exploits
    The process of fuzzing has changed, from multation, to frameworks, to the constraint solving (CS) and genetic algorithms (GA) of today. While pre-written suites and custom one-offs can be great, GAs (AFL/Clusterfuzz) and CS (Sage/MSRD) often do the best – and we’ll drop serious vulns in this talk to prove it. These tools are paired best with scale – fuzzing-as-a-service (FaaS). It’s time to exposure your code before attackers do. But it’s still not a perfectly simple endeavor. We will explain harnesses; how to pick seeds; which portions of the app to target, CI/CD, and much more. We’ll look at an exciting, new DAST tool: microsoftsecurityriskdetection.com. From there we’ll teach you how to turn the bugs into fixes, or exploits. Excitingly, you’ll learn how to write 0day from results.


     
     
     

    image description

    April C Wright

    Deepfakes: If anything can be real then nothing is real
    “I didn’t say that!” …The world will be forever changed by Deepfakes. A portmanteau of “deep learning” and “fake”, this trend refers to a new AI-assisted human image synthesis technique that generates realistic video face-swaps which can even be done in real-time. With current video technology, a collection of still selfies can be used to create realistic videos. Fake is the new reality: A voice can be faked. A face can be faked. What happens when we cannot trust what we hear and what we see? Is it possible to detect and defeat this global threat? The challenges from faked content emphasize the need for society remaining critical to protect ourselves as this technology gets better and better, but like any technology, the AI which creates deepfakes is neither good nor evil. This talk explores the possible ramifications and ethics of deepfakes, from privacy and consent, to First Amendment and parody rights, to global thermo-nuclear war, and considers both positive and negative possible scenarios.


     
     
     

    image description

    Dan Allen

    How Hackers Evade Your AI-enabled Endpoint Detection Tools
    In this session, Robert Wiggenhorn, Sr Director of Professional Services, will talk about how modern malware continues to circumvent even the most advanced enterprise perimeter and endpoint security tools. Even AI and Machine Learning-based technologies can’t seem to keep up with the most sophisticated and well-funded hackers.


     
     
     

    image description

    Kyle Eaton

    Automating Phishing Analysis
    Phishing remains a big problem for organizations bit and small. In this talk we’ll set up and discuss an automatic phishing platform which crawls phishing pages, grabs screenshots, and attempts to identify form actions.


     
     
     

    image description

    Tom Somerville

    Destroy Everything
    The magic of sassy pants.


     
     
     

    image description

    Trey Underwood

    Red Teaming Newbies: A Look Into CCDC
    CCDC (Collegiate Cyber Defense Competition) competitions ask student teams to assume administrative and protective duties for an existing “commercial” network – typically a small company with 50+ users, 7 to 10 servers, and common Internet services such as a web server, mail server, and e-commerce site. Each team is scored on their ability to protect their network, keep services running, and handle business requests while balancing security needs with business needs.

    This presentation goes over the journey of joining the ‘other side’ of these competitions: the red team. This team consists of industry professionals volunteering their time for the sake of security education and maybe have a little fun on the side too. We’ll discuss the challenges faced hacking college students and the tools created as a response along with funny stories and incident reports filled out by students. We’ll discuss zero day vulnerabilities found during the competition because of good blue teams and stubborn vendors. At the end you’ll learn some red team antics and why CCDC is important to improving security education.


     
     
     

    image description

    Chris Burrows

    Surfing and Security – Ride the wave
    Our world has changed but with the right plan and good balance – you can do a long way. Learn what organizations are doing to protect their company’s people, data and dollars; Education, strategic controls and the right people can make all the difference between a sweet ride and an epic wipeout.


     
     
     

    image description

    Jared Phipps

    CyberCrime Trends of 2019: A Look Into Cybercrime, Nation State and Ransomware Monetization Activities
    A look into the blurred lines of Nation State and Cybercrime actors and how the Insurance industry is fuelling a massive growth in this attack vector. • The latest threat intel & analysis of ransomware campaigns and how this can be used to shape your cybersecurity strategy • Stories from recent Incident Response (IR) engagements doing eradication of Ransomware including payment negotiations and IR strategies and limitations of EDR • How to block the most advanced attacks before they can become a breach or even an incident.


     
     
     

    image description

    th3CyF0x

    Becoming a Human nMAP! Cultivating a Renaissance Approach for the Social Engineer
    As a security analyst with an atypical entry into the information security world, one of my research questions posed in social engineering is why reading a diverse array of topics is beneficial to the social engineer, be it something they are passionate about or not. In building upon Defcon 24’s presentation at the Social Engineering Village by Tomohisa Ishikawa titled “Does Cultural Differences become a barrier for social engineering?” cultural differences presented by different countries place emphasis on different genres; therefore, what one person from a certain country holds dear, the other may not. Therefore, your reconnaissance, pretexts and elicitations and the support required must be able to adapt. I have found this to be true. Reading/Watching/Listening like a ‘Renaissance individual (knowledgeable on a variety of topics but not limited to select ones) ameliorates this challenge. The answer came from a combination of attending the Advanced Practical Social Engineering course in 2016 and a self-reflection; all the reading I loved and hated as a child and as an adult has given me an extensive web to build rapport through as a social engineer and improve my elicitation to procure more information . In my talk, I would like to discuss how to develop a strategy and which areas to focus on so you would be available to navigate even through the ‘darkest of waters’ and the ‘coldest of individuals’ and get information you would need. This talk is a combination on the topics of Social Engineering and Reconnaissance


     
     
     

    image description

    Phil Polstra

    Big Plane, Little Plane: How common aviation attacks affect airlines and general aviation
    There have been several aviation attacks discussed in recent years.  In this talk we will take an in-depth look at several of these attacks and how they affect big planes (airliners), medium planes (biz jets), and small planes (general aviation) differently.  We will also dive into how various avionics systems work.  Attendees will leave with a better understanding of several aviation/avionics systems and also knowing which security issues they should be concerned about while flying, no matter what aircraft they are in at the time. 


     
     
     

    image description

    Todd White

    The Economic’s of Cyber Security
    This presentation will review what was provided to the National Association of Corporate Directors- Master Class. This will provide the building blocks for attendees to better understand the value of Cyber Security to their organization that their Board Members have been learning about at their conferences.

     
     
     

    image description

    th3CyF0x

    Becoming a Human nMAP! Cultivating a Renaissance Approach for the Social Engineer
    As a security analyst with an atypical entry into the information security world, one of my research questions posed in social engineering is why reading a diverse array of topics is beneficial to the social engineer, be it something they are passionate about or not. In building upon Defcon 24’s presentation at the Social Engineering Village by Tomohisa Ishikawa titled “Does Cultural Differences become a barrier for social engineering?” cultural differences presented by different countries place emphasis on different genres; therefore, what one person from a certain country holds dear, the other may not. Therefore, your reconnaissance, pretexts and elicitations and the support required must be able to adapt. I have found this to be true. Reading/Watching/Listening like a ‘Renaissance individual (knowledgeable on a variety of topics but not limited to select ones) ameliorates this challenge. The answer came from a combination of attending the Advanced Practical Social Engineering course in 2016 and a self-reflection; all the reading I loved and hated as a child and as an adult has given me an extensive web to build rapport through as a social engineer and improve my elicitation to procure more information . In my talk, I would like to discuss how to develop a strategy and which areas to focus on so you would be available to navigate even through the ‘darkest of waters’ and the ‘coldest of individuals’ and get information you would need. This talk is a combination on the topics of Social Engineering and Reconnaissance


     
     
     

    *Speakers are subject to change with little or no notice