Presentations

Initial release of talks below, more to come


image description

Amanda ‘Infosystir’ Berlin

Thursday Keynote

 
 
 

 
image description

Rachel ‘Soul Crusher86′ G

Friday Keynote


 
 
 

image description

Arron ‘Finux’ Finnon

Make Kemp Great Again!!!!
Bundespwn leak!!!! If you have noting to hide you have nothing to fear……
This talk takes a detailed look at the data recently leaked as part of the organised dump of Bundestag (German Parliament) politician’s information. Whilst some of the data is clearly the fruits of OSINT, some of the data leaked also comes from private sources. The information that was dumped was leaked in a difficult format to analyse, in turn this means that any tales to be told from this, will take some digging 😉 The real question is, how many of these politicians have told the citizenry; if you have nothing to hide you have nothing to fear?

 
This will be the FRIDAY WRAP UP presentation
 
 
 

image description

Dave Kennedy

TBD

 
 
 
 
 

image description

Matthew ‘Mattrix’ Hoy

Data Security – How to avoid an embarrassing breach
A history of Data Security, how we got to where we are now and insights on what it will take to secure your sensitive data to avoid an embarrassing breach.  
 
 
 
 

image description

Jayson E Street

TBD



 
 
 

image description

Kyle Shattuck

Power Detection
Today’s cyber landscape is littered with hackers trying to evade detection and defenders trying to improve detection. One aspect of this cyber landscape is the hardware devices that attackers plug into computer systems to gain access and perform malicious acts. In doing so, defenders build upon detection to find indicators of compromise in order to respond to this type of attack. Target’s Cyber Fusion Center has an innovative perspective on how to detect when hackers use malicious hardware. Amperage (power usage) is the key to detecting the hardware hackers use to bypass current security measures. This new method can help identify and reduce hackers gaining access to computer systems.


 
 

image description

Chris Roberts

TBA
TBA
 
 
 
 
 

 

image description

Jeff Man

What Are We Doing Here? – Rethinking Security
Have you ever noticed that much of the mission of cyber- and information security professionals seems to be focused on vulnerabilities? Have you ever heard of the risk equation? Perhaps you are familiar with one or more versions that help you derive the risk to your organization (sometimes referred to as residual risk). I have been wondering for a while how to suggest to our industry that there is perhaps TOO much focus on vulnerabilities and not enough attention or focus on the other elements that derive the standard risk equation. Remember how the disclosure of Meltdown/Spectre introduced a “perfect storm” scenario where the vulnerability wasn’t easy to patch or fix, and the solution seemed to be break things? This created a situation where the “security solution” wasn’t simply to apply the patch – and that left many organizations scrambling to figure out how to deal with this example of a persistent vulnerability. This is a great example of what I’ve wanted to discuss for a while – what else should we focus on in terms of security if/when the vulnerabilities still remain. Interested? Intrigued? Come join the discussion!


 
 
 

image description

Kelley Robinson

PSD2, SCA, WTF?!
The Payment Services Directive (PSD2) hit European financial institutions in 2018. As part of the regulation, Secure Customer Authentication (SCA) is required in 2019. If your company operates in Europe and processes financial transactions, you’ll need to be prepared.


 
 
 

J Wolfgang Goerlich

Inhumane: Making Security Hard on Criminals, Easy on Everyone Else
Security happens where man meets machine. Or, fails to happen, as we see all too often. Blame the users. They’ll click anything. Blame the developers. Half their code is riddled with vulnerabilities anyways. Blame the IT staff. You’d think they’d at least know better. But perhaps, we’ve been placing the blame on the wrong places. What exactly happens where people and technology meet? At that moment, that very moment, what factors in human psychology and industrial design are at play? And suppose we could pause time for a moment. Suppose we could tease out those factors. Could we design a better experience, design a better outcome, design a better path to the future? This session explores these questions and identifies lessons the cyber security field can learn from industrial design.


 
 
 

image description

Whitney Phillips

Beginner’s Guide to Mobile Applications Penetration Testing
In this talk, I introduce how to test mobile applications from an attacker perspective. I will discuss jail breaking software for both Android and iOS. I will also go over methods used to obtain both Android APKs and iOS IPAs. And I will finish the talk going over various tools used to perform testing.


 
 
 

image description

David “HealWHans” Schwartzberg

Hacking the Hak4Kidz eBadge
I’ll get this to you later. Mmmm’k?


 
 
 

image description

Scott Thomas

MSSPs are great…and other lies I tell myself
Many orgs must deal with a MSSP at some point. They can be used for one-off pentests or up-to and including a managed front-to-back security service with a ‘virtual CISO’. It doesn’t matter if you’re the junior analyst having to work side-by-side with them to accomplish your tasks or if you signed the contract and are responsible for paying them, there are things you should be sure they provide to you. I’ve worked with multiple MSSPs from small to very large and I’ve been an MSSP consultant. I will present some ideas on how to contract with one, some of the tricks they may use when working with you and how to ensure they are giving you what you’re paying for overall. If all else fails, I’ll also detail some of the pain of the rip & replace method of switching MSSPs.


 
 
 

image description

atlas 0f d00m

TBA
TBA


 
 
 

 

image description

Ken Westin

Black Hats & White Collars : Bitcoin, Dark Nets and Insider Trading
We know criminal hacking is big business, over the past decade, we have seen criminal syndicates get creative with ways of generating revenue, through markets selling stolen credit cards, selling of tools and services and more recently ransomware. With the rise of popularity in Bitcoin, there has been an increasing interest from those in the financial sector in the pseudo-anonymous currency as well as underground markets and sites sharing information via hidden services in the Tor network and other platforms. Financially savvy white collar criminals now have increased access to criminal hackers who can target, steal and share nonpublic data about companies, this paired with the anonymous nature of hidden services and Bitcoin reduces the risk of getting caught, but with large financial gains. In this talk we will review several cases where criminals have gained millions of dollars through compromising PR and legal firms and steps these organizations can take to protect this data.


 
 
 

image description

Nathan Dragun

*Topic Pending Legal Disclosure*
Come find out


 
 
   

image description
image description

GregB33f & James

Reverse Engineering Malware for N00bs
The goal is to not talk over people’s heads with advanced concepts. We’re not ninjas. The flow of the talk will be static analysis and then dynamic analysis on various malware samples. We’ll be analyzing malware samples and using tools like exeinfo PE to see if the file is packed. From there we’ll unpack and move it into pestudio and look at the strings in the malware. What are the warning signs of malicious strings? What are the resources being used? What is the timestamp of the file? These are some of the basic questions that we want engineers to ask themselves-that way they’re not YOLOing all over themselves when they actually have a to do a legit IR/malware analysis.


 
 
 

image description

EvilMog

Automating Hashtopolis for fun and Profit
Hashtopolis now has a user-API, which means you can now automate it. This talk will cover setup of your environment, a run through of the API and examples of taking a dump from crackmapexec, secrets dump etc and loading the hashes onto hashtopolis, automating the task creation, task status checking and even looking up cracked hashes for integration into other systems.


 
 
 

image description

Catherine Ullman

A Theme of Fear – Hacking the Paradigm
The InfoSec industry was born out of fear. Initially it was fear from virus infections and later, external attacks. We capitalized on that fear to build more secure environments. But fear is hard to manage: too much fear breeds paralysis, and too little fear breeds complacency. This talk will take a look at the history of fear in InfoSec, explore how its impact has shaped the industry, and how it is now getting in the way. Fortunately, we can provide the next generation a new paradigm to affect change. This talk presents some ideas on what the new security paradigm could be, and most importantly – how to enable a security-minded culture without using fear.


 
 
 

image description

Charles Herring

Breaking NBAD and UEBA Detection
Network Behavior Anomaly Detection (NBAD) and User and Entity Behavior Analytics (UEBA) are heralded as machine learning fueled messiahs for finding advanced attacks. The data collection and processing methodologies of these approaches create a series of new exploitable vectors that can allow attackers to navigate network and systems undetected. In this session, methods for poisoning data, transforming calculations and preventing alerts will be examined. Proof of concept Python code will be demonstrated and made available. Approaches to harden against these attacks will also be discussed as well as outlining needed changes in detection standards.


 
 
 

image description

Stefab ‘Lojikil’ Edwards

Symbolically executing a fuzzy tyrant
Code reviewers and penetration testers are familiar with the normal dynamic and static application security tools (DAST|SAST). These tools can provide varying levels of coverage with varying levels of false/true positives. However, there are other classes of tools that can provide deeper understanding and more vulnerabilities in the same amount of time as traditional tools. This talk covers two such classes: (smart) fuzzers and symbolic execution. As a practicum, it is focused on every-day scenarios that normal security analysts face, rather than theoretical attacks in an academic setting. The author’s current setup is provided as an example.


 
 
 

image description

Jose Hernandez

How to Make a Honeypot Stickier (SSH*)
One of the primary data sources we use on the Splunk Security Research Team is attack data collected from various corners of the globe. We often obtain this data in the wild using honeypots, with the goal of uncovering new or unusual attack techniques and other malicious activities for research purposes. The nirvana state is a honeypot tailored to mimic the kind of attack/attacker you are hoping to study. To do this effectively, the honeypot must very closely resemble a legitimate system. As a principal security research at Splunk, co-founder of Zenedge (Now part of Oracle), and Security Architect at Akamai I have spent many years protecting organizations from targeted as well as internet-wide attacks, and honeypots has been extremely useful (at times better than threat intel) tool at capturing and studying active malicious actors. In this talk, I aim to provide an introduction to honeypots, explain some of the experiences and lessons learned we have had running Cowrie a medium interaction SSH honeypot base on Kippo. How we modified cowrie to make it more realistic and mimic the systems and attack we are trying to capture as well as our approach for the next generation of honeypots we plan to use in our research work. The audience in this talk will learn how to deploy and use cowrie honeypot as a defense mechanism in their organization. Also, we will share techniques on how to modify cowrie in order to masquerade different systems and vulnerabilities mimicking the asset(s) being defended. Finally, share example data produced by the honeypot and analytic techniques that can be used as feedback to improve the deployed honeypot. We will close off the talk by sharing thoughts on how we are evolving our approach for capturing attack data using honeypots and why.


 
 
 

image description

Amber Welch

Data Access Rights Exploits under New Privacy Laws
New privacy laws such as the GDPR and CCPA have been great advances for personal data rights, although the ability to request access to all the personal information a company has on an individual has created new attack vectors for OSINT. These personal data access requests are usually managed by legal or compliance teams with minimal security review, increasing the potential for phishing, social engineering, and “legal DDoS.” This talk will discuss the personal data access options required in different regions, how most companies respond to data access requests, and the most effective exploits for privacy vulnerabilities. We’ll explore the psychology driving corporate responses to requests and ways these emotions can be exploited, as well as the most likely targets for a weak privacy program.
For the blue teamers, phishing detection and defense strategies will be presented. Rather than ignoring or fighting against the regulations, we’ll look at ways to use these laws to discourage, detect, and disrupt data access attacks. We’ll consider strategies for working with legal teams, getting security involved in the review process, and conducting red team reviews on the data access mechanism. Best practices for identifying data subjects, minimizing the data released, and legally denying abusive requests will be covered. Key sections of the laws you need to know for exploits and defense will be highlighted.


 
 
 

image description

Fotios ‘ithilgore’ Chantzis

Network exploitation of IoT ecosystems
Internet of Things (IoT) ecosystems are comprised of a large variety of connected devices that are rife with “smart” features and textbook vulnerabilities. With the advent of ever growing interconnection and interoperability of all these devices, protocols that focus on automation have been developed throughout the years. These often assume an environment with cooperating participants – something that rarely happens in the real world. The fast market pace also leads manufacturers to marginalize security as having low return on investment. IoT devices are usually embedded with low-energy and low processing capabilities, deprioritizing security robustness as a result. All of the above combined make for ecosystems with lots of inherent weaknesses. In this talk we are going to present techniques and attacks on network protocols and insecure implementations commonly found in IoT ecosystems. We are going to explore how penetration testers can abuse zeroconf networking protocols like UPnP, mDNS, WS-Discovery and others and how to combine a chain of seemingly lower risk findings into an impactful attack. Other IoT security angles will be explored as well – from the default insecurity of video streaming protocols like RTP, heavily used by networked cameras, to the growing usage of IPv6 and what that entails in terms of the security posture of the IoT world.


 
 
 

image description

Alissa dnsprincess

The Science of Breaking and Entering
This is not a social engineering talk. This is a talk about the methodology you’ll need to break and enter into business and all the tech that you’ll run into; metal detectors, security doors, and cameras. This talk will show you common security tools used to keep out intruders and how to evade them, how to pick a good hideout, and planning your perfect entrance. Learn the tips and tricks of physical security evasions, and the solutions to protect a business or venue. This will cover how to improve security after all the secrets are shared.


 
 
 

image description

Trey Underwood

Threat Hunting Like a Gutter Punk
Do you feel like your security program is always broke? Is it messy, belligerent, and doesn’t seem to get anything done? Does it ask you for change saying something about catching a bus?
Using open source I explore different ways to approach threat hunting with little to no budget. We will explore the available SIEMs and dive into how to configure elastic stack into a real-world practical SIEM ready made for threat hunting. We will focus mainly on practical hunting efforts with different scenarios found in my day to day and how they could be applied to your org. At the end you’ll walk away knowing how to fill in gaps in your security program and maybe a little bit more money in your pocket.


 
 
 

image description

Adam Compton

Hillbilly Storytime – Pentest Fails
Whether or not you are just starting in InfoSec, it is always important to remember that mistakes happen, even to the best and most seasoned of analysts. The key is to learn from your mistakes and keep going. So, if you have a few minutes and want to take a load off for a bit, come and join in as a hillbilly spins a yarn about his and sometimes other peoples’ misadventures in pentesting. All stores and events are true (but the names have been changed to prevent embarrassment).


 
 
 

image description

cyberGoatPsyOps

Host-Hunting on a Budget
First 100 days, I wanted to make a positive impact on the organization. I get a lay of the land and notice it was a majority Windows shop with no endpoint visibility. I go over how I prove to management and IT Operations when an opportunity presents itself. There is a suspicious beaconing of a known malicious domain. I quickly deploy Sysmon with PowerShell, as WinRM is enabled everywhere. Bam! I find Kovter fileless malware and break down the analysis. Now that I have buy-in, I go over the methods to get quick wins by deploying technologies like Sysmon, OSqeury, turn on auditing and Windows firewalls. I go over the benefits of Sysmon, how to deploy in the environment on a budget I do a post-mortem assessment and what I would have done differently.


 
 
 

image description

Mikhail Aksenov

Atomic Threat Coverage: operationalized ATT&CK
We will present our project — Atomic Threat Coverage framework (https://github.com/krakow2600/atomic-threat-coverage), which allows to automatically generate actionable analytics, designed to combat threats (based on the MITRE ATT&CK adversary model) from Detection, Response, Mitigation and Simulation perspectives. This way Atomic Threat Coverage represents a Core of Security Operations Center, creating analytics database with all entities, mapped to all meaningful, actionable metrics, ready to use, ready to share and show to leadership, customers and colleagues.


 
 
 

image description
image description

Ricardo Lafosse & Matthew Speakman

Cloudy with a chance of SecOps
This session will focus on the ever-changing Security Operations landscape…which changes every damn second. A significant disrupter in the past few years has been cloud and, in many shops, globally it has been blindly adopted without the proper security governance. In this session will discuss and provide examples on how to prepare your demoralized SecOps team into a Hogwart’s worthy team of cloud wizards. We will discuss our AWS cloud transformation, taking a cloud-native first methodology, automation, and retooling for cloud. Ultimately, the goal of this talk is that you will leave with concrete examples and templates, not just theory!


 
 
 

image description

Cat Self

Destroy Everything
Welcome to the red team, threat hunting magical world of glory


 
 
   

image description

Lee Wangenheim & Joshua Platz

Hashes; Smothered and Scattered: Modern Password Cracking as a Methodology
With the explosion of GPU enabled processing power password cracking has long grown beyond the standard wordlist. New tools and techniques are being used in order to effectively and efficiently crack passwords that just a few years ago would have be unfathomable. Just recently we build what we believe to be the world’s first Terahashing(one trillion attempts per second) distributed password cracking rig which could crack any 8 character password in under 2 hours. People often ask us, what is the best way to crack this hash, and the truth is it really depends. Let us introduce some of the more modern and best ways to attack passwords by analyzing the language structures and character patterns of passwords, as well as developing custom rules and rule chains to maximize effort. Password cracking is one of those things that has been around for a long time, however people often do not associate a methodology behind it and consider it just a tool.

Our presentation has a large amount of content to cover within a 50-minute window, therefore our demos are light and quick showing the different tools built for cracking locally, in the cloud, or in a distributed environment. We feel that by passing along the knowledge of the ins and outs of the tools will be more valuable than having people watch us crack passwords on the screen. The slide decks can be made available to participants and contains sample commands for them to try out each technique we present. Key Topics:
  • Password Cracking as a Methodology
  • Types of attacks (Wordlist/Rules/Masks/Hybrid/Passphrase/Linguistic)
  • Common Pitfalls
  • Utilizing Cloud Systems for Password Cracking
  • Distributed Cracking Solutions
  • The various levels of threat actors and resources (from newbs to state actors)
  • Wordlists Vs Password Dumps



  •  
     
     

    image description

    Chloé Messdaghi

    Gotta Catch’em All – Bug Bounty!
    Bug bounty has been a long time craze, and becoming a necessity to keeping organizations safe by crowd sourcing their security. As the demand increases, the supply needs to increase as well. However, getting into the bug bounty space can be tricky and hard to start. This talk approaches the history of bug bounty, the current legal landscape, and the next steps for bug hunting, including how to get started and which tools to us.

    This talk focuses on the current and future of bounty hunting and web hacks that bug hunters or penetration testers can be knowledgeable of what the various environment trends. We will be going over the changes to the web attack landscape and how web hackers, can better find bugs in the web applications that are currently being developed.


     
     
     

    image description

    Ryan Wisniewski

    Hacking the Boardroom: How to communicate effectively to get your budget
    As information security professionals, we are often put into highly technical situations that only we can understand. We then have the challenge of explaining ourselves to those non-technical folks that control our budgets: the executives. This talk focuses on communication techniques to discuss our findings effectively to garner the respect and trust from the C-suite to further drive security improvements. Ryan will show real examples (both good and bad) and explain how the communication methods could be improved for the greater audience. Various tips will include (but not limited to) report formatting, visual diagrams, screenshot tips, audience tailoring, and message focus.


     
     
     

    image description

    SciaticNerd

    Cons & Careers
    Demonstrate the possibilities of career enhancement by making use of the wide variety of conferences, conventions, and events that are put on in the wider Information Security community


     
     
     

    image description

    Colin Cowie

    Million Dollar Malware: Using the Viper Framework to Investigate and Track Ryuk’s Success
    Ever since it was first discovered in 2018, Ryuk ransomware has been extremely profitable and is known for expensive ransom payouts. Ryuk has changed in functionality the variety of Ryuk ransomware samples has been increasing. This talk explores what attributes make Ryuk successful and how custom modules for the Viper Framework can be leveraged to perform similarity analysis and track malware development.


     
     
     

    *Speakers are subject to change with little or no notice