- Loading...
- No images or files uploaded yet.
Keynotes:
Opening Russ McRee (@holisticinfosec) Manager, Security Incident Management & Pentesting Services, Microsoft
Russ McRee, GIAC+, CSIH, CISSP manages the Security Incident Management & Penetration Testing Services team for Microsoft’s Online Services Security & Compliance organization. McRee writes toolsmith, a monthly column for the ISSA Journal, and has written for numerous other publications including Information Security, (IN)SECURE, SysAdmin, Linux Magazine, and OWASP. He speaks regularly at events such as DEFCON, Black Hat, RSA, FIRST, and RAID, amongst others. He conducts constant vulnerability and malware research, wrestling with the challenges of web application security and new ways to interpret malicious network traffic. He advocates a holistic approach to the practice of information assurance and, as such, maintains holisticinfosec.org IBM's ISS X-Force cited Russ as the 6th ranked Top Vulnerability Discoverers of 2009.
Closing Jake Williams (@malwarejake) President of Rendition Infosec.
He has more than a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Before founding Rendition Infosec, Jake worked with various cleared government agencies in information security roles. Jake is a certified SANS instructor and course author. Jake regularly responds to cyber intrusions performed by state-sponsored actors in financial, defense, aerospace, and healthcare sectors using cutting edge forensics and incident response techniques. He often develops custom tools to deal with specific incidents and malware reversing challenges.
Title: Why Snowden’s leaks were inevitable and why leaks will likely continue.
Abstract: Edward Snowden has been vilified by the US Government while being held out as a hero by privacy rights activists. After examining the publicly available data around the leaks, it’s fairly easy to reach the conclusion that the leaks were inevitable – whether or not you agree with Snowden. In this session, we’ll examine US Government disinformation around the leaks and their suggested alternative courses of action. For each alternative suggested course of action, we’ll detail why the course of action was not feasible/plausible for Snowden to take. Finally, we’ll talk about other leakers and courses of action organizations can take to prevent future leaks (it’s about WAY more than shutting down USB access).
Please note: this talk will not be recorded and we ask that you not have electronic devices out during the talk. If you are seen with a potential recording device, you will be asked to leave and will not be allowed back into the session.
Abstracts:
Alissa Torres (@sibertor) Black Mirror of Execution: How new artifacts have changed the 'O' and the 'D'
Windows tracks system/user activity with growing sophistication and granularity. Let's walk through some of this forensic evidence of execution that few examiners know about and seldom used by such a Srum, AmCache and SCCM data. Alissa will dissect 4 case studies where these newly identified artifacts cracked the case and unlocked the story of what happened on the system, and who did it and when.
Chris Sanders (@chrissanders88) and Jason Smith (@automayt) Hacking Food
Being a hacker isn’t just about breaking into computers, it’s about looking for creative ways to make your life better. What better way to increase your quality of life than to hack your food? This presentation will be all about applying the hacker mindset to cooking in an effort to make tastier food in less time. This isn’t a security talk, but it is geared toward people who think with a security mindset. Even if you have trouble boiling water or microwaving hot pockets you’ll walk away with a much deeper understanding of how to hack together something delicious.We’ll even provide a few of our favorite recipes!
Tim Crothers (@soinull) Machine Learning Fueled Cyber Threat Hunting
Cyber Threat Hunting can be difficult to do well but most organizations have come to realize how critical it can be for their overall detection and response programs. In this session Tim will be releasing a new open source tool to aid your hunters in their efforts. We'll explore how machine learning can be used to both speed your hunts as well as help find things you might have otherwise missed. No expertise in machine learning required for this session, just a desire to find bad actors who may be lurking in your organization. You'll walk away with a new tool plus a knowledge of what ML can and can't do to help you find evil (hint: it's not magic despite what the security vendors say).
Michael Banks (@4mikebanks) Bet You Won't Block Google: Evil APIs on the Rise
API’s are a significant utility in today’s information age. Some will argue it’s almost a necessity. While defenders will get better and better at looking at their environment, it is left to the attackers to utilize other methods to exfiltrate data to a source and method that the defender wouldn’t expect. API’s! Many companies implement API’s as extensions of their core products. Some companies implement API’s better than others and more securely than others. What happens when the attackers utilize the security and privacy measures that other companies provide through their API? I’ll show you. One of my favorites are Google, but there are many others. I’ll demonstrate how to exfiltrate data from environments from many different types of APIs you can leverage and show how it looks to defenders. I’ll also explain the importance of SSL inspection and the complicacies of utilizing it."
Paul Melson (@pmelson) Unmasking Cybercriminals on the Open Internet
Cybercriminals operate under the presumption of anonymity during their intrusions and thefts. Using easy-to-apply analysis techniques to extract patterns of behavior from the tools used by cybercriminals, we can build profiles that offer us the chance to predict their next attack or even discover their real identities. This presentation will give real world examples of hunting real bad guys using data collection and analysis techniques available to anyone that wants to try. It will also contain zero references to "machine learning" or pictures of hackers in ski masks.
Russell Eubanks (@russelleubanks) Lessons Learned ISAC – How to Get Wisdom as Cheaply as You Can
Our failure to learn from others misfortune leads us down the same path that fellow cyber security practitioners in order to have to learn our lessons the hard way. There is the easy way and there is the hard way. Both will be explored in this conversation, with a focus on how to learn our cyber security lessons the easy way. By intentionally connecting with fellow cyber defenders and actively avoiding the root cause(s) that led to their compromise(s). There is no need to share the details (or pictures), rather a need for us to openly share the things that as a result of incident response cause us to “always” and “never” do so long as we both shall live.
Tim Tomes (@lanmaster53) Burping for Joy and Financial Gain
If you do application security and don't use Burp Suite, then you're likely doing it wrong. If you do use Burp Suite, then you know that Burp is chock full of features that are either counterintuitive in their placement or complicated to use. In this talk, my goal is to leverage experience gained from years in the field with Burp Suite to demystify some obscure features of Burp and share unintended ways I use the tool to be a more effective and efficient application security tester.
Jason Blanchard (@BanjoCrashland) Inception Presentation
In less than 30 minutes, you'll smile, nod in agreement, be amazed, become incredibly self-aware of how you perceive information, and learn the basics of storytelling and audience persuasion so when you need to explain something to someone, they'll understand. Essentially this is a presentation on presenting presentations within a presentation he likes to call “Inception Presentation.” It will get way meta and you'll love it.
Josh Rykowski (@ryko212) and Sean Eyre (@oni_49) Don't Google 'PowerShell Hunting'
The pervasiveness of PowerShell in today's networks speaks to its usefulness to admins and users alike. However, where one sees a useful tool for network administration the adversary sees a tool for general mayhem. We use this talk to discuss how to harden the enterprise against PowerShell based attacks and then hunt for these attacks while living off the land. During our discussion we will highlight current techniques and their weaknesses then discuss memory artifacts that may be discovered during and following PowerShell execution.
Ismael Valenzuela (@aboutsecurity) Hunting Adversaries with Investigation Playbooks & OpenCNA
As SOCs mature and start to formalize their operations, they typically focus on preparedness, escalation process and incident response plans. However, even with these plans in place, SOCs report that 25% of the alerts are not triaged and that investigations take too long. Why so? In many cases, this can be attributed to the lack of a standardized investigation process and community wide tools that can be applied consistently & repeatedly over time, preventing less experienced analysts and incident responders from doing their job effectively.
Toni de la Fuente (@ToniBlyx) Security Automation in the cloud
What it was hardware, now is software, it is just an API call. We deploy infrastructure the same way we deploy applications. That fact has many implications in security and automation. We can automate recon, attacks and lateral movement but also automate many incident response processes along with hardening. This talk will cover some generic concepts and challenges doing forensics in cloud vendors and it will go deeper to show some attack vectors and hardening for AWS in particular.
Tommy Chin (@tommychinjr) Localization of Wireless Threat Actors and Evasion Tactics
Widely used throughout public space, mobile computing devices such as smartphones and Internet of Things (IoT) have littered the wireless spectrum of high volume network traffic. Traditional communication of these electronic devices use wireless mediums such as, but not limited to, Wi-Fi, Bluetooth, Near-Field-Communication (NFC), GSM, and ZigBee. From an offensive perspective, the use of wireless as an attack vector can be a prominent approach as both unencrypted data communication channels and misconfigured networking devices can lead to security concerns for an end user. Localization of a wireless threat actor from a physical perspective presents a challenge as wireless networks provide service for a large area, and specifically--real-world (meatspace). This talk discusses techniques of wireless localization (physically locating a target using wireless measurements), tracking enhancements, and presents concepts of tracking evasion in Wi-Fi networks. Additionally, real-world experiments were conducted in high-density noise regions using robotic moving targets in a controlled environment. The results of such evaluation demonstrates the viability of Wi-Fi tracking.
Paul Burbage (@hexlax) Necurs Botnet: Mass Distribution for all the Bad Things
This presentation will include the latest research on the Necurs botnet which has historically spammed lures for Locky ransomware, Dridex banking trojan, and most recently, Jaff ransomware . Paul has been monitoring this botnet for over two years and will discuss the history, infrastructure, and threat actors behind this Crimeware as a Service (CaaS) offering.
Brian Stucker (@b_stucker) Building a Secure Environment for Operations using Docker
Running an environment with containerized applications can help drastically reduce security issues and mitigate risk while providing a flexible and consistent environment for development. This talk will focus on the orchestration of Docker Containers using existing configuration management framework with a focus on auditing, applying access controls, and leveraging best security practices. Specifically, audience members can expect to walk away with a better understanding of how to securely maximize their operational and developmental environments. This talk is meant for those interested in achieving a more secure and stable DevOps culture, or for those desiring a more robust personal developmental network. Audience members can expect to see a demo that will build on experience gained from a Case Study focused on building an environment for Industrial Security.
Bob Wheeler (@sailordoc) Managing Your Cyber Career & Job Hunt
Despite the fact that Cyber Security / Info Sec professionals possess skills that are in great demand in many cases operating in a negative unemployment environment (meaning more open jobs than qualified people) successfully landing a great job is not always a guarantee. This talk will help turn great cyber pro's into great job seekers as well.
David Peeler and Keaton Sadoski Simplified Home VPN Solution: A How To Guide
Overall, this will cover why the general public should be educated about privacy and VPN's as well as how to set up a home VPN using OpenSwan. With privacy becoming a thing of the past, VPNs are becoming more prominent. VPN's are a logical solution to this problem; however, not everyone utilizes a home VPN because not everyone realizes how easy it is to set up one. One of the simple solutions to this problem that not everyone may be aware of is running a Raspberry Pi with OpenSwan. With a Raspberry Pi, this means of obfuscation is comparatively cheap and easily reproduced, allowing for anyone to have a means of privacy. OpenSwan, the “de-facto VPN software since 2005”, delivers flexibility in its configuration, and is open sourced, limiting the cost of the home VPN as well as providing a community that supports the end user.
Jack Koons (@JackKoons) Zero Days and Zero Trust Part 2: Microsegmentation, Critical Infrastructure Protection, and a World of Many
The role of microsegmentation, particularly when combined with advanced encryption and software defined networking, represents a powerful security solution in the world of critical infrastructure protection – to include operational technology (OT), industrial control systems (ICS), and supervisory control and data acquisition (SCADA) systems, as well as the emerging world of IoT/IoE. This talk builds on last year’s Security BSides Augusta presentation and will lay out the threat landscape and discuss microsegmentation tactics, techniques, and procedures to enhance security, mitigate threats, and ensure network resiliency.
Brice Self (@B__Selfless) Probing Toms: Creepy hackers on your house doorstep
It's something simple and small that everyone has done or does every day. We leave our wireless cards on when leaving the house or simply not using them. What does this mean? Probe requests! So, what? Even when your miles away from your home, a malicious person can find out where you live and could lead to compromising your network or even worse.
Wes Widner (@kai5263499) Say hello to my little friend - An introduction to iOS security and forensics
iPhone security is still a relatively obscure field. I'll walk you through a brief history of iPhone hacking, the current landscape of threats and exploits facing iPhone users, and finally I'll demonstrate forensics steps you can do without jailbraking to test the security of your Apple mobile devices.
Tigran Terpandjian (@th3CyF0x) Be a Human nMAP! – Cultivating a ‘Renaissance & Reconnaissance Approach’ for the Social Engineer
As a security analyst with an atypical entry into the information security world, one of my research questions posed in social engineering is why reading a diverse array of topics is beneficial to the social engineer, be it something they are passionate about or not. In building upon last year’s presentation at DefCon24's Social Engineer Village by Tomohisa Ishikawa: “Does Cultural Differences become a barrier for social engineering?” cultural differences presented by different countries place emphasis on different genres; therefore, what one person from a certain country holds dear, the other may not. Therefore, your pretexts and elicitation's and the support required must be able to adapt. I have found this to be true. Reading like a renaissance individual (knowledgeable on a variety of topics but not ameliorates this challenge. The answer came from attending the Advanced Practical Social Engineering (APSE) bootcamp in 2016 and a self-reflection; all the reading I loved and hated as a child and as an adult has given me an extensive web to build rapport through as a social engineer. In my talk, I would like to discuss how to develop a strategy and which areas to focus on so you would be available to navigate even through the ‘darkest of waters’ and the ‘coldest of individuals’
Daniel West (@reaperb0t) The Homeland of Things (HoT) Framework
During 2016, we witnessed the resiliency of our adversaries as they transitioned from zombifying personal computers to zombifying vulnerable and easily accessed IoT nodes with the Mirai botnet. As an informed American citizen, you likely follow best practices for securing your personal computers, but when was the last time you updated the firmware on your wireless router or smart toilet? As a cybersecurity professional, what procedures will your company or government agency follow to detect and mitigate the compromise of IoT devices within your organization? As a Nation, we must greatly improve our ability to handle the growing prevalence and risks of the IoT within our homes, the varying levels of government, industry, and academia. We must prevent our adversaries from harnessing the power of our IoT devices to attack critical infrastructure.
Alek Rollyson (@0x2623) Automating Event Log Production and Testing for SIEM Detection
When handling a large amount of detection input with limited resources, automation and proper reproducible testing is key to staying on top of the pile of signature fodder that keeps heading your way each and every day. One of the biggest struggles with nimble SIEM detection development is quickly and easily producing event logs to use as positive and negative test cases for detection content. In this session I'll talk about how our team’s testing methodology works, how our techniques could be applied generically to any SIEM, and the tools we have developed (two of which we'll be releasing to all of you) to facilitate event log production in the land of “Logs or it didn’t happen”.
Ernest "Cozy Panda" Wong The Next Big Idea for Cyber Innovations--A Framework to Drastically Improve Cyber Defense (and Offense) Capabilities
Innovation is critical to improvements within our society and is a key component in the cyber domain. The growth of the Internet means that the tools for operating in cyberspace are constantly evolving. It has often been said, however, that the only innovation regarding cyber warfare is in offensive cyber operations. So where is the innovation for the defense? To defend cyberspace against our adversaries, is there sufficient defensive innovation taking place? And if such innovation is indeed happening, why does it seem as though attackers always seem to be several steps ahead of defenders? This presentation begins with an examination of four distinct types of innovation—breakthrough, disruptive, incremental, and sustaining.
Monica Jain (@mjainstanford) Removing haystacks to find needles - playing to our strengths
We all have been fighting the cyber war with SIEMs to detect all the known attacks. In reality, the attack landscape is changing everyday and we cannot predict all possible attacks ahead of time. As security experts we know our environment better than any attacker out there. We cannot ever possibly know all the bad things that have crawled into our environment, however, we certainly know about all known good things in our environment. Come learn about how we can put that knowledge into play and change the game from finding the ‘Needle in A HayStack’ to ‘Removing Haystacks to Find Needles’ with some real world customer case studies.
Sponsors:
Our In-Kind Sponsors, providing us with contest prizes, and raffle give-away's.
Event Recording:
Events:
Lock Picking Village
FALE (@lockFALE) came together around a common idea of general curiosity and persuasion of the public’s “right to know”. Formally founded in early 2010, the individuals involved in the initial organization already had a history in and love for the practice of locksport and of having a better understanding of the mechanisms we rely on so heavily to keep us secure. Beginning with four members meeting monthly, we have quickly progressed to bi-monthly meetings. We talk locks, picks, general security and a smattering of other topics when meeting, all towards the end of a better knowledge of and ability to communicate the effectiveness (or lack thereof) of so many security measures in place in current society. We hope that through these conversations and our efforts publicly we will help to educate the larger community on the proper use and understanding of locks and security measures encountered daily.
NetWars: CyberCity
NetWars CyberCity, is designed to teach warriors and infosec pros that cyber action can have significant kinetic impact in the physical world. As computer technology, networks, and industrial control systems permeate nearly every aspect of modern life, military, government, and commercial organizations are realizing an increasing need for skilled defenders of critical infrastructures. We engineered and built CyberCity to help organizations grow these capabilities in their teams.
CyberCity is a 1:87 scale miniaturized physical city that features SCADA-controlled electrical power distribution, as well as water, transit, hospital, bank, retail, and residential infrastructures. CyberCity engages participants to defend the city's components from terrorist cyber attacks, as well as to utilize offensive tactics to retake or maintain control of critical assets.
Read more HERE
|
|
Comments (0)
You don't have permission to comment on this page.