Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, March 11
 

4:00pm

DOT NET Advanced Malware Development Live off the rich fertile land, and profit
In the age of machine learning enabled Endpoint Defense and Response solutions, and increasing usage of application whitelisting, Penetration Testers have been forced into creating new methods of delivering malware for initial command channel access and more. The Microsoft DOT NET Framework has been an enormous advance for developers with a rich API, and powerful C#, and other DOT NET programming languages.  Modern Windows operating systems must have the DOT NET framework installed for many normal operations making the DOT NET framework an attractive target for penetration testers, and attackers alike.

This talk will walk through how a penetration tester can use the C# language to develop a DOT NET assembly (DLL) designed to deliver shellcode into memory on a Windows system.  The talk will cover aspects of the necessary API calls into kernel32.dll, and describe how to build an MSBUILD XML file in order to evade whitelisting solutions.  Attendees of the talk should preferably have some familiarity with the C# programming language.  Techniques mentioned will include shellcode residing in the same thread, versus injecting into a remote process.

Speakers
avatar for Joff Thyer

Joff Thyer

Joff Thyer has been a penetration tester and security analyst with Black Hills Information Security since 2013. Prior to joining the InfoSec world, he had a long career in the IT industry as a systems administrator and an enterprise network architect. He has an Associate’s in Computer... Read More →


4:55pm

Backdoors and Breaches!
Speakers
avatar for John Strand

John Strand

Black Hills InfoSec
John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20... Read More →


 
Thursday, March 12
 

8:30am

Welcome to WWHF
Speakers
avatar for John Strand

John Strand

Black Hills InfoSec
John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20... Read More →


9:00am

Keynote - Time Travel and GPS F*ckery
Ships being sent off course; altering fines and tariffs; early prisoner release and tracking avoidance; cargo location obfuscation; missile redirection.  These are just some of the implications of being able to manipulate time and location signals.  We saw the need for a crowd sourced data project so we created a field deployed system designed to detect deviations in time and location signals.  In addition, we built a project so that everyone can deploy these sensors and help propagate a large enough data sample to identify anomalous time and location signals.



Speakers
avatar for Mike Poor

Mike Poor

InGuardians
Mike Poor, as one of the original founders, has been with InGuardians since its inception in 2003. As President, he primarily guides the vision of the company and acts as an insightful consigliere when the chips are down. As a Senior Security Analyst, he conducts large scale breach... Read More →
avatar for Larry Pesce

Larry Pesce

InGuardians
Larry Pesce graduated with a Bachelor of Computer Information Systems in 2006, and has worked professionally as Senior Managing Security Analyst with InGuardians since 2013 and as the Director of Research since 2015. His history with hardware hacking began with the family TV when... Read More →


10:00am

How to Build a High-Performing Red Team
What are the habits of a highly successful red team? How much do TTPs or a team’s talent level contribute to their overall effectiveness? This talk will examine the actions that separate high-performing red teams from the competition. The speakers will share practical red team methods developed through their careers as offensive security consultants, along with insights from leaders in the infosec industry. They’ll connect observations from recent publications on the topic with the lessons learned from their previous careers on other high-performing, high-stress teams -- one as a Marine and the other as a professional baseball player.  This talk will highlight how effective teams are architected, the challenges of remote work, engagement planning and execution, practical tips for effective communication, and the importance of team cohesion when pursuing a mission. Attendees will walk away with action items they can take back to their organizations and start implementing immediately.

Speakers
avatar for Tom Porter

Tom Porter

Tom Porter (@porterhau5) started his professional career as a baseball player with the San Diego Padres organization. In 2010, he switched careers and began writing netflow analytics for a DoD-based blue team, eventually pivoting to a role as an offensive security consultant for the... Read More →
avatar for Patrick Fussell

Patrick Fussell

Patrick Fussell (@capt_red_beardz) transitioned from the Marine Corps to Information Assurance in 2011, eventually taking on a role as a jack-of-all-trades Security Analyst. From there his roles became more specialized, shifting from penetration testing consultant to his current role... Read More →


10:00am

10:00am

Capture the Flag
Information for Capture the Flag: 

Registration Info
To join the CTF, create an account at https://metactf.com/, verify your email, and join the event called “Wild West Hacking Fest 2020 CTF (Virtual)” from the dashboard using the code "waywest". Teams are limited to 4 people, and participants must be registered for the conference. The CTF will run from 10am to 7pm on Thursday and 10am to 5pm MST on Friday.
Support
Announcements and support (questions about CTF challenges, etc.) will be done through the WWHF Discord on the #metactf channel. For general questions and clarifications about problems, feel free to post directly in the channel. For more specific questions about problems (that might reveal something about the solution), please request a 1-on-1 for a specific problem, and one of the CTF admins will contact you via DM to discuss it in more detail.

Thursday March 12, 2020 10:00am - 7:00pm
TBA

11:00am

New Speaker Workshop
Speakers
avatar for Kellon Benson

Kellon Benson

Kellon Benson began IT work at his university’s Help Desk as a student and shortly after became an intern in the Information Security Department. Soon he was a full-time security analyst where responsibilities included DFIR, network security monitoring, risk assessment and security... Read More →


11:00am

12:15pm

30 minute Demo Presentation - Edgewise
The recent MechaFlounder was a backdoor attack linked to Iranian threat actors who targeted Turkish entities. Similar Python-based backdoor attacks have managed to evade traditional network security defenses and propagate inside their target environments. Peter Smith, Founder and CEO of Edgewise, demonstrates the attack and how it can be stopped with zero trust security:
- Why network address-based defenses alone cannot prevent attack propagation and lateral movement of Python-based attacks
- Why protection based on software-identity verification (zero trust security) can stop such attacks
- How Purple teams can collaborate more effectively with a shared visualization and understanding of application topology and attack pathways to targets


Speakers
avatar for Peter Smith

Peter Smith

Edgewise
Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure... Read More →


1:00pm

Building Functional C2 with Azure
 Building out command and control has seen multiple iterations over the years. The original build-out that most attackers utilized involved obtaining access to a server (via compromise or purchase) to use for C2 in addition to leveraging a domain to direct all traffic to an endpoint they control. Attackers, and the offensive security community, have expanded their arsenal and have started to use cloud services via domain fronting to hide their C2 traffic within legitimate web services. However, defenders have been also been developing their own techniques to detect these techniques.
 
As with any cat and mouse game, attackers will continue to innovate. Microsoft Azure has functionality beyond CDN access and virtual machines. Specifically, Microsoft Azure also has “Azure Functions” that allow a user to execute “serverless code” when a specific action, or trigger, occurs. We’ve developed a method to use Microsoft Functions to be a middle-man for command and control. Azure Functions not only allows remote access tools to authenticate to a C2 server, but Functions also hides all traffic between the RAT the C2 server itself.
 
Azure Functions offers similar benefits to domain fronting and doesn’t require the server resources that an Apache or IPTABLES based redirector needs. Attendees will walk away from this talk with an understanding of how Azure Functions can be repurposed for command and control by an attacker using legitimate cloud services.


1:00pm

Casting with the Pros: Tips and Tricks for Effective Phishing
Phishing seems easy enough, but getting successful results can be difficult. In this talk we'll walk through practical tips for getting better responses. We'll talk about target selection, ruse development, technology deployment, methods for bypassing defenses, and suggestions for working with clients to maximize the value of a phishing assessment.

Speakers
avatar for Nathan Sweany

Nathan Sweany

Secure Ideas
Nathan Sweaney works for Secure Ideas testing pens and consulting clients. He's been in the infosec industry for awhile working with a wide range of clients and technologies. He's regularly told that he takes all of the fun out of things and is eager to argue about politics and religion... Read More →


1:00pm

Sold Out! Workshop - Threat Hunting Using DNS
Thursday March 12, 2020 1:00pm - 3:00pm
TBA

2:00pm

Adversarial Emulation with The C2 Matrix
Open source tool release and updates: this is information for the community and a call to action! We have created an open-source C2 evaluation framework so that teams can easily determine what’s the best tool for penetration testing/red teaming particular scenarios. We’ll talk through why we built the framework, the components (server/agent languages, team vs user types, communication channel coverage, operating systems, capabilities, and support), the decision matrix (a workflow tool we call Ask the Matrix to help you sift through the data for what you need) and how to emulate an adversary (to be announced) across multiple frameworks highlighting the pro’s / con’s of each: infrastructure setup and host/network emulation. 

Speakers
avatar for Jorge Orchilles

Jorge Orchilles

At an early age, Jorge Orchilles was not just playing video games, but looking for ways to push technology boundaries. “I overclocked my CPU and hacked GTA2 for the cars to be faster,” he says.Jorge started his infosec career in 2001 and today leads the offensive security team... Read More →
avatar for Bryson Bort

Bryson Bort

SCYTHE
Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute... Read More →


Thursday March 12, 2020 2:00pm - 2:50pm
Track 2

2:00pm

Hacking Dumberly Redux: More Dumberer
Tim Medin discusses the dumbest red team tricks and hacks encountered over the years. We are going to take the A out of APT (again), because so few attackers really need to use advanced techniques. We'll also discuss the simple defenses that make an attacker's life much more difficult.

Speakers
avatar for Tim Medin

Tim Medin

Red Siege
Tim Medin is the founder and Principal Consultant at Red Siege. Tim is also a Principal SANS Instructor, the SANS MSISE Program Director and a SANS course author. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies... Read More →


3:00pm

Airplane Mode: Cybersecurity @ 30,000+ Feet
Imagine being in charge of a system where you own the product. You do not own the software and the hardware is proprietary. You need to coordinate with multiple vendors for any updates or modifications and you’re under strict government regulation. By the way, the product has a lifespan of 20 - 30 years. Welcome to the world of aviation cybersecurity, where safety and security live together. At a high level, this presentation will cover what is aviation cyber security, the unique challenges it represents and why the industry is captivating.    

Speakers
avatar for Olivia Stella

Olivia Stella

Olivia Stella is a senior aviation cybersecurity analyst for American Airlines. In her current role, she focuses on aviation security and vulnerability management including pen testing and coordinated disclosure. She has over ten years of experience in software development and information... Read More →


3:00pm

Labours of Hercules: Be Like Phil
Professional burnout and finding skilled people are two major problems facing the security industry, and these two issues are just making each other worse. But we can fix this! Looking to how the Greek hero Phil(ictetes) trains Hercules, we can find ways to implement his rules to improve ourselves, our industry, and others!  

In this talk, Kevin Johnson of Secure Ideas will walk attendees through some of the reasons for the skills gap and why it causes burn out. He will then discuss various methods to build apprenticeship and mentoring programs to build out our organization’s and coworkers’ knowledge. Learning from Phil will enable us all to be the hero in our world.

Speakers
avatar for Kevin Johnson

Kevin Johnson

Secure Ideas
Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions... Read More →


3:00pm

Workshop - Advanced Cubicles and Compromises
Thursday March 12, 2020 3:00pm - 5:00pm
Porthole

4:00pm

Hacking Humans: Using OSINT to put together Social Engineering Scenarios that Actually Work
People give little thought to the "scraps" of information that they leave scattered around the web. Even worse, when an attacker approaches them and uses these bits of information against them, they fall for it too often. In this talk, we teach how to use the internet and freely available information to craft perfect social engineering attacks. We have used these very tactics to compromise employees as high-level as corporate VPs with 2FA in place! After showing how to create these social engineering scenarios and dupe victims, we show how security professionals can train their clients to beware of the data they leave so that they are aware of attackers intents. After all, changing the tide is what it's all about. Attendees will take away: a better understanding of where and how to find intel for social engineering, tactics for creating scenarios that seem super legitimate, and tips for training their clients post-engagement how to not repeat the same mistakes.  

Speakers
avatar for William Price

William Price

CyberX
William Price is a penetration tester and the founder of CyberX Cybersecurity Solutions. After performing countless penetration tests and seeing the immense budgets that organizations have for cybersecurity, he realized that SMBs are often overlooked. He decided to found CyberX to... Read More →


5:00pm

Mapping and testing your network to ATT&CK with free tools
Showing how easy it is to map and test your network defenses to the Mitre ATT&CK frame work only using free open source tools. Also creating colorful diagrams and graphs for management.

Speakers
avatar for Wade Wells

Wade Wells

One man purple team


5:00pm

Not Just Evil: Hacking Mainframes with Network Job Entry
The year was 2015 and i just watched a developer submit a job on a test LPAR and run the job in production. I was flabbergasted, how could one submit a job and have it run on another mainframe with out authentication? I was informed it was Network Job Entry and since that moment I made it my mission to completely understand this protocol and how you can use it to break mainframes.  Network Job Entry is how mainframes talk to one another and submit jobs between each other. You can use to manage other mainframes or submit jobs and transfer files. But what if we can pretend to be a mainframe with python? This talk will go in to a deep dive about the protocol, vulnerabilities within it, how you can use it to attack your own mainframes and how IBM is a bunch of tricky tricksters who change protocols silently so your nmap script stop working (true story). This talk will cover JES2, JCL, SNA, Network Job Entry, vulnerabilities, and how you can secure your setup. A python library will be discussed and multiple new tools using that library will be released.  

Speakers
avatar for Phil 'Soldier of FORTRAN' Young

Phil 'Soldier of FORTRAN' Young

Philip Young, aka Soldier of FORTRAN, is a leading expert in all things mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, BlackHat and keynoting at both SHARE and GSE Europe, he works very hard to teach and show how easy it is to red... Read More →


5:25pm

Overcoming Layer 8 Control Failures: Engaging your staff in the fight against cyber criminals
So you think you can stop the attackers? Guess what? You can’t, at least not alone. Even the best coders, hackers, or computer geeks don’t stand a chance protecting their company alone. The soft-skills required for running a successful and engaging security program are too often overlooked.

 Being able to engage with all levels of staff at your company will launch your security program to the next level. After implementing the processes Sean describes your security team will grow to include every employee in the Company. Bridging the gap between security experts and the rest of the staff shouldn’t be so painful. Stop being the “Department of No” and learn how to secure your company without making enemies.

Speakers
avatar for Sean Goodwin

Sean Goodwin

Sean is a Supervisor in Wolf’s Information Technology (IT) Assurance Services group where he is responsible for coordinating and executing cybersecurity and IT audit services at client locations for financial, healthcare, educational, and investment planning clients. Sean leads... Read More →


 
Friday, March 13
 

9:00am

Credential Stuffing: Identifying and fixing your exposure
Each of us only memorizes a few passwords. Most of your company's employees don't use password managers. Sites get breached. These three statements mean attackers can often get your employees' passwords from other sites (like LinkedIn) and re-use them against your organization to walk in the front door. This talk will define credential stuffing, walk through an example realistic attack, then discuss how you can safely check your own company's exposure and eliminate this risk.  

Speakers
avatar for Jeff McJunkin

Jeff McJunkin

Jeff McJunkin is the founder of Rogue Valley Information Security, a consulting firm specializing in penetration testing and red team engagements. Jeff has a long background in systems and network administration that he leveraged into web and network penetration testing, especially... Read More →


9:00am

Web Hacking: Beyond alert('XSS Found')
From bug bounties to network pen tests, web applications are often the perimeter in many enterprise environments. Understanding how these applications work and interact with their backend is instrumental in being successful in your assessments. In this talk I'll walk through a real exploit path (applications, names, and code changed to protect responsible disclosure) used in a personal bug bounty report, and more than one network penetration tests. We'll chain multiple vulnerabilities together, do quick win code analysis, and even use Local File Include (LFI) for more than just dumping /etc/passwd.

Speakers
avatar for Derek Rook

Derek Rook

Derek is an industry veteran with over 15 years of experience spanning systems administration and engineering, web development, security engineering, and offensive security. In the office, he devotes his time to building and running an internal offensive security practice. Out of... Read More →


9:00am

Capture the Flag
Information for Capture the Flag: 

Registration Info
To join the CTF, create an account at https://metactf.com/, verify your email, and join the event called “Wild West Hacking Fest 2020 CTF (Virtual)” from the dashboard using the code "waywest". Teams are limited to 4 people, and participants must be registered for the conference. The CTF will run from 10am to 7pm on Thursday and 10am to 5pm MST on Friday.
Support
Announcements and support (questions about CTF challenges, etc.) will be done through the WWHF Discord on the #metactf channel. For general questions and clarifications about problems, feel free to post directly in the channel. For more specific questions about problems (that might reveal something about the solution), please request a 1-on-1 for a specific problem, and one of the CTF admins will contact you via DM to discuss it in more detail.

Friday March 13, 2020 9:00am - 3:00pm
TBA

10:00am

Don't Cross The Streams: The battle over the DNS Control-Plane
DNS-over-HTTPS and DNS-over-TLS have become charged topics of discussion between network operators, browser companies, and public recursor operators. It is worth discussing how both of these technologies differ, and how they work with or fight against the existing network infrastructure approaches. This talk will include a discussion of the privacy, security, network management, and performance aspects of these alterations to Internet name-service.

When I talk to average Internet users, I am not surprised by how many have never heard about DOH or DOT. But I am routinely amazed by how many of our Internet Security peers have barely given the topic much thought. This presentation is meant to spur debate, so more people will start making informed decisions, rather than just blindly accepting their browser or operating system defaults.

Speakers
avatar for Daniel Schwalbe

Daniel Schwalbe

Daniel Schwalbe is Deputy Chief Information Security Officer and Director of Product Engineering for Farsight Security, Inc. He is a veteran information security professional with 20 years of experience leading incident response and digital forensics efforts in large enterprise settings... Read More →


10:00am

Workshop - How To Create How To's
Friday March 13, 2020 10:00am - 12:00pm
TBA

11:00am

Breaking into Banks Like a Boss
Is your money safe? Are the movies real? Can you dodge lasers, sneak through vents, and dress in disguise to steal millions of dollars? Yes. Yes, you can. Let me show you how I broke into banks with billions of dollars on the line through social engineering and bypassing physical security.

Speakers
avatar for Brice Self

Brice Self

Rendition InfoSec
Brice Self is a Cyber Security professional, specializing in physical security, social engineering, wireless (802.11) security, incident response, malware analysis and digital forensics. Prior to joining Rendition InfoSec, Brice proudly served in the U.S. Navy where he acquired his... Read More →


11:00am

Patching your Security Team Vulnerabilities
We are all well aware of the security skills gap and how difficult it is to recruit experienced cyber security staff but many companies don’t put the same effort into retaining and investing in to the team they already have...... it’s time to stop trying to fill your leaky bucket.  In this presentation we are going to dive into ISACAs “State of Cybersecurity 2020” research which was released last month.  You will leave this talk with actions points that will help you identify and remediate the most common issues we see.

Speakers
avatar for Kris Rides

Kris Rides

Kris has been working in technical staffing for over 20 years and is Founder and CEO of Tiro Security, a cyber security staffing and professional services firm over 7 years ago.   He also recently founded a staff retention software and services company, kmute.  Kris is the current... Read More →


12:00pm

30 Minute Demo Presentation - Plextrac
PlexTrac is a productivity tool for information security professionals, created to save time and enhance standardization throughout the process of risk identification. In this demonstration, we will show how PlexTrac streamlines three critical functions:
- Reporting: Born as a tool to help penetration testers write reports faster, PlexTrac eliminates the copy/paste and generation of new narratives that add hours to the report writing process. Seamless integration with the built-in Writeups Database helps both consultancies and enterprises deliver a high-quality, consistent report experience in a fraction of the time required for manual report generation.
- Remediation: In-platform collaboration tools make it easy for red teams and blue teams to collaborate in real-time. No longer do customers need to wait until report delivery to begin remediating critical vulnerabilities in their environment - and they have access to the information security professionals who are generating the findings while the flaws are still being uncovered and documented.
- Attestation: Advanced analytics provide the ability to either instantly gain a broad understanding of your risk environment or drill down into where you may be vulnerable to the threat de jour. Tagging at multiple levels allows users to normalize their data in ways that provide the most value for their environments. Instead of consuming pre-built dashboards, leaders can easily select the information that they need to make informed resource decisions.


Speakers
avatar for Shawn H. Scott, CISSP, PMP

Shawn H. Scott, CISSP, PMP

PlexTrac
Shawn Scott is an accomplished cyber security leader focused on enhancing organizations’ defenses against the pervasive attacks from criminal and nation-state actors. Shawn understands that these threats are an enduring part of the modern business environment and assists clients... Read More →


12:30pm

30 Minute Demo Presentation - Guardicore

The Guardicore Centra Security Platform makes visualizing and securing on-premises and cloud workloads fast and simple. It creates human-readable views of your complete infrastructure – from the data center to the cloud – with fast and intuitive workflows for segmentation policy creation, breach detection and incident response capabilities.

Visibility- Centra automatically discovers applications and flows, including process-to-process communications, and creates contextual maps that make understanding activity and creating policies simple.
Application Dependency Mapping- Centra correlates network- and process-level activity and shows you how applications communicate with and depend on other IT resources
Prevent Lateral Movement- Control east/west traffic to reduce your data center and cloud attack surface
Protect Your Digital Crown Jewels- Blanket the applications that matter most to your business with precise security controlsSimplify and Accelerate Compliance- Isolate systems that are subject to regulatory requirements simply and effectivelyAdopt Cloud and PaaS SecurelyImplement infrastructure- Reduce complexity with agnostic security policies that work consistently across legacy bare metal servers and all forms of cloudInnovate Faster- Integrate security with application development without time-consuming software changes, infrastructure changes, or downtimeDetect and respond to threats quickly- Centra’s integrated threat detection and response capabilities include reputation-based detection, file integrity monitoring, and deception. Possible breaches and lateral movement are detected quickly, and security operations teams receive actionable information and guidance.

Speakers
avatar for Trevor Metzger

Trevor Metzger

Trevor Metzger is a Senior Sales Engineer at Guardicore and works with customers across a wide range of industries. Trevor is a 25 year IT and information security veteran with deep experience in network engineering, architecture, and security operations. Prior to joining Guardicore... Read More →


1:00pm

Avionics Primer for Hackers
I have worked on avionics systems for multiple air frames for 18 years.  I have noticed an alarming trend.  A disregard for security.  My talk is a call to action for the info-sec community to help us all solve the security issues contained within avionics before something bad happens.

Speakers
avatar for Nicholas Childs

Nicholas Childs

Nicholas is an aircraft avionics technician with over 18 years aircraft maintenance experience across multiple platforms including KC-135, B1 bombers, 737s,  L10-11s, C-17s, C-5s and C-141s. He is licensed as Sec+ and FCC GROL Radar.  After a position as an AD administrator on the... Read More →


1:00pm

Hack the planet (or saving the world one hacker at a time!)
I’ve had some interesting adventures in my twenty-or-so years as a professional hacker and INFOSEC dude, and I’ve learned quite a few things about the hacker community. In this talk, I’ll share some of the valuable insights I’ve gained about why the hacker community is unique, valuable and worth fighting for. I’ll also talk about the good that’s going on in the hacker community and show you lots of different ways you can get involved.

Speakers
avatar for Johnny Long

Johnny Long

Johnny Long spent his career as a professional hacker. He has penetrated and subsequently secured some of the world’s most securely government, military and corporate networks and facilities and is currently a senior staff member at Offensive Security. He is the author of numerous... Read More →


2:00pm

CitiZen Cyber SkillZ for Public Service and Great Justice…
Love the cyberz, but your netcat skills are closer to butter knife than Swiss Army knife? Love being the packet, but that pre-bitmasking hydration is still a little rusty? Love CTFs, but can’t get to the bank (of coins)? That was me - I was devastated when I realized I'd never be Hax0RtheSkoudis, but I found a way to give back to the community anyway - maybe it’ll work for you!

The State of Michigan has created a Civilian Cyber Corps to address the uneven distribution of cyber need and talent (and to have fun ;) ). Qualified citizens can be part of a team who will address incidents within the state, initially for local and regional government entities. Applicants must have a basic security certification and pass a criminal background check. Regular training and assessment is provided, and there are ample opportunities to collaborate with peers. The team reports to the State CISO. Training, exercises and response activities are coordinated with the State Police, and the Air and Army National Guard. Other states are now examining this as a model for their initiaties; Come hear why!



Speakers
avatar for Ray Davidson

Ray Davidson

Ray Davidson, PhD served as dean at the SANS Technology Institute during its founding,and now leads the Michigan Cyber Civilian Corps, which is currently the only completely civilian, state sponsored team of incident responders in the country. He continues to serve as a mentor, subject... Read More →


2:00pm

I really wanna hear you say… ‘I threat hunt thaaat way.’”
If you’re still threat hunting like it’s 2011, you might be finding it about as fresh as yogurt left out in the desert from when the Backstreet Boys were still topping the charts. Yeah, IoCs can be interesting, but the very term itself describes fragmented historical activities that need to be pieced together in order to work out what the hell happened.       Outdated threat hunting procedures hold your security program back – both in the time it takes to seek out attacker behaviors, and the level of effort involved to ascertain whether or not the horse has indeed bolted.    In his talk, Andy will explain how to modernize and galvanize your threat hunting program, putting you in better stead to detect attacks earlier in the chain. He promises not to sing.    Audience Takeaways: Recognizing the gaps in traditional threat hunting Understanding of the tactics, techniques, or procedures (TTPs) of threat hunting Pairing TTPs with data analytics How to find unknown anomalies

Speakers
avatar for John DiFederico

John DiFederico

John DiFederico is a lover of all things technology, but cybersecurity is his passion and the sole focus of his career. Currently serving as the Sales Engineering Manager at Exabeam, he works first hand with customers struggling to fully operationalize SIEM technologies. Prior to... Read More →


2:00pm

Sold Out! Workshop - Offensive WMI
Friday March 13, 2020 2:00pm - 4:00pm
TBA

3:00pm

Help Me Help You Hurt Yourself (it's for your own good)
Many times as Consultants to clients external to our business, we are put into a unique position where we are to inflict damage to the business yet keep a clear line of communication with the client in an open an engaging manner. Sometimes, more often than not, this open dialogue proves difficult due to:
• Feelings as a tester that the test should be 100% Black Box
• The client is not willing to divulge information
• ?
Having this open dialogue can help to have more robust test results that are better for both the tester and the client.
This talk does a dive into examples and issues that have been experienced in real world scenarios to help achieve this type of dialogue.
Note: This does not apply to Red Team assessments.

Topic 1: Where are the crown jewels?
Topic 2: Limiting risk by creating open dialogue.
 Topic 3: F*@%ing with your Offensive Consultant is a CVSS of 11.

Speakers
avatar for Michael Aguilar @Dataclast

Michael Aguilar @Dataclast

I break into things and I love what I do. I work for Secureworks Adversary Group and love researching new and inventive ways to do interesting things at work. I also love analyzing Medical Devices for security flaws.


3:00pm

Security is Not a Game, the Game
Games that reproduce information security environments can often go beyond abstract cyberpunk/hacker veneers to teach actual skills related to information security. This will be a journey from "hacking" video games to solving capture-the-flag puzzles online and preparing for live games.

This is a talk intended for new practitioners and people who want to get started in security and are looking for safe, fun ways to do so.

Speakers
avatar for Rachel Rawlings

Rachel Rawlings

Rachel Rawlings is a Linux system administrator for Penn Medicine. Though not a "security pro," she's a big fan of red team games and hopes to become as good at using lockpicks as crochet hooks.  Rachel has written about IT-related entertainment for womensvoicesforchange.org; and spoken at the Philadelphia Linux User Group, Central Pennsylvania Open Source Conference, IcingaCamp, and FOSSCON. Her twitter handle is @linuxandyarn... Read More →


3:25pm

Quickstart Guide to MITRE ATT&CK - the Do's and Don'ts when using the Matrix
Given the increasing awareness and use of the MITRE ATT&CK Matrix as a common language between Red Teams, Blue Teams, and Executives, a growing number of organizations are utilizing the framework in inappropriate ways. This talk will provide the audience with a very fast, yet very practical, overview of ATT&CK; as well as how it is being utilized well, and not-so-well, in the industry. From periodic tables, to minesweeper. From CALDERA to Atomic Red Team. We will go over a list of the do's and don’ts to get the most value from the ATT&CK Matrix.

Speakers
avatar for Adam Mashinchi

Adam Mashinchi

Adam is SCYTHE’s VP of Product Management where he leads the project management, design, and quality assurance departments. Before SCYTHE, Adam defined and managed the development of enterprise security and privacy solutions with an emphasis on usable encryption at a global scale... Read More →


4:00pm

Hunting Software Vulnerabilities without Reversing
Too often, those without reverse engineering skills are dissuaded from hunting vulnerabilities. While a deep level of technical depth is needed for advanced binary exploitation (use after free, heap overflows, etc), there's plenty of attack surface left for the rest of us. In his last WWHF talk, Jake shared techniques for privilege escalation that mostly rely on poorly configured software. In this next installment, he's diving deeper into poorly built software and showing you how you can use simple tools to assess the security of third party and custom applications - no reverse engineering skills are required!

Speakers
avatar for Jake Williams

Jake Williams

Rendition InfoSec
Jake Williams is an accomplished infosec professional with almost two decades of industry experience. After spending more than a decade in the US Intelligence Community performing various missions in offensive and defensive cyber, Jake founded Rendition Infosec where he leads a team... Read More →