Loading…
Attending this event?

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, March 11
 

3:00pm

Conference Registration - The Berkeley Steam Ferryboat
Wednesday March 11, 2020 3:00pm - 7:00pm

4:00pm

Hacking Dumberly Redux: More Dumberer
Tim Medin discusses the dumbest red team tricks and hacks encountered over the years. We are going to take the A out of APT (again), because so few attackers really need to use advanced techniques. We'll also discuss the simple defenses that make an attacker's life much more difficult.

Speakers
avatar for Tim Medin

Tim Medin

Red Siege
Tim Medin is the founder and Principal Consultant at Red Siege. Tim is also a Principal SANS Instructor, the SANS MSISE Program Director and a SANS course author. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies... Read More →


Wednesday March 11, 2020 4:00pm - 4:50pm
The Berkeley Steam Ferryboat

4:55pm

Let's talk about Backdoors and Breaches!
Speakers
avatar for John Strand

John Strand

Black Hills InfoSec
John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20... Read More →


Wednesday March 11, 2020 4:55pm - 5:30pm
The Berkeley Steam Ferryboat

5:30pm

Dinner on The Berkeley Steam Ferryboat
Dinner and cash bar

Wednesday March 11, 2020 5:30pm - 7:00pm
The Berkeley Steam Ferryboat

7:30pm

Karaoke and Open Mic with your WWHF - Host, John Strand
Cash Bar 

Wednesday March 11, 2020 7:30pm - 10:00pm
General Session
 
Thursday, March 12
 

7:30am

Registration
Thursday March 12, 2020 7:30am - 6:00pm
Hotel Foyer

8:30am

Welcome to WWHF
Speakers
avatar for John Strand

John Strand

Black Hills InfoSec
John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20... Read More →


Thursday March 12, 2020 8:30am - 8:50am
General Session

9:00am

Keynote - Time Travel and GPS F*ckery
Ships being sent off course; altering fines and tariffs; early prisoner release and tracking avoidance; cargo location obfuscation; missile redirection.  These are just some of the implications of being able to manipulate time and location signals.  We saw the need for a crowd sourced data project so we created a field deployed system designed to detect deviations in time and location signals.  In addition, we built a project so that everyone can deploy these sensors and help propagate a large enough data sample to identify anomalous time and location signals.



Speakers
avatar for Mike Poor

Mike Poor

InGuardians
Mike Poor, as one of the original founders, has been with InGuardians since its inception in 2003. As President, he primarily guides the vision of the company and acts as an insightful consigliere when the chips are down. As a Senior Security Analyst, he conducts large scale breach... Read More →
avatar for Larry Pesce

Larry Pesce

InGuardians
Larry Pesce graduated with a Bachelor of Computer Information Systems in 2006, and has worked professionally as Senior Managing Security Analyst with InGuardians since 2013 and as the Director of Research since 2015. His history with hardware hacking began with the family TV when... Read More →


Thursday March 12, 2020 9:00am - 9:50am
General Session

10:00am

Airplane Mode: Cybersecurity @ 30,000+ Feet
Imagine being in charge of a system where you own the product. You do not own the software and the hardware is proprietary. You need to coordinate with multiple vendors for any updates or modifications and you’re under strict government regulation. By the way, the product has a lifespan of 20 - 30 years. Welcome to the world of aviation cybersecurity, where safety and security live together. At a high level, this presentation will cover what is aviation cyber security, the unique challenges it represents and why the industry is captivating.    

Speakers
avatar for Olivia Stella

Olivia Stella

Olivia Stella is a senior aviation cybersecurity analyst for American Airlines. In her current role, she focuses on aviation security and vulnerability management including pen testing and coordinated disclosure. She has over ten years of experience in software development and information... Read More →


Thursday March 12, 2020 10:00am - 10:50am

10:00am

How to Build a High-Performing Red Team
What are the habits of a highly successful red team? How much do TTPs or a team’s talent level contribute to their overall effectiveness? This talk will examine the actions that separate high-performing red teams from the competition. The speakers will share practical red team methods developed through their careers as offensive security consultants, along with insights from leaders in the infosec industry. They’ll connect observations from recent publications on the topic with the lessons learned from their previous careers on other high-performing, high-stress teams -- one as a Marine and the other as a professional baseball player.  This talk will highlight how effective teams are architected, the challenges of remote work, engagement planning and execution, practical tips for effective communication, and the importance of team cohesion when pursuing a mission. Attendees will walk away with action items they can take back to their organizations and start implementing immediately.

Speakers
avatar for Tom Porter

Tom Porter

Tom Porter (@porterhau5) started his professional career as a baseball player with the San Diego Padres organization. In 2010, he switched careers and began writing netflow analytics for a DoD-based blue team, eventually pivoting to a role as an offensive security consultant for the... Read More →
avatar for Patrick Fussell

Patrick Fussell

Patrick Fussell (@capt_red_beardz) transitioned from the Marine Corps to Information Assurance in 2011, eventually taking on a role as a jack-of-all-trades Security Analyst. From there his roles became more specialized, shifting from penetration testing consultant to his current role... Read More →


Thursday March 12, 2020 10:00am - 10:50am

10:00am

10:00am

Escape Room
Thursday March 12, 2020 10:00am - 6:00pm
TBA

10:00am

Learn to Play Backdoor and Breaches
Thursday March 12, 2020 10:00am - 6:00pm
Embarcadero

10:00am

Capture the Flag
Thursday March 12, 2020 10:00am - 7:00pm
Porthole

10:00am

Hands-On Labs
Thursday March 12, 2020 10:00am - 7:00pm
Bay Room

11:00am

S1/E3.1
Speakers


Thursday March 12, 2020 11:00am - 11:50am
Track 2

12:15pm

30 minute Demo Presentation - Edgewise
The recent MechaFlounder was a backdoor attack linked to Iranian threat actors who targeted Turkish entities. Similar Python-based backdoor attacks have managed to evade traditional network security defenses and propagate inside their target environments. Peter Smith, Founder and CEO of Edgewise, demonstrates the attack and how it can be stopped with zero trust security:
- Why network address-based defenses alone cannot prevent attack propagation and lateral movement of Python-based attacks
- Why protection based on software-identity verification (zero trust security) can stop such attacks
- How Purple teams can collaborate more effectively with a shared visualization and understanding of application topology and attack pathways to targets


Thursday March 12, 2020 12:15pm - 12:45pm
General Session

1:00pm

Casting with the Pros: Tips and Tricks for Effective Phishing
Phishing seems easy enough, but getting successful results can be difficult. In this talk we'll walk through practical tips for getting better responses. We'll talk about target selection, ruse development, technology deployment, methods for bypassing defenses, and suggestions for working with clients to maximize the value of a phishing assessment.

Speakers
avatar for Nathan Sweany

Nathan Sweany

Secure Ideas
Nathan Sweaney works for Secure Ideas testing pens and consulting clients. He's been in the infosec industry for awhile working with a wide range of clients and technologies. He's regularly told that he takes all of the fun out of things and is eager to argue about politics and religion... Read More →


Thursday March 12, 2020 1:00pm - 1:50pm
Track 2

1:00pm

Workshop - Threat Hunting Using DNS
Thursday March 12, 2020 1:00pm - 3:00pm

2:00pm

Adversarial Emulation with The C2 Matrix
Open source tool release and updates: this is information for the community and a call to action! We have created an open-source C2 evaluation framework so that teams can easily determine what’s the best tool for penetration testing/red teaming particular scenarios. We’ll talk through why we built the framework, the components (server/agent languages, team vs user types, communication channel coverage, operating systems, capabilities, and support), the decision matrix (a workflow tool we call Ask the Matrix to help you sift through the data for what you need) and how to emulate an adversary (to be announced) across multiple frameworks highlighting the pro’s / con’s of each: infrastructure setup and host/network emulation. 

Speakers
avatar for Bryson Bort

Bryson Bort

SCYTHE
Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute... Read More →


Thursday March 12, 2020 2:00pm - 2:50pm
Track 2

2:00pm

DOT NET Advanced Malware Development Live off the rich fertile land, and profit
In the age of machine learning enabled Endpoint Defense and Response solutions, and increasing usage of application whitelisting, Penetration Testers have been forced into creating new methods of delivering malware for initial command channel access and more. The Microsoft DOT NET Framework has been an enormous advance for developers with a rich API, and powerful C#, and other DOT NET programming languages.  Modern Windows operating systems must have the DOT NET framework installed for many normal operations making the DOT NET framework an attractive target for penetration testers, and attackers alike.

This talk will walk through how a penetration tester can use the C# language to develop a DOT NET assembly (DLL) designed to deliver shellcode into memory on a Windows system.  The talk will cover aspects of the necessary API calls into kernel32.dll, and describe how to build an MSBUILD XML file in order to evade whitelisting solutions.  Attendees of the talk should preferably have some familiarity with the C# programming language.  Techniques mentioned will include shellcode residing in the same thread, versus injecting into a remote process.

Speakers
avatar for Joff Thyer

Joff Thyer

Joff Thyer has been a penetration tester and security analyst with Black Hills Information Security since 2013. Prior to joining the InfoSec world, he had a long career in the IT industry as a systems administrator and an enterprise network architect. He has an Associate’s in Computer... Read More →


Thursday March 12, 2020 2:00pm - 2:50pm
Track 1

3:00pm

Labours of Hercules: Be Like Phil
Professional burnout and finding skilled people are two major problems facing the security industry, and these two issues are just making each other worse. But we can fix this! Looking to how the Greek hero Phil(ictetes) trains Hercules, we can find ways to implement his rules to improve ourselves, our industry, and others!  

In this talk, Kevin Johnson of Secure Ideas will walk attendees through some of the reasons for the skills gap and why it causes burn out. He will then discuss various methods to build apprenticeship and mentoring programs to build out our organization’s and coworkers’ knowledge. Learning from Phil will enable us all to be the hero in our world.

Speakers
avatar for Kevin Johnson

Kevin Johnson

Secure Ideas
Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions... Read More →


Thursday March 12, 2020 3:00pm - 3:50pm
Track 1

3:00pm

Whoops. I accidentally helped start the offensive intel branch of a foreign intel service
When I left the service and the NSA I was offered a job that seemed waaaay to good to be true. Turns out it was. This talk will discuss how I came to work on the UAE's Project Raven, what signs I missed because I was being naive, and how other transitioning intelligence personnel can avoid making the same mistake.

Speakers
avatar for David Evenden

David Evenden

David Evenden is an experienced offensive security operator & analyst with 12 years of experience in the Intelligence Community where he learned Persian Farsi, worked at NSA Red Team and was a member of an elite international team operating in conjunction with coalition forces to... Read More →


Thursday March 12, 2020 3:00pm - 3:50pm
Track 2

3:00pm

Workshop - Advanced Cubicles and Compromises
Thursday March 12, 2020 3:00pm - 5:00pm
Coast Rooms

4:00pm

Breaking Through the Boundaries of Cyber Security Job Search Challenges
We’ve all heard the old adage that finding a job is a full time job, but who has the time? With the right insights and resources in hand, you can maximize your job search efforts, turning them into successes. This presentation offers tools to take expert control of your cyber security career, by leveraging the findings from my two industry surveys, which examine the challenges of job search and the impact of volunteering in your professional community. When asked if they know how to find a job, 45% of survey respondents said no. In order to combat this problem, I will explore my top methods to help professionals evaluate, refine, and improve their job search strategy. These parameters span personally reflecting to know what you want to do, to developing the right career search products, understanding the different types of recruiters, and learning to utilize the right avenues for self promotion and networking. Volunteering in your professional community offers vast opportunities for building an expanded industry network. This is vital to continuous job search success, as 79% of survey respondents reported the most common way they find jobs is by asking their network of friends. Thus you can greatly progress your career by actively engaging in the external community to network, gain experiences, and create opportunities for continued learning. While career progression is typically seen as education, certification, and job moves, we need to build both technical and non-technical skills in order to continually advance and market our ever-expanding abilities. Volunteering provides a venue to learn essential skills that fuel your career trajectory by developing qualities spanning leadership, persistence, time management, problem solving, and more. Though the challenges that job seekers face are not unusual, they can be overcome with the right tactics in hand. By applying the guidelines presented in this session, more individuals in the community will have the tools they need to embark on the road to success in their cyber security careers. Key Takeaways: 1. Attendees will leave with insights to overcome job search challenges, by leveraging volunteer efforts in the information security community. Through volunteerism, they stand to gain an enhanced skill set, invaluable professional experience, and an expanded industry network, providing connections that will support job search for a lifetime. 2. They will understand the value of volunteering to gain soft skills such as communication, teamwork, and project management, while also instilling and supporting leadership skills. 3. They will be able to apply successful practices for engaging current employers in support of their volunteer activities and how to also successfully share their volunteer efforts with recruiters and hiring managers during job search.

Speakers
avatar for Kathleen Smith

Kathleen Smith

Cleared Jobs
Kathleen Smith, CMO for CyberSecJobs.Com and ClearedJobs.Net, has coached thousands of job seekers and employers to achieve the mutual goal of employment. Kathleen presents at several conferences each year on recruiting and job search. Some of the conferences she has presented at... Read More →


Thursday March 12, 2020 4:00pm - 4:50pm
Track 1

4:00pm

Hacking Humans: Using OSINT to put together Social Engineering Scenarios that Actually Work
People give little thought to the "scraps" of information that they leave scattered around the web. Even worse, when an attacker approaches them and uses these bits of information against them, they fall for it too often. In this talk, we teach how to use the internet and freely available information to craft perfect social engineering attacks. We have used these very tactics to compromise employees as high-level as corporate VPs with 2FA in place! After showing how to create these social engineering scenarios and dupe victims, we show how security professionals can train their clients to beware of the data they leave so that they are aware of attackers intents. After all, changing the tide is what it's all about. Attendees will take away: a better understanding of where and how to find intel for social engineering, tactics for creating scenarios that seem super legitimate, and tips for training their clients post-engagement how to not repeat the same mistakes.  

Speakers
avatar for William Price

William Price

CyberX
William Price is a penetration tester and the founder of CyberX Cybersecurity Solutions. After performing countless penetration tests and seeing the immense budgets that organizations have for cybersecurity, he realized that SMBs are often overlooked. He decided to found CyberX to... Read More →


Thursday March 12, 2020 4:00pm - 4:50pm
Track 2

4:00pm

Photo Booth
Thursday March 12, 2020 4:00pm - 7:00pm
General Session

5:00pm

Mapping and testing your network to ATT&CK with free tools
Showing how easy it is to map and test your network defenses to the Mitre ATT&CK frame work only using free open source tools. Also creating colorful diagrams and graphs for management.

Speakers
avatar for Wade Wells

Wade Wells

One man purple team


Thursday March 12, 2020 5:00pm - 5:15pm
Track 1

5:00pm

Not Just Evil: Hacking Mainframes with Network Job Entry
The year was 2015 and i just watched a developer submit a job on a test LPAR and run the job in production. I was flabbergasted, how could one submit a job and have it run on another mainframe with out authentication? I was informed it was Network Job Entry and since that moment I made it my mission to completely understand this protocol and how you can use it to break mainframes.  Network Job Entry is how mainframes talk to one another and submit jobs between each other. You can use to manage other mainframes or submit jobs and transfer files. But what if we can pretend to be a mainframe with python? This talk will go in to a deep dive about the protocol, vulnerabilities within it, how you can use it to attack your own mainframes and how IBM is a bunch of tricky tricksters who change protocols silently so your nmap script stop working (true story). This talk will cover JES2, JCL, SNA, Network Job Entry, vulnerabilities, and how you can secure your setup. A python library will be discussed and multiple new tools using that library will be released.  

Speakers
avatar for Phil 'Soldier of FORTRAN' Young

Phil 'Soldier of FORTRAN' Young

Philip Young, aka Soldier of FORTRAN, is a leading expert in all things mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, BlackHat and keynoting at both SHARE and GSE Europe, he works very hard to teach and show how easy it is to red... Read More →


Thursday March 12, 2020 5:00pm - 5:50pm
Track 2

5:25pm

Overcoming Layer 8 Control Failures: Engaging your staff in the fight against cyber criminals
So you think you can stop the attackers? Guess what? You can’t, at least not alone. Even the best coders, hackers, or computer geeks don’t stand a chance protecting their company alone. The soft-skills required for running a successful and engaging security program are too often overlooked.

 Being able to engage with all levels of staff at your company will launch your security program to the next level. After implementing the processes Sean describes your security team will grow to include every employee in the Company. Bridging the gap between security experts and the rest of the staff shouldn’t be so painful. Stop being the “Department of No” and learn how to secure your company without making enemies.

Speakers
avatar for Sean Goodwin

Sean Goodwin

Sean is a Supervisor in Wolf’s Information Technology (IT) Assurance Services group where he is responsible for coordinating and executing cybersecurity and IT audit services at client locations for financial, healthcare, educational, and investment planning clients. Sean leads... Read More →


Thursday March 12, 2020 5:25pm - 5:40pm
Track 1

6:00pm

Annie Oakley's of Hacking Reception
Thursday March 12, 2020 6:00pm - 7:00pm
Loma Vista Terrace

6:00pm

7:00pm

Hiring Happy Hour
Thursday March 12, 2020 7:00pm - 8:00pm
Loma Vista Terrace
 
Friday, March 13
 

6:30am

Run With BHIS
Meet in the hotel lobby at 6:30am to run with BHIS! 

Friday March 13, 2020 6:30am - 7:30am
Hotel Lobby

9:00am

Credential Stuffing: Identifying and fixing your exposure
Each of us only memorizes a few passwords. Most of your company's employees don't use password managers. Sites get breached. These three statements mean attackers can often get your employees' passwords from other sites (like LinkedIn) and re-use them against your organization to walk in the front door. This talk will define credential stuffing, walk through an example realistic attack, then discuss how you can safely check your own company's exposure and eliminate this risk.  

Speakers
avatar for Jeff McJunkin

Jeff McJunkin

Jeff McJunkin is the founder of Rogue Valley Information Security, a consulting firm specializing in penetration testing and red team engagements. Jeff has a long background in systems and network administration that he leveraged into web and network penetration testing, especially... Read More →


Friday March 13, 2020 9:00am - 9:50am
Track 2

9:00am

Web Hacking: Beyond alert('XSS Found')
From bug bounties to network pen tests, web applications are often the perimeter in many enterprise environments. Understanding how these applications work and interact with their backend is instrumental in being successful in your assessments. In this talk I'll walk through a real exploit path (applications, names, and code changed to protect responsible disclosure) used in a personal bug bounty report, and more than one network penetration tests. We'll chain multiple vulnerabilities together, do quick win code analysis, and even use Local File Include (LFI) for more than just dumping /etc/passwd.

Speakers
avatar for Derek Rook

Derek Rook

Derek is an industry veteran with over 15 years of experience spanning systems administration and engineering, web development, security engineering, and offensive security. In the office, he devotes his time to building and running an internal offensive security practice. Out of... Read More →


Friday March 13, 2020 9:00am - 9:50am

9:00am

Capture the Flag
Friday March 13, 2020 9:00am - 3:00pm
Porthole

9:00am

Escape Room
Friday March 13, 2020 9:00am - 3:00pm
TBA

9:00am

Hands-On Labs
Friday March 13, 2020 9:00am - 3:00pm
Bay Room

10:00am

Inherit Cellular Insecurities in our Critical Infrastructure
This talk will focus on the dangers of cellular networks and the devices themselves that orchestrate and control the smart cities cameras, stop lights, and other cellular connected devices. Cellular networks play a vital role in providing network access for critical components that connect to the Internet. But what if the cellular network, and routers are vulnerable?

During the talk I will show you real undisclosed or "reserved CVE's" within the cellular routers themselves and the carrier's cellular networks. I will disclose the secrets that I can't publicly share, and talk in detail about bug chains, GSM/LTE Evil Twins, and other juicy findings that were uncovered during research into the components that run critical infrastructure.

In such a complicated closed source system with many possible deficiencies and vulnerabilities, as a community we need to acknowledge that adversaries will target cellular networks due to the ever expanding availability of inexpensive SDR’s, and Open source LTE frameworks. It is now easier than ever to cause disruption to cellular networks, man-in-the-middle mobile devices, and track cellular endpoints.

In summary, with such a complicated cellular threat landscape, this talk will focus on showing problems and providing solutions for devices that bridge the modern cloud’s technology stack and the critical devices connected in big cities. Solutions such as an RF IDS and IPS systems, that perform cellular based BTS and cellular attacks need to be considered in today's new RF world. New policies need to be created and enforced to ensure that our critical infrastructure is protected in our largest cities.

Summary of talk
1) Cellular History (Some Cellular Tech Basics)
2) Misconceptions and the reality of Cellular Security
3) Common HW Bugs and what to look for when assessing cellular endpoints
4) Penetration Testing Cellular Routers (Used in Critical Infrastructure)
5) Common Cellular Attacks (Rogue BTS, Jamming)
6) Techniques and Tools (SDR's, Antennas, etc)
7) The Cellular Landscape's Future, and 5G Technology
8) Solutions: WIPS/WIDS for Telephony/Cellular Access Points
9) More "Cell Talk" - Some time to talk about any open question(s).
10) Slide that has my contact info

Speakers
avatar for Adam Toscher

Adam Toscher

Adam Toscher has security and information systems infrastructure experience from twenty years of holding senior and principal level IT Systems engineering roles. In previous Information Technology roles he was the head of corporate infrastructure and has held high level engineering... Read More →


Friday March 13, 2020 10:00am - 10:50am
Track 2

10:00am

The Outer Limits
BGP Hijacking is a well-known method for redirecting traffic to attack infrastructure.  While actors have typically utilized attacks for providing MITM attacks for monitoring or hosting, their use of hijacking to provide alternative DNS answers is increasingly disturbing.  Farsight Security Distinguished Engineer Eric Ziegast will describe the techniques and how distributed active and passive DNS monitoring combined with BGP monitoring can add context during and after attacks.  After despairing yet again about the state of the current Internet, attendees will be provided steps toward resiliency. 

Speakers
avatar for Eric Ziegast

Eric Ziegast

Farsight Security, Inc. (Organization)
Eric Ziegast is a Distinguished Engineer with Farsight Security providing support in the founding of its Security Information Exchange and helping the security industry understand the usefulness of PassiveDNS.  He previously held operational, engineering, and architectural roles... Read More →


Friday March 13, 2020 10:00am - 10:50am
Track 1

10:00am

Tool Shed
Friday March 13, 2020 10:00am - 12:00pm
Embarcadero

10:00am

Workshop - Offensive WMI
Friday March 13, 2020 10:00am - 12:00pm

11:00am

Breaking into Banks Like a Boss
Is your money safe? Are the movies real? Can you dodge lasers, sneak through vents, and dress in disguise to steal millions of dollars? Yes. Yes, you can. Let me show you how I broke into banks with billions of dollars on the line through social engineering and bypassing physical security.

Speakers
avatar for Brice Self

Brice Self

Rendition InfoSec
Brice Self is a Cyber Security professional, specializing in physical security, social engineering, wireless (802.11) security, incident response, malware analysis and digital forensics. Prior to joining Rendition InfoSec, Brice proudly served in the U.S. Navy where he acquired his... Read More →


Friday March 13, 2020 11:00am - 11:50am
Track 1

11:00am

Hacking URLs
URLs are used everywhere - in apps, social media, and even on the web - but do you really understand what those URLs do and why? Once you truly grasp how URLs are constructed, you can dissect and sanitize web links, trimming off extra crud used by marketing campaigns to track your online behaviors. The next step is to flip things around, adding elements to your URLs to get around forms requesting your PII, or to start exploring the wonderful world of web app injections.  Knowledge is power. Do you know what's in your URLs?

Speakers
avatar for Bronwen Aker

Bronwen Aker

Bronwen Aker is a recovering web developer who jumped ship several years ago to enter the world of hackers, crackers, and breakers of all things tech. These days she works as a consultant with pen testers and cybersecurity geeks of various flavors. When not plugged into the Matrix... Read More →


Friday March 13, 2020 11:00am - 11:50am
Track 2

12:00pm

30 Minute Demo Presentation - Plextrac
PlexTrac is a productivity tool for information security professionals, created to save time and enhance standardization throughout the process of risk identification. In this demonstration, we will show how PlexTrac streamlines three critical functions:
- Reporting: Born as a tool to help penetration testers write reports faster, PlexTrac eliminates the copy/paste and generation of new narratives that add hours to the report writing process. Seamless integration with the built-in Writeups Database helps both consultancies and enterprises deliver a high-quality, consistent report experience in a fraction of the time required for manual report generation.
- Remediation: In-platform collaboration tools make it easy for red teams and blue teams to collaborate in real-time. No longer do customers need to wait until report delivery to begin remediating critical vulnerabilities in their environment - and they have access to the information security professionals who are generating the findings while the flaws are still being uncovered and documented.
- Attestation: Advanced analytics provide the ability to either instantly gain a broad understanding of your risk environment or drill down into where you may be vulnerable to the threat de jour. Tagging at multiple levels allows users to normalize their data in ways that provide the most value for their environments. Instead of consuming pre-built dashboards, leaders can easily select the information that they need to make informed resource decisions.


Speakers
avatar for Shawn H. Scott, CISSP, PMP

Shawn H. Scott, CISSP, PMP

PlexTrac
Shawn Scott is an accomplished cyber security leader focused on enhancing organizations’ defenses against the pervasive attacks from criminal and nation-state actors. Shawn understands that these threats are an enduring part of the modern business environment and assists clients... Read More →


Friday March 13, 2020 12:00pm - 12:30pm
General Session

12:30pm

30 Minute Demo Presentation - Guardicore
Interesting insight in researching breaches over the last few years we find that most often attackers - even nation state actors target low hanging fruit - things that with a little bit of effort can be protected.   Even more interesting, the difference between the winners and losers is a very short list of priorities.  Come listen to Trevor Metzger as he discusses the fascinating research also pulling in the fascinating story of Olympic Destroyer, the Russian attack on the Olympic Games in Korea for color.

Speakers

Friday March 13, 2020 12:30pm - 1:00pm
General Session

1:00pm

Avionics Primer for Hackers
I have worked on avionics systems for multiple air frames for 18 years.  I have noticed an alarming trend.  A disregard for security.  My talk is a call to action for the info-sec community to help us all solve the security issues contained within avionics before something bad happens.

Speakers
avatar for Nicholas Childs

Nicholas Childs

Nicholas is an aircraft avionics technician with over 18 years aircraft maintenance experience across multiple platforms including KC-135, B1 bombers, 737s,  L10-11s, C-17s, C-5s and C-141s. He is licensed as Sec+ and FCC GROL Radar.  After a position as an AD administrator on the... Read More →


Friday March 13, 2020 1:00pm - 1:50pm
Track 1

1:00pm

Hunting Software Vulnerabilities without Reversing
Too often, those without reverse engineering skills are dissuaded from hunting vulnerabilities. While a deep level of technical depth is needed for advanced binary exploitation (use after free, heap overflows, etc), there's plenty of attack surface left for the rest of us. In his last WWHF talk, Jake shared techniques for privilege escalation that mostly rely on poorly configured software. In this next installment, he's diving deeper into poorly built software and showing you how you can use simple tools to assess the security of third party and custom applications - no reverse engineering skills are required!

Speakers
avatar for Jake Williams

Jake Williams

Rendition InfoSec
Jake Williams is an accomplished infosec professional with almost two decades of industry experience. After spending more than a decade in the US Intelligence Community performing various missions in offensive and defensive cyber, Jake founded Rendition Infosec where he leads a team... Read More →


Friday March 13, 2020 1:00pm - 1:50pm
Track 2

1:00pm

Workshop - How To Create How To's
Friday March 13, 2020 1:00pm - 3:00pm
Coast Rooms

1:00pm

Backdoors and Breaches Tournament
Friday March 13, 2020 1:00pm - 4:00pm
Embarcadero

2:00pm

CitiZen Cyber SkillZ for Public Service. And Great Justice…
Love the cyberz, but your netcat skills are closer to butter knife than Swiss Army knife? Love being the packet, but that pre-bitmasking hydration is still a little rusty? Love CTFs, but can’t get to the bank (of coins)? That was me - I was devastated when I realized I'd never be Hax0RtheSkoudis, but I found a way to give back to the community anyway - maybe it’ll work for you!

The State of Michigan has created a Civilian Cyber Corps to address the uneven distribution of cyber need and talent (and to have fun ;) ). Qualified citizens can be part of a team who will address incidents within the state, initially for local and regional government entities. Applicants must have a basic security certification and pass a criminal background check. Regular training and assessment is provided, and there are ample opportunities to collaborate with peers. The team reports to the State CISO. Training, exercises and response activities are coordinated with the State Police, and the Air and Army National Guard. Other states are now examining this as a model for their initiaties; Come hear why!



Speakers
avatar for Ray Davidson

Ray Davidson

Ray Davidson, PhD served as dean at the SANS Technology Institute during its founding,and now leads the Michigan Cyber Civilian Corps, which is currently the only completely civilian, state sponsored team of incident responders in the country. He continues to serve as a mentor, subject... Read More →


Friday March 13, 2020 2:00pm - 2:50pm
Track 1

2:00pm

I really wanna hear you say… ‘I threat hunt thaaat way.’”
If you’re still threat hunting like it’s 2011, you might be finding it about as fresh as yogurt left out in the desert from when the Backstreet Boys were still topping the charts. Yeah, IoCs can be interesting, but the very term itself describes fragmented historical activities that need to be pieced together in order to work out what the hell happened.       Outdated threat hunting procedures hold your security program back – both in the time it takes to seek out attacker behaviors, and the level of effort involved to ascertain whether or not the horse has indeed bolted.    In his talk, Andy will explain how to modernize and galvanize your threat hunting program, putting you in better stead to detect attacks earlier in the chain. He promises not to sing.    Audience Takeaways: Recognizing the gaps in traditional threat hunting Understanding of the tactics, techniques, or procedures (TTPs) of threat hunting Pairing TTPs with data analytics How to find unknown anomalies

Speakers
avatar for John DiFederico

John DiFederico

John DiFederico is a lover of all things technology, but cybersecurity is his passion and the sole focus of his career. Currently serving as the Sales Engineering Manager at Exabeam, he works first hand with customers struggling to fully operationalize SIEM technologies. Prior to... Read More →


Friday March 13, 2020 2:00pm - 2:50pm
Track 2

3:00pm

Help Me Help You Hurt Yourself (it's for your own good)
Many times as Consultants to clients external to our business, we are put into a unique position where we are to inflict damage to the business yet keep a clear line of communication with the client in an open an engaging manner. Sometimes, more often than not, this open dialogue proves difficult due to:
• Feelings as a tester that the test should be 100% Black Box
• The client is not willing to divulge information
• ?
Having this open dialogue can help to have more robust test results that are better for both the tester and the client.
This talk does a dive into examples and issues that have been experienced in real world scenarios to help achieve this type of dialogue.
Note: This does not apply to Red Team assessments.

Topic 1: Where are the crown jewels?
Topic 2: Limiting risk by creating open dialogue.
 Topic 3: F*@%ing with your Offensive Consultant is a CVSS of 11.

Speakers
avatar for Michael Aguilar @Dataclast

Michael Aguilar @Dataclast

I break into things and I love what I do. I work for Secureworks Adversary Group and love researching new and inventive ways to do interesting things at work. I also love analyzing Medical Devices for security flaws.


Friday March 13, 2020 3:00pm - 3:15pm
Track 1

3:00pm

Security is Not a Game, the Game
Games that reproduce information security environments can often go beyond abstract cyberpunk/hacker veneers to teach actual skills related to information security. This will be a journey from "hacking" video games to solving capture-the-flag puzzles online and preparing for live games.

This is a talk intended for new practitioners and people who want to get started in security and are looking for safe, fun ways to do so.

Speakers
avatar for Rachel Rawlings

Rachel Rawlings

Rachel Rawlings is a Linux system administrator for Penn Medicine. Though not a "security pro," she's a big fan of red team games and hopes to become as good at using lockpicks as crochet hooks.  Rachel has written about IT-related entertainment for womensvoicesforchange.org; and spoken at the Philadelphia Linux User Group, Central Pennsylvania Open Source Conference, IcingaCamp, and FOSSCON. Her twitter handle is @linuxandyarn... Read More →


Friday March 13, 2020 3:00pm - 3:50pm
Track 2

3:25pm

Quickstart Guide to MITRE ATT&CK - the Do's and Don'ts when using the Matrix
Given the increasing awareness and use of the MITRE ATT&CK Matrix as a common language between Red Teams, Blue Teams, and Executives, a growing number of organizations are utilizing the framework in inappropriate ways. This talk will provide the audience with a very fast, yet very practical, overview of ATT&CK; as well as how it is being utilized well, and not-so-well, in the industry. From periodic tables, to minesweeper. From CALDERA to Atomic Red Team. We will go over a list of the do's and don’ts to get the most value from the ATT&CK Matrix.

Speakers
avatar for Adam Mashinchi

Adam Mashinchi

Adam is SCYTHE’s VP of Product Management where he leads the project management, design, and quality assurance departments. Before SCYTHE, Adam defined and managed the development of enterprise security and privacy solutions with an emphasis on usable encryption at a global scale... Read More →


Friday March 13, 2020 3:25pm - 3:40pm
Track 1

4:00pm

Hack the planet (or saving the world one hacker at a time!)
I’ve had some interesting adventures in my twenty-or-so years as a professional hacker and INFOSEC dude, and I’ve learned quite a few things about the hacker community. In this talk, I’ll share some of the valuable insights I’ve gained about why the hacker community is unique, valuable and worth fighting for. I’ll also talk about the good that’s going on in the hacker community and show you lots of different ways you can get involved.

Speakers
avatar for Johnny Long

Johnny Long

Johnny Long spent his career as a professional hacker. He has penetrated and subsequently secured some of the world’s most securely government, military and corporate networks and facilities and is currently a senior staff member at Offensive Security. He is the author of numerous... Read More →


Friday March 13, 2020 4:00pm - 4:50pm
General Session