Every day, researchers and analysts are bombarded with new sets of data and information pertaining to threats and adversaries. This is not very different from what intelligence analysts encounter in physical terrain warfare. In both cases, intelligence can only succeed in looking beyond the flavor of the week by applying timely, qualitative analysis to relevant information. In this presentation we will discuss:
Examples of observing common and older tactics and vulnerabilities that are actively being leveraged (instead of theoretical risks)
Using historical information to make well-informed assessments of future adversary courses of action
Applying qualitative-based risk assessments to adversaries based on observed capabilities and intent
Utilizing non-technical methods of intelligence collection such as human intelligence
We’ll also walk through real-life examples, including our hands-on experience in confirming tactics used by hacktivists during an actual campaign, and tracing suspected ties between a Middle Eastern paramilitary organization and a domestic cyber adversary.
Tymkrs & AND!XOR
Come listen to how new world’s are created for your curiosity and enjoyment!
This talk is about earning influence and becoming a trusted advisor inside and outside a security organization. It is for everyone who wants to effectively advise business leaders, technical managers, and decision-makers. It’s also for anyone yearning to be heard by their boss or peers.
Extreme heat is the result of higher temperatures due to atmospheric heat retention by green house gases. As temperatures rise, more water evaporates and the concentration of water vapor (humidity) in the air rises. This means that some places, particularly temperate areas, will receive more rain resulting in more flooding. Droughts occur sooner in places that do not receive rain because it is hotter. Tropical storms and hurricanes are powered by the heat energy in ocean water. As ocean temperatures rise, tropical storms tend to become larger, more powerful, and associated with greater rainfall. Many of these events are happening now. This year has seen record heat waves across the U.S., Europe, and Greenland; floods in the U.S. Midwest; and wildfires in Alaska, Siberia, Greenland, Australia, and the Western United States. In 2017 and 2018 there were unusually powerful and large hurricanes such as Harvey (Houston, TX), Florence (North Carolina), Maria (Puerto Rico), and Irma (Florida and Caribbean). Lyme Disease and West Nile virus encephalitis have been spreading north from the U.S. into Canada as warmer temperatures make survival easier for ticks and mosquitoes. As the tropics expand towards the poles, diseases carried by mosquitoes such as Dengue follow. The Middle East (Southwest Asia) may become too hot for human habitation. Coastal cities such as Jakarta, Indonesia, Mumbai, India, Shanghai, China, London, U.K., Miami, New Orleans, and New York may become uninhabitable due to sea level rise. Today’s children are in the crosshairs of climate change.
Even though the Cold War ended almost 30 years ago, there are still a lot of valuable lessons that can be learned from that era. One of the hallmarks of Civil Defense was to prepare yourself and your family for the coming Nuclear War. There were thousands of pamphlets, ads and movies created to teach people how to survive and thrive when Mutually Assured Destruction came to fruition. In this presentation, I will go over some of the more famous Civil Defense campaigns of the Cold War and how you can apply these tips to keep yourself and your companies safe in the modern world.
Dustin Heywood (evil_mog)
Have you ever wanted to know how the MS-RPRN Print Spooler service can lead to local admin? This talk will go through the NTLMv1 hash format, reverse it to an NTLM hash, and show how to use that information to generate Silver Tickets. It will also cover defenses for this devastating attack.
Sysadmins, CISO’s and compliance officers run pentests on their internal and external infrastructure, and commonly ignore their wireless footprint. However, access to a corporate wireless network is seldom monitored and provides covert access to an attacker. Think a long random passphrase or individual user authentication will protect your perimeter? Think again. Current wireless attacks take advantage configuration oversights, deceiving end users, and circumventing what had been thought to be reasonable network segmentation. Such compromise can have disastrous implications resulting in the “attacker from the parking lot” scenario. Curious to see how a compromise from a “secure” wireless network happens? Eric & Matt will discuss their evolving wireless pentest methodology and answer audience questions.
We are by nature technologist, and far to often when we see something suspicious on the network, we immediately jump to a technological solution without stopping to think about the psychology of what we are seeing, and what that can mean in the form of an attack/breach.
This talk will cover a Windows evasion technique called “RIPlace” that, when used to maliciously alter files, bypasses most existing anti-ransomware technologies. In fact, even Endpoint Detection and Response (EDR) products are blind to this technique, which means these operations will not be visible for future incident response and investigation purposes.
The technique leverages an issue with error handling of an edge-case scenario by filter drivers of security products. While not a vulnerability per say, the technique is extremely easy for malicious actors to take advantage of with barely two lines of code. RIPlace abuses the way file rename operations are (mis)handled using a legacy Windows function.
The talk will include a live demo of RIPlace bypassing a number of anti-ransomware technologies as well as the release of a RIPlace testing tool for the community to leverage in your own organizations.
The novel coronavirus outbreak that started late last year has already
shaken up the global economy, caused massive public unrest, and given us
the equal parts funny and dystopian situation with those
face-recognizing drones that yell at people for not wearing masks. But
with so many people talking about the same thing, how do we sort out
what’s real and what’s conspiracy? Is the novel coronavirus a bioweapon?
Are pangolins secretly humanity’s great adversary? Do masks actually
work? Why the heck are we talking about Russia? This talk will begin
with an overview of the latest literature on COVID-19 and highlights of
the outbreak so far. From there we will dissect the various claims made
by private entities, separating fact from fanatical and tracking how
information travels through meatspace.
What happens when you overshare HTTP headers and how to check if your’s are “up to code”
Raising a Robot (5min)
• Introduction to myself, NoodleFeet, and the “Mother of Machine” project
Designing Familiarity (~10min)
• How I used TensorFlow to teach my robot how to relate objects to other objects
• Show the mechanism, hardware and electronics involved in doing so
• Share my process of object training with intentional flaws built-in to help produce more
Cause and Effect (~7min)
• How I used object recognition to trigger behaviors: mechanical responses that help
communicate the robot’s personality
• Show the results and share my resources
Security is often not funded because risk costs, as evaluated by an organization for its own benefit, has a ROI that is below other possible investments. However, there are multiple benefits of evaluating risk from an ethical perspective. This presentation proposes a maturity model for the ethics of risk, based on an evaluation of research related to ethical risk. The framework describes risk, management, legal, and engineering concerns appropriate to risk analysts, security staff, or software engineering professionals. The framework provides a list of actionable items for each of five levels of ethical risk maturity.
As a result of continuing advancements in neural networks, deep fake media has become increasingly convincing and easy to produce. Experts have warned of the impact this could have on elections and personal security. Additionally, deepfakes also pose very real threats to businesses and global markets, although these threats receive far less attention. Hacker and Security evangelist Alyssa Miller will analyze the technology behind creating deep fake media, showing how Generative Adversarial Networks (GAN) create convincing fake videos and audio from very limited samples. She will examine research into both low-tech and AI/ML based detection methods and counter measures, including leveraging the same neural network approaches being used to create deep fakes to help detect them. She’ll continue by discussing the theory and research behind
countermeasures such as Adversarial Perturbations and show how they can defeat facial recognition algorithms that deepfake generation relies on. Finally, Alyssa will present methods being developed to help certify the authenticity of real media.
As she concludes, Alyssa will offer up a hopeful viewpoint of the good that can be accomplished through the use of deepfake technology. From its use in entertainment, to improved analysis of medical imaging and even how GANs are being leveraged in malware identification.
Mike ‘Shecky’ Kavka
There are so many things we deal with in the field of Information Security, and so many vendors out there to deal with. The money to be made is staggering for vendors, but at what cost? Using a non-standard standard (i.e. Syslog), and not supporting easy of integration seem to be the norm, but is that not creating a less secure world? We shall take a brief look at reasoning why the world of security vendors might be hurting the security field overall with the non-standard standards used.
Blue teamers in the trenches need to stop living groundhog’s day. Time to punch Bill Murray in the face and change the game in our favor. The game has changed but the basics are the same.
Coined in the 90’s by General Krulak, the three-block war is described as full-scale military action, peacekeeping operations (PKO) and humanitarian aid within the space of three contiguous city blocks.
How does this compare to starting your morning activating your incidence response (IR) plan due to a suspected credential breach, Change management meetings (Compliance), and handing out hugs while CXO’s change their passwords for the first time.
1. No one is shooting at you.
2. Not much else
Just as methods of warfare have changed, so too has the way we must run security programs. What does takes to prepare and execute your own 3 block Blue team war?
By definition, hackers make things work in unexpected and unintended ways. To many outside this community, hacking seems like a destructive process. However, anyone that has ever created or utilized an exploit in an imaginative way knows that, at its heart, hacking is all about making something new. This talk, full of technical examples taken from opposing disciplines in information security, shows how healthy competition between makers and breakers drives progress.
The aviation industry is synonymous with government regulation, but what does that mean in regards to cybersecurity? The industry is historically reluctant to provide information, leading to an assumption by those on the outside that security by obscurity is the standard. However there are several statutes in place if you know where to look. This presentation aims to decipher current aviation cybersecurity regulation by focusing on what would directly impact security researchers and how to better educate oneself on current & future regulation.
Dr K, Jen and Darren
Meditation is becoming a buzz-word for “beating” stress but seems very complicated to learn. We will show how DIY (Do It Yourself) brain technology projects such as DIY EEG (electroencephalogram) and tDCS (Transcranial direct current stimulation) can actually work as training wheels for a relaxed and energized mind. Transcranial direct current stimulation (tDCS), is a non-invasive, painless brain stimulation treatment that uses direct electrical currents to stimulate specific parts of the brain. A constant, low intensity current is passed through two electrodes placed over the head which modulates brain activity.
Volunteers will be invited for on-screen demos and DIY designs will be shared.
Disclaimer: These are not FDA approved devices, caution must be observed. Do at your own risk
Over time dating scams have claimed many victims, becoming an immense industry that uses psychological approaches, photographers, graphic designers, call centers, extortion and blackmail, as well as human trafficking. These scams have been around for many years, and they continue to grow and evolve, and the hackers have become much more elaborate and sophisticated with their methodologies, making them even more profitable than ever. We will dissect this dark business and identify its patterns and vulnerabilities, as well as bring awareness to a topic that is not often discussed.
When a device is set to automatically connect to wifi it may actually be exposing themselves AND the networks to attacks, but what you can do about it? The PickleNIC is a combination of custom hardware and software that was built to automate the collection and cracking of WPA2 Password Hashes. Hear the story about my daily commute with a raspberry pi that collects thousands of hashes using hcxtools and then automatically submits them to hashtopolis for distributed cracking. We’ll cover how the PickleNIC works and how it was built in order to help expose the risks in a fun way that (hopefully) encourages better security practices in my friends and strangers. You too can have a pickle in your pocket, in your bag, or in your car, and you’ll get all the information you need to make your very own PickleNIC today. This is going to be fun!
Nick Chapel (CRYPTY MCCRYPTOFACE)
Long before it became an infosec capture-the-flag staple, steganography had its birth in the Steganographia of Johannes Trithemius, an early 16th century book of magic and secret writing. Though it remains perhaps the most widely known, this is but one among countless examples of cryptography from the Renaissance and early modern eras used by alchemists, magicians, and dissidents to conceal their hidden knowledge from the prying eyes of the uninitiated. By applying the lens of cyber threat intelligence to the Steganographia and other examples of Renaissance and early modern cryptography, we can give ourselves greater insight into the motivations and threat models that drove subversive actors centuries before PGP was a gleam in Phil Zimmerman’s eyes. As we explore these historical examples through a threat intel lens, I will show how modern-day incident responders and other infosec practitioners can enrich their investigations by applying this same approach to their daily work.
J. Wolfgang Goerlich
Zero Trust has evolved from hype to security concept, and is evolving into a security standard. Zero Trust has gone from being network-centric to applying to people, applications, and data. And yet? The value of any defensive security control can only be determined within the context of the offensive tactics. The value gets further obscured when unexpected vulnerabilities rip holes in our defenses. In this presentation, threat models and attack scenarios will highlight the strengths and weakness of Zero Trust. This session provides an adversarial view of limiting trust in our environments.
This talk is for all those looking for a guide into how to break into a cyber security or information security career with local tips for those living in Wisconsin. Whether you are still in college, debating going to college, or an experienced professional looking to change careers, I wrote this talk for you as I wished this guide existed when I changed careers. Flashback to four years ago where something changed, I woke up and was no longer passionate about what I was working on like I used to be. The challenges were still there and a management career was just around corner but cyber security looked so much more exciting and got me excited to get up and out of bed in the morning. So with no previous cyber security roles or training, I made a hard career pivot from a well paid and stable Principal Engineer job at a large international company to an entry level security role and enrolled in a security degree program. From there, I ended up changing roles a few more times with different companies while picking up many cyber security certifications along the way. Before I knew it, I was invited or selected to speak at many local Wisconsin cyber security conferences and was speaking in front of my peers at local cyber security focused organizations. This talk is a summary of my experience to break starting a cyber security career down into a simple strategy while providing an overview of the information sources, certifications, local communities, and trade offs to consider for someone starting down this path.
In our always connected world the prevalence of internet connect devices has multiplied significantly. Internet connected devices have skyrocketed in our businesses, factories, infrastructures, and hospitals. This “Internet of things” (IoT) is becoming an increasing topic of conversation both in the workplace and outside of it. It’s a concept that not only has the potential to impact how we live but also how we work and are secured. IoT devices have become prevalent in many of the products and services that we have come to rely upon in our everyday lives. IoT security is the safeguarding of connected devices and networks in the IoT world. Managing and securing the ever-growing number of internet connected devices is posing new challenges to organizations of all sizes. Businesses must now address this new threat landscape to determine how to protect themselves. What are some examples of IoT devices? What is the threat? How prevalent is the risk? How are organizations protecting all of these IoT devices? What should do to reduce the risks.
This talk will explore the use of the Sonic Pi live coding environment as a means of using code to create music, as well as to provide an accessible gateway into more complex coding environments and applications.
System Administrators, information security professionals, and ethical hackers are often the first line of defense in protecting U.S. companies and public institutions from cyberattacks. However, there are local, state, and federal resources available to assist in mitigating and investigating a cyber incident. Presidential Policy Directive 41 (PPD-41) established the FBI as the lead federal agency for cyber threat response activities in the U.S. How does the FBI conduct this threat response? This presentation will discuss various cyber threats to U.S. institutions, seek to dispel various myths about the FBI’s cyber efforts, and seek to clarify what an institution can expect when contacting the FBI to report a computer intrusion, ransomware attack, or other incident. Special Agent Franz will also discuss the vital importance in IT professionals both reporting IOCs to the FBI and considering applying for an FBI Special Agent, Intelligence Analyst, or related position to bolster the U.S.’ national cyber defense capabilities.
The model still in wide use for security operations – the tiered SOC in a windowless room staring at a single glass of pain – is a product of technological environments in rapid decline. As infrastructure and organizational structures evolve, so too must the teams responsible for keeping the lights on evolve their people, process, technology, and culture. So what does this look like for those on the ground?
From the brain of a former security analyst building out operations in a cloud-first and zero-trust environment (buzzword bingo cards not provided), we’ll reflect upon what problems we’re trying to solve in security operations and how to reimagine our solutions for the environment in front of us, whether it’s a distributed workforce, shiny new cloud infrastructure mixed with old servers in the basement, or a fleet of unmanaged endpoints. Attendees will gain practical approaches to adapting our own processes and tooling, revisiting our sources of truth, and turning our focus outward to engagement and visibility within the larger org.
Most people think their devices are “secure” well its time to talk about things most cable company don’t want you to be aware of…. ignorance is bliss right?
You will walk away from this one not just having a lot of fun because Star Trek is awesome, but learning some new ways to look at common problems. Sometimes a little perspective can really get the creative juices flowing.
The early days of the open web encouraged a collaborative model of software development – technology built from the ground up, systems that were developed collectively and without hierarchy. For the past two decades, Wikipedia has succeeded to a large degree because of that collaborative model. It invites contributions, from our content down to our code. This talk will discuss how to build a truly participatory product development model, the opportunities and challenges Wikipedia has faced as a result of its open approach to technology platforms, and what the future looks like.