Register for CypherCon 5.0 - Apr. 2/3, 2020

Presentations for Security Operations

Rene Kolga

Rene Kolga

Ransomware And How It Evades Our Defenses

Remember WannaCry – the ransomware attack that infected Windows devices across 150 countries? What is often forgotten is that WannaCry was completely preventable. Microsoft had issued a patch two months prior to the attack. If you think WannaCry was bad, how about a ransomware that we don’t have any protection from?

This talk will cover a Windows evasion technique called “RIPlace” that, when used to maliciously alter files, bypasses most existing anti-ransomware technologies. In fact, even Endpoint Detection and Response (EDR) products are blind to this technique, which means these operations will not be visible for future incident response and investigation purposes.

The technique leverages an issue with error handling of an edge-case scenario by filter drivers of security products. While not a vulnerability per say, the technique is extremely easy for malicious actors to take advantage of with barely two lines of code. RIPlace abuses the way file rename operations are (mis)handled using a legacy Windows function.

The talk will include a live demo of RIPlace bypassing a number of anti-ransomware technologies as well as the release of a RIPlace testing tool for the community to leverage in your own organizations.

Kat Sweet

Kat Sweet

Knock Your SOCs Off: Modernizing Security Operations

The model still in wide use for security operations – the tiered SOC in a windowless room staring at a single glass of pain – is a product of technological environments in rapid decline. As infrastructure and organizational structures evolve, so too must the teams responsible for keeping the lights on evolve their people, process, technology, and culture. So what does this look like for those on the ground?

 

From the brain of a former security analyst building out operations in a cloud-first and zero-trust environment (buzzword bingo cards not provided), we’ll reflect upon what problems we’re trying to solve in security operations and how to reimagine our solutions for the environment in front of us, whether it’s a distributed workforce, shiny new cloud infrastructure mixed with old servers in the basement, or a fleet of unmanaged endpoints. Attendees will gain practical approaches to adapting our own processes and tooling, revisiting our sources of truth, and turning our focus outward to engagement and visibility within the larger org.

Eric Escobar

Eric Escobar Matt Orme

Matt Orme

Your Corporate Networks are Showing

Sysadmins, CISO’s and compliance officers run pentests on their internal and external infrastructure, and commonly ignore their wireless footprint. However, access to a corporate wireless network is seldom monitored and provides covert access to an attacker. Think a long random passphrase or individual user authentication will protect your perimeter? Think again. Current wireless attacks take advantage configuration oversights, deceiving end users, and circumventing what had been thought to be reasonable network segmentation. Such compromise can have disastrous implications resulting in the “attacker from the parking lot” scenario. Curious to see how a compromise from a “secure” wireless network happens? Eric & Matt will discuss their evolving wireless pentest methodology and answer audience questions.

Melanie Ensign

Melanie Ensign

Why Should Anyone Listen? Practical Advice for Security Pros to Build Influence & Impact

This talk is about earning influence and becoming a trusted advisor inside and outside a security organization. It is for everyone who wants to effectively advise business leaders, technical managers, and decision-makers. It’s also for anyone yearning to be heard by their boss or peers.

Kat Traxler

Kat Traxler

The Cloud Attack Surface – Laughing at the OSI Model

Security Professionals are comfortable reasoning about the security posture of systems within the framework of the OSI model. We classify attacks as network based or application based each with their own set of understood preconditions or rules.
Enter ‘The Cloud’ or as I like to think about it “Other Peoples Datacenters”. The Cloud Platforms and their associated APIs are harnessed by a new bread of operations teams to define network or application systems in code. It’s on the Cloud API Platforms that a new attack surface has opened and it plays by none of the old rules.
J. Wolfgang Goerlich

J. Wolfgang Goerlich

Zero Trust for Zero Days

Zero Trust has evolved from hype to security concept, and is evolving into a security standard. Zero Trust has gone from being network-centric to applying to people, applications, and data. And yet? The value of any defensive security control can only be determined within the context of the offensive tactics. The value gets further obscured when unexpected vulnerabilities rip holes in our defenses. In this presentation, threat models and attack scenarios will highlight the strengths and weakness of Zero Trust. This session provides an adversarial view of limiting trust in our environments.

Alyssa Miller

Alyssa Miller

KEYNOTE: Stealing Reality – Deepfakes Ushering in a New Paradigm of Attacks

As a result of continuing advancements in neural networks, deep fake media has become increasingly convincing and easy to produce. Experts have warned of the impact this could have on elections and personal security. Additionally, deepfakes also pose very real threats to businesses and global markets, although these threats receive far less attention. Hacker and Security evangelist Alyssa Miller will analyze the technology behind creating deep fake media, showing how Generative Adversarial Networks (GAN) create convincing fake videos and audio from very limited samples. She will examine research into both low-tech and AI/ML based detection methods and counter measures, including leveraging the same neural network approaches being used to create deep fakes to help detect them. She’ll continue by discussing the theory and research behind
countermeasures such as Adversarial Perturbations and show how they can defeat facial recognition algorithms that deepfake generation relies on. Finally, Alyssa will present methods being developed to help certify the authenticity of real media.

As she concludes, Alyssa will offer up a hopeful viewpoint of the good that can be accomplished through the use of deepfake technology. From its use in entertainment, to improved analysis of medical imaging and even how GANs are being leveraged in malware identification.