Aamil Karimi

Qualitative Analysis for Critical, Timely Intelligence

Every day, researchers and analysts are bombarded with new sets of data and information pertaining to threats and adversaries. This is not very different from what intelligence analysts encounter in physical terrain warfare. In both cases, intelligence can only succeed in looking beyond the flavor of the week by applying timely, qualitative analysis to relevant information. In this presentation we will discuss:

Examples of observing common and older tactics and vulnerabilities that are actively being leveraged (instead of theoretical risks)
Using historical information to make well-informed assessments of future adversary courses of action
Applying qualitative-based risk assessments to adversaries based on observed capabilities and intent
Utilizing non-technical methods of intelligence collection such as human intelligence

We’ll also walk through real-life examples, including our hands-on experience in confirming tactics used by hacktivists during an actual campaign, and tracing suspected ties between a Middle Eastern paramilitary organization and a domestic cyber adversary.

Tymkrs & AND!XOR

Tymkrs & AND!XOR compukidmike


Badge Makers Panel

Come listen to how new world’s are created for your curiosity and enjoyment!

Trenton Ivey

Trenton Ivey

KEYNOTE: Make(){Break()};Break(){Make()};

By definition, hackers make things work in unexpected and unintended ways. To many outside this community, hacking seems like a destructive process. However, anyone that has ever created or utilized an exploit in an imaginative way knows that, at its heart, hacking is all about making something new. This talk, full of technical examples taken from opposing disciplines in information security, shows how healthy competition between makers and breakers drives progress.

Eric Escobar

Eric Escobar Matt Orme

Matt Orme

Your Corporate Networks are Showing

Sysadmins, CISO’s and compliance officers run pentests on their internal and external infrastructure, and commonly ignore their wireless footprint. However, access to a corporate wireless network is seldom monitored and provides covert access to an attacker. Think a long random passphrase or individual user authentication will protect your perimeter? Think again. Current wireless attacks take advantage configuration oversights, deceiving end users, and circumventing what had been thought to be reasonable network segmentation. Such compromise can have disastrous implications resulting in the “attacker from the parking lot” scenario. Curious to see how a compromise from a “secure” wireless network happens? Eric & Matt will discuss their evolving wireless pentest methodology and answer audience questions.

Kat Traxler

Kat Traxler

The Cloud Attack Surface – Laughing at the OSI Model

Security Professionals are comfortable reasoning about the security posture of systems within the framework of the OSI model. We classify attacks as network based or application based each with their own set of understood preconditions or rules.
Enter ‘The Cloud’ or as I like to think about it “Other Peoples Datacenters”. The Cloud Platforms and their associated APIs are harnessed by a new bread of operations teams to define network or application systems in code. It’s on the Cloud API Platforms that a new attack surface has opened and it plays by none of the old rules.

Alyssa Miller

Alyssa Miller

KEYNOTE: Stealing Reality – Deepfakes Ushering in a New Paradigm of Attacks

As a result of continuing advancements in neural networks, deep fake media has become increasingly convincing and easy to produce. Experts have warned of the impact this could have on elections and personal security. Additionally, deepfakes also pose very real threats to businesses and global markets, although these threats receive far less attention. Hacker and Security evangelist Alyssa Miller will analyze the technology behind creating deep fake media, showing how Generative Adversarial Networks (GAN) create convincing fake videos and audio from very limited samples. She will examine research into both low-tech and AI/ML based detection methods and counter measures, including leveraging the same neural network approaches being used to create deep fakes to help detect them. She’ll continue by discussing the theory and research behind
countermeasures such as Adversarial Perturbations and show how they can defeat facial recognition algorithms that deepfake generation relies on. Finally, Alyssa will present methods being developed to help certify the authenticity of real media.

As she concludes, Alyssa will offer up a hopeful viewpoint of the good that can be accomplished through the use of deepfake technology. From its use in entertainment, to improved analysis of medical imaging and even how GANs are being leveraged in malware identification.