Track 2
4 Feb 2022 4:30 PM - 5:30 PM

A common misconception about automation is that it needs to be complicated and requires a specific skillset. This talk is to show that automation CAN be simple and achieve the desired objective. We will discuss how to break larger problems into smaller pieces to develop a repeatable solution.

Daniel Chun
Mandiant, Principal Consultant

Daniel Chun is a Principal Consultant in Mandiant’s Phoenix office. As a part of the Incident Response team, provides emergency services to clients when a security breach occurs.

Prior to joining Mandiant, Daniel spent time as a consultant where he helped build security programs, conducted investigations, and delivered training. He has been involved in malware analysis, payment card forensic investigations (PFI), and security operations development in various industries; including healthcare, industrial, financial, aerospace, and hospitality.

Track 1
4 Feb 2022 4:30 PM - 5:30 PM

3.5 million open cybersecurity positions globally and 300,000+ in the US. It is expected that the gap between qualified security experts and unfilled positions will continue to widen leading to critical security risks. Additionally, nation states are integrating AI/ML into cybersecurity curriculum faster than US Schools. There is a disconnect between HR and corporate expectations for “entry level” cybersecurity professionals for both competencies, experience, and pay at odds with the realities of the workforce. So how we do we create a cybersecurity talent pipeline to improve security within our communities, organizations, and the nation?

Paul Wagner
University of Arizona, Department Head and Cyber Security Faculty

Paul is currently the Department Head for Applied Technology and Assistant Professor of Practice for the University of Arizona’s Cyber Operations Program. Additionally, he provides virtual Chief Information Security Officer consulting services to multiple companies.

Prior to working with the University of Arizona, Paul spent 20 years in the Army including time as Infantry and Recruiting during his 12 years of enlisted time and a Signal Officer for his remaining 8 years.

Paul’s educational background includes BS in Social Psychology and Business Management and Marking, MBA, MS in Cyber Security, and is pursuing his PhD in Cyber Defense. He holds numerous certifications from SANS, ISC2, EC-Council, and CompTIA.

Track 3
4 Feb 2022 4:30 PM - 5:30 PM

Threat Hunting may be one of the more glamorized components of modern security operations today. Every week we read of how modern security controls are being evaded and bypassed. We know that a more proactive approach to detecting Evil is needed. Still, Threat Hunting is much more complicated than reviewing our SIEM enriched and neatly packaged alerts that our security controls have decided are worth our attention. It can often be challenging to know where to start, obtain a high ROI, and measure and communicate value or progress with Threat Hunting.

In this talk, we are going to explore how to do just that.

It is not expensive tools or highly situational graphical user interfaces that are needed. What we need is a repeatable, scalable, and measurable process that will give the effort vision and direction at the beginning and the ability to validate maturation as advance in the dicipline. While paid products can help, there are more than enough open-source resources to develop a Threat Hunting operation that can reliably detect some of the techniques used by the advanced adversaries of our day.

Christian Taillon
Threat Response Engineer, GCE
@christian_tail
https://christiantaillon.medium.com/

Christian contributes to Grand Canyon Education's IT Security team as a Threat Response Engineer. His efforts focus primarily on improving the Security team's operational tools and capabilities to efficiently detect and effectively respond to threats. This is done primarily through work relating to SIEM, EDR, NTA, and an evolving Threat Intelligence program.

He enjoys contributing to the larger community via various Threat Intelligence Content Development efforts and open-source projects. He leads Threat Exchanges as a Global Watch Center Handler for ACTRA, where he teaches for their Academy. He works as a Solutions Architect for the Cyber Resiliency Institute and contributes to SPORTS-ISAO as a member of the COTH team. When away from the keyboard, he enjoys camping, kayak, and hiking with his wife.

Track 1
4 Feb 2022 4:00 PM - 4:30 PM

Working as a security analyst is a popular way to start a career in infosec, are you considering this path? Join the presenter as she recounts her first year working as an analyst and what it takes to survive and thrive in a SOC. When it comes to being on the front lines protecting networks, some lessons are learned the hard way. This talk is full of the things she wish she knew when she started.

woland
Security Analyst
@wolandsec
https://www.hackerbartender.com/

After professional stints as an investigative journalist and night club manager, woland currently works as an analyst for a security firm in Chicago.

Track 3
4 Feb 2022 4:00 PM - 4:30 PM

Tag managers (such as Google Tag Manager, Adobe Launch...) are scripts which let non-developer easily add and remove—in one word manage—third-party scripts. Marketing people often require them in order to promptly experiments with analytic scripts, without bothering the development team for their inclusion on the website.

More than 40% of websites uses Google Tag Manager[^1] which is used to fires on average 12 scripts[^2] per website. Unfortunately, those scripts are often added ad hoc, outside of the regular development life-cycle and CI/CD pipeline.

Here lies the problem for security professionals: those scripts and their usage often don't go through the imposed security processes; they bypass code review and tests.

As an ex-web marketing professional, I will explain how those tag manager scripts are used, what kind of scripts are deployed through them and the pipeline used by marketers to deploy them to the end-user facing website.

As a current web application security developer, I will explain how security professionals can work with the marketing team to ensure the scripts used are not compromising the website integrity, nor the user's security, without hindering the marketing team's productivity.

Alexandre Mercier
Ex-web marketer turned security engineer and privacy advocate
@cyberflamingo
https://www.cyberflamingo.net/

Alexandre Mercier was born and raised in Lorraine, France.

After graduating from Lorraine University, major in Communication, he joined a Japanese IT venture to setup its marketing department. After gaining interest in the cyber-security world, he joined UBsecure, Inc. as a security engineer. As an engineer, he likes to think about ways to update, automate and make the development environment more efficient.

Outside work, he likes collecting Kokeshi (Japanese wooden dolls).

Track 1
4 Feb 2022 3:30 PM - 4:00 PM

In today's world, we have a modern and stable web application framework to develop on. That is already so much secured from the attacks, regardless of the OS. If you design the system properly, attacker cannot injection the system. Or attacker cannot attack the website with common attacks like XSS, CSRF, SSRF, SSTI, etc.

On the other hand, we have sophisticated scanners which scan the website dynamically with the interactive logins as well, it scans the website along with the internal pages. And we have secure coding practices as well along with the scanners which can scan the source code regardless of the programming language. They are necessary tools while developing a secure application.

But what all these are missing is "Business Logic Flaws", which are the reason for the highest-paid bounties on Hackerone, bugcrowd, etc. Business Logic Flaws are the attacks, which neither the source-code analysis tool nor dynamic web application scanner can detect.

The presentation/talk will discuss vulnerabilities that can arise from business logic flaws which can affect confidentiality, integrity & availability of customers' information as well as the product that is connected with the application. We will discuss CVE-2019-2823 - Oracle Financial Services along with other 2FA bypasses in Financial Mobile Applications. Where I was able to do vertical privilege escalation in regards to roles, checker, maker, etc. modules. These were critical findings that were used in financial information systems. On which APTs are attacking day and night.

This will also discuss the poor coding practices that were used in the application and negligence of built-in secure software development life cycle. This not just limits to data exposure but anyone can alter the data as well and can view which is not allowed to them.

The majority of the banks use this Oracle service in the world. There are a lot of similar bugs in the world right now as well, in regards to Business Logic Flaws. We have to enhance the testing skills rather than depending on the scanners, manual testing approach to test the use cases will be a good approach.

Mirza Burhan Baig
Threat Analyst - Riyadh Bank
@MirzaBurhanBaig
https://www.burhanbaig.com/blog

Mirza Burhan Baig is an Information Security Threat Analyst at Riyadh Bank – KSA. Mr. Baig is OSCP Certified professional with over 8 years of experience in Penetration Testing, Threat Hunting & Vulnerability assessments which include Core banking solutions, Banking applications, Network assessment, Mobile penetration testing. Mostly served financial industry.

Mr. Baig is also a certified professional and holds an OSCP, eWPTX, eCPPTv2, eNDP, etc. He is involved in bug bounty programs as well, where he helped many companies to fix vulnerabilities at a different level. Companies include Google, Microsoft, Facebook, Amazon, PayPal, Apple, IBM, CISCO, etc. Mr. Baig is also involved in many physical security projects to bypass networks and systems.

Mr. Baig has conducted many seminars and workshops at different levels of corporate, NGOs, Universities, specifically for students to create awareness & guide them to a career path in information security. Some of them include Dubai Electric Water Authority (DEWA), etc.

Track 2
4 Feb 2022 3:30 PM - 4:30 PM

The industrial revolution was powered by coal and steam. They were the power that enabled innovation and propelled the world down the road that has brought us to where we are today. The next revolution is on the horizon, and it’s an information revolution. Smartphones, smart homes, and smart assistants are proliferating our lives. Artificial intelligence is becoming in integral contributor to how this technology adds value to the our lives. The capabilities of the cyber security ecosystem must keep pace with this evolution. During this session we will cover how artificial intelligence is being used to fuel the next generation of cyber security ecosystems. We will see how it can be used to improve accuracy, speed and efficiency of enforcement technologies while enhancing the information used to make business and security decisions. On the other hand, how could AI & Machine Learning be used against us? If we have the technology, so do our adversaries.

Aaron Rose
Cyber Security Evangelist & Member of the Office of the CTO at Check Point Software Technologies

Aaron Rose is a Cyber Security Evangelist, Security Architect & Member of the Office of the CTO at Check Point Software Technologies. A subject matter expert in Cloud, Internet of Things, and Application security; Aaron has focused his career on securing organizations & their resources beyond the perimeter of the traditional network firewall.

An avid international traveler, Aaron welcomed the opportunity to spend three months in Tel Aviv’, Israel training with Check Point’s research & development teams at the company’s global headquarters.

Track 1
4 Feb 2022 3:00 PM - 3:30 PM

COVID-19 has impacted all of us in some form. For social engineers and I, COVID-19 impacted the way we perform social engineering assessments. In this talk I will discuss how my social engineering assessments were impacted with the rise of COVID-19, how my pretexts were modified to focus on COVID-19 (in an ethical manner), and what I learned from them.

With the mandatory (and life changing) switch to remote work. Employees more than ever began to rely on both emails and their phones as a means for communication. This introduced a gigantic opportunity for attackers to target the weakest link of an organization, the employee. This also meant that to stay current and up to date with the latest attacks, many social engineers, including myself tailored their campaigns to include COVID-19 as a pretext. This also meant that employees were significantly more likely to engage with my emails or phone calls because it became ‘the norm’. Furthermore, several of the employees I called were so thankful just to speak to someone that they were more than willing to ‘assist me with my technical issues’. In the body of the talk, I want to present multiple pretexts, results, and stories of my experiences from phishing and vishing through the pandemic to provide some insight as to how it introduced vulnerabilities to my clients.

COVID-19 has shone a light on many organizations security posture. More than ever, company’s need to be educating their users on cybersecurity threats and involving them with the security team. Security is a group effort, and it is our job as consultants, social engineers, and supports of the InfoSec community to educate those around us on social engineering attacks such as those demonstrated throughout my talk.

Parzival
Senior Penetration Tester and Best Dog Dad Ever
@FreeZeroDays
https://deviant.sh

Parzival is a Senior Penetration Tester and father two cute but chaotic dogs.

Track 3
4 Feb 2022 3:00 PM - 4:00 PM

That’s what Daniel was told in May 2020, two months after starting a new job. In this talk, he’ll share the inside experience of how a small team of (mostly government!) infosec folks worked to secure the entire vaccine development, distribution, and supply chain, and the key takeaways for the larger infosec community from this crazy (and surprisingly successful) experience.

This talk will cover a few key topics. First, Daniel will share the overall story of the operation, some of the (nation state) attacks they saw, and how the team were able to help harden literally dozens of companies in a matter of months. He’ll cover the critical role that the infosec/hacker community played, between collaboration with CTI League and industry partners, as well as an effective use of bug bounties to rapidly secure a plethora of questionable apps developed by contractors. He’ll explain some of the problems and promises that industry faces when collaborating with government, from what role each agency plays to some of the barriers that were overcome. And he’ll dive into the vaccine supply chain and its vulnerabilities, and how badly we need the larger infosec community to help harden this rapidly ‘techifying’ space before the next bio-catastrophe hits.

Daniel Bardenstein
Tech Policy Fellow at the Aspen Institute, Partner at Foresight Partners.
@bardenstein

Daniel Bardenstein is just trying to help make the world be even just a little more secure. As a Tech Policy Fellow at the Aspen Institute, he is focusing on policies to improve cybersecurity across the energy sector and incentivize IoT manufacturers to natively secure their devices. At Foresight Partners, he volunteers infosec and disinformation training and support to political campaigns. At DoD's Defense Digital Service, Daniel led efforts including cybersecurity for the COVID-19 vaccines, the Hack the Pentagon program, and research into OT/ICS/SCADA security. Before government, he worked in the private sector, where he built tools to make security teams’ lives easier. Daniel also holds certifications as a GCFA (Windows Memory Forensics) and, begrudgingly, a CISSP, as well as a patent on network anomaly detection. When not learning about some new security issue, Daniel tries to unwind by playing drums, hiking with his dog (Bowie), and baking banana bread.

Track 2
4 Feb 2022 3:00 PM - 3:30 PM

In today’s world, we mainly focus on the importance of the cybersecurity analyst, the CIO, the CISO.
But the fact is many other roles are essential to cybersecurity. Michelle Winters initiative to open doors to newcomers to the industry is bringing attention to a larger conversation. As members of the cybersecurity community, how can we help increase inclusion, diversity, and access to untapped talent?
Utilizing her role as manager of customer success, Michelle shares her experience, strategy, and results in generating more opportunities for newcomers to the industry.

Michelle Winters
Cybereason, Customer Success Manager

Michelle Winters was born in Mexico and moved to the United States in 2001. She graduated from the University of Texas-San Antonio and began her IT journey in 2006, working as an IT Admin for Toyota Motor Manufacturers. She then joined Rackspace as a support engineer and found her passion for helping customers. Ever since then, Michelle has expanded her skills and helped startups get enterprise-ready for servicing customers.
Michelle has a passion for helping others and ensuring the door is always held open to equal opportunities for all, especially to women and people of color.
She is a customer-driven optimist that’s always willing to learn—a soon to be published author, mother, and equal rights advocate.

Workshop
4 Feb 2022 2:30 PM - 4:30 PM

How can you effectively hunt data from the dark web using scripts? How can you circumvent scraping defenses on the dark web? How can you automate your scripts? If you are curious about the answers to these questions and want to learn how to write automated scripts for this task effectively, then this workshop is for you. There are many forums and marketplaces on the dark web where actors buy, sell, and trade goods and services like databases, exploits, trojans, ransomware, etc. Collecting data from the dark web can help any organization identify and detect risks that may arise due to their assets being sold on the dark web. In this workshop, you will learn why collecting data from the dark web is essential, what open-source tools you can use to collect these data, how you can create your tools & scripts, and automating your script for effective collection. The workshop's primary focus will be on circumventing defenses put by forums & markets on the dark web against scraping.

Prerequisites:
Basic scripting in python
Knowledge of using VMs
Knowledge of using Linux machines
Basics of Dark Web

Please follow the instructions here to prepare for the workshop.

Apurv Singh Gautam
Threat Researcher at Cyble
@ASG_Sc0rpi0n
https://apurvsinghgautam.me

Apurv Singh Gautam works as a Threat Researcher at Cyble. He commenced work in Threat Intel 3 years ago. He works on hunting threats from the surface and dark web by utilizing OSINT, SOCMINT, and HUMINT. He is passionate about giving back to the community and has already conducted several talks and seminars in conferences like SANS, Defcon, BSides, local security meetups, schools, and colleges. He loves volunteering with Station X to help students make their way in Cybersecurity. He looks forward to the end of the day to play and stream one of the AAA games Rainbow Six Siege.

Track 2
4 Feb 2022 2:00 PM - 3:00 PM

There are two kinds of companies: those where leadership cares and… those where they don't. No amount of personal heroics, technical awesomesauce, or the world's greatest tool is going to change that and have the business suddenly get it. Your leadership is an elephant. Large. Moves only when it wants. Tramples things. And… the cleanup! So, how do we move the elephant when and where we want?

We'll talk how to get leadership buy-in for your risk management program, how to translate this for different kinds of offensive/threat assessments (vulnerability assessments, penetration testing, red teaming, and purple teaming), metrics (including real-world data) derived from a detection maturity model I created with business context (alignment) from my work with blue teams. Come with questions and curiosity, leave with actionable insights to build or mature your risk assessment program.

Bryson Bort
SCYTHE Founder/CEO
@brysonbort

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider.
‍
Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.

Track 3
4 Feb 2022 2:00 PM - 3:00 PM

New phishing websites are setup every few seconds with intentions on stealing your credentials, infecting your system, or convincing you to do something via social engineering. Most of these sites are distributed and deployed through (mostly crude) automation which usually results in attackers leaving their kits behind. During this talk I will walk through what phish kits are, why they are important for proactive defense, security research, and how you can automate identifying these kits in the wild.

Josh Rickard
Security Solutions Architect
@MSAdministrator
https://letsautomate.it

Josh Rickard is a Security Solutions Architect at Swimlane focused on automating everyday processes in business and security. He is an expert in PowerShell and Python, and has presented at multiple conferences including DerbyCon, ShowMeCon, BlackHat Arsenal, CircleCityCon, Hacker Halted, and numerous BSides. In 2019, Josh was awarded an SC Media Reboot Leadership Award in the Influencer category and is featured in the Tribe of Hackers: Blue Team book. You can find information about open-source projects that Josh creates on GitHub at https://github.com/MSAdministrator

Track 1
4 Feb 2022 2:00 PM - 3:00PM

In this session, two tech writers who roasted the worst tech reporting of 2019 and 2020 are back on the grill to discuss...the worst tech reporting of 2021! This year we’ve broken down the top media fails into four cardinal sins: not reading or understanding a company’s privacy policy/terms of use, taking press releases at face value, being unclear about relevant details, and relying on sources without domain expertise. But this bleeds into the tech sector as well: before journalists misrepresent a company privacy policy, the company itself often misleads its own users (by error or by design). And who is responsible for writing those press releases that sometimes get parroted in the first place? We’ll see what we can learn from the year’s biggest fails, and how journalists and hackers can work together to make security reporting suck a little bit less in 2022.

Track 1
4 Feb 2022 11:30 AM - 12:00PM

In the CTI space, there’s a steady drumbeat repeating a mantra: security teams cannot successfully and sustainably operate in an intelligence silo. This feeds continuous discourse around how developing cross-boundary collaborations in intelligence sharing, standardization, and reporting are key to proactive defense, collective resilience, coordinated response, and effective remediation during an active attack. Of course!

Yet, the enormity - and complexity - of it all feels insurmountable when considering how CTI professionals can most effectively network and share intelligence *today*. So what’s really going on at the individual level?

This presentation shines a light on the human aspect of today’s CTI sharing practices via networks - both formal and informal, public and private. The session lays out the landscape of popular channels for CTI networking following peer-to-peer, peer-to-hub, and hybrid models; previous research and ongoing efforts to enhance CTI sharing by public-private groups; and well-known blockers (hello, legal approvals!) to effective networking. Survey insights add depth to this foundation by benchmarking real practitioner behaviors and attitudes. We seek answers like: how do good old-fashioned 1-to-1 ‘DMs’ compare to invite-only Discords, paid industry memberships, or national sharing initiatives? What real-world networking experiences actually prevented an attack?

Grace Chi
Cofounder & COO at Pulsedive
@euphoricfall

Grace works closely with defensive security and CTI practitioners all over the world, ranging from local consulting teams to enterprise operations. As a result, she has unique insights into the requirements and diverse traits of CTI success for individuals, teams, and organizations. On the weekend, she’s a hyper-serious cooperative board gamer and watercolorist.

Track 3
4 Feb 2022 11:00 AM - 11:30 AM

The scammer epidemic is ever-present in our connected world and shows no sign of slowing down anytime soon. Our team is currently researching infrastructures commonly used by scammers and creating our own malware to hack in and monitor scammers without their knowledge, allowing us to preemptively warn victims and gather enough intel to report the scammers.

In this talk, we'll break down our approach to a project of this scale as students, along with the progress we have made and lessons we've learned. Join us for a dive into the world of scams, malware, and ethical hacking!

Track 3
4 Feb 2022 11:00 AM - 12:00 PM

The usage of JavaScript obfuscation techniques have become prevalent in today’s threats, from phishing pages, to Magecart, and supply chain injection to JavaScript malware droppers all use JavaScript obfuscation techniques on some level.

The usage of JavaScript obfuscation enables evasion from detection engines and poses a challenge to security professionals, as it hinders them from getting quick answers on the functionality of the examined source code.

Deobfuscation can be technically challenging (sometimes), risky (if you don’t know what you are doing), and time consuming (if you are lazy, as I am). Yet, the need to find and analyze high scaled massive attacks using JavaScript obfuscation is a task I’m faced with on a daily basis.

In this presentation I will present a lazy, performance cost effective approach, focusing on the detection of JavaScript packer templates. Once combined with threat intelligence heuristics, this approach can predict the maliciousness level of JavaScript with high probability of accuracy.

In addition to the overview of what I’ve developed, I’ll share the techniques used, as well as source code needed to create a representation of JavaScript by using AST parsing, obfuscation pattern matching, and the machine learning techniques involved.

Or Katz
Akamai, Principal Lead Security Researcher
@or_katz
https://www.akamai.com/blog?author=or_katz

Or Katz is a security veteran, with years of experience at industry leading vendors, currently serves as principal lead security researcher for Akamai. Katz is a frequent Speaker in security conferences and published numerous articles, blogs and white papers on threat intelligence and defensive techniques. Data driven security researcher that is constantly looking on how to move security challenges into the science and solutions space.

Track 3
4 Feb 2022 10:00 AM - 11:00 AM

Congratulations, you recently completed a successful, high-value Purple Team Exercise in your organization! Your Cyber Threat Intelligence team identified an adversary that has the capability, internet, and opportunity to attack your organization and provided those adversary behaviors to the red team. The red team emulated those same tactics, techniques, and procedures (TTPs) in your production environment while the Blue Team watched and learned how the attack works. Then the blue team showed everyone how they identify those adversary behaviors and follow their response process to quickly mitigate the threat. All your security teams collaborated and efficiently tested, measured, and improved your people, process, and technology! A month has passed, what happens next?

This talk picks up after your first successful Purple Team Exercise is complete and teaches you how to continue maturing and improving your security program by operationalizing the collaboration between your security teams (Cyber Threat Intelligence, Red Team, and Blue Team). You don’t have to wait for the next scheduled, formal exercise to continue testing your people, process, and technology. You can leverage new Cyber Threat Intelligence and collaborate with your team to test new TTPs through a process called Detection Engineering.

Jorge Orchilles
CTO - SCYTHE
@jorgeorchilles
https://www.scythe.io/authors/jorge-orchilles/

Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project and author of the Purple Team Exercise Framework. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation. He was a founding member of MITRE Engenuity Center of Threat-Informed Defense. He is a Fellow at the Information Systems Security Association (ISSA) and National Security Institute. Prior, Jorge led the offensive security team at Citi for over 10 years.
‍
He also co-authored Common Vulnerability Scoring System (CVSS) and A Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry, and author of Microsoft Windows 7 Administrator’s Reference. Jorge holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science. Jorge speaks English, Spanish, and Portuguese, in decreasing levels of fluency. When he’s not hacking, teaching, or writing, you’ll find him watching and playing soccer.

Track 1
4 Feb 2022 10:00 AM - 11:00 AM

Nowadays when you read about cybersecurity, you’re almost sure to see something that mentions machine learning (ML) as the silver bullet to solve all problems cyber. Of course, ML isn’t the cyber cure-all, and indeed suffers from its own non-cyber problems – chiefly that ML bring with it its own set of vulnerabilities and weaknesses, often termed “adversarial ML.” These weak points range from leaking private data that the model was trained on to being easily evadable given the right motivation and context.

In this talk, we’ll go through our own experiences leveraging ML to try to build and defend a robust malware detector as part of our submission to the 2021 Machine Learning Security Evasion Competition. Our talk will start by first going over the background on adversarial ML, followed by how we used these ideas to generate adversarial malware variants that we then built our model from. We’ll then shift gears to how we sought to “defend” this model by explicitly attacking the models submitted by the other participants, walking through how we trained a proxy ML model and staged attacks against it.

In the end, our submission took third place in the competition, outperforming some but not all of the contestants. However, our journey helped expose many lessons learned for others looking to get into the space, as well as for those already practicing in it. Attendees of this talk should walk away with an understanding of those lessons, including pointers to resources they can use to build their own models – including the open-source code and the data behind our submission.

Andy Applebaum
Principal Cyber Security Engineer at MITRE
@andyplayse4

Andy Applebaum is a security researcher at MITRE, where he works on applied and theoretical security research problems, including as one of the leads on the CALDERA automated adversary emulation project. His work tends to lie at the intersection of security, automation, and reasoning, with a growing interest in the ability of attackers to both misuse and thwart machine learning and artificial intelligence systems. Andy has published numerous papers and spoken at multiple conferences, including Black Hat Europe, CAMLIS, BSides Las Vegas, and the FIRST Conference.

Andy received his PhD in computer science from the University of California Davis and he holds the OSCP certification. Outside of work, Andy is an avid chess player, having won the 2018 DEF CON chess championship.

Workshop
4 Feb 2022 10:00 AM - 12:00 PM

From smartphones to tablets to watches, users are relying more and more on the convenience of mobile technology. Organizations must meet this growing trend with greater security measures to support critical business functions and protect sensitive data on enterprise devices. Mobile architectures, applications, networks and services must all be developed and managed in compliance with the oversight of a strong IT workforce.

This course provides an in-depth technical overview of the security features and limitations of modern mobile operating systems, including the top risks and vulnerabilities, every IT professional needs to know.

What you will learn

· Mobile application security measures

· Models to develop and secure Android applications

· Security detection and measures in iOS

· Trends in mobile device management (MDM)

We recommend that you have the equivalent of a BS in computer science, or a background in cybersecurity. Workstation with Android Studio and Android Device. Workstation with Xcode and iOS Device.

Himanshu Dwivedi
CEO of Data Theorem
@MSAdministrator

Himanshu Dwivedi is the CEO of Data Theorem, Inc., an application security company focusing on API Security (RESTful & GraphQL), mobile apps (iOS &Android), Cloud Apps (Serverless), and Single Page WebApps (SPAs). Himanshu has been an avid start-up entrepreneur since 1999, where he and 3 friends started the west coast office of @stake, an information security firm that was later acquired by Symantec. In 2004, Himanshu co-founded iSEC Partners, an application security company that was acquired by the NCC Group in 2010. Himanshu has several publications, including six different books (Mobile Application Security, Hacking VoIP, Hacking Exposed: Web 2.0, Hacker’s Challenge 3, Storage Security, and Implementing SSH) as well as the owner of one patent (Patent number 7849504). He has also presented at numerous conferences, including 6-time BlackHat speaker. Himanshu received a B.S. from the Carlson School of Management (University of Minnesota), where he was awarded the Tomato Can Loving Cup Award, which is given to the school’s top graduating student.