Track 1
5 Feb 2022 4:00 PM - 5:00 PM

Panel talk with real-world examples from this year's CFP (sanitized, of course, and presented without making anyone feel bad about their submission.)

Topics include:

- Making sure the talk is applicable to the conference you're submitting to
- Selling yourself and your talk
- How to NOT sound like a vendor pitch
- WRITE. AN. OUTLINE.
- Submit one or two REALLY GOOD talks - don't "spray and pray" your entire back pocket of topics into a single CFP

Track 1
5 Feb 2022 3:00 PM - 4:00 PM

Offensive forensics is the concept of using forensics technique to find secrets or other valuable data to further attack paths. Offensive security tools such as Mimikatz that employ strong forensics and reverse engineering techniques have proven invaluable in red teaming and penetration testing.

This talk will discuss finding the golden nuggets in .NET dumps using existing tools and provide scenarios in which exercising forensic skills can be a game-changer in offensive security operations. Additionally, this talk will demonstrate Turdshovel, a tool for quickly analyzing .NET dumps for objects of interest.

So go ahead, fam. Take a huge dump.

Leron Gray
Azure Red Team/Hottest Rapper @ Microsoft
@mcohmi
https://daddycocoaman.dev/

Leron Gray is on the Azure Red Team at Microsoft. He holds a Bachelors in Cyber Operations, a Masters in Cyber Defense, and is currently a PhD in Cyber Operations student at Dakota State University. Between the NSA, web application testing, and his current position at Microsoft, he has 8 years of offensive security experience and enjoys writing tools in Python to automate tedious things. He's an advocate of 100% keeping it real, will absolutely roast you, and is the dopest rapper at Microsoft.

Track 1
5 Feb 2022 2:00 PM - 3:00 PM

As individuals and companies look for ways to save money, cloud providers incentivize choosing their service over others. Unless they are demoing a security project, security isn't a forethought until an incident happens. Free cloud tiers are the focus, as there may not be money invested by the individual/organization, especially in something like a project demo. There are two simulated threats, so we cover what artifacts are generated, and opinions on the ease and quality of the information.

Kyle Nordby
DFIR Enthusiast
@youmusec

Kyle Nordby (GCFE, GCFA, GCIH, GCIA) is an information security professional that has years of experience in a large retail Security Operations Center (SOC), and works in an Incident Response (IR) focused role. He is currently working on his Master's with an IR focus. His work ranges in threat hunting, IR, SOC operations, and endpoint triage. He is survived by his two cats, Lina and Jupiter.

Track 1
5 Feb 2022 11:00 AM - 12:00 PM

For some people, trying to figure out if you’re being followed is a matter of physical safety for themselves or others. In this talk we’ll discuss a methodology for using low cost, off the shelf parts and some adequate python code to help determine if you’re being followed by analyzing wireless signals nearby.

We’ll cover methodology and best practices as well as challenges encountered during development and field testing. We’ll release the code so anyone who wants to build their own easily can, likely with parts they already have laying around.

Matt Edmondson
Govt Lackey, Principal at Argelius Labs and Certified SANS Instructor
@matt0177
https://www.digitalforensicstips.com/

By day, Matt performs technical duties for the U.S. government. By night, he is a Principal at Argelius Labs and a Certified SANS instructor. Basically a much lamer version of Batman.

Track 1
5 Feb 2022 10:00 AM - 11:00 AM

I'll be going over how to reverse engineer dll files in the windows space. We'll cover common vulnerabilities, loading dll files, intrinsics, exported functions, loading orders, dynamic loading vs static loading.

Joe Giron
Reversing Windows DLLs
@gironsec

Computer hacker guy from Phoenix. Phoenix 2600 leader. Reverse engineer, malware dissection expert.

Track 1
4 Feb 2022 4:30 PM - 5:30 PM

3.5 million open cybersecurity positions globally and 300,000+ in the US. It is expected that the gap between qualified security experts and unfilled positions will continue to widen leading to critical security risks. Additionally, nation states are integrating AI/ML into cybersecurity curriculum faster than US Schools. There is a disconnect between HR and corporate expectations for “entry level” cybersecurity professionals for both competencies, experience, and pay at odds with the realities of the workforce. So how we do we create a cybersecurity talent pipeline to improve security within our communities, organizations, and the nation?

Paul Wagner
University of Arizona, Department Head and Cyber Security Faculty

Paul is currently the Department Head for Applied Technology and Assistant Professor of Practice for the University of Arizona’s Cyber Operations Program. Additionally, he provides virtual Chief Information Security Officer consulting services to multiple companies.

Prior to working with the University of Arizona, Paul spent 20 years in the Army including time as Infantry and Recruiting during his 12 years of enlisted time and a Signal Officer for his remaining 8 years.

Paul’s educational background includes BS in Social Psychology and Business Management and Marking, MBA, MS in Cyber Security, and is pursuing his PhD in Cyber Defense. He holds numerous certifications from SANS, ISC2, EC-Council, and CompTIA.

Track 1
4 Feb 2022 4:00 PM - 4:30 PM

Working as a security analyst is a popular way to start a career in infosec, are you considering this path? Join the presenter as she recounts her first year working as an analyst and what it takes to survive and thrive in a SOC. When it comes to being on the front lines protecting networks, some lessons are learned the hard way. This talk is full of the things she wish she knew when she started.

woland
Security Analyst
@wolandsec
https://www.hackerbartender.com/

After professional stints as an investigative journalist and night club manager, woland currently works as an analyst for a security firm in Chicago.

Track 1
4 Feb 2022 3:30 PM - 4:00 PM

In today's world, we have a modern and stable web application framework to develop on. That is already so much secured from the attacks, regardless of the OS. If you design the system properly, attacker cannot injection the system. Or attacker cannot attack the website with common attacks like XSS, CSRF, SSRF, SSTI, etc.

On the other hand, we have sophisticated scanners which scan the website dynamically with the interactive logins as well, it scans the website along with the internal pages. And we have secure coding practices as well along with the scanners which can scan the source code regardless of the programming language. They are necessary tools while developing a secure application.

But what all these are missing is "Business Logic Flaws", which are the reason for the highest-paid bounties on Hackerone, bugcrowd, etc. Business Logic Flaws are the attacks, which neither the source-code analysis tool nor dynamic web application scanner can detect.

The presentation/talk will discuss vulnerabilities that can arise from business logic flaws which can affect confidentiality, integrity & availability of customers' information as well as the product that is connected with the application. We will discuss CVE-2019-2823 - Oracle Financial Services along with other 2FA bypasses in Financial Mobile Applications. Where I was able to do vertical privilege escalation in regards to roles, checker, maker, etc. modules. These were critical findings that were used in financial information systems. On which APTs are attacking day and night.

This will also discuss the poor coding practices that were used in the application and negligence of built-in secure software development life cycle. This not just limits to data exposure but anyone can alter the data as well and can view which is not allowed to them.

The majority of the banks use this Oracle service in the world. There are a lot of similar bugs in the world right now as well, in regards to Business Logic Flaws. We have to enhance the testing skills rather than depending on the scanners, manual testing approach to test the use cases will be a good approach.

Mirza Burhan Baig
Threat Analyst - Riyadh Bank
@MirzaBurhanBaig
https://www.burhanbaig.com/blog

Mirza Burhan Baig is an Information Security Threat Analyst at Riyadh Bank – KSA. Mr. Baig is OSCP Certified professional with over 8 years of experience in Penetration Testing, Threat Hunting & Vulnerability assessments which include Core banking solutions, Banking applications, Network assessment, Mobile penetration testing. Mostly served financial industry.

Mr. Baig is also a certified professional and holds an OSCP, eWPTX, eCPPTv2, eNDP, etc. He is involved in bug bounty programs as well, where he helped many companies to fix vulnerabilities at a different level. Companies include Google, Microsoft, Facebook, Amazon, PayPal, Apple, IBM, CISCO, etc. Mr. Baig is also involved in many physical security projects to bypass networks and systems.

Mr. Baig has conducted many seminars and workshops at different levels of corporate, NGOs, Universities, specifically for students to create awareness & guide them to a career path in information security. Some of them include Dubai Electric Water Authority (DEWA), etc.

Track 1
4 Feb 2022 3:00 PM - 3:30 PM

COVID-19 has impacted all of us in some form. For social engineers and I, COVID-19 impacted the way we perform social engineering assessments. In this talk I will discuss how my social engineering assessments were impacted with the rise of COVID-19, how my pretexts were modified to focus on COVID-19 (in an ethical manner), and what I learned from them.

With the mandatory (and life changing) switch to remote work. Employees more than ever began to rely on both emails and their phones as a means for communication. This introduced a gigantic opportunity for attackers to target the weakest link of an organization, the employee. This also meant that to stay current and up to date with the latest attacks, many social engineers, including myself tailored their campaigns to include COVID-19 as a pretext. This also meant that employees were significantly more likely to engage with my emails or phone calls because it became ‘the norm’. Furthermore, several of the employees I called were so thankful just to speak to someone that they were more than willing to ‘assist me with my technical issues’. In the body of the talk, I want to present multiple pretexts, results, and stories of my experiences from phishing and vishing through the pandemic to provide some insight as to how it introduced vulnerabilities to my clients.

COVID-19 has shone a light on many organizations security posture. More than ever, company’s need to be educating their users on cybersecurity threats and involving them with the security team. Security is a group effort, and it is our job as consultants, social engineers, and supports of the InfoSec community to educate those around us on social engineering attacks such as those demonstrated throughout my talk.

Parzival
Senior Penetration Tester and Best Dog Dad Ever
@FreeZeroDays
https://deviant.sh

Parzival is a Senior Penetration Tester and father two cute but chaotic dogs.

Track 1
4 Feb 2022 2:00 PM - 3:00PM

In this session, two tech writers who roasted the worst tech reporting of 2019 and 2020 are back on the grill to discuss...the worst tech reporting of 2021! This year we’ve broken down the top media fails into four cardinal sins: not reading or understanding a company’s privacy policy/terms of use, taking press releases at face value, being unclear about relevant details, and relying on sources without domain expertise. But this bleeds into the tech sector as well: before journalists misrepresent a company privacy policy, the company itself often misleads its own users (by error or by design). And who is responsible for writing those press releases that sometimes get parroted in the first place? We’ll see what we can learn from the year’s biggest fails, and how journalists and hackers can work together to make security reporting suck a little bit less in 2022.

Track 1
4 Feb 2022 11:30 AM - 12:00PM

In the CTI space, there’s a steady drumbeat repeating a mantra: security teams cannot successfully and sustainably operate in an intelligence silo. This feeds continuous discourse around how developing cross-boundary collaborations in intelligence sharing, standardization, and reporting are key to proactive defense, collective resilience, coordinated response, and effective remediation during an active attack. Of course!

Yet, the enormity - and complexity - of it all feels insurmountable when considering how CTI professionals can most effectively network and share intelligence *today*. So what’s really going on at the individual level?

This presentation shines a light on the human aspect of today’s CTI sharing practices via networks - both formal and informal, public and private. The session lays out the landscape of popular channels for CTI networking following peer-to-peer, peer-to-hub, and hybrid models; previous research and ongoing efforts to enhance CTI sharing by public-private groups; and well-known blockers (hello, legal approvals!) to effective networking. Survey insights add depth to this foundation by benchmarking real practitioner behaviors and attitudes. We seek answers like: how do good old-fashioned 1-to-1 ‘DMs’ compare to invite-only Discords, paid industry memberships, or national sharing initiatives? What real-world networking experiences actually prevented an attack?

Grace Chi
Cofounder & COO at Pulsedive
@euphoricfall

Grace works closely with defensive security and CTI practitioners all over the world, ranging from local consulting teams to enterprise operations. As a result, she has unique insights into the requirements and diverse traits of CTI success for individuals, teams, and organizations. On the weekend, she’s a hyper-serious cooperative board gamer and watercolorist.

Track 3
4 Feb 2022 11:00 AM - 11:30 AM

The scammer epidemic is ever-present in our connected world and shows no sign of slowing down anytime soon. Our team is currently researching infrastructures commonly used by scammers and creating our own malware to hack in and monitor scammers without their knowledge, allowing us to preemptively warn victims and gather enough intel to report the scammers.

In this talk, we'll break down our approach to a project of this scale as students, along with the progress we have made and lessons we've learned. Join us for a dive into the world of scams, malware, and ethical hacking!

Track 1
4 Feb 2022 10:00 AM - 11:00 AM

Nowadays when you read about cybersecurity, you’re almost sure to see something that mentions machine learning (ML) as the silver bullet to solve all problems cyber. Of course, ML isn’t the cyber cure-all, and indeed suffers from its own non-cyber problems – chiefly that ML bring with it its own set of vulnerabilities and weaknesses, often termed “adversarial ML.” These weak points range from leaking private data that the model was trained on to being easily evadable given the right motivation and context.

In this talk, we’ll go through our own experiences leveraging ML to try to build and defend a robust malware detector as part of our submission to the 2021 Machine Learning Security Evasion Competition. Our talk will start by first going over the background on adversarial ML, followed by how we used these ideas to generate adversarial malware variants that we then built our model from. We’ll then shift gears to how we sought to “defend” this model by explicitly attacking the models submitted by the other participants, walking through how we trained a proxy ML model and staged attacks against it.

In the end, our submission took third place in the competition, outperforming some but not all of the contestants. However, our journey helped expose many lessons learned for others looking to get into the space, as well as for those already practicing in it. Attendees of this talk should walk away with an understanding of those lessons, including pointers to resources they can use to build their own models – including the open-source code and the data behind our submission.

Andy Applebaum
Principal Cyber Security Engineer at MITRE
@andyplayse4

Andy Applebaum is a security researcher at MITRE, where he works on applied and theoretical security research problems, including as one of the leads on the CALDERA automated adversary emulation project. His work tends to lie at the intersection of security, automation, and reasoning, with a growing interest in the ability of attackers to both misuse and thwart machine learning and artificial intelligence systems. Andy has published numerous papers and spoken at multiple conferences, including Black Hat Europe, CAMLIS, BSides Las Vegas, and the FIRST Conference.

Andy received his PhD in computer science from the University of California Davis and he holds the OSCP certification. Outside of work, Andy is an avid chess player, having won the 2018 DEF CON chess championship.