Villages and Events
- Building a Cloud Pentest Lab (and how we blew some up)
- Hacking for Good: The Scary State of AppSec
- Business and the Beast
- How things work: A deep dive into 1Password security
- CyberSecurity Effectiveness – Do you even security?
- Drone Detection
- So you wanna start a podcast? Experience from starting Iron Sydadminn
- Smile You’re on Camera! Controversies in Facial Biometrics
- Introduction to Container Security in Kubernetes
- A Tale of Three Brothers: Three Android Privacy Bugs
- Straight outta compliance – Battles with compliance in higher education
- Security Lessons Through the Eyes of Harry Potter
- Actioning ATT&CK
- Cryptocurrency as Asymmetric Economic Weapon
- Comparing Malicious Files
- 10 Steps to Build & Lead a Cybersecurity/CTF Team
- Expanding Our Horizons – The Value of Multidisciplinary Knowledge in Security
- All the Bacon: How Lesley Knope and Ron Swanson encourage community growth
- MAGIC: Malware Analysis to Generate Important Capabilities
- Certs vs Degree vs Experience. Which one is the winner?
- Introduction To Ethical Hacking
- Cats, Cats, and Moar Katz – Windows Post-Exploitation
- History of E-waste Recycling
- Fast-track your Cybersecurity/Hacking Career – Why Take The Slow Lane?
- Quick Picks from Bro/Zeek logs
- My quest for identity in a vendor turmoil
- Cloud Proxy Technology [The Changing Landscape of the Network Proxy]
Villages and Events:
*This event is not recorded
All skill levels are welcome – including challenges of all types!
Speaker(s): Jon Lucenius
This is the Fourth Annual installment of the Forensic Village. Expect us to build upon previous years as we will once again welcome all levels of experience and challenges! Whether you want to show us how much you know or need our help – we will welcome your interest and participation. This year we will continue the intense focus on privacy, dive deeper into network packets, and recover more hard drives.
Bio: No matter what it has been called – there has always been forensics. I started back in 1979 on small black and green things, writing stuff, wondering what happened, and what can be done to make things better. Since then I’ve done graphics, websites, and a good bit of hacking for banks and the like. My current job is putting it all together to solve cases and find bad guys – nowadays they call me a Cyber Forensic Investigator.
Pros V Joes CTF
*This event is not recorded
Students and professionals who want to learn the details of computer compromise through hands on experience in a live combat scenario.
Speaker(s): Eric Arnoth
The Pros vs Joes CTF is a live combat Capture The Flag event. The Pros are Information Security professionals or advanced in their knowledge of securing / compromising computers and networks. These professionals will help the Joes to improve their skills through the course of two days of attack and defend. On the first day, teams of Joes, captained by a Pro, protect their network from the Red Cell. On the second day, the Red Cell dissolves and joins the Joe teams, which then attack each other.
The game is completely virtual, players only need bring a laptop for connecting to the gaming environment via the Internet. Laptops will NOT be in the line of fire.
At the end of each day, there will be a debrief to reveal how compromises occurred, with discussion for how to better defend.
Bio: Eric Arnoth has been an Information Security professional for over 15 years, spending most of his time in the Financial Sector, though he has recently moved over to supporting the public sector. His background is split between defensive and offensive computing, and he has been building and running CTF for the community since 2010.
*This event is not recorded
Anyone can participate in the WCTF with or without experience. If you are new to the game, we suggest you review the Wireless Village resources located on our website. It guides participants in their selection of equipment to bring. https://wctf.us/resources.html
Speaker(s): @wifi_village and @wctf_us
In the WCTF, you will be using tools to find, identify, decode, and decrypt wireless signals. To score, you will need to submit flags which will be the passphrases used to gain access to the wireless access points. Offense and defense are fully in play by everyone. There is only one rule: don’t touch our stuff! Take all the pictures you want, but no touching of the equipment.
We cater to those who are new to this game and those who have been playing for a long time. Each WCTF begins with a presentation on How to WCTF. We also have a resources page on our website that guides participants in their selection of equipment to bring.
Keep an eye on @wctf_us, and @WIFI_Village for details.
Bio: The Wireless Village is a group of experts in the areas of Information, Wifi, and Radio Frequency Security with the common purpose to teach the exploration of these technologies with a focus on security. We focus on teaching Wifi and Software Defined Radio and providing the very best in Wireless Capture the Flag games to promote learning.
Bio: Visit http://wctf.us/crew.html for information about our crew.
A Bro Primer – Lets work together BRO!
Anyone interested in intrusion detection systems
his talk is going to be about BRO IDS. How one can start using Bro, it’s installation, configuration and basic setup to start playing around with it. This talk is targeted towards the beginners, to get their feet wet in Bro zone, as it is such a powerful and wonderful open source tool that can produce lot of value right from the basic installation. The talk will cover how to analyze your Bro logs and some interesting stuff to look for in the log files, some real world examples, and furthermore, if time permits, some advance use-cases of Bro IDS. This talk is intended to give public a general awareness of how to get most out of the open source free tools out there, such as Bro, and how it provides wonderful insights in the network traffic for Security analysts.
For conducting the lab, we would require all the participants :
-To have VM environment setup on your laptops.
-On your chosen VM environment (Workstation, Player, Fusion, VirtualBox, etc.), create a new VM using Ubuntu Server 16.04 LTS 64b (ISO)
with following characteristics:
typical, 2GB of ram or more, 8GB of disk or more.
during creation, add “”ssh”” to the system by typing space to set an “”x”” in the box “”[ ]””.
set the VM in network NAT mode (later can be changed to bridge).
verify when running on the VM, you can ping the Internet (e.g. “”ping 126.96.36.199″”, the google DNS server).
verify you can ssh into the VM from your shell environment.
Bio: I came to US in 2013 for pursuing MS in Computer Engineering from University of Delaware, and graduated with MS in 2015, currently working as a Security Engineer in University’s Technical Security Group full time, and majorly look into the IDS/IPS devices we have to monitor the traffic for anomaly or intrusion detection. I live in Newark DE, and enrolled as a part-time Ph.D student in UD as well, research focusing on different cyber-security domains.
Secure Code Audit Express Edition
Those who want to perform a manual secure code audit with having basic development background.
Speaker(s): Ranjith Menon & Manoj Kumar
Secure code audit is a highly effective process of identifying vulnerabilities in software. This process requires a more in-depth analysis of an application in order to find the security flaws.
This training will be hands on how to do secure code audit, so you need to bring your own laptop to perform different types of attacks on web based application.
Windows/Linux/OsX Installed machine
RAM – 8GB
Free space in your machine – 10GB
Installed VMware Player in your machine
What to expect:
Exposure to different tools used for performing attacks
J2EE based demo application to perform secure code audit
What not to expect:
Any professional tools
Course Duration: 1 Day
The course covers relevant J2EE based web application issues to subsequently demonstrate how to design and develop code defenses into an application.
Secure Code Audit – Express Edition
Module 1: Secure Source Code Review(SSCR) Approaches
➢ What is SSCR
➢ Need for SSCR
➢ Different way of doing SSCR
➢ SSCR vs Dynamic application security testing
Module 2: Input Validation
➢ Bypassing client-side validation
➢ Variable manipulation attacks
➢ Insecure Direct Object References
➢ File Upload attacks and best practices
➢ Reflected, Stored and DOM based XSS
➢ Proper implementation of OTP & CAPTCHA
➢ Best practices and guidelines to avoid these Attacks
Module 3: Injection
➢ Blind & Second Order SQL injection
➢ CSV based export features using formula injection
Module 4: Error Handling and Logging
➢ Proper implementation of log
➢ Proper error handling
Module 5: Code Quality
➢ Language specific configuration check
➢ Hard coded information
➢ Critical information in comment
➢ Client side hardcoded information
➢ Best practices to cheak unused code
Module 6: Cryptography
➢ Encryption & Decryption
➢ Encoding & Decoding
➢ Salted hash technique
➢ Storage of critical information in backend side
Module 7: XML External Entity (XXE) Attack
Module 8: Cross Site Request Forgery (CSRF)
Bio: Speaker 1:
Manoj has more than 5 years of experience in the field of Application Security and Secure coding process and a co-founder of h1hakz. He has Developed many Secure Application Projects using different languages and has Code reviewed a wide range of applications, from embedded systems to web applications including Retail Banking and E-commerce Application.
Ranjith who has more than 8 years of experience. He is an active player on Bug bounty programs and specialised in Web application, Mobile, Cloud and a contributor to the Security Community and founder of h1hakz, an open platform for knowledge sharing though webcast series.
Also he has found many vulnerabilities for many organizations. Apart from hacking, he gets time for fitness from his work schedule.
Building a Cloud Pentest Lab (and how we blew some up)
Anyone interested in penetration testing lab environment.. Only basic IT knowledge is required.
Speaker(s): Chris Myers @swizzlez_ and Barrett Adams @peewpw
Building a lab in the cloud is cheaper and easier than ever. We’ll talk about the basics of setting up a lab in the cloud: what to consider, how to do it, and what it’ll cost. We will also share some funny stories of things we’ve messed up while building our own cloud labs (and how to avoid our pitfalls).
Bio: Chris – Chris is an experienced penetration tester with 5 years in the information security industry. He’s led a diverse range of red team assessments, from internal networks, to spear-phishing exercises, to web and mobile applications. His areas of interest include exploit development, offensive security training and education, and automation and tool development.
Barrett – Barrett is also a penetration tester and security professional with experience performing a variety of red team assessments. He has created red team tools such as Invoke-PSImage for stealthy payload delivery and Invoke-WCMDump for dumping Credential Manager passwords.
Hacking for Good: The Scary State of AppSec
Developers, Information security practitioners with AppSec experience
Speaker(s): Randy Westergren @RandyWestergren
Hacking isn’t just for bad guys in hoodies! That’s right — though we almost always associate hacking with sophisticated actors abusing software for criminal purposes, there’s more to the story: despite what we see on TV and movies, hacking isn’t always sophisticated, nor inherently nefarious.
In this talk, we’ll examine the instrumental role legitimate security research has in improving AppSec industry-wide. We’ll explore how after a long tradition of distrust, organizations have started to embrace white-hat hackers through coordinated disclosure and bug bounty programs. As we cover examples of real-world vulnerabilities spanning multiple research areas, you’ll get a sense of the impact security research has on the safety of our software and the future of our digital lives.
Bio: Randy Westergren is a senior lead software engineer at Marlette Funding where his passion for software development, DevOps, AppSec, and other facets of enterprise architecture coalesce. Though primarily focused on engineering, he’s recognized as an industry leader for his information security research, some of which has been featured in Forbes, PC Magazine, and CNET.
Business and the Beast
Practitioners of all levels – from executives to technical professionals looking to drive change in their organization.
Speaker(s): Bryan Inagaki, Thermo Fisher Scientific
The way we do business has been changing for the past 60 years. Technology has created not just new jobs requiring new skills – it has fundamentally changed the way we work on a daily basis. The changes that have impacted the workforce are now impacting the core identities of companies, and companies that once viewed themselves as brick and mortar retailers or manufacturers of goods are now labeling themselves as software or technology companies.
However, for every Amazon, Netflix, and Etsy pushing the boundaries of technology and an enabled workforce, there are many more companies holding on to the traditional views of what a business should be and how it should operate. Whether it is ignorance of the changes going on – or a desperate need to cling to the familiar – there are beasts looming on the horizon for just about every business.
This talk is about the beasts. What are they? The myriad of changes and advancements occurring across business that are challenging the fundamental ways businesses have been operating for generations. Whether it is the move to DevOps, changes from a security perimeter to the Zero Trust Network model, or building distributed teams – how we will get things done and be successful is rapidly changing.
Those that are capable of taming the beasts will be poised to succeed in their respective industries. Those that are consumed by the beasts will find themselves falling further and further behind – clinging to old models of operation and wondering why their competitors continue to outpace them.
Bio: Bryan Inagaki is the Director of Security Risk Management at Thermo Fisher Scientific. Bryan’s path to information security was anything but direct, and he took a few detours in the worlds of small business, federal law enforcement and financial services before finding himself fully entrenched in the industry. As a physical security professional first and an information security professional second, Bryan enjoys the challenge of mixing the real with the intangible and taking lessons learned from time spent in critical threat areas to make his teams more effective and efficient.
How things work: A deep dive into 1Password security
Speaker(s): David Schuetz @DarthNull
Choosing strong passwords, a different one for every site, is just Security 101 at this point. Using a password manager to handle all those different credentials is essential. But how do you know that they’re safe, especially in the cloud?
1Password has been a popular password manager for over a decade. In 2016, they introduced 1Password Teams feature which puts your passwords in shared vaults in the cloud. In the cloud?!?! Yes.
Agilebits have been very open about how 1Password works, with whitepapers, support documents, and geek-friendly forums. Unfortunately, their documentation can be hard-to-follow, and sometimes lacks key technical details.
This talk fills in those gaps. It describes (most) of the 1Password ecosystem in detail, from unlocking to decrypting to vaults to account recovery. Using easy-to-follow analogies, the talk provides non-technical attendees with a clear understanding of how the system works. At the same time, enough detail is given that crypto-geeks can easily build their own tools, to prove to themselves that it really is working properly.
Bio: David has been working in the security field for a long, long time…and active in the security community for over a decade. When not engaged in paying work, he enjoys building and solving cryptography puzzles, playing Pokemon Go, and helping out with his kids’ Boy Scout Troop. David runs the KhanFu conference scheduling system, volunteers at ShmooCon and Black Hat, and has recently received a US amateur radio license (though he hasn’t had enough time to really play with his new radio…)
CyberSecurity Effectiveness – Do you even security?
Information security practitioners interested in understanding how to define effectiveness in the context of cybersecurity initiatives.
Speaker(s): Chris Rossi @dennyr0ss
This talk will explore how the typical organization goes about creating/planning their cybersecurity strategy, and how this method is flawed. We’ll explore how to assess whether your current cybersecurity program is meeting your organizational needs, and discuss data-driven methods/strategies for getting your program into an effective state.
Bio: Chris Rossi serves as CISO at Rule4. Prior to Rule4, Chris spent nine years at AppliedTrust, where he was Vice President of Governance, Risk, and Compliance (GRC) and provided consulting services for a variety of healthcare, federal, municipal, and private organizations. Chris also served as an outsourced CISO for several healthcare organizations, helping them establish and maintain strategies and programs to ensure their information assets were adequately protected. Chris is heavily involved in the Philadelphia IT community, including running and occasionally presenting at the Philadelphia Security Shell meetup. When he steps away from the office, Chris likes mountain biking, losing at racquetball, and taking the occasional run. He also enjoys reading, cooking, and engaging in regular battles of will with his son and daughter.
Anyone who has an interest in drones.
Speaker(s): Ralph M. DeFrangesco
There has been an increase in drones in the skies. This is mostly due to a decrease in cost and an increase in availability. There has also been an increase in drones flying into no fly-zones and onto restricted property. Detection of drones in these restricted areas is difficult, costly, and often ineffective. This presentation proposes a method for detecting drones using off-the-shelf hardware and software.
Bio: Ralph M. DeFrangesco currently works for a Fortune 500 company as a cybersecurity professional. He also teaches cybersecurity classes at Cecil College. He has worked as a security consultant for Fortune 500 companies and frequently publishes papers and presents on cybersecurity topics.
So you wanna start a podcast? Experience from starting Iron Sydadmin
Starting a podcast can seem daunting. It’s not really that difficult, but not enough attention to details could give you a reputation for being low quality. Starting the Iron Sysadmin podcast was definitely a “start simple and grow” process. I received some good advice, and I’d like to pass along what I’ve learned! Whether you’re planning a podcast, or a video cast, let me help give you some ideas on how to get started!
Bio: Gangrif is an experienced Sysadmin, YouTuber, and creator of the Iron Sysadmin podcast.
Smile You’re on Camera! Controversies in Facial Biometrics
Everyone because biometrics has become a universal authentication technology..
Speaker(s): David Vargas @CyberBlueTeamer
While advances in biometrics has led to their increased use on most computing devices, recent progress in facial biometrics are currently inviting controversy. In this presentation, attendees will learn how the increased accuracy of facial recognition technologies have led to their becoming an important, but controversial, tool in security. The presentation will begin with a brief overview of authentication and a discussion of the most common biometrics used for that purpose. It will then explore where facial biometrics is increasingly being used – from border protection to expedited airline check-in. The presentation will then discuss some of the more controversial uses of the technology by other countries with an emphasis on China’s much-feared “Skynet”. While governments embrace facial recognition, privacy advocates are arguing that its rapid deployment hints at the beginnings of a surveillance state. As a result, the presentation will end by discussing this view.
Bio: Dave Vargas is a senior security engineer and professor of cybersecurity at several local colleges and universities in the Washington, DC area. He has worked extensively in cybersecurity in both the public and private sectors and often shares his expertise at security conferences and professional meetings nationwide. Dave graduated magna cum laude from The George Washington University, and successfully completed graduate work in Information Systems at The Johns Hopkins University. His current certifications include CEHv9, CISSP, CISM, and SSCP.
Introduction to Container Security in Kubernetes
Infosec practitioners, system administrators with minimal experience with plan on or are running containers in their environment. Anyone who would like to learn a little bit about containers and Kubernetes.
Speaker(s): Jon Mosco @jpmosco
This talk will focus on the fundamental aspects of container security with a focus on deploying them at scale in Kubernetes clusters. A short introduction to containers will be given, detailing the various differences and similarities to bare metal/virtual machines to paint a good picture of the challenges when securing containers and clusters of containers with Kubernetes. Details and a short demo of Kubernetes might be given if time is available.
Bio: Sr Systems Architect, InfoSec Solutions Architect, all things command line and metal head.
A tale of Three Brothers: Three Android Privacy Bugs
Everyone because of privacy implications
In this presentation I will be discussing three privacy-related bugs (CVE-2018-9489, CVE-2018-15835 and CVE-pending) in Android OS that expose sensitive data to on-device applications. These bugs affect virtually all Android devices worldwide. This talk will include a discussion of the relevant Android internal components, the bugs themselves, vendor response and privacy implications for users. Some of these will be disclosed publicly for the first time.
Bio: I am an application security architect by day, and a security researcher by night. In the past few years I have discovered, published and presented on numerous vulnerabilities / CVEs spanning multiple areas of technology. I also participated in the development of many anti-spam standards used today (SPF and DomainKeys), and created the Abuse Reporting Format (ARF – RFC 5965) used for exchanging spam reports by most ISPs today. Among other things I authored RFC 4180 which documents the CSV format.
Straight outta compliance – Battles with compliance in higher education
Anyone interested in security policies(NIST800-171), workarounds, and tales from the trenches while implementing security compliance.
Speaker(s): Zeb Whitehead @AdventuresOfZeb
Up a creek without a paddle, we began our adventure to implement a research security compliance policy within our university. Through the course of our implementation we discovered many pitfalls and shortcomings both with our implementation and methodology. Our presentation will cover our cross platform design from the servers to the clients covering Windows, Mac, and Linux in the pursuit of bringing our workstations and servers in compliance with NIST800-171 policies.
Bio: Systems Administrator for Auburn University College of Engineering Alabama.
Security Lessons Through the Eyes of Harry Potter
Students and beginners learning about security. Also anyone who likes Harry Potter.
Speaker(s): @Zamster and @Krypton3
Harry Potter and his friends taught us about magic, friendship, and … security? Security Lessons is a talk that explains different security concepts using scenes out of the Harry Potter books. We will be talking about topics such as password management, layered security, and social engineering. There’s even an encryption lesson–a transposition cipher–in The Chamber of Secrets. We were surprised at how many examples we found, and the stories also helped us understand some of the harder topics. By using familiar stories to describe these terms, we can teach people how to be more secure and also get them interested in information security.
Bio: @Zamester is a 12-year-old middle-school student who likes writing secret messages using ciphers and solving puzzles. @Krypton3 is the 9-year-old who decode his brother’s secret messages. They both like to read, and re-read, the Harry Potter books. @Kryton3 first used Harry Potter to explain good password security, and @Zamester found the transposition cipher. They both attended R00tz Asylum at DEFCON and had a great time learning about penetration testing and lock-picking. They hope to go to more conferences and events to learn more about information security.
Information Security practitioners with technical knowledge.
Speaker(s): Jake Liefer
This talk aims to provide the process for taking ATT&CK from a theoretical framework into actionable capabilities in an organization. With over 200+ techniques, many get bogged down with the challenge of where to start, the direction to head in, and what to test. We’ll discuss pairing ATT&CK testing with threat intelligence, as well as mapping out detection risk based on ATT&CK assessments for a prioritized approach to ATT&CK implementation.
Bio: Jake is an experienced cybersecurity manager at Mandiant, advising senior-level leadership at Fortune 500 and global corporations in developing, operating, and maturing organizational cybersecurity posture. In addition to enhancing existing controls, Jake works to secure organizations after breaches and eradicate attackers.
Cryptocurrency as Asymmetric Economic Weapon
Interested parties in cryptocurrency and world politics.
Speaker(s): Joshua Marpet and Scott Lyons
Stock prices can be manipulated. Can Cryptocurrency prices? Can you manipulate cryptocurrency prices to make money, destabilize governments, and change the course of history? Just changing the prices won’t. But there are ways to make it “interesting”. Let’s figure out what it takes, and what the response might be. 🙂
Bio: Scott has done all kinds of weird stuff in places he can’t talk about. Josh has done weird stuff in jail, Bourbon Street, and other places. They’re both infosec people and have been for a long time. Pretty sorry guys, huh? They run a company called Red Lion, where they do compliance and advisory services. People like them, and companies are happy to see them go! Come see them talk!
Comparing Malicious Files
Malware analysts, researchers, and incident responders with moderate experience.
Speaker(s): Robert Simmons
A critical step one must take during the malware analysis process is to attempt to determine the malware family a sample may belong to. Even if one cannot link a file to a family, one must at least try to find files that are similar and extrapolate information about the sample from comparison with these similar files. This talk reviews a variety of methods for comparing files from simple to complex.
Bio: Robert Simmons is an independent malware researcher. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others. Robert also is a maintainer of plyara, a YARA rule parser written in pure python.
Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.
10 Steps to Build & Lead a Cybersecurity/CTF Team
Everyone interested in computer science and cyber security. The talk is introductory in nature, but aspects apply to seasoned veterans and individuals with any amount of experience.
Speaker(s): John Hammond @_johnhammond
Companies, schools and communities desperately want to get into the cybersecurity scene and improve their security posture. Organizations throw endless amounts of money at the problem in hopes of finding a solution — but the answer only comes from people. The solutions comes from a collective of individuals that are passionate about technology, computers, and who want to make the world better just by trying to understand interesting things and solve interesting problems. So, the need to build a cyber security team of hackers and programmers emerges, and the question that remains is how to improve and practice. Enter Capture the Flag: a gamified means of sharpening a person’s skillset and keeping the individual engaged in the cybersecurity culture. But one CTF competition couldn’t possibility make the next l33t h@x0r — and thus a certain methodology and structure should be in place to build up a team. That means giving meaning to practice, providing knowledge in-depth, and ensuring that a team of hackers is ultimately enjoying themselves and finding a love for their craft. Cultivating a team and fostering an environment to encourage growth can be done with simple techniques: it just takes a personal touch to a digital world.
Bio: US Coast Guard hacker and CTF enthusiast. USCG Academy Cyber Team Captain who led the team to winning placements in multiple competitions, both civilian and military. Personally developed training material & infosec challenges, and briefed multiple VIPs on cyber security (USCG Commandant, members of Congress, DHS NPPD Undersecreary). Instructor and curriculum author for Coast Guard course on “Introduction to Linux,” with gamifying learning material and classroom activities. Online YouTube personality to showcase programming tutorials, cyber security guides, and CTF video walkthroughs.
Expanding Our Horizons – The Value of Multidisciplinary Knowledge in Security
Anyone and everyone
Speaker(s): Matthew Perrine
In the age of the internet, a new renaissance is occurring. This renaissance is leading men and women around the world to develop into figures for the history books. They’re becoming scientists and entrepreneurs; businessmen and musicians; artists and world leaders. Seemingly endless expansion of human intelligence is occurring right before our eyes, and it can all be credited to the internet and computers. The goal of this talk is to encourage and assist individuals in the acquisition of multidisciplinary knowledge. If we as a community can diversify how we think and how we approach problems, we can outsmart and out maneuver attackers that would previously have skirted our defenses in seconds. So if you enjoy bad jokes, motivational words, and a unique perspective on life you’ll enjoy this talk.
Bio: I am a Freshman in College with a fiery passion for Physical Security and the multiple facets of security as a whole, not just the cyber realm specifically. In my free time I spend a lot of time researching effective learning and then implementing those techniques to better my personal development. Ultimately I want to help people and since I can’t secure servers or people right now, it just makes sense pass on my lessons to people who can do those things now.
All the Bacon: How Lesley Knope and Ron Swanson encourage community growth
Everyone as we need to be more encouraging
Speaker(s): Kevin Johnson @secureideas
In this presentation Kevin Johnson of Secure Ideas will discuss community and how we are only as good as the people who surround us. Security is a huge undertaking and as it becomes more and more central to industry and our world, we have to improve the ethics and community it has. Kevin will explore some of the failing of the security “community” (whether it is the field as a whole or the regional groups supporting us all) and use these stories to help us all improve what we do and how we help each other.
Bio: Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute . In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion (Star Wars charity group).
MAGIC: Malware Analysis to Generate Important Capabilities
Anyone interested in applications of AI for cybersecurity
Speaker(s): Sean Kilgallon
Manually constructed malware analysis platforms that identify important capabilities in malicious software cannot keep up with the massive amounts of malware being released on a daily basis. Traditional approaches that detect the functional capabilities of malware usually contain brittle handcrafted heuristics that quickly become outdated, and can be exploited by nefarious actors. As a result, it is necessary to change the way software security is approached by using advanced analytics, i.e., machine learning, and significantly more automation, to develop more adaptable malware analysis engines that correctly deduce the important capabilities of malware. In this talk, we discuss using machine learning to find accurate models for the prediction of malware capabilities. We explore the characterization of unseen malware binaries using features extracted from extremely fast static analysis of malicious code, as well as information derived from slower dynamic analysis that comes from the execution of binaries in a malware analysis sandbox. Our experimental results demonstrate that by learning from relatively large amounts of malware, we are able to accurately predict important capabilities of malicious executables with an accuracy of up to 97.70%.
Bio: Sean Kilgallon is a postdoctoral researcher at the University of Delaware and Lead Data Scientist at Cyber 20/20, Inc. His research focusses on large scale machine learning for the detection and classification of malware. Using scalable cloud based static and dynamic analysis, he is able to analyze millions of malware files to be used as features for machine learning. His research interests include deep learning, malware analysis, and high performance computing (HPC).
Certs vs Degree vs Experience. Which one is the winner?
Anyone who is interested in Infosec or can contribute to the discussion
Speaker(s): Moderator – Bruce Dennis
An INTERACTIVE (yes, a discussion with the community and anyone who attends) debate on what is the best path to pursue for a career in Infosec. We’ve all been asked ‘Do you have your CISSP?’, ‘Do you have your degree in CompSci/Math/Infosec?’, ‘Do you have 10 years of experience on x technology (that just came out 2 years ago)?’. What do you think gives someone the edge on the prime position or makes them the person every organization wants to hire? Join us in what has worked/not worked in your career, interviews or pursuits over the years. The goal is to share with the community what’s really important. Maybe your comment impacts the choice someone makes in their journey
Introduction To Ethical Hacking
Speaker(s): Brandon S. Keath
In this fast-paced presentation, we will take a look behind the scenes
at the basic hacking methodology that is often used when conducting a penetration test for an organization. We will walk through the basics the hacking methodology described in the Penetration Testing Execution Framework Including:
Bio: Brandon joined Appalachia in 2018 as a Cyber Security Practice Lead. With prior experience in both private and public-sector IT consulting, Brandon has served in various roles in cyber security over the past 10 years specializing in ethical hacking, cyber security strategy, regulatory compliance, and cyber defense.
Brandon has taught cyber security classes for a world leading Cyber Security bootcamp based out of Chicago and is active in the local Cyber Security community currently chairing the PAHackers Cyber Security meetup group that meets monthly to discuss various issues facing the industry and holding various cyber security related workshops and events.
Brandon has a Master’s degree in Cyber Security and Information Assurance form Western Governor’s University along with numerous security related certifications such as EC-Council’s Certified Ethical Hacker (CEH) and Certified Hacking Forensics Investigator(CHFI) certifications.
Cats, Cats, and Moar Katz – Windows Post-Exploitation
Information security students and those interested in learning about Windows internal security.
Speaker(s): Alex Reuben @l0cal_gh0st
This talk focuses on common methods, techniques, and tools employed by penetration testers and attackers after compromising a Windows system. Live demos will be included to demonstrate the concepts of escalating privileges, moving laterally and expanding, and establishing persistence in a Windows environment. Tools demonstrated will include: Metasploit/Meterpreter (as a base for the attack) as well as Hashcat, Netcat, Mimikatz (for post-exploitation) and others will be touched on or mentioned. The purpose of this talk is to serve as an introduction into the concept of Windows post-exploitation as well as to explore technical aspects regarding the Windows operating system and the tools used to exploit its flaws.
Bio: I am a Delaware Tech Terry campus graduate (Information Security), current Wilmington University student (Computer & Network Security), and second-time speaker at a security conference. I have been attending security conferences and competitions since the start of my time at Delaware Tech including events such as BSidesDE/DC/NOVA/Charm, ShmooCon, CCDC, SANS NetWars, and USCC training camps. I look forward to giving another presentation at BSides Delaware and giving back to the community I’ve spent the last 4 years of my life being a part of.
History of E-waste Recycling
Any age from young adult to…
Speaker(s): Matthew Strong
A complete history of E-Waste recycling from just after WW2 until the present, focusing on the countries involved, methods, laws / regulations and the current state of affairs, based on my 30 years of hands on experience in the US, Latin America, the EU and Asia. 15-20 minutes will be devoted to answering specific questions from participants.
Bio: 2016: present Junction Tech Services LLC
Specialists in Data Center & Telco Central Office decommissioning, with emphasis on re-utilization of equipment.
2010 to 2016 Sims Recycling Solutions UK
SRS International Development
Develop & administer electronics recycling programs and projects for SRS at their 40+ worldwide locations. Purchase materials and negotiate contracts for long term projects. Head of sales & operations for LATAM.
2008 – 2010 Global Investment Recovery, Tampa, FL
Developed Large scale electronics recycling operations in 6 Latin American countries.
1985 – 2008 Crow International Inc Ellsworth, ME
President & CEO
Recycling electronics worldwide. First licensed electronics recycler in Maine. Recycled material for most major and many other Independent Telcos Extensive experience and operations in Latin America.
New England Museum of Telephony, Ellsworth, Maine
Fast-track your Cybersecurity/Hacking Career – Why Take The Slow Lane?
As a long-term practitioner and mentor in the cybersecurity community, I often get questions about how to find a job. This presentation was written to answer the following questions for new cybersecurity professionals as well as those with years in the field: * Steps to finding your first cybersecurity job. * Understanding the importance of Knowledge, Skill, Ability and Tasks (KSAT) before taking a job. * Things you can do to set you apart when pursuing a job. * How to turn a job into a career? * The standard framework for the “Cybersecurity Workforce”. * Identifying the role that is right for you today, and in the future. * The optimal career pathways for advancement and how to leverage “Feeder Roles”. * Common job titles and the education. certificates and skills required to land that job. * Techniques to evolve your knowledge and skills to become a Unicorn. * Geographical decisions and what they mean to your career. * Finding and creating your team of mentors. * References to help you find: training, education (funding), resources, home labs, branding, the best conferences, and much more. And if you happen to be a recruiter, I have included: * The reference to a tool to rapidly draft a cybersecurity Position Description (PD) without the need for extensive training or prior knowledge of position classification. * Standards for hiring, care and feeding of your cybersecurity professionals. * Knowledge and skill scale along with standard salaries – Unicorn Hunting. * Staff supply and demand based on location. * Types of Mentors you need to provide. * Useful references for retaining and motivating staff. In short, this is a one stop presentation to find jobs and careers in a space that has virtually no unemployment and great opportunities!
As a long-term practitioner and mentor in the cybersecurity community, I often get questions about how to find a job. This presentation was written to answer the following questions for new cybersecurity professionals as well as those with years in the field:
* Steps to finding your first cybersecurity job.
* Understanding the importance of Knowledge, Skill, Ability and Tasks (KSAT) before taking a job.
* Things you can do to set you apart when pursuing a job.
* How to turn a job into a career?
* The standard framework for the “Cybersecurity Workforce”.
* Identifying the role that is right for you today, and in the future.
* The optimal career pathways for advancement and how to leverage “Feeder Roles”.
* Common job titles and the education. certificates and skills required to land that job.
* Techniques to evolve your knowledge and skills to become a Unicorn.
* Geographical decisions and what they mean to your career.
* Finding and creating your team of mentors.
* References to help you find: training, education (funding), resources, home labs, branding, the best conferences, and much more.
Bio: Joe is a 35-year veteran of the IT and IA industry. He has extensive experience in DoD, US Government and commercial sectors, focusing on information assurance, red team and network protocol security. As a Fellow for the IPv6 Forum for Cybersecurity, he has participated in development of national and international standards for IPv6 security, as well as International speaking on the topic.
He has also spoken at BlackHat, DefCon, ISSA-RMF “Lifeboat”, NSA ReBl, BSides-DC/LV/Delaware, Toorcon, SECTOR, DISA FSO Security Days, SANS, and many more.
Joe’s day job is as a computer scientist for The Center for Program and Technology, at MITRE. He develops cybersecurity technologies solutions which contribute to creating a more secure Internet.
Quick Picks from Bro/Zeek logs
This is intended to be a firetalk with power-pack presentation on how you can quickly pick some cool things that bad actors are doing, right away from Bro (Now Zeek) logs, without doing ANY kind of customization or loading super cool custom scripts. Isn’t that neat! Yes, Bro can detect some neat stuff with just a bare minimum running configuration and you can flaunt all the new findings from the Bro logs in front of your colleagues and Friends! (P.S: Not Sure what is Bro, How to install and run it? – No worries, attend “The Bro Primer” talk on Friday to get your feet wet in Broland!)
Bio: Fatema Bannat Wala is a Security Engineer at the University of Delaware where her responsibilities include monitoring network traffic for intrusions and malicious activities. Fatema has held prior roles in security research and software engineering and she holds CISSP certification and GIAC security certifications in intrusion analysis, incident handling and penetration testing.
My quest for identity in a vendor turmoil
Speaker(s): Nir Yosha @niryoo
Firewalls, UEBA, network and endpoints, ingress and lateral movement. When all the indicators turn into a clutter of alerts on my SIEM, I feel the vendor fatigue deep inside. In this talk I will try to put a little order in the great chaos of our cyber threat detection world, and suggest to get back to the root questions. Who? Who is behind the behavior? Looking at identity as the new perimeter and anomaly activity as the new indicators. How behavior analytics in real-time can help answer that very basic question. Who?
Bio: Nir started his career as a squad leader in the Israeli Intelligence Corps. He helped companies protect their assets using cyber threat intelligence and inside user’s behavior analytics.
Nir has over 15 years of experience as a security engineer and solution architect.
Nir publishes his posts on LinkedIn and speaks occasionally at security conferences.
Cloud Proxy Technology [The Changing Landscape of the Network Proxy]
Information security practitioners or students wishing to learn more about cyber security in the web space.
Speaker(s): Jeff Silver; CISSP
This class will cover the distinctions between traditional proxy technology and the emergence in recent years of cloud proxy and why it matters to organizations today. This class will also include a review of a production environment and specifically how to use this technology to quickly identify PCs that are infected with malware. Other topics will include SSL decryption and why this matters in a world moving towards 70% HTTPS web traffic in the enterprise. We will end with questions and answers.
Bio: Jeff Silver, CISSP
Senior Security Engineer, Symantec
Jeff has been involved in the network security industry for over 20 years, working with Intrusion Detection, Vulnerability Assessment, Data Loss Prevention and other network security tools. He currently works for Symantec as a Senior Security Engineer in the Mid-Atlantic Region helping enterprise organizations increase their security posture. Jeff was a founding member and officer of the Delaware ISC2 Chapter, and actively serves on the Academic Advisory Boards of Embry-Riddle Aeronautical University, Anne Arundel and Delaware Tech. A strong advocate of building better cyber collaboration with Law Enforcement, Jeff is a graduate of the FBI Citizen’s Academy and a member of Infragard and HTCIA. He currently lives in Newark, Delaware with his wife and two children and outside of the technology industry is active in his church and local community.