2019 Talk Agenda

Track 1

Ø  9:00-9:10 Opening remarks

Ø  9:10-10:00 | Leia Shilobod | Sharpen The Saw While Dulling The Knife: The Blue Print For An Effective Cyber Security Awareness Program

End users are on the front lines of defending corporate networks, and one wrong action can pierce through the many complex and elegant layers of IT security. Leia lays out the blue print for creating an effective cyber security awareness program which will engage employees and ‘sharpen the saw’ while decreasing the frequency of cutting through security like a sharp knife.

Ø 1010-1100 | Lucas Tanglen, Sam Reger, Reymond Yammine | Our Insurance Covers That, Right?

Will your company’s cyber insurance policy cover the fines and other liabilities that can be imposed under the European Union’s recently enacted General Data Protection Regulation (“GDPR”)?  Will “war” exclusions in certain cyber policies limit your company’s ability to seek coverage for cyber attacks that are attributed to foreign governments?  As businesses increasingly look to cyber insurance as an integral component of their comprehensive strategies for managing and responding to cyber risks, questions like these take on greater significance.  This talk will include a practical discussion -- from the perspective of a policyholder-side insurance coverage lawyer -- of key features and wordings of cyber insurance policies.  It will be of interest for anyone seeking to understand and maximize the value of their company’s cyber insurance.

Ø 1110-1135 | Rob Truesdell | How do you find the needle in the haystack? Burn all the hay!

In this talk, Rob aims to show how automation can help "burn the hay" and deal with the overwhelming volume of alerts that IR analysts deal with on a daily basis. Rob will give examples of Security Automation & Orchestration (SAO) speeding up the alert triage process through enrichment from internal and external tools, proceeding to a human decision in the loop and then going directly to take response action through integration with existing security tools such as firewalls, proxies, and endpoint solutions.

Ø 1135-1200 | Doug Hagy | Suspect a Cyber-Crime has Occurred? Your First Call Should be to Law Enforcement.

This program introduces the audience to the leading federal agencies for investigating cyber-attacks – the FBI and the United States Department of Justice. While recognizing the role of protective measures and tools provided by the tech sector, the program showcases law enforcement as a uniquely capable means for tracking down, prosecuting, and eradicating the root cause of cyber-attacks – the hacker. The program familiarizes the audience with law enforcement’s commitment, roles, and authorities to meeting cyber challenges head on. The program includes accounts of cyber-crimes originating from both inside and outside U.S. borders. Channels for reporting suspected cyber-crimes are identified. Ways the technology community can collaborate with law enforcement are proposed.

Ø 12:00-1:00 LUNCH

Ø 1:00-1:50 | Steve Mancini & Lawrence Tomei | The Dark Web: Defined, Discovered, Exploited

The Dark Web is its own clandestine network of thousands of websites that most of us do not even know exist, much less how to access. The Dark Web uses its own tools to keep users anonymous and their activities hidden. The Dark Web is so well concealed that the full extent of its use remains largely the topic of hushed conversations. From black market drug sales to child pornography, the Dark Web operates at two extremes of the Internet, from venues for anonymous whistle blowing on one end to unguarded censorship on the other. This article provides a primer for those interested in learning more about the “known unknowns” of the Dark Web. Readers will find an excellent opening manuscript for the newly launched International Journal of Cyber Research and Education as it sets the stage for future research in cyber security and law enforcement. The paper will examine three foundational questions for the reader: What constitutes the ‘deep/dark/underground’ web and keeps it obscure and remote from the community of legitimate users? How can websites that occupy the same virtual space range exist in two parallel dimensions from discoverable to undiscoverable? And finally, how do the actors on the Dark Web mature from novice to advanced? Is it the same process followed by users of the known web? In the corpus of this article, the authors will briefly examine how online markets exist simultaneously on the Internet, serving clients in both known online environments as well as the more secretive, anonymous online world. They will examine how nefarious actors migrate from the “good” web to become novice and then advanced users of the “evil” environments. To the neophyte user, the process introduced herein may appear relatively straightforward. In truth, the notion that any but the most staunchly dedicated practitioner can become a vetted participant in the ‘dark web’ is inconceivable. Even so, with the sheer volume of actors operating in numerous underground forums and marketplaces, the impact remains significant and growing geometrically. Government and industry from all over the globe are hindered in their ability to track and identify the truly advanced actors operating in these more secretive environments. We shall soon see why this is the case.

Ø 2:00-2:50 | Rockie Brockway, Rick Yocum | Att&ck Path Effectiveness

Mitre's ATT&CK framework has many valuable features and characteristics, including the documentation of known threat actor groups and their associated attack techniques, as well as the breakdown of known attack techniques by tactic. One feature that is especially valuable is the cataloging of data sources that could be used to detect each individual attack technique. Roberto Rodriguez initially made the data sources to tools connection in his Threat Hunting blog posts "How Hot is your Hunt Team?" and "Ready to Hunt? First, Show me your Data!". By cataloging all of the data sources your current tools are able to look at (and potentially send to a centralized aggregator for ingestion), you can create a heat map of the known techniques, and how strong or weak your controls are per attack technique. This is effectively "Coverage", e.g. "I have these tools that should detect these techniques". But data sources and tools only represent one side of an effective Blue team, and does no t take into consideration variables such as team talent per tool and talent constraints.

This talk represents the past year's worth of work developing an attack-path effectiveness tool using the Mitre ATT&CK framework, and will walk through the logic and process it took to go from Attack-Path "Coverage" to Attack-Path "Effectiveness".

Ø 3:00-3:25 | Dave Saranchak | Privacy Vulnerabilities and Mitigation Techniques in Machine Learning

The ability to create and rapidly deploy highly accurate machine learning (ML) models is becoming ubiquitous with the high-availability of low-cost ML-As-A-Service technology, evolving application programmer interfaces to advanced algorithms, and open-sourced and crowd-sourced data. However, ML practitioners should be aware that the models can leak information about their training data sets in less studied and understood ways. In this talk, Mr. Saranchak will discuss research into emerging ML privacy vulnerabilities and mitigation techniques that offer defenses without significantly changing the desired model’s accuracy.

Ø 3:30-3:55 | Jon Zeolla | Cleaning Up Your Command Line - Take Control of Your Computer

Throughout your career you will likely spend thousands of hours at the command line. This is a lightning talk that discusses some shortcuts and configurations which will make that experience more enjoyable and efficient. We'll cover why you may want to move from bash to zsh, an introduction to dotfiles (and I'll share some goodies), how to make your command prompt work for you, and provide an intro to some handy non-native tools. While this will be focused on the linux/macOS command line, many of this also applies to PowerShell.

Ø 4:00-4:35 | Kirk Durbin | User Security: Who Is Responsible?

This presentation reviews various tactics used to social engineer users using flaws (or "features") in various platforms (Facebook, Twitter, iMessage, Slack, etc.) and how much responsibility lies with the service provider versus the user. This presentation will include tool releases and demos.

Track 2

Ø  10:10-11:00 | Justin Rogosky | Scripting With Python

Attendees will learn real-world Python scripting skills in a hands-on, lab-based format.

Ø 11:10-12:00 | Sujatha Yakasiri | Docker Security Insights

As innovation in technology increases, security becomes trickier. In order to embrace this latest Docker containerization technology, Product IT organizations must consider security as top priority. Containers vulnerabilities like “Dirty Cow”, “Escape Vulnerability” and a recent vulnerability “Jack-In-The-Box” when unpacking image etc. have shaken the world. Based on my vast experience and knowledge in Docker Security, I would like to present core issues with Docker related components like daemon, images, containers with practical demos and discuss counter measures, Docker Secrets management, Docker Content Trust Signature Verification, Docker notary services, best practices to be followed in production environment and how to deal with Open Source Libraries used in building images.

Ø 12:00-1:00 LUNCH

Ø 1:00-1:50 | Rose Songer | The Overlooked Cyber-Security Risk: 3rd Party Risk Management

An entire business can be put at risk with the simple click of a button. Speed is often considered the priority when an organization realizes a third party can offer value through increased sales, increased throughput or decreased operational expense. However, the failure to properly vet your third party relationships can have serious consequences for your business and your customers.  
Establishing a mature third party information risk assessment process is neither easy, nor a one-time event. This program uses a combination of effective policies and procedures, IT security control frameworks as part of the vendor risk assessment questionnaire, vendor management platform, automation, risk scoring, and working with business partners to facilitate an understanding of risks. This presentation will cover a more thorough examination into the lifecycle of a 3rd party vendor, with the focus on cyber security. We will also take a look into lessons learned with techniques that didn't quite hit the mark on improving the program.

Ø 2:00-2:50 | Stephen V. Bish | Fallacies of Cybersecurity

The creation of an effective cybersecurity strategy requires a thorough understanding of today’s technology landscape, including the most current attack techniques and defensive solutions. With so many constantly shifting technical variables, an organization’s cybersecurity strategy could find itself relying on thought processes that are outdated or based on false assumptions. From a penetration tester’s perspective; these cybersecurity fallacies are often the root cause of significant compromises. During this presentation, we will discuss several critical misconceptions that may be lurking within your organization’s cybersecurity strategy and then review practical remediation methods to improve the overall security posture of your organization.

Ø 3:00-3:50 | Justin Rogosky | Intro to Bash

Attendees will learn Bash scripting techniques using hands-on labs.

Ø 4:00-4:50 | Chris Rodman, Bill Reed, and Brandon Grech | Utilizing 6 Open Source Cyber Tools for Cyber Key Terrain Defense

During this presentation, the speaker will showcase how a cyber defense operator can easily become a valuable asset to an organization by utilizing these six open source cyber tools: Nmap, Grassmarlin, NetworkMiner, Moloch, Kibana, and Maltego. The presenter will showcase each tool’s functionality, showcase a live demo of how each tool operates, and provide cheat sheets for each tool’s utilization. Below is a one-liner regarding each tool: Nmap (“Network Mapper”) perform network discovery, host discovery, OS detection, security auditing, and other enumeration tasks. Grassmarlin (created by the NSA, now open source) passively maps and displays a network on critical cyber-physical systems (including ICS/SCADA). NetworkMiner is an open source Network Forensics Analysis Tools that can live sniff a network or allow for PCAP importation to extract files and other key data within the network traffic. Moloch is an open source, large scale, full packet capturing, indexing, and database system. Kibana (within Security Onion’s Elastic Stack) allows an operator to visualize network (and other) data by creating searches, visualizations, and dashboards to provide optimal insight on your cyber key terrain. Lastly, Maltego is an interactive data mining tools that creates graphs and links for open source reconnaissance.

Other Potential Opportunities

But really, we are looking for any kind of security/hacking related talks. We’d love to see a few presentations regarding:

  • Cryptography

  • Secure Communications

  • Secure Desktops/OS

  • Privacy

  • Anonymity/Pseudonymity

  • Embedded Systems or IoT

  • Mobile (OS, application, baseband, etc.)

  • Application Security

  • Network Penetration Testing

  • DFIR

  • Hacker Community and infosec industry perspectives

  • Tool release