2017 Speakers & Abstracts
"SSH+MSF+TOR = Anonymous Remote Shells"Black hats are deploying more infrastructure (compromised or paid for) in the course of their daily duties. I'll discuss and demonstrate at least one possible design and provide in-depth demonstrations of how to chain common tools together to create high anonymity receivers for your remote sh3llz.
Grid (aka Scott M)
“Anti-OSINT...or hiding from The Man”
A lot of people talk about using & gathering OSINT (open-source intelligence) but not many discuss defending against it. In this talk, I will share some methods for defending your privacy against OSINT. Many of these will involve deception & mis-directing the attacker.
Microsoft ATA is a great tool you probably already own whether you know it or not, but all the talks on it have been about setting it up in a lab environment...Until now! This talk will be a totally unbiased, non-vendor speak look into experiences successfully implementing ATA in a large production environment, including what ATA is and is not, architecture, installation, tuning, and how to avoid certain "gotchas" along the way.
"Better OSINT for Better Social Engineering"Social engineering attacks remain the one of the most effective way to gain a foothold in a targeted organization. But those attacks are only as good as the information used to create them. This presentation will arm you with the latest open-source intelligence (OSINT) tools and techniques needed for gathering detailed information on your targets, turning your social engineering ops into carefully targeted precision strikes that can greatly improve your results. We'll also cover steps that you can take to reduce your own OSINT exposure, protecting you and your organization. You'll see techniques for phishing, vishing, pretexting, impersonation, and more. Tool demonstrations will include how to make the best use of OSINT Websites and standalone. There will also be a section for lessons learned in competing in the DerbyCon Social Engineering Capture the Flag (SECTF).
"Cargo Cults and the Reference Interview (a brief history of)""Richard Feynman introduced the concept of cargo cults into science and the idea has subsequently spread into computer programming. Based on an actual phenomenon observed in the Pacific Islands, cargo cults attempted to to replicate rituals that appeared to bring gifts from the sky without understanding what the rituals actually did or how they worked. Replacing knowledge and comprehension with ritual and belief leads to failure in the Pacific, science, programming, and security.
This talk is aimed at being entertaining and informative rather than deeply technical and covers the history of and differences between actual cargo cults, cargo cult science, and cargo cult programming and how the ideas of cargo cult programming can be seen in security operations and testing. It concludes with describing a technique called the reference interview used by reference librarians to attempt to make sure that their users answer the correct questions, something that can help fight cargo cults in the workplace"
Wally Prather & Dave Marcus
“DNC Hacked Data in the Hands of a Trained Intelligence Professional”
What does an intelligence analyst do with hacked political data? This presentation is McAfee's Advanced Programs Group intelligence analysis and targeting methodology applied to collected data from the DNC Servers, Panetta and Podesta Emails, and HRC servers / Emails that were hacked and then leaked.
“Death of an Infosec Professional”
The information security field has been booming for years, and in the past few years, some experts have begun speaking about the field being in a bubble that will inevitably burst. As the field continues to booms, jobs continue to grow, new technologies continue to emerge, many have begun to view some of these calls as just doomsayers and pessimists. But what happens if they are right? What if there is actually something to their words? What does a world without many of us doing our current jobs look like? Should we start considering our next careers now? What is next?
"Training Everyone to Lead"Leadership is an action, not a title. It's a fluid function of the needs of a group or organization to accomplish common goals. So why do some organizations limit that knowledge? The ability to effectively communicate, resolve conflicts, build teams, and plan projects are a portion of the leaders toolbox. These skills are not just for the select but should be part of an organizations vernacular. By examining the practices of organizations that regularly train members in leadership we can understand the positive effects that allow these organizations to more effectively achieve their goals. Members that are driven by autonomy, mastery, and purpose are happier, more engaged, and more productive; and it's leadership ability that creates these opportunities. This talk will examine the difference between management and leadership. Discuss the tools of effective leadership for engaging and inspiring teams. Why sometimes following is good leadership, As well as providing a first hand perspective of receiving and delivering leadership training and it's effects on the organization.
"Breaking $#!+ with Passive Network Assessments... without Breaking Your Client's Budget"
"PEN TESTING IS DEAD: ADAPT OR DEMISE"The ROI provided by a typical penetration test continues to diminish year after year. This can be seen by an ever changing threat landscape where more and more successful breaches are beginning from malicious attachments and links. With these newer threats bypassing perimeter defenses, C levels need to begin looking at their security postures through a different lens.
"Fun with Network Traffic Analysis!"Network traffic analysis is pretty awesome and can be used for troubleshooting connectivity issues but also for forensic purposes. This hands-on workshop will start with the basics and end with file carving and other advanced activities. I build my own packet captures to demonstrate a variety of protocols and network activity.
“Overkill: The Home Edition”
Home networks used to be simple and manageable. Today, to do things right, you need to be a network and security team all in one. Come with me on a journey from a simple flat insecure network to something better. Something that is manageable, secure, and defensible for the users. A network that is, for the builder, a lab for learning and developing skills.
"Finding your next CyberSec Job"
Despite the fact that Cyber Security / Info Sec professionals possess skills that are in great demand- in many cases operating in a negative unemployment environment (meaning more open jobs than qualified people) successfully landing a great job is not always a guarantee. This talk will help turn great cyber pro's into great job seekers as well.
"Crowdsourced Disaster Response: Hurricane Harvey"
The Hurricane Harvey disaster response saw an amazing outpouring of volunteers. This presentation will discuss so me of the technologies used to "herd the cats". We'll be covering the ad hoc tools used by the Cajun Navy, the MO Task Force, and how these groups integrated with local agencies to aid the response and relief efforts.