2023 Agenda
9AM
MITRE Mayhem: Developing and Executing Threat-Intelligence Based Red Team Exercises
Landon Rice
Are you ever tired of using the same TTPs on every single engagement? Do you want to develop some new interesting tactics to add to your arsenal, while providing client-relevant reports? Learn how to use industry-specific Threat Intelligence reports to tailor your engagements to emulate real threats to your clients. We'll touch on the methodology of weaving TIBER and MITRE into your Red Team Operations, and how they can be used to provide meaningful results to your clients. Afterwards, the bulk of the talk will be full of resources and how to gain experience with developing malware, attack paths, and C2 profiles to mimic real-world threat actors.
10AM
Phishing: Tragedy of the Commons
Rouble Malik
Phishing is a major problem. Billions of dollars are lost to phishing scams each year, and the victims are often ordinary people who are just trying to go about their daily lives.
In this presentation, I will walk you through the different phishing attack vectors and techniques. I will show you how to identify phishing attacks, and I will even give you a demo of how bad actors steal user credentials.
Finally, I will discuss how to protect yourself from phishing attacks. By the end of this presentation, you will be armed with the knowledge you need to stay safe from phishing scams.
11AM
Apply your Prior Experience(s) to Land a Job in InfoSec
Charlie Chance
Yes, you can. You can translate your prior work experience to be relevant to a job in InfoSec. In this talk, I'll discuss (1) important transferable skills (from a wide array of industries), (2) tips to navigate the interview and job hiring process, and (3) how to use your network to be able to secure networks in your future. In addition to being a hiring manager, I've also navigated these transitions myself – successfully.
12PM
LUNCH
Network. Sit down with someone you don’t know and get to know them. It’ll pay off in the long run - trust me.
Signed, a practicing introvert.
1PM
Going Undercover in the Underground - A Practical Guide on How to Safely Infiltrate and Engage
Derrek Smith
The dark web is filled with threat actors planning nefarious crimes. Cybersecurity professionals know that threat hunting in these underground environments is necessary, but they don’t know the most crucial step to beginning the process. ‘How do you access the deep and dark web?’ and ‘How do you gain a threat actor’s trust?’ These are the most commonly asked questions of cybersecurity professionals preparing a proactive threat hunt.
Navigating the underground requires dedication to persona management and setting up a safe and secure environment to ensure one does not expose themselves to malicious actors. Cyber Threat Intelligence Specialist at Cybersixgill, Derrek Smith, will demonstrate how to set up a secure environment (dirty machine) using Tails, how to find sources in the dark web, best practices when creating your first persona, communicate with threat actors, and of course, how to seek out threats once you gain access to the sources where threat actors plan, play, and profit. All while using real examples that attendees can try for themselves.
2PM
Modernizing the Risk Management Framework to Combat Cyber Threats
Cherie Laliberte
Cyber-attacks continue to rise each year at an alarming rate, where the latest wars are being fought in a cyber realm instead of a terrestrial landscape. To protect missions, cyber practitioners apply the Risk Management Framework (RMF), which often results in a compliance-based assessment that misses the mark for securing our critical data. The National Institute of Standards and Technology (NIST) developed RMF as a comprehensive, flexible risk-based framework. Instead of a compliance-based exercise, a modernized RMF approach provides a holistic technique to system security.
Infusing cybersecurity, threat modeling, engineering principles, and software development together in the System Development Life Cycle (SDLC) strengthens the overall security posture of systems. Modernizing RMF leads to tactical inventions that create a proactive implementation of cybersecurity. Come learn this approach identifies gaps in engineering within each phase of the SDLC, providing solutions that better present the overall risk posture, leading to innovative mitigating solutions.
3PM
Into the mind of a CISO (unfiltered)
Yaron Levi
Ever wondered what is it like to be a CISO? What are the pressures and stresses we are dealing with every day? Are you thinking about becoming a CISO one day?
In this talk, Yaron Levi, 2 times CISO and currently the CISO @ Dolby will share his career experiences, lessons learned and thoughts about how to tackle this ungrateful role.
This will be a great opportunity to get a direct an honest perspective and have an open discussion with a practicing CISO.
4PM
Cracking the Code: Unleashing CodeQL's Superpowers for Open Source Security
Jose Palafox
Dan Shanahan
In the vast landscape of open source software, security researchers play a pivotal role in safeguarding its integrity. Join us in this presentation and live demonstration as we explore CodeQL Multi-repo Variant Analysis (MRVA). Discover how MRVA enables security researchers to harness the strength of CodeQL across thousands of public repositories on GitHub simultaneously, revolutionizing vulnerability detection and fortifying open source projects at scale.
5PM
Clearing the Fog: Detection and Defense against Cloud Persistence Techniques
Ryan Thompson
Cloud breaches are typically associated with smash and grab jobs such as cryptojacking or dumping S3 buckets. However, there is a shift in threat landscape in how adversaries are leveraging cloud platforms to achieve more targeted goals. As these techniques become more sophisticated, there becomes a need for adversaries to slow down and establish persistence in these environments.
Traditionally persistence mechanisms have been focused on the host perspective of SSH key creations, reverse shells executed from scheduled tasks or service installations. Complex IAM permissions and cloud services open the door for a variety of unique persistence mechanisms that we need to be on the lookout for.
This talk will cover persistence mechanisms across the three major cloud providers (AWS, GCP, and Azure). The audience will learn about well established persistence techniques but also about creative new mechanisms that rely on newer cloud services. Most importantly it will cover defensive techniques and focus on the bottlenecks defenders can monitor to detect this activity.