8:00 - 8:50
Keynote- Innovating for 21st Century Warfare
Presented by Ernest "Cozy Panda" Wong What the Demi-Gods at NSA have Gotten Wrong!
Since the origins of the Republic, the American people have shown a strong speculative knack that lead to novel ideas for tackling tough problems. From the first American colonists who made do with limited resources, to NASA astronauts who boldly explored space with minimal supplies in order to break free of gravity, Americans have a proud history of advancing new and effective ways of getting the job done. However, the Internet’s rapid growth has meant that the tools for operating in cyberspace are constantly changing. In such a fluid environment, does America still have the capacity to gain the advantages necessary to out-hack those who attack us in the cyber domain? This talk analyzes what innovation really means and highlights differences between revolutionary, evolutionary, sustaining, and breakthrough innovations. Through this framework, we gain tremendous insights that help to progress how our nation can develop more effective tactics, techniques, and procedures for defending (as well as attacking) in the cyber domain.
9:00 - 9:50
Your Facts Are Not Safe With Us: Russian Information Operations As Social Engineering
Presented by Meagan Keim: Over the past few years, Russia has proven itself to be an undeniable master of information operations. The techniques vary, but the majority of them focus on creating new realities and subverting Western values. This makes response efforts much more challenging, and Russia’s info ops strategies have become a key part of the arsenal the country draws upon in achieving its aims both at home and abroad.
By describing personal experience with a steady diet of state-sponsored propaganda while studying abroad in Russia, and by examining the country’s annexation of the Ukrainian peninsula of Crimea as a case study, I will give you an in-depth look at Russia’s info ops and why they’re so effective. I will explain why it’s useful to frame Russian information operations as large-scale social engineering and the implications that has for mitigating the resulting security problems.
10:00 - 10:50
Supercharge Your SOC with Sysmon
Presented by Christopher Lee: "Our SOC was ready for an endpoint detection and response solution, but we couldn't justify the spend before we clearly understood the value. We set out on a year-long journey to build our own solution around Sysinternals Sysmon. Using Sysmon, Windows Event Collection, SIEM, scripts, and a custom database app, we've created a solution that gets most of the value of a commercial solution at practically no cost.
Our presentation is a case study for deploying Sysmon to thousands of endpoints, collecting the log data using native Windows features, and sending it to our SIEM in real-time. We'll detail our Sysmon and WEC infrastructure and config, while giving recommendations and pointing out pitfalls. We will share our favorite SIEM rules to detect evil on our endpoints, and how we present the data back to our analysts for effective investigations. Finally, we'll show how we're enriching the logs with third-party threat intel, and hunting with the data using more advanced analytics."
11:00 - 11:50
Disinformation and Hiding Your Personal Information
Presented by James MacReady: If the Equifax breach has taught us anything, it's that our personal information is no longer in our control. Now is the time to utilize counter-intelligence techniques such as disinformation to maintain our personal privacy. This talk will explain why disinformation is important, but also give real world tips and techniques for spreading false information with the aim to protect your privacy.