Countdown

Schedule

  • Constitution Hall
    8:00 - 8:50
    Keynote- Innovating for 21st Century Warfare
    Presented by Ernest "Cozy Panda" Wong What the Demi-Gods at NSA have Gotten Wrong! Since the origins of the Republic, the American people have shown a strong speculative knack that lead to novel ideas for tackling tough problems. From the first American colonists who made do with limited resources, to NASA astronauts who boldly explored space with minimal supplies in order to break free of gravity, Americans have a proud history of advancing new and effective ways of getting the job done. However, the Internet’s rapid growth has meant that the tools for operating in cyberspace are constantly changing. In such a fluid environment, does America still have the capacity to gain the advantages necessary to out-hack those who attack us in the cyber domain? This talk analyzes what innovation really means and highlights differences between revolutionary, evolutionary, sustaining, and breakthrough innovations. Through this framework, we gain tremendous insights that help to progress how our nation can develop more effective tactics, techniques, and procedures for defending (as well as attacking) in the cyber domain.
    9:00 - 9:50
    Your Facts Are Not Safe With Us: Russian Information Operations As Social Engineering
    Presented by Meagan Keim: Over the past few years, Russia has proven itself to be an undeniable master of information operations. The techniques vary, but the majority of them focus on creating new realities and subverting Western values. This makes response efforts much more challenging, and Russia’s info ops strategies have become a key part of the arsenal the country draws upon in achieving its aims both at home and abroad. By describing personal experience with a steady diet of state-sponsored propaganda while studying abroad in Russia, and by examining the country’s annexation of the Ukrainian peninsula of Crimea as a case study, I will give you an in-depth look at Russia’s info ops and why they’re so effective. I will explain why it’s useful to frame Russian information operations as large-scale social engineering and the implications that has for mitigating the resulting security problems.
    10:00 - 10:50
    Supercharge Your SOC with Sysmon
    Presented by Christopher Lee and Matt Giannetto: "Our SOC was ready for an endpoint detection and response solution, but we couldn't justify the spend before we clearly understood the value. We set out on a year-long journey to build our own solution around Sysinternals Sysmon. Using Sysmon, Windows Event Collection, SIEM, scripts, and a custom database app, we've created a solution that gets most of the value of a commercial solution at practically no cost. Our presentation is a case study for deploying Sysmon to thousands of endpoints, collecting the log data using native Windows features, and sending it to our SIEM in real-time. We'll detail our Sysmon and WEC infrastructure and config, while giving recommendations and pointing out pitfalls. We will share our favorite SIEM rules to detect evil on our endpoints, and how we present the data back to our analysts for effective investigations. Finally, we'll show how we're enriching the logs with third-party threat intel, and hunting with the data using more advanced analytics."
    11:00 - 11:50
    Disinformation and Hiding Your Personal Information
    Presented by James MacReady: If the Equifax breach has taught us anything, it's that our personal information is no longer in our control. Now is the time to utilize counter-intelligence techniques such as disinformation to maintain our personal privacy. This talk will explain why disinformation is important, but also give real world tips and techniques for spreading false information with the aim to protect your privacy.
  • Congress Hall
    8:00 - 8:50
    Keynote - Innovating for 21st Century Warfare
    Since the origins of the Republic, the American people have shown a strong speculative knack that lead to novel ideas for tackling tough problems. From the first American colonists who made do with limited resources, to NASA astronauts who boldly explored space with minimal supplies in order to break free of gravity, Americans have a proud history of advancing new and effective ways of getting the job done. However, the Internet’s rapid growth has meant that the tools for operating in cyberspace are constantly changing. In such a fluid environment, does America still have the capacity to gain the advantages necessary to out-hack those who attack us in the cyber domain? This talk analyzes what innovation really means and highlights differences between revolutionary, evolutionary, sustaining, and breakthrough innovations. Through this framework, we gain tremendous insights that help to progress how our nation can develop more effective tactics, techniques, and procedures for defending (as well as attacking) in the cyber domain.
    11:00 - 11:50
    IoT devices are one of the biggest challenges
    Presented by Charles Sgrillo: IoT devices are one of the biggest challenges for security professionals now and will continue to be in the future. The security of these devices is critical as more of these insecure devices come to market. As professional we need to have an idea how these devices effect our organization. In this talk we will explore the basic principles of IoT PenTesting, how to build an effective toolset, reverse engineering, and analyzing wireless signals with SRD.
    13:00 - 13:50
    Evading C2 Detection with Asymmetry
    Presented by Andrew Johnston and Anthony Motto: Detecting callouts to command-and-control (C2) servers used to be straightforward, but attackers in your network have found ways to communicate with the outside world even under the heaviest of scrutiny. In this talk, we discuss ways to use popular websites as means of getting commands and exfiltrating information. We examine the applications of asymmetric communication, from Internet-accessible computers to embedded devices to air-gapped systems. Finally, we give some suggestions to defenders, and discuss how to detect and mitigate risks that enable asymmetric malware.
    17:00 - 17:50
    File Polyglottery; or, This Proof of Concept is Also a Picture of Cats
    Presented by Evan Sultanik: A polyglot is a file that can be interpreted as multiple different filetypes depending on how it is parsed. While polyglots serve the noble purpose of being a nifty parlor trick, they also have much more nefarious uses, e.g., hiding malicious printer firmware inside a document that subverts a printer when printed, or a document that displays completely different content depending on which viewer opens it. This talk does a deep dive into the technical details of how to create such special files, using examples from some of the recent issues of the International Journal of PoC||GTFO. Learn how we made a PDF that is also a valid NES ROM that, when emulated, displays the MD5 sum of the PDF. Learn how we created a PDF that is also a valid PostScript document that, when printed to a PostScript printer, produces a completely different document. Oh, and the PostScript also prints your /etc/passwd file, for good measure. Learn how to create a PDF that is also a valid Git repository containing its own LaTeX source code and a copy of itself. And many more!