Loading…
Attending this event?

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Friday, March 27
 

9:00am

Malware Reverse Engineering Class - ECCouncil
Friday March 27, 2020 9:00am - 5:00pm
CTF and Miscellaneous Track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

9:00am

Pivot Into Pentesting - Coalfire LABS
Speakers
BL

Brian Landrum

Security Consultant, Coalfire Systems
Brian Landrum is a Consultant at Coalfire LABS. He holds OSCP, OSWP, and Pentest+ certifications. Brian has taught at BlackHat USA and has expertise in networks, applications penetration testing, red teaming, and mobile application penetration testing. Brian loves using his skills... Read More →
QI

Qasim Ijaz

Director, Coalfire Systems
Qasim “Q” Ijaz is Director of Penetration Testing at Coalfire LABS, who specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of... Read More →
avatar for Jesse Ratcliffe

Jesse Ratcliffe

Coalfire
git@github.com/im4x5yn74x).\">Jesse Ratcliffe has worked in Computer Science and Cyber Security for the better part of 8 years. Although mostly self-taught, he attended and taught Ethical Hacking classes at ECPI University in Virginia as vice-president/co-founder of the N00b Cr3w... Read More →


Friday March 27, 2020 9:00am - 5:00pm
Room 460 3333 Busbee Dr NW, Kennesaw, GA 30144, USA
 
Saturday, March 28
 

8:45am

Opening remarks
Zoom link: https://zoom.us/j/266304316

Saturday March 28, 2020 8:45am - 9:00am
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

9:00am

Keynote address
Zoom link: https://zoom.us/j/266304316

Speakers
avatar for Yvette Johnson

Yvette Johnson

Managing Partner, Passpoint Security
Yvette Johnson (ISO 27001 Lead Implementer, PCIP) is a Governance, Risk, and Compliance subject-matter expert and accomplished Information Security professional. She has over twenty years of Information Technology experience with the last thirteen focused on Information Security... Read More →


Saturday March 28, 2020 9:00am - 9:30am
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

9:25am

Binary Defense

Sponsors
JS

Jessica Skipper

Binary Defense


Saturday March 28, 2020 9:25am - 9:30am
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

9:30am

How to Use Code Signing to Protect your Critical Software Infrastructure
Nearly every business today is a software business. Either software is delivered as a product to customers, or it is used internally for critical business operations. Internally used software could be as simple as operating system shell scripts that copy databases or automate network operations, or as complex as enterprise-wide business infrastructure like accounting or CRM systems. If unauthorized changes are made to this software, either deliberately by a bad actor, or accidentally through employee mistake, there could be severe consequences for the business. 

Code signing has been used for 3 decades to prevent cybercriminals from tampering with delivered software. It’s been an effective technique – so much so that cybercriminals now steal code signing keys to thwart the process.  

Even though many businesses use code signing to prevent tampering with software that they deliver to their customers, many may not use it to protect their internal software infrastructure. Usually this is because it is just too difficult to support the volume of people who need to code sign, too risky to provide this many people with private code signing keys, or there is a lack of PKI expertise in the groups responsible for building software infrastructure. 

In this session we will examine the risks of not signing internal software infrastructure code and the common challenges that businesses face when trying to roll out code signing to large audiences. We will provide best practices for how to effectively do this which is convenient for end users as well as satisfies the needs of the security team.

Zoom link: https://zoom.us/j/266304316

Speakers
avatar for Eddie Glenn

Eddie Glenn

Senior Threat Intelligence Manager, Venafi, Inc
Eddie Glenn is the senior threat intelligence manager at Venafi and is responsible for researching the risks and threats of code signing and endpoint infrastructure. Eddie has more than 30 years of experience in enterprise software at companies such as IBM, Rational, and Wind River... Read More →


Saturday March 28, 2020 9:30am - 10:00am
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

9:30am

Secure Code Warrior CTF Kickoff
Secure Code Warrior Capture the Flag Tournament allow participants to practice, test and prove their web application security knowledge of the OWASP Top 10 and ultimately learn more about secure coding. Players will be presented with a series of vulnerable code challenges that will ask them to identify the problem, locate the insecure code, and fix the vulnerability. Select from various software languages to complete the competition.The faster and more accurately players complete the challenges, the higher the score. Prizes will be awarded for the top 3 participants during the closing remarks.


Saturday March 28, 2020 9:30am - 10:00am
CTF and Miscellaneous Track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

9:30am

Conquering the Cloud: Defense-in-Depth Strategies for Amazon Web Services
Poor credential management, mis-configuration, and insider threat are the top causes of Cloud Infrastructure data breaches according to global research and advisory firm, Gartner. 

In the past two years, the US Department of Defense, US Central and Pacific Command, Accenture, GoDaddy, FedEx, and Cisco all encountered data breaches/unauthorized disclosures due to AWS misconfigurations. 

This talk focuses on strategies for implementing defense in depth within Amazon Web Services, the most widely used of the cloud Infrastructure-as-a-Service providers. 


https://zoom.us/j/998173381

Speakers
avatar for Shane Peden

Shane Peden

Director of Cyber Risk and CISO Advisory Services, risk3sixty
Shane is the Director of Cyber Risk and CISO Advisory Services for the Atlanta based cyber risk management firm, risk3sixty LLC. Shane specializes in helping organizations navigate the complexities of cybersecurity, information risk and compliance. His experience includes acting... Read More →


Saturday March 28, 2020 9:30am - 10:25am
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

9:30am

Diversity in STEM panel
https://zoom.us/j/711704515

Moderators
avatar for Sonia Toson

Sonia Toson

Director of Diversity Relations, Associate Professor of Business Law Accounting, Kennesaw State University
Sonia Toson serves as the Director of Diversity Relations and a tenured Associate Professor of Law for the Michael J. Coles College of Business at Kennesaw State University in Kennesaw, GA. She is a proud graduate of the University of Illinois at Urbana-Champaign where she earned... Read More →

Speakers
avatar for Carla Pham

Carla Pham

Security Analyst
In 2017, Carla graduated from KSU with a BBA in Information Security & Assurance and is now a security analyst at EY. She holds the following certifications: Security+, GIAC GCIH and Palo Alto Networks ACE. She enjoys helping others find their true passion within the cyber security... Read More →
avatar for Kelly Dodson

Kelly Dodson

Senior Security Consultant, Ernst and Young
Information Security, risk assessments, application and infrastructure security, tech-to-business translations, getting your foot in the security door, modernization and standardization of the security function, project management, etc.
avatar for Marquis Montgomery

Marquis Montgomery

Principal Security Architect, PST, Splunk
Marquis works on the Security Professional Services team at Splunk where he assists clients to ensure successful projects involving advanced deployment, SOC development, and security program review for Enterprise Security use cases. Previously at Facts and Measures, LLC, Marquis lead... Read More →


Saturday March 28, 2020 9:30am - 10:30am
'Protect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

10:00am

Exploiting OAuth 2.0 and OpenID Connect: Lessons Learned from Bug Bounty Programs
Modern authorization and authentication designs commonly rely on OAuth 2.0 and OpenID Connect (OIDC), and other related standards. When implemented properly, these protocols are powerful, flexible, and secure. However, design and implementation mistakes are common. Those mistakes could lead to a range of risks that vary from mild to severe, such as complete authentication bypass and and privilege escalation issues. 
To get an realistic insight about those risks, public bug bounty programs also provide us with a great information of different security vulnerabilities, including those associated with authorization and authentication problems. 
This technical presentation will review several examples of design and implementation flaws related to the modern authorization and authentication standards, their security risks, and how to mitigate those risks. This presentation is helpful for security architects, developers, testers, and anybody involved in implementing OAuth 2.0 or OIDC systems.

Zoom link: https://zoom.us/j/266304316

Speakers
avatar for Nawwar Kabbani

Nawwar Kabbani

Software Test Architect, Fidelity National Financial
Nawwar Kabbani, M.Sc, CSSLP, is the lead of the QA Security Testing team at Fidelity National Financial. His team is responsible of testing applications for security vulnerabilities and implementing a secure development life-cycle program. He is usually engaged in security design... Read More →


Saturday March 28, 2020 10:00am - 10:25am
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

10:25am

Coalfire
Zoom link: https://zoom.us/j/266304316

Saturday March 28, 2020 10:25am - 10:30am
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

10:25am

Critical Path
https://zoom.us/j/998173381

https://www.youtube.com/watch?v=mbaxvrqhdP4

Saturday March 28, 2020 10:25am - 10:30am
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

10:30am

From 0 to red team — what does the red team do and when/why do I need one?
This talk will discuss what the red team does and the maturity level that an organization should have in order to truly gain value from a red team engagement. This important to discuss because red teams often do not provide as much value as a higher-level assessment (penetration test, vulnerability assessment) due to an organization’s lack of security maturity. Red team engagements are often requested by organization because it is a “buzz word” or “hot term” in security. After attending this talk, the audience will understand the difference between a vulnerability assessment, a penetration test, and a red team engagement. They will understand the maturity level that should be reached before engaging in any of the aforementioned assessment types. 

-    Get to know your attack surface 
o    What assets do you have? 
o    What applications are in your environment? 
o    What vulnerabilities are in your environment 
-    Vulnerability Management 
o    Allows for the discovery of assets 
o    Helps discover areas of improvement 
o    We can see some of weaknesses and what we need to patch 
o    2nd step on the journey to a red team engagement 
-    Penetration testing 
o    Allows an organization to discover weaknesses in their environment 
o    Opportunity to test security controls 
o    Ideally a blackbox test will be performed by a third party in order to get an independent perspective 
o    Usually compliance driven 
o    Security team often knows the test is in progress 
-    Red Team/Advanced Adversary Simulation 
o    Longer engagement 
o    Often times only a handful of high-ranking execs will know about the engagement 
o    Test blue team capabilities 
o    Emulate advanced adversaries such as nation states 
o    Objective driven 
o    Need to have a mature security program in order to truly get value 
-    Summary 
o    Vuln vs Pen vs Red Team 
o Take aways

Zoom link: https://zoom.us/j/266304316

Speakers

Saturday March 28, 2020 10:30am - 11:00am
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

10:30am

Connecting the Dots, Detecting Threats, and Protecting the Enterprise With Security Onion
Have you ever wanted to know how to use blinky light boxes to hacker-proof your enterprise computer network? Throughout this presentation, we'll cover topics like cyber-impenetrability, foolproof attribution, and how to keep attackers from ever coming close to your crown jewels. Our discussion will even include plans for building and configuring a next-generation firewall capable of not only stopping attackers in their tracks, but making them shake in their cyber boots, and work for you! If this all sounds too good to be true (or a very bad vendor sales pitch), that's because it is! We absolutely WILL NOT discuss these items, but something much more valuable -- context. While there's no silver bullet approach to keeping bad guys at bay, with the proper tools and training, we can use contextual information from our network traffic and host-based telemetry to connect the dots, and build otherwise unrealized relationships amongst our data. This allows us to paint a better picture of our adversaries and their actions (or Joe in Accounting and his unsavory habits), assisting us in detection of threats, and allowing us to better protect to our network.

While there are many excellent free and open source pieces of software to help us gather contextual data, we will discuss the tools and data provided by Security Onion, a platform for enterprise-scale security monitoring, intrusion detection, threat hunting, and log management. Aside from just tools and data, we will also cover an introduction into the architecture and use cases for Security Onion. Finally, we'll finish with an overview of additional opportunities for detection development, integration with other popular open source tools, and provide additional insight in to the future of Security Onion development. Overall, attendees should walk away with a better understanding of how they can peel pack the layers of their enterprise, and make their adversaries cry.

https://zoom.us/j/998173381

Speakers
avatar for Wes Lambert

Wes Lambert

Sr. Engineer, Security Onion Solutions
Wes Lambert is a Senior Engineer at Security Onion Solutions, where he helps companies to implement enterprise security monitoring solutions and better understand their computer networks. Wes is a huge fan of open source software projects, and loves to solve problems and enhance organizational... Read More →


Saturday March 28, 2020 10:30am - 11:30am
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

10:30am

Look! There’s a Threat Model in My DevOps
What if I told you that you can threat model in an Agile or even a CI/CD DevOps environment and that I’m not pitching some automated tool? When developers and security professionals alike think about threat modeling, all too often they become obsessed with frameworks like STRIDE, DREAD, PASTA, etc. Threat modeling is predominantly viewed as a heavy-weight, time-consuming exercise that is simply not compatible with high-paced development paradigms. As a result, organizations that employ these paradigms commonly scratch threat modeling off their Secure SDLC checklist as simply impossible to implement without breaking their DevOps model. They lose sight of the core purpose of threat modeling and as a result are unable to tailor an approach that fits their development lifecycle.
In this session, we’ll turn those misconceptions about Threat Modeling upside down. We’ll go back to the core purpose of threat modeling. We’ll discuss what components of threat modeling are most crucial, what questions we should be asking and who should be answering them. Ultimately, this will all culminate into presentation of an alternative approach to Threat Modeling. We’ll walk through the details of how to implement this backlog-based approach in any development paradigm and demonstrate that it can be done without affecting our development timelines.

https://zoom.us/j/711704515

Speakers
avatar for Alyssa Miller

Alyssa Miller

Application Security Advocate, Snyk
Alyssa Miller (CISM) is a hacker, security advocate, author, professional, and public speaker with almost 15 years of experience in the security industry. She has always had a passion for deconstructing technology, particularly since buying her first computer at the age of 12 teaching... Read More →


Saturday March 28, 2020 10:30am - 11:30am
'Protect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

10:55am

Synopsys
Zoom link: https://zoom.us/j/266304316

Sponsors
TM

Tim Mackey

Synopsys


Saturday March 28, 2020 10:55am - 11:00am
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

11:00am

How to build your own SIEM with open source tools and methodologies
Ever asked a vendor for alert rules or techniques to catch the bad guys only to be told: “every organization is unique”? While there is some truth to that, there also are a bunch of techniques that can be used across any organization based on common attack methodologies. 

In this talk I will discuss how to abstract some of the common event logs from your network, hosts and security devices into the MITRE ATT&CK framework and make sense of the noise. Defenders can use it to identify the spectrum of techniques that an attacker may exhibit, then look across their processes and controls to identify gaps in detection and prevention coverage. 

Presentation details: 

The SIEM problem: 
1) Data that gets loaded to the SIEM is what gives it value. Show as example, a Windows system noisy log and the small events that typically matter. 
2) A SIEM can’t automate information security domain expertise. What if we map the application of your logs to your specific needs? Example - lateral movement based on IDS logs. 
3) One of the most common failings I have seen is a SIEM overstuffed with useless data. What if we can surface only the high risk threats to the user? 
The Abstract solution: 
4) Introducing MITRE ATT&CK - Overview of the open source framework model of attacker methodologies. 
5) Open source SIEM - Using open source for ELK such as Logstash / Beats blugins can help you build your own SIEM with much lower cost. 
Conclusion: 
6) open source ATT&CK + open source SIEM are happy marriage! Examples of making sense of logs on ELK based on ATT&CK framework 
7) Summary - Your security team don't need to be “master defenders” to properly implement SIEM and see positive results.

Zoom link: https://zoom.us/j/266304316

Speakers

Saturday March 28, 2020 11:00am - 11:30am
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

11:25am

Corelight
Sponsors
AK

Alex Kirk

Corelight


Saturday March 28, 2020 11:25am - 11:30am
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

11:30am

Crypto-Agility: Responding Quickly to Cybersecurity Events
Today, organizations rely heavily on TLS and other encryption protocols to protect data inside and outside their network boundaries. However, most enterprises are at risk because they are not maintaining crypto-agility, which is the ability to quickly replace encryption certificates and keys in response to security events, including a certificate authority (CA) compromise, a vulnerable algorithm, or a cryptographic library bug. To achieve crypto-agility, organizations must not only be able to quickly respond to mass certificate replacement events but must also be able to demonstrate policy compliance of all certificates and identify any anomalies. 

To ensure the security of their encryption is maintained, businesses must know where all their encryption certificates and keys are and be able to quickly and securely replace them. Yet most organisations don’t even have a central inventory of these critical security assets. Digital transformation and the expanding definition of machine are exacerbating this challenge with overwhelming growth in the number and complexity of machines—requiring the use of certificates and keys with cloud instances and containers, industry-specific and IoT devices, and other modern applications for authentication and secure machine communications. With this lack of visibility and extreme growth, organisations are not prepared for bulk replacement of keys and certificates in response to a security event. 

This session starts with an overview of the threats and risks that make crypto-agility a requirement for all organizations. The session will also highlight where organizations have had advanced notice of impending large-scale crypto incidents, but most were not, and are not, ready to respond. The session will help attendees evaluate the current certificate management maturity and crypto-agility of their organizations followed by a vendor-neutral actionable plan for achieving crypto-agility to successfully respond to certificate security events.

https://zoom.us/j/998173381

Speakers

Saturday March 28, 2020 11:30am - 12:00pm
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

11:30am

Serverless Password Cracking or: How I Learned to Stop Worrying and Love AWS
Password cracking by the book is expensive, complicated and difficult to scale. Trying to crack passwords on laptops is comparatively slow and unhelpful. Investing in a rack of Nvidia graphics cards to do all the heavy lifting is so costly that the added value is nearly impossible to communicate. 

Too many times, a single uncracked password is the only thing sitting between a penetration tester and a Domain Admin account during an engagement. Inefficient and costly password cracking doesn’t just keep white-hat hackers from doing their best work. It keeps their clients from completely understanding their threat model. 

My colleague and I have set out to create a better solution using existing AWS offerings that drastically reduces costs, improves the quality of penetration testing and red team exercises and can be utilized with almost no barrier to entry. By removing the need to purchase hardware, time spent configuring and managing servers, and by distributing the workload across low-cost/high-power endpoints, we’ve found a way for security experts to crack passwords in a scalable, portable, cheap way without losing processing power.

https://zoom.us/j/711704515

Speakers
avatar for Ryan Basden

Ryan Basden

Manager, Senior Penetration Tester, risk3sixty


Saturday March 28, 2020 11:30am - 12:00pm
'Protect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

12:55pm

NCCGroup
https://zoom.us/j/998173381

Saturday March 28, 2020 12:55pm - 1:00pm
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

1:00pm

Expose Yourself Without Insecurity: Cloud Breach Patterns
Cloud providers continue to increase in usage for the next generation of internet services. Dynamic and ephemeral exposures are being created on an unprecedented level and your old generation of internet scanners can’t find them. Let us show you how they can be found and what it means for the future of unwanted internet exposures. 

Right now, at the click of a button, can you answer the question “What in my cloud environments is internet-facing?”. For most security teams the answer to this question would be a sigh and then “No.” We know that complexity is the enemy of security. We also know a comprehensive asset inventory is step one to any capable security program. How can we monitor for unnecessary exposures without knowing what’s on the internet? 

In this presentation we will look at the most pragmatic ways to continuously analyze your cloud environments and operationalize that information to identify vulnerabilities. 

Through examination of exposure patterns and analysis of passive DNS data, we explore real-world examples of global cloud breaches waiting to happen. There are thousands of vulnerable systems for the commonly used services (e.g. ElasticSearch) and more from the up and coming services you may not even know your organization is using yet. 

Main Takeaways: 
* Most security orgs are maintaining their inventory the old way (i.e. IP ranges) which doesn’t cut it in a dynamic cloud world 
* IPv4 scanners can’t find virtual host services that are ephemeral or require specific paths in the request to function properly 
* Global exposures are only going to increase unless we look at the solution differently and understand the patterns for these breaches waiting to happen

https://zoom.us/j/711704515

Speakers
BG

Brandon Gaudet

Senior Security Analyst, Bishop Fox
Brandon Gaudet is a Senior Security Analyst at Bishop Fox, a cybersecurity consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. Brandon’s areas of expertise are continuous penetration testing, application penetration testing... Read More →
avatar for Oscar Salazar

Oscar Salazar

Principal Security Associate, Bishop Fox
Oscar Salazar is a Principal at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on continuous security assessment, red teaming, application penetration testing, source code... Read More →


Saturday March 28, 2020 1:00pm - 1:25pm
'Protect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

1:00pm

Flex Seal your CI/CD Pipeline
Continuous Delivery is the heart of DevOps. Web applications, APIs and Microservices are now designed to have the latest version deployed as quickly as possible. This revolution has empowered organizations to develop highly available products and platforms. However, most of the traditional security checks are often bypassed since code can be sent from a repository to a production environment in seconds. 

This talk lays down some strategies on how to continue having an operationally efficient DevOps pipeline while incorporating security throughout the entire process. Security is a growing concern in this field, not only because the pipeline is a critical component in many cloud native application and service deployments, but also due to the level of access these systems have to all the infrastructure around it. Most of that access is required for the level of automation organizations are striving to build towards, but forgoing security in this area exposes them in ways they may not know or understand.

Zoom link: https://zoom.us/j/266304316

Speakers
avatar for Ochaun Marshall

Ochaun Marshall

Security Consultant / Developer, Secure Ideas


Saturday March 28, 2020 1:00pm - 1:55pm
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

1:00pm

Compromising Containers and Clusters
Containers seem to be everywhere these days, from application development pipelines to deployed in massive clusters supporting major corporate platforms.  As with any newish technology there's new and fun ways to attack and compromise these systems. This talk will take a look at some of the ways you can break out of containerized systems and attack standalone Docker daemons armed with nothing more than curl and ssh then look at how we can go from existing in a Kubernetes cluster to owning the whole environment.

https://zoom.us/j/998173381

Speakers
avatar for Rory McCune

Rory McCune

Principal Consultant, NCCGroup
Rory has worked in the Information and IT Security arena for the last 19 years in a variety of roles. These days he spends most of his work time on container, cloud and application security. He's an active member of the UK information security community having delivered presentations... Read More →


Saturday March 28, 2020 1:00pm - 2:00pm
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

1:25pm

Bishop Fox
https://zoom.us/j/711704515

Sponsors
SS

Steve Schwartz

Bishop Fox


Saturday March 28, 2020 1:25pm - 1:30pm
'Protect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

1:30pm

The Hacker Hippocampus: Meet your brain on games
Always on the edge of your seat when it comes to new exploits and tricks. From bug bounties, CTFs, live hacking events, simulations, and interactive educational modules, they have been proven to stimulate and enforce new tools and knowledge to become stronger red teamers, blue teamers, and purple teamers. 

But how did gamification come into play and in infosec? And how does our brain process gamification and threats as hackers? 

This gamified/interactive talk shares the history of gamification in infosec, how our brains are stimulated by them, and how it’s transforming lives.

https://zoom.us/j/711704515

Speakers
avatar for Chloe Messdaghi

Chloe Messdaghi

VP of Strategy, Point3 Security
Chloé Messdaghi is the VP of Strategy at Point3 Security.  She is a security researcher advocate who pushes for hacker rights, and strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is... Read More →


Saturday March 28, 2020 1:30pm - 2:00pm
'Protect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

2:00pm

Software Supply Chain Threat Detection
Scenario: Recently XYZ Bank received complaints from customers who closed their online account and had not received the requested check for their remaining balance. XYZ Bank found a SQL backdoor which altered the mailing address of closed accounts to a suspicious offshore address. The escalation that followed raised these concerns amongst XYZ InfoSec, XYZ IT, and the software consultants that developed their online banking application: 
•    How many customers were impacted?  
•    The SOC team had confirmed that external network traffic did not install this backdoor. Where then did it come from? 
•    How many people had access to the source code repositories? 
•    What other code might have been backdoored? 
It is a common trend for global organizations to utilize an onsite-offshore delivery model, wherein software development teams are outsourced to various parts of the world including countries known for active cyber offenses or working conditions that leave knowledge workers bitter and disgruntled. 
To check for security issues, these organizations perform static analysis, code review, dynamic analysis, and penetration testing, to name a few. These techniques discover coding defects such as buffer overflow and cross-site scripting but cannot typically find malicious code such as backdoors and logic bombs. 
In a production enterprise environment, the security operations team monitors for external threats, primarily network attacks, malware, and ransomware. Their tooling is informed by threat intelligence feeds designed to detect patterns of global external attackers, not threats coming from inside the enterprise. 
This presentation provides insight into: 
1.    What is Software Supply Chain Threat Detection? 
2.    How is it different from other defect discovery methods? 
3.    Motive behind such threats in the software world 
4.    How is threat detection performed? 
5.    Points of interest to look for 
6.    Real world scenarios- backdoors, suspicious constructs 
7. Outcome of Software Supply Chain Threat detection - passive and active monitoring

Zoom link: https://zoom.us/j/266304316

Speakers
avatar for Diaspina Ghosh

Diaspina Ghosh

Security Consultant, Synopsys
Diaspina Ghosh works as a Security Consultant at Synopsys, Inc. She has six years of experience in software security that includes penetration testing, source code review, business continuity planning and application risk ranking. Being a consultant, she also supports her clients... Read More →
avatar for Michael Doyle

Michael Doyle

Mike Doyle is a Prinicipal Consultant for Synopsys and is an open source developer. He has served in previous roles as a commercial software developer, a security analyst, and a software security consultant. He has spoken at local, regional, and national conferences and has delivered... Read More →


Saturday March 28, 2020 2:00pm - 2:30pm
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

2:00pm

Manuals for Herding Clouds: Free tools for improved security
Public cloud providers advertise many things. Increased business flexibility. Lower time to provision. Improved value for compute resources. However, after numerous high-profile data breaches and other outages, there is a definite uptick in interest around securing public cloud accounts. As the public cloud market reaches maturity and the players try to differentiate, enterprises, small businesses, security service providers and hackers wearing hats of all colors are digging in to protect or exploit juice corporate and user data. After having spent over a decade deploying production asystems in public cloud providers, I know they move fast, and have a few recommendations that can be applied by practitioners at almost any level to improve their organizational (or personal!) cloud security posture.
This talk will give a short introduction to the elements common to public clouds, proceed to identify common vulnerability or misconfiguration scenarios encountered by the author in the context of various public cloud deployments, identify potential breaches from those misconfigurations, and wrap up with strategies to apply readily available free best-practice resources and open source tooling to identify gaps for remediation.
This is likely a 55 minute talk, but could be trimmed depending on audience.

https://zoom.us/j/998173381

Speakers

Saturday March 28, 2020 2:00pm - 3:00pm
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

2:30pm

How to Give Good Resume!
Zoom link: https://zoom.us/j/266304316

Exhibitors
MV

Mike Vaughan

IT Recruiter, Advanced Business Engineering, Inc
I am an IT recruiter with over 20 years of staffing and recruiting experience. I place Security candidates all across the US. I also place other IT Candidates in contract and full time positions around Atlanta and across the US.


Saturday March 28, 2020 2:30pm - 3:00pm
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

2:55pm

GuidePoint Security
Zoom link: https://zoom.us/j/266304316

Sponsors
JS

Jonathan Singer

GuidePoint Security


Saturday March 28, 2020 2:55pm - 3:00pm
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

3:00pm

The Men Who Never Were: Assessing Ties Between the Samsam Ransomware Campaign and the IRGC
On November 28th, 2018, the U.S. Justice Department indicted two Iranian nationals for their role in developing and deploying the Samsam ransomware over a 3-year campaign netting over $6 million. Up until now, little reporting or information exists about the origins of these actors nor the motivations behind their attacks. However, research into their backgrounds revealed them to be seasoned threat actors with deep ties to Iran’s national security establishment including personal ties to the Islamic Revolutionary Guard Corps (IRGC) and IRGC-affiliated actors also indicted for their role in disruptive cyber attacks against the U.S.
This presentation will trace the origins of these individuals, their ties to other threat actors, and use of tools, previously employed in disruptive attacks, during the Samsam campaign. It will feature an in-depth review of investigative practices used to trace back the operators’ past activities despite high levels of operational security. Their own commentary on participating in Samsam, military ties, and ideological backgrounds will also be examined in light of what was ostensibly a financially-motivated campaign. Ultimately, this talk also seeks to highlight how deep-dive research into individual actors’ past activities can help unearth involvement in emerging threats.

Zoom link: https://zoom.us/j/266304316

Speakers
avatar for Charlie Cullen

Charlie Cullen

Analyst, CrowdStrike
Charlie Cullen works as an intelligence analyst at CrowdStrike focused on the Middle East. Prior to this, he served as a deputy team lead and head of Middle East research at Dataminr in addition to a variety of past roles focused on the MENA region specializing in threat analysis... Read More →


Saturday March 28, 2020 3:00pm - 3:30pm
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

3:00pm

Automated Web Application and API Discovery and Other Things That Sound Simple but Are Actually Difficult
Building an application inventory is a critical but often skipped step in many Application Security programs. Security teams are overly dependent on questionnaires, word of mouth or other passive methods of application discovery. This can create gaps which are filled with unknown, legacy or otherwise risky applications in the environment. These neglected areas then become a perfect foothold for an attack. In this talk we will dissect the challenges around web application and API discovery, and outline approaches that have worked well for our team. We will outline specific techniques for automatically enumerating web applications and APIs and onboarding them into tools that can help identify risk.

https://zoom.us/j/998173381

Speakers
avatar for Jeremy Brooks

Jeremy Brooks

Security Architect
Jeremy is an Information Security Architect at a Fortune 1000 retailer. His responsibilities include penetration testing, security tools development, secure code review, secure architecture review and threat modeling.Jeremy has experience in software development stretching back 20... Read More →
avatar for Stuart Lane

Stuart Lane

Application Security Engineer, Aaron's Tech


Saturday March 28, 2020 3:00pm - 3:30pm
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

3:00pm

Low Tech & Insecure: Building Healthy Boundaries & Defeating Imposter Syndrome
InfoSec/Cybersecurity is a demanding field, with burnout and imposter syndrome as hot topics right next to the latest technological innovations and intel. This talk is all about the human side of things: developing your own (and respecting others’) physical, verbal, emotional - and even sexual - boundaries to ensure you stay mentally healthy and thoroughly human in a challenging space.

Why have this talk at a tech conference? Tech people don't go to HR conferences, and HR doesn't handle these topics anyway.

https://zoom.us/j/711704515

Speakers
avatar for Carlota Sage

Carlota Sage

CEO, Tulle Software & Services, LLC
Raised in the wilds of Alabama by angry chickens and crazy people, Carlota currently lives in North Carolina. When not making a living as a consultant for cybersecurity organizations, she strings beads, destroys cars, drinks whiskey and screams into the dark, dark void that is Twitter... Read More →


Saturday March 28, 2020 3:00pm - 3:30pm
'Protect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

3:25pm

Kenna Security
https://zoom.us/j/711704515

Sponsors
avatar for Chipper Jones

Chipper Jones

Regional Sales Director, Southeast, Kenna Security
Less than 2% of all vulnerabilities and less than 7% of CVSS 7+ ever get exploited, so how in the world is an IT/IS staff supposed to efficiently and intelligently remediate vulnerabilities with 1000s of fixes to be made and no clear way to determine what\'s a priority? Security leaders... Read More →


Saturday March 28, 2020 3:25pm - 3:30pm
'Protect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

3:30pm

Cybersecurity Merger and Acquisition Due Diligence
During a merger or acquisition, you get all the assets of the acquired organization, but you also take on all their liabilities. That's why due diligence has been so important for M&A. Cybersecurity posture is often not considered during M&A due diligence checks, but it absolutely should be. With minimal changes to standard threat hunting methodologies, M&A cybersecurity due diligence is relatively easy to perform. In this session, we will explain the principles of general threat hunting and then show what changes are required to maximize value for M&A due diligence assessments. In every case that the speaker's firm has taken on, the acquired organization's purchase price was decreased due to discovered risk, demonstrating the obvious business value of this activity. In other words, don't buy a breach.

https://zoom.us/j/998173381

Speakers

Saturday March 28, 2020 3:30pm - 4:00pm
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

3:30pm

Realigning From Chaotic Evil
The talk uses AD&D (Advanced Dungeons and Dragons) as a metaphor for problems created by corporations and other organizations by having incorrect metrics and incentives for different teams and the need to realign to solve them. 

The AD&D theme provides a variety of jokes and clip art throughout the talk but enough background on the game is given that the audience does not need to be familiar with it to understand. 

The first part of the talk examines common incentives/goals for offensive and defensive security staff as well as other groups they often interact with such as developers and operations, some of the common ways that they end up working against each other to the detriment of security, and how to fix it. 

The second part of the talk delves into using individual sections of the MITRE ATT&CK framework to create manageable, granular tests that offensive and defensive teams can work together on in order to affect a positive change in a unified way. 

The talk closes with a brief detour into the terminology of video game terminology to use the concept of tanking (players whose characters take the brunt of damage but often are relegated to the not so exciting parts of games) to talk about how junior SOC analysts often do a substantial portion of actually keeping companies secure and how security as an industry should do a better job of respecting and supporting them.

Zoom link: https://zoom.us/j/266304316

Speakers
avatar for Joe Schottman

Joe Schottman

Principal Security Analyst, Truist (not speaking on its behalf)
Joe is a former web developer and system administrator now working in security but whose job duties still manage to end up being \"other duties as required.\" His professional experience includes online video in higher education, high volume news websites, and financial industries... Read More →


Saturday March 28, 2020 3:30pm - 4:30pm
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

4:00pm

What to expect when you are expecting a pen test
Pen Tests. We all do them. The regulators require them. The board wants to see them. They are taking more time, more resources, and more effort. So how do we move from just ticking a box and saving a report, to a test that creates value and moves the needle on security and your security program as a whole? This talk starts from the basic premise that you are doing a test, and walks through from inception, planning, execution, followup and remediation to lay out the pitfalls and traps that are waiting, and how to avoid them. 

Additional content for reviewers (omit from abstract online and in print) 

This talk has been given to FS-ISAC conferences and has been well received. In the talk I go through what pen testing is, what pen testing is not, how to get a good pen test, what to put in contracts, rules of engagement, how to work with pen testers, and how to manage results from a pen test to get successful remediation.

https://zoom.us/j/998173381

Speakers
TD

Tony Drake

Tony Drake has nearly 25 years of experience in systems administration and security in environments ranging from Fortune 500 manufacturing to financial services.


Saturday March 28, 2020 4:00pm - 4:30pm
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

4:30pm

Wrapup & Giveaways
Zoom link: https://zoom.us/j/266304316

Saturday March 28, 2020 4:30pm - 5:00pm
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA