Loading…
BSides Austin 2018 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, March 8
 

8:00am

Registration/coffee
Thursday March 8, 2018 8:00am - 9:00am
Big Tex Auditorium

8:00am

Registration/coffee
Thursday March 8, 2018 8:00am - 9:00am
Lil Tex Auditorium

8:00am

Registration/coffee
Thursday March 8, 2018 8:00am - 9:00am
Stadium

8:45am

Opening remarks
Thursday March 8, 2018 8:45am - 9:00am
Big Tex Auditorium

9:00am

Navigating the Alternative Facts of Malware Prevention
This talk, given by two individuals not linked to any anti-malware vendor, is the result of over two years of research covering several dozen tools in the anti-malware space, in an effort to find the ideal tool for our corporate environment. It is intended to be an in-depth focus on the evolution of the space, the tools, and the technologies behind them, with a “no holds barred” approach to presenting our evaluation methodology and results.

Speakers
avatar for Josh Sokol

Josh Sokol

Information Security Program Owner, National Instruments
Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies, including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information... Read More →


Thursday March 8, 2018 9:00am - 10:00am
Big Tex Auditorium

9:00am

Containers: It’s Not Your Mamas Tupperware
The technical community is all a buzz about containers but does anyone really know what they are? We will take the journey together , learning about the evolution of containerization technology. Understanding virtualization, Linux containers, and then moving on to cover the basics of Docker and Kubernetes.

Speakers
avatar for Ell Marquez

Ell Marquez

Ell s been part of the Rackspace family for three years as a Linux Administrator and OpenStack Technical Trainer. In this time she has developed a strong passion for education, mentorship and helping breakdown the barriers keeping new blood from our industry.Brandon has been involved... Read More →


Thursday March 8, 2018 9:00am - 10:00am
Stadium

9:00am

SniffAir – An Open-Source Framework for Wireless Security Assessments
SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.

Speakers
SD

Steven Darracott

Steven Darracott works as a Security Consultant on Optiv’s Attack and Penetration team. Steven’s primary role is to conduct security penetration testing and red teaming assessments for Optiv’s clients, while also developing detailed remediation procedures in order to provide... Read More →
ME

Matthew Eidelberg

Matthew Eidelberg is a husband, father, and big security fanatic. Matthew works as a Security Consultant on Optiv’s Attack and Penetration team. Matthew’s primary role is to conduct security penetration testing and red teaming assessments for Optiv’s clients, while also developing... Read More →


Thursday March 8, 2018 9:00am - 10:00am
Lil Tex Auditorium

10:00am

Inside a Breach: Lesson Learned
A discussion of a real world security breach along with the ensuing investigation and lessons learned along the way. We will discuss details of an actual security breach and the details of the ensuing incident response. Special attention will be given to the attack method and IOCs.

Speakers
PM

Peter Marsh

Peter Marsh has worked in the IT and Information Security industry for over 20 years. He has worked with multiple Fortune 50 companies and Cloud pioneers. He is currently the Director of Security for Hostway


Thursday March 8, 2018 10:00am - 11:00am
Lil Tex Auditorium

10:00am

Security Development: Going Beyond the Tool
Development is not only something that software developers do. As security professionals, we need to continuously grow our development skills and bolster our team’s efficacy. Contributing to and expanding security tools is a vital task that requires more attention and further advancement. This presentation addresses the need for security development in the security industry, personal success within the role, and how to make that terrifying wall of source code on GitHub less intimidating.

Speakers
ZE

Zach Evens

Zach Evens joined General Motors in 2016 and works on the Information Security and IT Risk Management team.  He is based in the GM IT Innovation Center in Austin, TX.   Zach earned his Computer Science degree from the University of Utah, and achieved his Certified Ethical Hacker... Read More →


Thursday March 8, 2018 10:00am - 11:00am
Stadium

10:00am

Target-based Security Model: Mapping Network Attacks to Security Controls


This talk will present a categorization of network-based attacks for the purpose of mapping to appropriate security controls. Using a layered security-zone model allows easy visualization of how/where various security controls can be applied to protect against network-based attacks at different layers. Categorizing network-based attacks according to the targeted zone then allows for direct mapping of security controls to the types of attacks they can be used to prevent.
The goal is a simple, publicly available reference model, allowing vendors, customers, and 3rd-party testers to all speak the same language.

Speakers
GM

Garett Montgomery

I've been working in InfoSec for the past 10+ years, first as a blue-teamer (Security Analyst) followed by IPS-Signature developer, and now as a red-teamer developing attacks for BreakingPoint. I've spent the last couple of years raising awareness around problems with IPS devices... Read More →


Thursday March 8, 2018 10:00am - 11:00am
Big Tex Auditorium

11:00am

Thinking outside the security box: Assembling non-traditional security teams
In an environment where traditional security professionals are scarce, I have taken a different approach to building out a robust pentesting team. By thinking outside the box and adding a bit of creativity to the process, such as providing our recruiters with different technical personas, we have been able to transform the way we attract and hire talent, transforming them into incredible security professionals and consultants. Through mining different industries, technology sectors and practices, we are able to assemble a team that learns and grows together. Their multi-faceted experiences in technology and diverse educational and professional backgrounds helps them introduce each other to different experiences and ways of thinking, enabling them to achieve things they otherwise would not have been able to do on their own.

Building this kind of team requires a clear path and dedicated resources who are invested in the success of both the team at large, and the talent at the individual level. It also requires hard work, ambition, and a willingness to learn from all team members. During this presentation, I will walk the audience through this idea, the most effective way to execute it, and some of the results we have seen since embarking on this initiative.

Speakers
JP

Jay Paz

Jay Paz (GSEC, GWAPT, GISP, GSSP-JAVA) has more than nine years of experience in information security and fifteen plus years of information technology experience including system analysis, design and implementation for enterprise level solutions.  He has a strong background in developer... Read More →


Thursday March 8, 2018 11:00am - 12:00pm
Lil Tex Auditorium

11:00am

Career and Job Search Tips
If there is such as skills gap for information security professionals then why are some professionals having trouble finding work? It takes more than technical, red team or blue team skills to get a job; many companies need to find the "right match" that fits in with their culture and can deliver true business value.

This presentation will provide tips on improving your job search techniques. It will present information from a business perspective on how to improve your "soft" skills so that you may more effectively communicate your qualifications to a hiring manager. It will also recommend what to do--and not do--to separate yourself from other candidates.

Speakers
avatar for Larry Moore

Larry Moore

Larry Moore has over twenty years of Information Security experience as part of his thirty-two year IT career and currently works as the Security, Risk & Compliance manager at Tangoe. He has worked in many other capacities such as critical infrastructure protection, mobile platform... Read More →


Thursday March 8, 2018 11:00am - 12:00pm
Stadium

11:00am

Quick and Dirty Malware Analysis for the Rest of Us
Have you ever been under attack by an APT group using new malware families and novel techniques that security vendors have never been seen before? Having the ability to quickly perform your own malware analysis can be the difference between being in business and going out of business.

In this talk I’ll share some of what I’ve learned from dealing with this very scenario over the last several years. I’ll give you actionable information on how to build your own mini malware lab and perform quick and dirty malware analysis so that you can better prepare, defend and respond to attacks against your environment.

You won’t need years of experience in Intel architecture or expensive training. Everyone who attends will be able to walk away from this talk and start building their own lab tomorrow. I’ll also be releasing a new tool that will help make this easier than it has ever been before.

Speakers
avatar for Ian Robertson

Ian Robertson

Ian Robertson has over [mumble] years of experience in the security industry, ranging from engineer, architect, pentester, software developer, CISO and just about everything in between. He holds a Bachelor’s of Science in IT Security, and is nearing completion of his Master’s... Read More →


Thursday March 8, 2018 11:00am - 12:00pm
Big Tex Auditorium

12:00pm

12:00pm

12:00pm

1:30pm

50 Shades of Graylog
Abstract: Everywhere you turn, there’s a vendor trying to sell you the latest in “AI-powered triple-next-gen threat detection.” While some of these solutions may hold up to the claims, it’s becoming more and more difficult to tell apart truly effective solutions from overhyped marketing. Worst of all, the average cost for good or bad enterprise defense technologies is somewhere between ‘unaffordable’ and ‘is that even a real number?’

This is the talk SIEM vendors don’t want you to attend. We’ll explore some incredible open source solutions that you can implement to not only add significant value to your detection efforts, but even provide active defense capabilities. I encourage you to reach out to your vendor of choice and get a quote for “magic box that can detect and then automatically defend from attacks.” Take the amount they quote you and use it to hire 4 new FTEs, get a new RedBull machine for the SOC, send your entire team to ShmooCon 2019, buy yourself something nice, and then donate the rest to the open source projects I’ll share with you in this deep dive.

Speakers
avatar for Eric Capuano

Eric Capuano

Eric Capuano is an Information Security professional serving state and federal government as well as SMBs, start-ups and non-profits. Also, a member of the Packet Hacking Village team at DEFCON.


Thursday March 8, 2018 1:30pm - 2:30pm
Big Tex Auditorium

1:30pm

Security instrumentation: Be the hero getting value from security
You have many security products, probably too many. But you are still not secure because it's nearly impossible to know if your security products are actually doing what you want. Through live network and endpoint attack demonstrations, see how to use attack behaviors with Bartalex, Vawtrak, Mimikatz, PowerShell, Tunneling and others to validate your actual security products are working. See startling statistics, based on real-life case studies, that illustrate how ineffective many organizations, some with massive security budgets and teams, actually are because of a lack of validation. See how you can turn these attacks into an opportunity to instrument more effective security.

Speakers
avatar for Brian Contos

Brian Contos

CISO, Verodin
Brian Contos is the CISO & VP, Technology Innovation at Verodin. He is a seasoned executive with over two decades of experience in the cybersecurity industry as well as a board advisor, entrepreneur, and author. After getting his start in cybersecurity with the Defense Information... Read More →


Thursday March 8, 2018 1:30pm - 2:30pm
Stadium

1:30pm

The Human Pentest
The mantra of any good red teamer is, “hope for the best, but plan for the worst.” In this talk, we will cover tactics and approaches that can be leveraged to achieve client goals and provide value, even when having to operate within tight logistical constraints. Various stories will be used to provide examples of merging social engineering with physical and logical access during physical red team assessments to ultimately achieve success.

The talk will follow a network pentest theme to help bridge the gap between logical and physical pentesters and also provide examples of how these two types of skills can complement each other, especially in more physically locked down environments.

We will start off with covering the planning process for three different scenarios: brute force, insider attack, and planned attack. Next, we will review “needed” vs. “would be nice to have” tools (for achieving both physical and logical access as well as persistence) and the prep work once a methodology has been agreed upon with the client.

We will then go into tips on what a red teamer should know and do while conducting the assessment such as identifying cameras, sweeping the office before sitting at a computer and preparing hiding areas for nighttime patrols. The talk will also cover more in-depth tactics such as tips for achieving logical access as well as what to focus on once you obtain domain administrator or other high-level privileges within the network. Finally, we will cover worst-case-scenarios and tips for moving forward with an assessment when nearly all hope of reaching the final objective is lost.

Speakers
SL

Summer Lee

Summer Lee (crazian) is part of the Threat & Attack Simulation (TAS) team for GuidePoint Security. She started using social engineer tactics at a very young age which led her to have a special interest in physical Red Team engagements. Crazian is an Army veteran who has been active... Read More →


Thursday March 8, 2018 1:30pm - 2:30pm
Lil Tex Auditorium

2:30pm

Security in Mergers and Acquisitions (M&A)
Mergers and Acquisitions are powerful drivers of business growth but bring a multitude of risks, including cybersecurity risk. When companies grow through acquisition, they often introduce weak links in the network that become entry points for hackers. This presentation will provide guidance on how to secure critical data and systems during the sometimes turbulent M&A process, including:
• Perform a security and compliance gap analysis.
• Coordinate incident response and handling.
• Address the human factor with awareness and training activities.

Speakers
avatar for Miriam Levenstein

Miriam Levenstein

Senior Consultant, NTT Security
Miriam Levenstein, CISSP, CISM, PCI-QSA, CISA, CIPP/E, CCSK - Principal security consultant at NTT Security. 10+ years of cybersecurity experience. Manage and deliver information security, privacy and compliance assessments and advisory consulting services to clients that include... Read More →


Thursday March 8, 2018 2:30pm - 3:30pm
Big Tex Auditorium

2:30pm

Hiding in the Clouds - Leveraging cloud infrastructure to evade detection
The information security landscape is changing. More organizations are taking the right steps to detect attackers operating against their network environments. This is why penetration testers need to start leveraging tactics and techniques that further obfuscate their operations in order to provide a robust and realistic attack simulation.

Cloud infrastructure has introduced unique solutions to new problems that have arisen with the issue content delivery. These very same solutions can be repurposed and leveraged to create a robust and resilient attack infrastructure which will give blue teams a very hard time. Techniques to be covered will include, but not limited to, domain fronting, managing c2 infrastructure, and obfuscating traffic ranging from scanning to web application attacks.

Speakers
avatar for Mike Hodges

Mike Hodges

Senior Consultant, Optiv
Mike Hodges is a senior consultant for the Optiv Attack and Penetration Practice. He has a background in application development and is currently OSCP, Assoc CISSP, and CEH certified. He is currently interested in evasive penetration tactics and techniques and is constantly looking... Read More →


Thursday March 8, 2018 2:30pm - 3:30pm
Lil Tex Auditorium

2:30pm

Rise of the Machines
Many of the top security vendors, InfoSec specialist, and cyber security professional are claiming how artificial intelligence and machine learning are changing the face of defending against the most advanced attacks. Most vendors fail to be transparent on how these technologies work. We are bombarded with buzzwords, yet we don't understand what they mean, what the technology does, and how we should keep vendors accountable. When we look for the details on the specifics of what makes these products effective we are usually given vague answers or told it is a proprietary technology. The truth is there is no magic behind machine learning.

This talk will examine the details behind the mechanics on artificial intelligence and machine learning. How different techniques are being used to detect malware, malicious domains, phishing emails, and other threats. We will examine how these systems need to be setup, trained, and what are some of the inherent weaknesses built into them.

We will examine why these technologies fail and how attackers routinely bypass these methods for detection to infiltrate systems. Attendees will learn about advance attacker techniques and how hackers are using machine learning against organizations that use them.

Learn to look past the marketing hype and understand the true value and limitation of cyber security AI. You will understand what the technology actually has the capability of achieving and how to hold vendors who claim they utilize the technology accountable.

Speakers
avatar for Aamir Lakhani

Aamir Lakhani

Senior Security Strategist, Fortinet
Aamir "Dr. Chaos" Lakhani is a leading senior security strategist. Aamir has designed offensive counter-defense measures for the Department of Defense and national intelligence agencies. He has also assisted organizations with safeguarding IT and physical environments from attacks... Read More →


Thursday March 8, 2018 2:30pm - 3:30pm
Stadium

3:30pm

Operational Security in a Weaponized World
We live our lives in a gadget-orientated age which provides convenience that borders on magical. However, these magical times are not always filled with awe-inspiring wizardry, as we very rarely pull back the curtain to reveal what is there. A quick glimpse of the modern world shows us that a wide range of benign tools and situations can be weaponized.

Join Aaron Crawford of Insider Security Agency as he leads a discussion about the process of operational security regarding the weaponizing of everyday devices found around the office or at conferences. Learn how common devices and scenarios are weaponized by attackers. Having successfully conducted red team engagements on nearly every continent, Aaron demonstrates that it is easier to think inside the box for the win. At no other time is this more evident than this talk as Aaron unveils an entirely new and unstoppable attack vector.

Speakers
avatar for Aaron Crawford

Aaron Crawford

Owner, Insider Security Agency
A certified security professional with over 25 years of experience in the security industry, Aaron Crawford eats, sleeps and continually drinks from the security fire hose. This passion for security lead him to form the Insider Security Agency. His fascination with Social Engineering... Read More →


Thursday March 8, 2018 3:30pm - 4:30pm
Big Tex Auditorium

3:30pm

Choose Your Own Adventure: A Career Guide to InfoSec
Information security (infosec) is a very broad field that may seem to have a high barrier of entry from the outside. If all you know of infosec is from exaggerated news or security conference press coverage, it may seem that many of the engineers and researchers in the fields are as much magicians as they are scientists. That’s rarely the case. STEM fields have many different specialities that each have their own skill sets and focus. Practitioners form a base set of foundational skills and then dive deeper into specialized skills depending on the focus; infosec is no different. This talk intends to break down the field of infosec into some high-level fields of expertise and break down the skills needed to pursue one of the many types of professional jobs available in the industry. This will reveal foundational skills that are helpful no matter which field of infosec you might focus on, as well as some recommendations for next-steps to enhance your field-specific knowledge.

Speakers
avatar for Aaron Portnoy

Aaron Portnoy

Vulnerability Research Group Lead, Raytheon CSI
Aaron has worked professionally in the vulnerability research space for over a decade. He specializes in reverse engineering and exploit development and has given numerous training classes on the topics to beginners. He currently works at Raytheon where he manages a team and works... Read More →
avatar for Andre Protas

Andre Protas

Vulnerability Researcher, Raytheon CSI
Andre has worked professionally in infosec since 2005. Over his career he has been involved in most aspects of offense, fromvulnerability research to operations. He holds a few diplomas but avoids work that require them.Currently he supports Raytheon customers and happily spends all... Read More →


Thursday March 8, 2018 3:30pm - 4:30pm
Stadium

3:30pm

How (Not) to Patch Command Injection Bugs
In 2014 ZDI received a report of a command injection vulnerability in Dell's Sonicwall GMS Virtual Appliance. Normally this type of analysis is relatively simple. However, this analysis took a windy path from the JSP web interface through two XMLRPC sockets, to a binary, which delegated to shell scripts, which sourced yet another shell script that actually parsed attacker-supplied input. All this, just to make simple host modifications. Presumably, the code complexity drove the developers to patch this bug at the webapp level, instead of closer to the root cause. The resultant patch was immediately bypassed and the subsequent patch was also flawed.

A few months later, other researchers reported an additional attack vector involving direct communication with one of the XMLRPC sockets to trigger the same underlying vulnerability outlined in the very first ZDI report.

Ultimately, it appears the soft chewy center remains, but the crunchy outer shell has been significantly hardened, and thus, the hunt continues. This talk will detail the various patch attempts, how they failed or succeeded, and how they were analyzed, bypassed, and exploited with a Metasploit module we are releasing. We'll also discuss the much more comprehensive defense measures currently implemented by the developers.

Speakers
MF

Michael Flanders

Michael Flanders is a Vulnerability Intelligence Intern at Trend Micro's Zero Day Initiative. His focus includes analyzing and performing root-cause analysis on zero-day vulnerabilities submitted to the world's largest vendor-agnostic bug bounty program by researchers from around... Read More →
JS

Joshua Smith

Kernelsmith is a senior security researcher and the "FuzzOps" Manager at Trend Micro's Zero Day Initiative. When he's not herding cats or managing infrastructure, they let him think he's still analyzing vulnerabilities submitted to the program.  He was a pentester in the United States... Read More →


Thursday March 8, 2018 3:30pm - 4:30pm
Lil Tex Auditorium

4:30pm

Becoming a strategic cybersecurity leader
We have heard for years that the role of the CISO is moving into the executive suite, but it is perpetually held back by historical connections to the CIO, constraints to the CIO budget, and the technical foundation necessary for a CISO. Lately a new model has emerged from high-governance organizations to split risk management and compliance (termed the 2nd line of defense) from technical operations, risk ownership, and business-line-level responsibility (termed the 1st line of defense). Progressive organizations requiring more advanced digital risk management recognize the need to move cyber risk management into the second line of defense, and are taking steps necessary to mature cyber risk management into the executive suite.

Speakers
avatar for Earl Crane

Earl Crane

Founder, CEO, Emergent Network Defense
Emergent Network Defense, Inc. (END) provides a Digital Risk Management solution to “secure what matters” by identifying, measuring, and distributing cyber risk ownership throughout the enterprise. We use a biological ant-based swarming approach to identify the most likely... Read More →



Thursday March 8, 2018 4:30pm - 5:30pm
Big Tex Auditorium

4:30pm

Building an Empire with (Iron)Python
Exploring the outer limits of the .Net universe, find out about how a former Microsoft project is allowing Python Empire stagers to come to Windows.

Speakers
JS

Jim Shaver

Jim Shaver is a penetration tester and Open Source contributor.  Jim has spoken at DerbyCon and other BsidesDFW


Thursday March 8, 2018 4:30pm - 5:30pm
Lil Tex Auditorium

4:30pm

Develop the Best: Artifact Based Mentoring for Security Engineers
Many security engineers struggle in a few key areas when it comes to professional career development. Artifact based mentoring can help address these challenges. In this talk we will discuss how to select the right mentoring artifacts to create, learn to be “lucky” and how to drive influence via authority management. A free mentoring template will be provided to help kick-start engineers interested in artifact based mentoring.

Speakers
JS

Josh Stevens

Josh is a Sr. Security Engineer for Amazon's Vulnerability Management program.  Prior to Amazon, Josh was Chief Architect for Security Operations at Hewlett Packard where he led the technical direction for adaptive response and automated IR. Before HP, Josh was instrumental in building... Read More →


Thursday March 8, 2018 4:30pm - 5:30pm
Stadium

6:00pm

6:00pm

6:00pm

 
Friday, March 9
 

8:30am

Registration/coffee
Friday March 9, 2018 8:30am - 9:00am
Lil Tex Auditorium

8:30am

Registration/coffee
Friday March 9, 2018 8:30am - 9:00am
Big Tex Auditorium

8:30am

Registration/coffee
Friday March 9, 2018 8:30am - 9:00am
Stadium

9:00am

KEYNOTE: Next gen CTFs: Integrating blue-team oriented and live network challenges into jeopardy-style CTFs
Speakers
DJ

Daniel J. Ragsdale, Ph.D.

Director, Texas A&M Cybersecurity Center and Professor of Practice, Computer Science and Engineering
Dr. Ragsdale serves as a Professor of Practice in the Computer Science and Engineering Department at Texas A&M University and as the Director of the Texas A&M Cybersecurity Center. His previous experiences included being a program manager at the Defense Advanced Research Projects... Read More →


Friday March 9, 2018 9:00am - 10:00am
Big Tex Auditorium

10:00am

Caught my WebApp cheating on me!
We trust that the web application code executed inside the browser is exactly the code that was sent by our application servers, but that is often not the case. The reality is that current WebApps are very susceptible to client-side injections and tampering. This can be performed by malicious extensions, Man-in-the-Browser trojans, or any kind of injection attack (e.g. reflected XSS).
These attacks are very concerning not only because they change the behavior of the webpage right on the website that the user trusts, but can also be used to leak sensitive information that the webpage has access to. All of this, without the web application owner knowing anything about it.
In this talk, based in our work, we demo a new set of techniques that can be used to monitor a webpage for malicious modifications (DOM-tampering, code injection, event-hijacking, code poisoning, etc) and how to remove them in real-time. The techniques are a combination of recent browser features (such as Mutation Observers) and integrity checks from tamper-resistant JavaScript code running in the webpage.

Speakers
avatar for Pedro Fortuna

Pedro Fortuna

CTO, Jscrambler
Pedro Fortuna is CTO and Co-Founder of Jscrambler where he leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D. Pedro holds a degree in Computing Engineering and a MSc in Computer Networks and Services, having more than a decade... Read More →


Friday March 9, 2018 10:00am - 11:00am
Lil Tex Auditorium

10:00am

Compromise Assessments: Best Practices & Lessons from the Field
Compromise Assessments are a recent and hotly demanded service designed to inform organizations whether their networks are compromised or not. This is not an easy task, especially when it is not a network you are familiar with.

In this talk, we will discuss some of the real-world challenges and best practices of conducting proactive hunts in other peoples' networks. From gaining access to finding persistent threats, malware, and misuse of credentials. We will explore defining, scoping, and conducting these types of assessments to effectively find possible threats while being as efficient and non-invasive as possible.

Speakers
CG

Chris Gerritz

Chris is co-founder of Infocyte, a developer of threat hunting solutions focused on proactive breach discovery and response.Prior to founding Infocyte, Chris was an incident responder for the Air Force CERT. While there, he helped establish and led the DoD's first Enterprise-scoped... Read More →


Friday March 9, 2018 10:00am - 11:00am
Big Tex Auditorium

10:00am

Introduction to Smart Cards and leveraging them in attacks
Most admins assume that deploying the cumbersome smart card will secure their identity challenges. The fact is, PKI smart cards suffer similar vulnerabilities that most other security controls do and can be bypassed using reasonable software attack vectors. In this workshop, pen testers will get an overview of how smart cards work including example call stacks, common use cases and deployment configurations, learn workarounds for poor policies and configurations, how a smart card defends itself, and how to leverage their high trust in attacks. This high level overview will cover OS-level and software based attacks, and will not cover hardware, wireless, or physical attacks on smart cards.

Speakers
avatar for Tim Honker

Tim Honker

Security Solutions Engineer II, Rapid7
Tim Honker enjoys building things and breaking other people’s things. Since 2010, Tim has served at several cybersecurity companies specializing in IAM, MFA, vulnerability management, and penetration testing. Currently a Senior Solutions Engineer at Rapid7, Tim previously worked... Read More →



Friday March 9, 2018 10:00am - 11:00am
Stadium

11:00am

Privacy Management and the GDPR
The EU's General Data Protection Regulation (GDPR) is coming into force this May, with a comprehensive approach to protecting the privacy of European consumers and employees. With its global (!) reach and potential fines of up to twenty (20) million Euros or more, multinational organizations advertising services to (or otherwise profiling) Europeans are scrambling to become compliant. We will provide a high-level overview of the regulation, and then dive into details on the embedded user rights and "Privacy by Design" criteria.

Attendees will acquire a practical understanding of the principles that inform how users' personal information should be managed in accordance with norms that are becoming more prominent in compliance frameworks across the world.

Speakers
avatar for David Ochel

David Ochel

Director of Security and Compliance, AllClear ID
David Ochel (@lostgravity) is a security & privacy technologist with extensive experience in pragmatic information risk and compliance management. David serves as the Director of Security and Compliance at AllClear ID.


Friday March 9, 2018 11:00am - 12:00pm
Stadium

11:00am

A day in the life of a pentester
Have you ever wondered what its like to be a pentester. Are there questions you would love to be able to ask but you don't know any professional pentesters? Well here is your chance join us for a fun, lighthearted, and informative panel with some of the penetration testers from optiv's attack and pen team. We will tell stories answer questions and most of all have a good time.

Speakers
TE

Tim Elrod

Tim Elrod is a professional penetration tester with over 15 years of pentesting and security research experience.  On top of being a black hat and defcon presenter Tim has discovered multiple vulnerabilities in everything from network applications to medical hardware. 


Friday March 9, 2018 11:00am - 12:00pm
Lil Tex Auditorium

11:00am

Credential Stealing Emails - What you need to know
The latest vector in email attacks is credential stealing.  This is nothing new, but there has been a serious increase of activity in this space and it is VERY successful.  Why? Because they criminals are manning the phishing campaigns with live people who are logging into people’s Internet facing systems without 2-Factor Authentication and sending out more campaigns.  Better yet, they are sending it to recent contacts, in small amounts so people are falling for it since they are actively, or have recently communicated with the victim giving the phishing campaign legitimacy.
This talk will walk through several examples of these credential stealing emails, what the emails look like, and what the cred stealing websites tend to look like once clicked.  The discussion will focus on how to investigate this type of attack, what kinds of things you will need, what to look for, what works, and why time is ultimately critical for this type of attack.

Speakers
avatar for Michael Gough

Michael Gough

Founder, Malware Archaeology
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free... Read More →


Friday March 9, 2018 11:00am - 12:00pm
Big Tex Auditorium

12:00pm

12:00pm

12:00pm

1:30pm

ELK - Not Just for Application Logging
The ELK stack (Elasticsearch, Logstash, Kibana) is an open source centralized logging stack. However, it can do so much more. Any file or event can be sent to ELK and then searched using Kibana. ELK can easily be stood up on one system in a few minutes. If you can write something to STDOUT you can send to ELK for searching and storage. If you've ever needed to show or demonstrate findings from scripts or logs ELK can easily do it. I will go through the installation and configuration of ELK and Filebeats and then show some demos on how easy it is to get events into Elasticsearch as well as searching in Kibana. ELK can be set up in a very simple and easy manner but can also be extended to enrich data in a multitude of ways. You should be able to leave with all the knowledge you need to get started with your own ELK stack and some ideas on how to use it.

Speakers
MM

Mark McLauchlin

I am a security enthusiast ever since taking an Ethical Hacking Class. I have an MS in IT from Southern Polytechnic State University in Marietta. Georgia.  I was an Atlanta OWASP Chapter Co-Lead from 2013 to 2015 before moving to Austin. I also enjoy playing with Pi's and Arduin... Read More →


Friday March 9, 2018 1:30pm - 2:30pm
Stadium

1:30pm

Make Vishing Great Again
The purpose of this talk is to describe methodologies which one could follow when performing telephone pretexting. Social dynamics have changed over the years causing the entry barrier to being successful with Vishing more difficult and talking on the telephone less comfortable. The aim of this speech will be to crack the code for a newb getting started so he or she can hit the ground running, jump on the horn, and start pwning some folks like it’s 1989.

Speakers
avatar for Jonathan Stines

Jonathan Stines

Pen Tester, Rapid7
Jonathan Stines is a Senior Security Consultant with Rapid7 and has 5 years of penetration testing and consulting experience. Jonathan has worked on a wide breadth of projects which range from social engineering and internal penetration tests to controls audits and maturity asses... Read More →


Friday March 9, 2018 1:30pm - 2:30pm
Lil Tex Auditorium

1:30pm

Peering into the Abyss - Understanding the dark side of Uninitialized Structures
Structures are an important data type within programming languages. However, they are often improperly initialized, which results in vulnerabilities ranging from information leaks to memory corruption resulting in arbitrary code execution. Be it a local struct or a global variable, improper initialization could have dire consequences with real-world security implications.

This talk covers many of the various ways structures can be initialized and the types of vulnerabilities that can occur if done incorrectly. By reviewing examples in the Apple macOS kernel and in the Microsoft Windows kernel, we identify code patterns to seek out to enable researchers to find bugs and for developers to prevent them. Finally, we’ll end by looking at how developers can make modifications to their compilation process to avoid these issues.

Speakers
W

WanderingGlitch

WanderingGlitch is a security researcher with Trend Micro’s Zero Day Initiative (ZDI). In this role, he analyzes and performs root-cause analysis vulnerabilities submitted to the program, which represents the world’s largest vendor-agnostic bug bounty. His focus includes performing... Read More →


Friday March 9, 2018 1:30pm - 2:30pm
Big Tex Auditorium

2:30pm

Post-mortem on deploying osquery, Kolide, and writing to kinesis
osquery is an open-source endpoint-solution that is gaining a lot of traction. In this talk, we want to share our experience deploying osquery to a fleet of over 35,000 endpoints. In addition, we discuss the trials and tribulations of managing that deployment, getting Kolide (endpoint management) up and running, as well as writing all of this great data to an AWS Kinesis stream.

Speakers
CB

Christian Burrows

Christian Burrows is a dude from Austin TX and is Sr. Security Intelligence for Atlassian. Philip Mire has a much better and cooler background but is also Sr. Security Intelligence with Atlassian.
avatar for Philip Mire

Philip Mire

Atlassian
Philip Mire graduated with a B.S., Computer Science from Texas A&M University-Kingsville in 1995. He has since worked in the Information Security field with several Fortune 500 companies including Motorola, Dell Computers, Visa, and American Funds. Philip currently works for Atlassian... Read More →


Friday March 9, 2018 2:30pm - 3:30pm
Stadium

2:30pm

Enhancing SOC1 by using feedback loops
Cloud enabled Security Operations Center level 1 workflows can be enhanced
by using security outcome data. This feedback becomes a force multiplier that
helps experience analyst to create more accurate threat profiles and the
possibility of predicting new attack campaigns. The proposed approach is based
on crowdsource operator feedback. This crowdsourced operator feedback is possible by creating a global reinforcement crowdsourced learning engine.

The objective is to provide defenders/operators with the ability to compare their
local responses/feedback about threats and malicious campaigns against global data by providing a distributed learning network with open standards that reflect patterns and behaviors of experienced defenders/operators. These feedback loops can then be used to train algorithms and implement automated functions that will enhance less experience SOC operators.

Speakers
RS

Rod Soto

Rod SotoDirector of Security Research at JASK.AI. Joseph ZadehDirector of Data Science at JASK.AILonger Bios --> https://www.blackhat.com/eu-17/presenters/Rod-Soto.htmlhttps://www.blackhat.com/eu-17/presenters/Joseph-Zadeh.html


Friday March 9, 2018 2:30pm - 3:30pm
Big Tex Auditorium

2:30pm

Research Baron
Automated Teller Machines (ATMs) are uniquely interesting targets. They are computer-based systems connected to global financial networks, meant to be unattended and open to the public 24 hours a day, and on top of all that, contain boxes of cold hard cash, sometimes totaling in the tens of thousands of dollars in a single machine. This talk will discuss the challenges in securing ATMs, the areas you should focus on when assessing the security of an ATM, various common flaws found when assessing ATMs, and some successful real-life attacks against ATMs.

Speakers
DC

Dan Crowley

Daniel directs research at X-Force Red, has been working in infosec since 2004, makes his own beer, and is a baron in Sealand.


Friday March 9, 2018 2:30pm - 3:30pm
Lil Tex Auditorium

3:30pm

Strengthen Your SecOps Team by Leveraging Neurodiversity
High productivity, extreme attention to detail, logical/calculated, passionate, and hyper-focused. These are all characteristics considered valuable in the information security industry. However, a certain group of people who exceed expectations in these skill sets are constantly overlooked for job positions. That group of people is the High Functioning Autistic (HFA) community.

Individuals in the high functioning autistic community are often overlooked for job positions due to their social disabilities which makes them perform poorly in an interview and in their interactions with other people. However, if you look past their awkward behavior and social struggles, you will find these individuals are perfectly suited for roles in the information security industry.

This talk aims to show the listeners that, as many tech companies have found, the HFA community is ripe with individuals who could be the best of the best in the security industry if given the chance. The audience will realize that a small investment in time, understanding, and acceptance can result in the addition of an invaluable member to a Security Operations team.

Speakers
avatar for Megan Roddie

Megan Roddie

Security Analyst, Recon InfoSec
Megan Roddie is a security analyst with Recon InfoSec. With previous experience in the public sector and a current position in the private sector, she has a variety of experience in different types of environments. With a love for public speaking, she has spoken at DEFCON, BSides... Read More →


Friday March 9, 2018 3:30pm - 4:30pm
Stadium

3:30pm

A story of writing malware for 5 years
I am writing malware simulators; ShinoBOT family for 5 years.
ShinoBOT family includes…
-ShinoBOT; the backdoor.
-ShinoBOT Suite; the APT framework.
-ShinoLocker; the ransomware simulator.
-ShinoC2; the C&C server provided as a server (C&C as service)
-And other modulable components.
Those tools are used to test the security products, to perform penetration testing by a few clicks. After publishing those malwares, many security solutions added signatures, black-listed the IP address, domain name. In this talk, I will explain how I implemented ShinoBOT to evade the detection of those security solutions including AV, IPS, Sandbox, AI-based AV. Steganography, special encoding method, cryptography, fileless malware, polymorphic malware and some techniques that will be introduced. And this will give an idea about how the attackers observe those security solutions and how they reacts.

Speakers
avatar for Shota Shinogi

Shota Shinogi

Security Researcher, Macnica Networks Corp
Malware simulator ShinoBOT Family author. Penetration Tester/ Red Team tool developer. My hobby is breaking the security solution.


Friday March 9, 2018 3:30pm - 4:30pm
Big Tex Auditorium

3:30pm

Metasploit Minus Metasploit
What do you get when you take a million-line, open-source security project and remove all its code?

With Metasploit Framework, the answer used to be "not much": a couple of test payloads, some dangling database tables, and a few dusty modules stashed in your home directory. While our monolithic design has served well for over a decade, Metasploit has also become the victim of its own success: tight coupling between components has made adding new features increasingly difficult. As the open-source security ecosystem grows more diverse, it is clear that Metasploit needs to evolve in order to continue being fun and hackable for the next generation of coders and researchers.

Last year, the Metasploit team rethought how modules run and how to store and query data, giving careful thought to documentation, usability, testability, automation, and performance. The fruits of this labor include new Python modules, improved performance, better usability, and reduced start time.

During this presentation we will cover the challenges we face isolating modules and data and the solutions we are working on. We will demonstrate new open-source additions to Metasploit: a Python module, a pivoting proxy, and a way to store and query data without the console.

Speakers
JB

James Barnett

James is a sysadmin turned developer and has spent the last 3 years applying his real-world experience to enhancing Nexpose and Metasploit. He has also applied his knowledge to Metasploitable3, and the principles learned to expanding Metasploit Framework through the Goliath API p... Read More →
AC

Adam Cammack

Adam Cammack and James Barnett are Software Engineers for Metasploit at Rapid7. Adam is relatively new to security, coming from application development with emphasis on distributed computing and systems programming. He enjoys breaking things (then fixing them) and abusing protocols... Read More →


Friday March 9, 2018 3:30pm - 4:30pm
Lil Tex Auditorium

4:30pm

Closing ceremonies
Speakers
avatar for Matt Pardo

Matt Pardo

Matt Pardo is obsessed with learning, and his latest focus is on web application security. In his pursuit of better ways to learn all the things a few years ago, he discovered CTFs and realized that the gamification aspect helped him to learn at an accelerated rate. It also exposed... Read More →


Friday March 9, 2018 4:30pm - 5:30pm
Big Tex Auditorium