SPEAKERS

Shaping Cybersecurity's Future

The cybersecurity field needs to grow, but it's not an entry level field... or is it? Matt will discuss how you can get involved in nurturing the next generation of cybersecurity talent. Whether you have just broken into the field or have been in the industry for years, this talk aims to point out the best ways our community can pave the way for the next cohort of cybersecurity professionals.

Orion's Quest: Navigating the Cyber Wilderness - Tales of Modern Penetration Testing

In "Orion's Quest: Navigating the Cyber Wilderness - Tales of Modern Penetration Testing", Kevin Johnson of Secure Ideas takes the audience on an expedition through the intricate world of modern hacking and penetration testing. Reflecting Orion's legendary skills and resilience, Kevin delves into a series of real-world stories, each revealing critical vulnerabilities in various target systems and organizations. These narratives are not just about uncovering digital weaknesses; they offer valuable insights and practical lessons. The talk begins by charting a course through the treacherous waters of web-based exploits, highlighting how these vulnerabilities are discovered and exploited. Kevin's expertise shines as he demonstrates the importance of understanding and mitigating these risks in our ever-connected digital world.

The presentation then ventures into the often-overlooked realm of physical penetration testing. Kevin shares eye-opening accounts of legal 'break-ins', illustratin

NIST Cybersecurity Framework v2.0

The National Institute of Standards and Technology (NIST) has updated the widely used Cybersecurity Framework (CSF), its landmark guidance document for reducing cybersecurity risk. The new 2.0 edition is designed for all audiences, industry sectors and organization types, from the smallest schools and nonprofits to the largest agencies and corporations, regardless of their degree of cybersecurity sophistication.

This presentation will cover what's changed from v1.1 to v2.0, how to utilize organizational profile templates, and the NIST CSF 2.0 Reference Tool.

Some Assembly Required: A Low-level Hacking Introduction

Have some familiarity with programming and want to get your foot in the door to reverse engineering and "binary exploitation"? Want to have low-level debugging and hex editors demystified? Would you like to walk away with key building blocks for low-level reverse engineering, fuzzing, malware analysis, and more? In this talk, we cover key fundamentals behind assembly and machine languages in an introductory, but comprehensive way. We apply this knowledge to a tutorial CTF challenge that comes complete with a debugging console, live memory view, and a disassembler. Time-permitting, we'll conclude with an in-depth introduction to key memory corruption techniques.

A Little Bit of This, And A little Bit of Dat

With personal computers and corporate networks becoming more integrated with cloud solutions, cloud forensics has become an important part of the investigative process. When investigating OneDrive, there are multiple artifacts that need to be checked to ensure all files/folders are collected. The process becomes complicated quickly on multi-user systems. This can lead to data loss if these artifacts are not checked or known about, making automation harder. Developed through personal research and available on GitHub, OneDriveExplorer solves these issues. OneDriveExplorer rebuilds the folder structure and parses more data, while preventing storage space and scope of authority issues that come along with collecting files via reparse points. This presentation aims to walk through important OneDrive artifacts, how to use OneDriveExplorer, and what value can be added from using OneDriveExplorer compared to conventionally used tools.

Open Source is running everything, but what is it?

Open source is used in everything, but what is it, and how does it work? What happens if I find a bug, or need a new feature?

There is no one thing we can call 'open source', what we have are millions of individual projects that are all different. Let's look at how some common open source projects work today to understand how bugs and features work.

But the story isn't just about submitting bugs and patches while using someone else's code. Behind every open source project are people. They are under no obligation to read our bugs, accept our patches, or even reply to our messages. Most open source developers are wonderful people who want to help, but we need to keep our expectations and behaviors reasonable.

Open source runs the world and we depend on it every day. We should probably understand how it works.

Secure Coding Practices

This talk is geared more for developers than security professionals. Learn a few key principles to guide you when thinking about writing secure code and designing secure systems. Whether your code is written by AI or humans, we'll discuss practical tools to improve the security of your results. We'll cover how to reduce your risk, what to leverage when, and how to identify and mitigate third-party dependencies and vulnerabilities. You'll learn about sandboxing techniques and how to leverage the growing knowledge of the cybersecurity community in your day-to-day work.

Stack Attack Adversarial Threat Simulation - Unveiling Silent Gaps in Your Security Controls

False positives can inundate IT and information security staff with noise, but it is the silent true negatives - malicious events that go undetected - that pose the most significant risks. Security controls, like firewalls, antivirus, and intrusion detection, often rely on precise configurations, where even a single misconfiguration can nullify the tool's capabilities. In this talk, we will look at our experience in breach investigations to explore common mistakes and pitfalls that undermine the effectiveness of security tools and controls. Moreover, we will share techniques, including adversarial threat assessments, to assess and validate that security controls and tools function as advertised and expected within your organization, providing you with the confidence to detect and prevent potential threats in your environment. We'll explore how this type of testing compares to the penetration testing you may already be doing in your organization and show why both are important.

Securing a Haystack - How to approach Threat Modeling on the system design level

Creating a Threat Model or security requirements for a proposed system which is still in the design phase will create some challenges for a new security engineer or assessor. Where does one even start?

This speech will discuss some of the approaches, mindset and pitfalls when creating a higher level Threat Model, identifying security controls and eventually specifying system level security requirements.

There are many different Threat Modeling methodologies but some of characteristics stay the same.

This presentation grew out best practices when onboarding security engineers to the Threat Modeling and system assessments. It will give an intro what a design-level Threat Model usually entails together with insights into how the modeling process is conducted.

From Denial to Acceptance: Navigating the Five Stages of Grief in Penetration Testing

During this presentation, we'll cover some of our recent past penetration tests and the steps used to reach Domain Administrator. Using real-world examples, organizations can better understand modern attack paths while we detail the emotional and physical 'grinding' that occurs behind the penetration tester's monitor. From the initial reconnaissance phase to the final elevation of privileges, we'll walk through the nuanced tactics and strategies employed in today's cybersecurity landscape. This talk aims to bridge the gap between theoretical vulnerabilities and the practical, often taxing journey of uncovering and exploiting them, offering a candid look at the challenges and perseverance required in the field of penetration testing.

What the hell is Azure AD Smart Lockout?

Password spraying is a fundamental technique for penetration testers, especially with the rise of cloud services and Microsoft's subscription models. Microsoft has introduced security measures to detect and thwart password spraying attempts in its authentication processes. These controls, active by default, mark the end of straightforward attacks on Microsoft Exchange, VPN access, and quick domain admin acquisition.

Microsoft claims its security controls, capable of handling millions of login attempts daily, use advanced detection methods, including a machine learning model named Azure AD Smart Lockout, to identify even the most sophisticated password spraying efforts. However, every detection model has vulnerabilities.

This presentation explores potential weaknesses in Azure AD Smart Lockout, suggesting that through modern web scraping and evasion techniques, it's possible to closely mimic legitimate user login attempts, challenging Microsoft's detection capabilities.

The Wild West of Shift Left: Your New Vulnerability Management Posse

Howdy, partner! Are you ready to join the shift left wagon train? It's the new frontier of DevOps and application security, where you secure your code from the get-go, instead of waiting until the last minute. It's the best way to avoid the outlaws and varmints that lurk in the wild west of cyberspace, such as supply chain attacks, external vulnerabilities, and attacks on developers.

But shifting left ain't easy. You need a lot of skills and tools to make it to the promised land of automation. I reckon you might be wondering:

• What kind of tools do you need to saddle up your code?

• What in tarnation are all these acronyms about?

• How do you make sure your developers are happy and productive, not barking at a knot?

Don't worry, we've got you covered. In this session, we'll show you how to build your own shift left posse, and how to use the tools that work best for your code, systems, pipelines, and data.

Navigating the Complexities of Identity and Access Management (IAM) Projects

In the evolving landscape of digital security, Identity and Access Management (IAM) projects stand as critical pillars that ensure the right individuals access the right resources at the right times and for the right reasons. This presentation delves into the intricate process of designing and implementing effective IAM solutions within organizations, addressing both the technical and cultural challenges associated with these projects.

Cooking for hashcat, improving old recipes and exploring new ones

It's 4:59PM and that hash from MiTM or Kerberoasting isn't cracking. You're slowly beginning to lose hope and Gordon Ramsey is yelling at you for serving hashcat an undercooked RockYou meal with a side of stale rules. Let's avoid another episode of Hash Nightmares by attending this talk. Improve your odds of cracking your next pen test hashes by feeding your favorite hashcat reliable recipes with new twists. We'll look at sprucing up the hashcat diet of masks, wordlists and rules with the help of readily available tools and materials.

The role Industrial (ICS/OT) Cybersecurity will play in the upcoming conflict.

This presentation begins with an introduction to Industrial Control Systems (ICS) Cybersecurity, what Critical Infrastructure is, and the challenges around protecting it. Then, we'll gather insights from historical examples of ICS incidents and apply those insights through a Controls Engineering lens to predict what's next in ICS Cybersecurity.

Preventing, detecting, and resolving identity theft

Wisconsin residents have seen unprecedented identity theft attacks. This presentation will review the state of identity theft and reinforce how to secure your personal information.