The following talks will be offered on Saturday:
Date: Sat, March 23, 2024
|Beyond Ransomware: Examining the Shifting Cyber Landscape
|Ransomware has been around for what seems like forever and still organizations are struggling with the threat. But threat actors are crafting increasingly subtle and covert attacks. These stealthy threats pose significant challenges for traditional security measures, demanding heightened vigilance and innovative detection techniques. This talk will be a discussion of the realities of enterprise security - the landscape is shifting, are we up to the challenge?
|DMARC-y Mark and Phishy Bunch
|Despite all the investments and implementations of anti-phishing solutions, DPRK threat actors are easily bypassing these measures by exploiting organizations missing DMARC policies. In this session, I’ll provide an overview on the importance of implementing a DMARC policy, showcase inauthentic email samples that spoofed legitimate orgs, as well as reveal an on-going campaign by a North Korean nation-state actor that’s leveraging poor DMARC practices at think tanks, NGOs, and other government-affiliated entities to successfully target experts involved in Korean affairs, SEAsian affairs, and nuclear non-proliferation efforts. Lastly, you’ll learn the basics of properly configuring SPF/DKIM/DMARC policies, and strategies for working with your IT teams to implement these changes.
|Exploit and Malicious Tool Development Utilizing Open Source Software
|This talk demystifies (legal) exploit development, providing attendees with a comprehensive understanding of how corporate and freelance hackers utilize open source software (OSS) for offensive purposes. Here, the audience will delve into the mechanics of exploit development using OSS. Additionally, participants will gain insights into the tools and platforms commonly employed in creating exploits, walking through a step-by-step development process. Real-world examples underscore the significance of incorporating OSS into cybersecurity practices and the potential consequences of neglecting this aspect. The final segment sheds light on the common misconceptions surrounding professional exploit development, and provides a nuanced perspective on the tools and techniques involved.
|Styrofoam in a Landfill: CVSS Never Changes
|The days of “patch all the things” or “just patch the criticals” is over. These old practices no longer serve modern enterprise environments well. Zero days are now a common monthly and sometimes weekly occurrence, non-zero days are being weaponized faster than ever, and attackers continue to develop malware and exploits for old CVEs. Yet CVSS scores NEVER change. We have to change our methods, processes, and mindset to keep up.
|Unleash the Hash Monster
|Gobble Gobble! Active Directory loves spewing hashes, all kinds of them. This talk will focus on NetNTLM (or NTLM, call it what you will) hashes. We’ll chat about how they can be obtained and used for privilege escalation and lateral movement.
|Tales From the Crypt…Analyst: The After Life
|The speaker began his career in InfoSec at the National Security Agency first as a Cryptologist, designing and fielding the first software-based cryptosystem ever produced by NSA, and later becoming the primary architect of the first NSA Red Team. This talk will focus on his transition from NSA to the private sector in the early days of Information Security consulting. He will recount stories from the days of trying to convince companies to think about Information Security from a strategic perspective rather than just selling them a bunch of blinky boxes and telling them where to place them. Of course, we’ve solved all these problems from the early days…or maybe, just maybe there are still lessons to be learned.
|Zero Trust Unleashed: Halt the Hack with Microsoft Conditional Access
|MFA is not enough. This presentation will explain how to use Microsoft Entra Conditional Access policies to protect against the primary methods attackers are using to access organizations: the use of stolen credentials and phishing.
|Holistic Approach to Attack Surface Management: Protecting Your Personal and Corporate Digital Realms
|Attack Surface Management (ASM) has traditionally focused on internal processes, assisting corporations in assessing the scope of their network assets and identifying potential attack vectors. However, this presentation delves deeper, shedding light on the multifaceted nature of cyber threats in both personal and corporate domains. It emphasizes the importance of understanding what’s on the network and how attackers can navigate from seemingly innocuous entry points to full-scale network compromise.
|Lies, Telephony, and Hacking History
|You find yourself here at a BSides security conference, but have you ever wondered “How did we get here?” Once upon a time, not long ago, there was no cybersecurity industry or careers. This talk transports attendees on a retrospective journey through time to highlight the advancements which paved the way here. We further explore historic attack vectors to understand how they relate to the cyberattacks of today. Topics include when Social Engineering first intertwined with technology following previous milestones in telecommunications. Our expedition highlights the technological origins of Phone Phreaking, Computer Hacking, Social Engineering, and how these activities relate to modern attacks. The speaker brought numerous hardware relics from the past to show the crowd and demo throughout this presentation. Come learn about what the underground phone phreak and early computer hacker scenes were like, and get ready for some “Show & Telecom”!
|Microsoft at your BEC and (API) Call: Auditing Mailbox Item Access for Incident Response
|Concerned about business email compromise (BEC) attacks? Until recently, organizations using Office 365 for email had no way to audit access to individual mailbox items unless they paid for the premium E5-level license. Under intense pressure, Microsoft has enabled all customers to access these logs - but accessing them and getting the data into an actionable format is still a daunting task. In this talk I’ll show how you can leverage readily-available technologies to pull the mailbox audit logs into your SIEM and datalake solution, giving visibility into individual mailbox item access logs, and potentially reducing your PHI/PII exposure risk in the event of a cybersecurity incident.
|PostScript Pirates: A tale of Memory Corruption
|This is the story of how me and my friend gained a root shell on a lexmark printer for pwn2own. We’ll dive into the fields of web and memory corruption hunting. The talk is full full of firmware dumping and emulation, fuzzing, binary exploitation, and privesc.
|Is Physical Security Also Cybersecurity?
|If you look at security like a Venn diagram, you will notice several aspects of security over lap. So the question is, how does physical security overlap with cybersecurity? Here we will discuss one of the ways this can happen through radio waves.
|Active Directory ain’t going anywhere, so we might as well secure it
|Despite the hopes and dreams of moving to a cloud-centric identity, the reality is Active Directory (AD) is not retiring anytime soon for the organizations that use it. The complexities of how woven into the fabric of a business Active Directory is will put the brakes on even the most ambitious cloud-centric modernization programs. And while Active Directory tends to receive no love from the business, it certainly does from the threat actors – Mandiant has reported that 90% of all breaches they investigate involve Active Directory. Since things are not changing anytime soon, we might as well give AD a little bit of the security TLC. In this session we’ll explore the most common blockers preventing organizations from parting ways with Active Directory. And since this staple directory service is sticking around, we’ll look at the most common threat patterns against Active Directory, and the critical security controls to help keep our users and business secure for as long as AD is here to stay.