Loading…
Saturday, June 25
 

8:00am EDT

Registration
Saturday June 25, 2016 8:00am - 8:45am EDT
Grog Shop (upstairs)

8:45am EDT

Opening Introductions
Saturday June 25, 2016 8:45am - 9:00am EDT
Grog Shop (upstairs)

9:00am EDT

Morning Keynote
Speakers
IA

Saturday June 25, 2016 9:00am - 10:00am EDT
Grog Shop (upstairs)

10:00am EDT

Ask a CISO
There are a lot of different talks that are on specific topics, but it's not possible to cover everything in depth. This will be an actual discussion on security, focusing on YOUR questions.
Speakers
avatar for Jamie Murdock

Jamie Murdock

Jamie has specialized defending, securing, and protecting corporate networks. During this time, he built security operation centers for Fortune 500 companies, providing expert guidance in all areas of security operations. He built incident response and threat intelligence programs... Read More →

Saturday June 25, 2016 10:00am - 10:30am EDT
B-Sides Liquor Lounge (Downstairs)

10:00am EDT

Elementary, my dear Watson – A story of indicators
A real story of the cyber attack on the Israeli Police Department during 2012 and the effort in identifying the tools and infrastructure used by the adversary. A look, behind the scene, of the threat intelligence analyst work and investigation process and lesson learned.
Speakers
avatar for Nir Yosha

Nir Yosha

Nir started his career as a squad leader in the Israeli Intelligence Corps. He helped with gathering intelligence tracking the growth of terrorist organizations. Nir has over 10 years of experience as a security engineer both in visual and network security areas. He worked for multiple... Read More →

Saturday June 25, 2016 10:00am - 10:30am EDT
Back Patio

10:00am EDT

Preventing credential theft & lateral movement after initial compromise.
You’ve done the patch work, you have good perimeter defenses, and even application whitelisting, however, an attacker has found themselves on an end-user machine. For most networks, once an attacker has gained access the game is usually over quickly for the blue team. In this session, I will discuss several techniques used by attackers to find additional credentials and laterally move about and how to prevent them. Implementing these changes will slow down escalation and lateral movement and credential theft to provide an opportunity for detection and subsequent response.
Speakers
CM

Cameron Moore

Cameron Moore has been working in IT and Information Security for 16 years. He holds a Bachelor’s Degree in Computer Science from Texas State University and is a Certified Information Systems Security Professional. Cameron is passionate about Red Team/Blue Team exercise and security... Read More →

Saturday June 25, 2016 10:00am - 11:00am EDT
Grog Shop (upstairs)

10:30am EDT

Fun with One Line of Powershell
This talk shows how to use one line of PowerShell in different ways to get meterpreter on a system. Beginning with the creation of a malicious ps1 file using msfvenom, starting a handler, and hosting the malicious ps1 for targets to download. Once the target runs the one liner, it'll download and execute the malicious ps1 file giving you a meterpreter session. I then go over different ways to get targets to run the one liner using a Teensy, a shortcut on a network share, a macro enabled spreadsheet, a misconfigured mssql server (blank SA), and using ysoserial to exploit vulnerable java deserialization functionality.
Speakers
MT

Matthew Turner

I live in North Carolina and I work for a fortune 500 financial institution on their Red Team. I have GPEN, GWAPT, GCIH, GSEC certifications. I was born and raised in the greater Cleveland area and moved to the Durham/Raleigh area a little over 2 years ago.

Saturday June 25, 2016 10:30am - 11:00am EDT
B-Sides Liquor Lounge (Downstairs)

10:30am EDT

Crime Prevention Through Environmental Design
Learn how to use non-traditional design elements to enhance physical security. Capitalizing on environmental aspects of design can help you reinforce traditional measures, often with little investment, and by using existing budgeted items.
Speakers
MM

Michael Mendez

After crashing, then successfully restarting a Radio Shack demo computer at the age of around 9 or 10 (a much more impressive feat in those days), Michael continued to break, fix, upgrade, and debug his systems enough to believe he knew what I was doing. Followed by studying programming... Read More →

Saturday June 25, 2016 10:30am - 11:30am EDT
Back Patio

11:00am EDT

Better life through Models
Models play a major role in our lives - we start using them as an infant to understand everything from motor skills to social constructs, and continue using them throughout our lives as we develop. We will look at the impact models can have on skills development, security program development, and even dealing with/planning for/analyzing specific threat scenarios. To do this we'll dive into the good and bad of various models at work in the industry today, have a few laughs, and discuss the characteristics that make said models valuable from different angles.
Speakers
SL

Steven Legg

Steven D. Legg (@ZenM0de) is a Principal Security Strategist for eSentire. Bringing more than 16 years of experience with everything from designing secure nationwide multimedia distribution networks to directing teams and building businesses, Steven now spends his time assessing... Read More →

Saturday June 25, 2016 11:00am - 12:00pm EDT
B-Sides Liquor Lounge (Downstairs)

11:00am EDT

Learning From Pirates of the Late 1600s - The first APT
"In an effort of general threat intelligence I sought to understand what understanding of other criminals could be applied to cyber criminals. What I found was startlingly useless. The difference between our adversaries and traditional criminals is not simply modernity. The dynamics and incentives underlying these advanced actors is fundamentally different from traditional thieves or even organized crime. The closest comparison I have found is the pirates of the late 1600s.

Pirate companies share a similar distinction - roaming the seas instead of cyberspace and sailing through significant gaps in international law. They organized together but did so by inventing democratic organization more advanced than the world had seen before. These pirate companies, forced to innovate or die, turned into some of the most progressive companies the world had ever seen. There is a lot of learn from this stunning level of innovation. Drawing from history we can also examine which strategies were successful in stopping pirates - and which failed"
Speakers
avatar for Adam Hogan

Adam Hogan

CrowdStrike
Adam Hogan is a field security engineer for CrowdStrike. With 15 years in infosec he has worked as a SOC analyst, intrusion detection consultant and taught security classes before joining a sales team for the privilege of not having to go into the same office every day to feign interest... Read More →

Saturday June 25, 2016 11:00am - 12:00pm EDT
Grog Shop (upstairs)

12:00pm EDT

LUNCH
Free Taco Truck for attendees
Saturday June 25, 2016 12:00pm - 1:00pm EDT
Back Patio

1:00pm EDT

AfterNoon Keynote - Chris Roberts TBA
Speakers
avatar for Chris Roberts

Chris Roberts

Chief of Adversarial Research and Engineering, LARES Consulting
Chris currently works at Lares, prior to that he’s founded or worked with a number of companies specializing in DarkNet research, intelligence gathering, cryptography, deception technologies, and providers of security services and threat intelligence.Since the late 90’s Chris... Read More →

Saturday June 25, 2016 1:00pm - 2:00pm EDT
Grog Shop (upstairs)

2:00pm EDT

Security Automation in your Continuous Integration Pipeline
Developers use unit tests and acceptances tests in continuous integration (CI) to find bugs early and often in a repeatable way. Security is an important part of any software development life cycle. So why not add security analysis tools to this pipeline? This talk will cover adding and using OWASP/pipeline, a framework made for running security analysis tools in CI.
Speakers
JB

Jimmy Byrd

Jimmy Byrd is currently a Security Developer at Binary Defense Systems. He has worked as a developer for 8 years in a collection of fields such as manufacturing, education, medical, and SCADA. After being the victim of a SQL Injection attack in 2011, Jimmy started learning more about... Read More →

Saturday June 25, 2016 2:00pm - 2:30pm EDT
B-Sides Liquor Lounge (Downstairs)

2:00pm EDT

Playing Doctor: Lessons the Blue Team can Learn from Patient Engagement
At CircleCityCon 2015 in the presentation “Turn Your Head and Cough”, Nathaniel "Dr. Whom" Husted compared security architecture assessments to being a physician. The similarities run deep. Doctors struggle with patient compliance, complex and unclear problems, time and resource pressures, and succeed only when others carry out their recommendations. Doctors struggle all the time. In this session, we explore the field of patient engagement and discuss how doctors are trained to drive patient behavior. We will cover the metrics and reporting used to determine patient engagement. And at each step along the way, lessons will be shared for applying these ideas to information security. So the next time you present an IT compliance report, the next time you share your findings from a penetration test, or the next time you tell developers their code is weak, you’ll be ready to drive behavior and get results by playing doctor.
Speakers
JW

J. Wolfgang Goerlich

Advisory CISO, Duo Security
J Wolfgang Goerlich supports information security initiatives for clients in the healthcare, education, financial services, and energy verticals. In his current role with CBI, a cyber security consultancy firm, Wolfgang is the senior vice president for strategic security programs... Read More →
SS

Stefani Shaffer-Pond

Stefani Barner is a nationally-recognized nonprofit and management expert with extensive coaching, training, and consulting experience. With over 20 years of business and nonprofit management experience, she is frequently asked to serve as a Subject Matter Expert for media outlets... Read More →

Saturday June 25, 2016 2:00pm - 3:00pm EDT
Grog Shop (upstairs)

2:00pm EDT

The Art of Bit-Banging: Gaining Full Control of (Nearly) Any Bus Protocol
Most buses have dedicated hardware that a system uses to communicate with attached devices. This hardware generates the appropriate waveforms to implement the bus' protocol. Bit-Banging is the set of techniques that allows one to generate these waveforms directly from software using little to no extra hardware.

Controlling these waveforms from software has many advantages:
-Protocol Violations - transmitting sequences on the bus that the hardware would not normally permit opens up a whole new vector for attacking a system.
-Monitoring - passively observe traffic going across a bus, good for reverse engineering, and debugging.
-Packet Injection/Suppression - waiting until a device sends a packet, stopping the packet in its tracks, writing your own in its place.
-Access Non-Standard Protocols - some devices use proprietary protocols for which there is no standard hardware to interface to it.

This paper presents the primitive operations used for bit-banging, introduces some of the common strategies involved, looks at some of the common pitfalls encountered, and gives an overview of some advanced techniques that can be used when software is not fast enough to meet the required protocol.
Speakers
AW

aaron waibel

For the last six years, Aaron has worked as a Development Engineer for Quintech Electronics. A great deal of his job is writing firmware and the applications that communicate with that firmware. Outside of work, he likes to write virtual machines, assemblers, and compilers, as well... Read More →

Saturday June 25, 2016 2:00pm - 3:00pm EDT
Back Patio

2:30pm EDT

The WiX Toolset, How to Make Your Own MSIs
A 20 minute crash course on the basics of: Using the WiX Toolset to create your own MSIs. Debugging your MSIs. Creating a UI for your MSIs. Making MSI creation flexible enough for automation.
Speakers
avatar for Charles Yost

Charles Yost

Charles Yost is currently a Senior Developer at TrustedSec. He has worked in the IT industry for over 15 years in a wide variety of roles including: Printer Technician, VoIP Systems Administrator, .Net Developer, and Web Developer. Throughout life his number one passion has been learning... Read More →

Saturday June 25, 2016 2:30pm - 3:00pm EDT
B-Sides Liquor Lounge (Downstairs)

3:00pm EDT

A Rookie PoV: The Hollywood Fallacy
Most people have seen TV Shows such as CSI Cyber or Scorpion, just to name a few, where security appears to be something magical and for the gifted. Thanks to places like Hollywood, there has become this facade surrounding cyber security careers, which leads to false expectations towards the field. As current students at the very beginning of building our careers in computer security, we will share what it has been like to start learning the difference between our preconceived expectations and the actual reality of the career options available to us as we prepare to graduate. We will also share what types of things we are being exposed to as students by participating in various events such as Capture the Flag (CTF) competitions, the Collegiate Cyber Defense Competition (CCDC), and through Internships/Work-Studies.
Speakers
RM

Raquel Milligan

Raquel Milligan is a Junior at Baldwin Wallace University majoring in Computer Networking and Security while simultaneously working on her Master's in Business Administration (MBA). Prior to attending Baldwin Wallace, she served in the United States Coast Guard for a total of 5 years... Read More →

Saturday June 25, 2016 3:00pm - 3:30pm EDT
Back Patio

3:00pm EDT

Responder for Purple Teams
This talk will focus on the tool Responder and how it can be used by both attackers as well as defenders. We'll review the current feature set, other tools that work in conjunction with it, and demonstrate a few real-world testing scenarios that can be used by penetration testers and blue teamers alike.
Speakers
avatar for Kevin Gennuso

Kevin Gennuso

Kevin has worked in information security for nearly 20 years and has yet to witness the death of SQL injection, undocumented backdoors, or the willingness to click the thing.

Responder for Purple Teams pdf
Saturday June 25, 2016 3:00pm - 3:30pm EDT
B-Sides Liquor Lounge (Downstairs)

3:00pm EDT

Port Scanning the Hermit Kingdom: Or What NMAP Can Teach Us About Geopolitics
This talk will center on a project that has been active since July 2015, which involves attempting to understand internal North Korean conditions through the use of nmap and masscan, and the scanning of the entire North Korean IP range. In the process of undertaking this project not only was some interesting information gathered about North Korean internal political practices, postures and responses to crisis, but also a significant amount was learned about port scanning hostile and well defended networks, as well as learning a little bit about code on the side. In this presentation the lessons learned and the challenges encountered will be reviewed within the wider discussion of the importance of the use of technical tools to understand the world outside of the technical realm.
Speakers
TP

Thomas Pieragastini

Thomas Pieragastini currently works in threat intelligence, a background in independent security research, surveillance and security studies and holds a PhD in Philosophy. Coming from academic studies in geopolitical dynamics and political theory he developed an interest in the technical... Read More →

Saturday June 25, 2016 3:00pm - 4:00pm EDT
Grog Shop (upstairs)

3:30pm EDT

Splunk for IR and Forensics
Data Analysis: it sucks. Make it not suck with Splunk, a 21st century approach for analyzing mountains of data as it relates to digital forensics and incident response. Learn how Splunk can enable you to quickly search, examine, and visualize any data from anywhere. The presenters will also give you useful insight on how to best use this tool to streamline forensic processes, incident scoping, and initial triage. Further, see how much time, effort, and money can be saved by using splunk for analysis instead of typical forensic tools.
Speakers
TI

Tony Iacobelli

Lead Incident Responder, University of Cincinnati
Tony Iacobelli is the Incident Response Team Lead for the IT@UC Office of Information Security at the University of Cincinnati. He enjoys security data analytics, kicking bad people off networks, and Cleveland Indians Baseball. Furthermore, Tony is an active member of the Cincinnati... Read More →

Saturday June 25, 2016 3:30pm - 4:00pm EDT
Back Patio

3:30pm EDT

Bridging the Gap or: How I Learned to Stop Worrying, and Love the Developers
The relationship between security professional, and developers often seems adversarial. In this presentation I will be discussing the problems, work-flows and end-goals from the developer and security professional's viewpoint.

I will discuss in depth, the pressures and business needs that often drives development cycles. We'll also be talking about the mind-set of the successful developers you can easily win over, how to do it, and how to expand this to all development teams.

We Security Professionals are also not without fault. Our approach of tracking issues, and throwing tools at the problem just isn't working. I'll be talking about my experiences within different organizations, and how minor adjustments can gain wider acceptance and appreciation for security teams within the organization.

It is hoped by spreading understanding what drives a developer's mindset, as well as the development process, we as security professionals can help them, and ourselves. In outlining the problem, as well as filling in the gaps for those who lack development experience, we can bring security and development onto one team.
Speakers
EM

eric mikulas

Eric Mikulas is a reformed developer with over 15 years of professional software development experience crossing various industries. Being raised by an Electrical Engineer, and learning to solder, and read schematics before being able to cursive write, he was raised by technology... Read More →

Saturday June 25, 2016 3:30pm - 4:30pm EDT
B-Sides Liquor Lounge (Downstairs)

4:00pm EDT

SafeCracking on a Budget Redux
Lesson learned in applying knowledge from the "SafeCracking on a Budget" presentation. http://2014.ruxcon.org.au/assets/2014/slides/rux-safe-cracking.pdf.

We had a problem: no combination to a safe. The solution was to build a automatic our own safe dialer. We will review the steps we followed, Information gathered, Vulnerability Analysis, Exploitation, Post-Exploitation, and Reporting. (PTES Technical Guidelines style). Along the way we will share knowledge learned and stories of success and failure.
Speakers
avatar for David Hunt

David Hunt

Has worked in software development for several years. Switched to focus on application security, vulnerability and penetration testing. Recently picked up the bug for safe cracking.
ZN

Zack Nagaich

Zack Nagaich is a Recent Ohio State computer science graduate working in cyber security for a variety of companies in the central Ohio area with a passion for software and security.

Saturday June 25, 2016 4:00pm - 4:30pm EDT
Back Patio

4:00pm EDT

Process Ventriloquism
This talk will present and outline various techniques for the manipulation of processes at runtime in the Windows environment. Attendees will leave with a better understanding of how the Windows API functions are leveraged by attackers to extract the contents of memory, inject shellcode into other processes and how functions can be hooked and rerouted to execute malicious code. The different techniques used to manipulate processes will be discussed with provided examples. Penetration testers and defensive security people alike will benefit from learning just how tools such as meterpreter are able to inject themselves into and manipulate processes.
Speakers
avatar for Spencer McIntyre

Spencer McIntyre

SecureState
As a member of the Research and Development team at SecureState, Spencer McIntyre works to discover vulnerabilities within organizations systems and understand the underlying risks. Mr. McIntyre balances his focus between vulnerability and in-house tool development. During his time... Read More →

Saturday June 25, 2016 4:00pm - 5:00pm EDT
Grog Shop (upstairs)

4:30pm EDT

Gamify Security Awareness: Failure to Engage is Failure to Secure
We call it security awareness training, but all we ever give our employees is regurgitated knowledge. Their passwords suck, public wifi is bad, and email is deceiving. Mix in some yearly reviews of policies and procedures and you have the perfect recipe for an employee who stopped listening hours ago. You don't truly learn something until you understand "why" and that comes when employees are engaged and motivated. This is my take on how to engage through gaming and why it works
Speakers
avatar for Michael Woolard

Michael Woolard

Mike is a security analyst who has worked in the IT field for 17+ years. A broad background from helpdesk to sysadmin, system engineer, networking, DB and development work. Most of Mike's work now centers around pentests and risk assessments, but an integral part will always be awareness... Read More →

Saturday June 25, 2016 4:30pm - 5:00pm EDT
B-Sides Liquor Lounge (Downstairs)

4:30pm EDT

The Digital Beginning of the Analog End
"Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony."

Hide yo' kids, Hide yo' SCADAHZ. lulz - j/k. Despite the somewhat ominous title, this is not a FUD (Fear/Uncertainty/Doubt) talk, but rather an in depth discussion of what an industrial/ICS/DCS/SCADA/IoT environment is, it's evolutionary progression, and most importantly why it matters.

Its time to set the record straight. This discussion will break down the differences and nuance in these common infrastructures and discuss why most people are flat out wrong in their understanding and assumptions of the environments. If time permits, we can discuss/Q&A the stuxnet package - as much as I hate talking about it (STILL), most people get this wrong too.
Speakers
BH

Brad Hegrat

Brad has more than 20 years non-standard* offensive/defensive security experience (*as in not vanilla IT, more like classified, blowupable environments, etc) with16 years in industrial/ICS/DCS/SCADA as a singular focus - in other words, back when nobody cared about industrial, and... Read More →

Saturday June 25, 2016 4:30pm - 5:30pm EDT
Back Patio

5:00pm EDT

Cleveland Locksport
An overview of physical security - How locks work and how we pick them.
Speakers
DH

Doug Hiwiller

IT professional with a keen interest in physical security. As a co-organizer of Cleveland Locksport, he enjoys teaching others how to pick locks and improve their own security.
JM

Jeff Moss

An IT professionals with a keen interest in physical security. A co-organizer of Cleveland Locksport, he enjoys teaching others how to pick locks and improve their own security.

Saturday June 25, 2016 5:00pm - 5:30pm EDT
Back Patio

5:00pm EDT

Cons and Conjurers: Lessons for Infiltration
I will examine how the techniques of con artists and magicians are relevant to physical penetration testing, social engineering and infiltration. Focus is on some classic cons and basics of stage magic deception.
Speakers
PB

Paul Blonsky

Paul is a security consultant with 20 years of experience in IT and currently run a physical penetration testing program. I have an interest in con artists, stage magic, and lock sport.

Saturday June 25, 2016 5:00pm - 5:30pm EDT
Grog Shop (upstairs)

5:00pm EDT

State of Emergency: We're Under "Cyber" Attack
When there is a natural disaster or catastrophic event... who ensures responsibility for recovery or who should? The City, State or Local government, the National Guard, FEMA, non-profits, private businesses, the people, etc., or maybe all of the above. Government emergency operations and disaster relief has been a long standing practice, but what about for "Cyber" Attack or "Cyber" disaster? With Hollywood movies and TV Shows like Mr. Robot, more people are starting to wonder, what would happen... or hopefully what is in place if "something" would happen? In this talk we will go into the history of Local and State Government involvement in Emergency Operations of a catastrophic Cyber Attack. We will also touch on the deep depths of "Cyber" Martial Law.
Speakers
avatar for Jeremy Mio

Jeremy Mio

Jeremy works at a local government facilities as the Information Security Officer directing the Security and Research Department and is co-founder of CodeRed LLC that focuses on Cyber Security, Application Development, and Leadership. He has been on the Northeast Ohio InfraGard executive... Read More →

Saturday June 25, 2016 5:00pm - 5:30pm EDT
B-Sides Liquor Lounge (Downstairs)

5:30pm EDT

Closing Keynote - The Night Begins to Shine - Intrinsic Detection Capabilities
Attack patterns are something that when it occurs is extrinsic (not natural) behavior in a computer ecosystem. Understanding what attack patterns look like and building an understanding of how to detect them with what you already have is possible. Most preventative technology tries in some extent to detect extrinsic behavior in an environment but falls short because of the continual changes in attack patterns and commoditized detection. This talk dives into looking at what you already have in your infrastructure that you can use for intrinsic (natural) detection capabilities that doesn't rely on a specific signature, but more so on how attackers go after an organization. As an industry, we need to be detecting the extrinsic occurrences in our networks which exhibit abnormal behavior. During this presentation, we'll be covering a large percentage of techniques used by attackers, and how to detect them with what you currently have in place at your organization today.
Speakers
avatar for David Kennedy

David Kennedy

TrustedSec & Binary Defense Systems
David Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David also serves as a board of director for the ISC2 organization. David was the former CSO for a Diebold... Read More →

Saturday June 25, 2016 5:30pm - 6:30pm EDT
Grog Shop (upstairs)

6:30pm EDT

After Party
Food and open bar for attendees. Chill and chat about the talks earlier in the day.
Saturday June 25, 2016 6:30pm - 8:00pm EDT
B-Sides Liquor Lounge (Downstairs)
 
Filter sessions
Apply filters to sessions.
Saturday, June 25
    • B-Sides Liquor Lounge (Downstairs)
    Back Patio
    Grog Shop (upstairs)