Grog Shop (upstairs) [clear filter]
Saturday, June 25

8:00am EDT

Saturday June 25, 2016 8:00am - 8:45am EDT
Grog Shop (upstairs)

8:45am EDT

Opening Introductions
Saturday June 25, 2016 8:45am - 9:00am EDT
Grog Shop (upstairs)

9:00am EDT

Morning Keynote

Saturday June 25, 2016 9:00am - 10:00am EDT
Grog Shop (upstairs)

10:00am EDT

Preventing credential theft & lateral movement after initial compromise.
You’ve done the patch work, you have good perimeter defenses, and even application whitelisting, however, an attacker has found themselves on an end-user machine. For most networks, once an attacker has gained access the game is usually over quickly for the blue team. In this session, I will discuss several techniques used by attackers to find additional credentials and laterally move about and how to prevent them. Implementing these changes will slow down escalation and lateral movement and credential theft to provide an opportunity for detection and subsequent response.


Cameron Moore

Cameron Moore has been working in IT and Information Security for 16 years. He holds a Bachelor’s Degree in Computer Science from Texas State University and is a Certified Information Systems Security Professional. Cameron is passionate about Red Team/Blue Team exercise and security... Read More →

Saturday June 25, 2016 10:00am - 11:00am EDT
Grog Shop (upstairs)

11:00am EDT

Learning From Pirates of the Late 1600s - The first APT
"In an effort of general threat intelligence I sought to understand what understanding of other criminals could be applied to cyber criminals. What I found was startlingly useless. The difference between our adversaries and traditional criminals is not simply modernity. The dynamics and incentives underlying these advanced actors is fundamentally different from traditional thieves or even organized crime. The closest comparison I have found is the pirates of the late 1600s.

Pirate companies share a similar distinction - roaming the seas instead of cyberspace and sailing through significant gaps in international law. They organized together but did so by inventing democratic organization more advanced than the world had seen before. These pirate companies, forced to innovate or die, turned into some of the most progressive companies the world had ever seen. There is a lot of learn from this stunning level of innovation. Drawing from history we can also examine which strategies were successful in stopping pirates - and which failed"

avatar for Adam Hogan

Adam Hogan

Adam Hogan is a field security engineer for CrowdStrike. With 15 years in infosec he has worked as a SOC analyst, intrusion detection consultant and taught security classes before joining a sales team for the privilege of not having to go into the same office every day to feign interest... Read More →

Saturday June 25, 2016 11:00am - 12:00pm EDT
Grog Shop (upstairs)

1:00pm EDT

AfterNoon Keynote - Chris Roberts TBA
avatar for Chris Roberts

Chris Roberts

Chief of Adversarial Research and Engineering, LARES Consulting
Chris currently works at Lares, prior to that he’s founded or worked with a number of companies specializing in DarkNet research, intelligence gathering, cryptography, deception technologies, and providers of security services and threat intelligence.Since the late 90’s Chris... Read More →

Saturday June 25, 2016 1:00pm - 2:00pm EDT
Grog Shop (upstairs)

2:00pm EDT

Playing Doctor: Lessons the Blue Team can Learn from Patient Engagement
At CircleCityCon 2015 in the presentation “Turn Your Head and Cough”, Nathaniel "Dr. Whom" Husted compared security architecture assessments to being a physician. The similarities run deep. Doctors struggle with patient compliance, complex and unclear problems, time and resource pressures, and succeed only when others carry out their recommendations. Doctors struggle all the time. In this session, we explore the field of patient engagement and discuss how doctors are trained to drive patient behavior. We will cover the metrics and reporting used to determine patient engagement. And at each step along the way, lessons will be shared for applying these ideas to information security. So the next time you present an IT compliance report, the next time you share your findings from a penetration test, or the next time you tell developers their code is weak, you’ll be ready to drive behavior and get results by playing doctor.


J. Wolfgang Goerlich

Advisory CISO, Duo Security
J Wolfgang Goerlich supports information security initiatives for clients in the healthcare, education, financial services, and energy verticals. In his current role with CBI, a cyber security consultancy firm, Wolfgang is the senior vice president for strategic security programs... Read More →

Stefani Shaffer-Pond

Stefani Barner is a nationally-recognized nonprofit and management expert with extensive coaching, training, and consulting experience. With over 20 years of business and nonprofit management experience, she is frequently asked to serve as a Subject Matter Expert for media outlets... Read More →

Saturday June 25, 2016 2:00pm - 3:00pm EDT
Grog Shop (upstairs)

3:00pm EDT

Port Scanning the Hermit Kingdom: Or What NMAP Can Teach Us About Geopolitics
This talk will center on a project that has been active since July 2015, which involves attempting to understand internal North Korean conditions through the use of nmap and masscan, and the scanning of the entire North Korean IP range. In the process of undertaking this project not only was some interesting information gathered about North Korean internal political practices, postures and responses to crisis, but also a significant amount was learned about port scanning hostile and well defended networks, as well as learning a little bit about code on the side. In this presentation the lessons learned and the challenges encountered will be reviewed within the wider discussion of the importance of the use of technical tools to understand the world outside of the technical realm.


Thomas Pieragastini

Thomas Pieragastini currently works in threat intelligence, a background in independent security research, surveillance and security studies and holds a PhD in Philosophy. Coming from academic studies in geopolitical dynamics and political theory he developed an interest in the technical... Read More →

Saturday June 25, 2016 3:00pm - 4:00pm EDT
Grog Shop (upstairs)

4:00pm EDT

Process Ventriloquism
This talk will present and outline various techniques for the manipulation of processes at runtime in the Windows environment. Attendees will leave with a better understanding of how the Windows API functions are leveraged by attackers to extract the contents of memory, inject shellcode into other processes and how functions can be hooked and rerouted to execute malicious code. The different techniques used to manipulate processes will be discussed with provided examples. Penetration testers and defensive security people alike will benefit from learning just how tools such as meterpreter are able to inject themselves into and manipulate processes.

avatar for Spencer McIntyre

Spencer McIntyre

As a member of the Research and Development team at SecureState, Spencer McIntyre works to discover vulnerabilities within organizations systems and understand the underlying risks. Mr. McIntyre balances his focus between vulnerability and in-house tool development. During his time... Read More →

Saturday June 25, 2016 4:00pm - 5:00pm EDT
Grog Shop (upstairs)

5:00pm EDT

Cons and Conjurers: Lessons for Infiltration
I will examine how the techniques of con artists and magicians are relevant to physical penetration testing, social engineering and infiltration. Focus is on some classic cons and basics of stage magic deception.


Paul Blonsky

Paul is a security consultant with 20 years of experience in IT and currently run a physical penetration testing program. I have an interest in con artists, stage magic, and lock sport.

Saturday June 25, 2016 5:00pm - 5:30pm EDT
Grog Shop (upstairs)

5:30pm EDT

Closing Keynote - The Night Begins to Shine - Intrinsic Detection Capabilities
Attack patterns are something that when it occurs is extrinsic (not natural) behavior in a computer ecosystem. Understanding what attack patterns look like and building an understanding of how to detect them with what you already have is possible. Most preventative technology tries in some extent to detect extrinsic behavior in an environment but falls short because of the continual changes in attack patterns and commoditized detection. This talk dives into looking at what you already have in your infrastructure that you can use for intrinsic (natural) detection capabilities that doesn't rely on a specific signature, but more so on how attackers go after an organization. As an industry, we need to be detecting the extrinsic occurrences in our networks which exhibit abnormal behavior. During this presentation, we'll be covering a large percentage of techniques used by attackers, and how to detect them with what you currently have in place at your organization today.

avatar for David Kennedy

David Kennedy

TrustedSec & Binary Defense Systems
David Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David also serves as a board of director for the ISC2 organization. David was the former CSO for a Diebold... Read More →

Saturday June 25, 2016 5:30pm - 6:30pm EDT
Grog Shop (upstairs)
Filter sessions
Apply filters to sessions.