{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.1"}, "schedule": {"url": "https://pretalx.com/bsidesaugusta2023/schedule/", "version": "1.4", "base_url": "https://pretalx.com", "conference": {"acronym": "bsidesaugusta2023", "title": "BSidesAugusta 2023", "start": "2023-10-07", "end": "2023-10-07", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "US/Eastern", "colors": {"primary": "#000000"}, "rooms": [{"name": "Track 1 - Closed", "slug": "2137-track-1-closed", "guid": "d6e31deb-c6e0-53c1-9f6f-4cc11393e5f3", "description": "1220A", "capacity": 300}, {"name": "Track 2", "slug": "2138-track-2", "guid": "c2e00607-be39-5b1d-ab74-877efe83d7a4", "description": "1210B", "capacity": 300}, {"name": "Track 3", "slug": "2139-track-3", "guid": "c18edc9f-d529-5a2c-8c4e-6536c69edc64", "description": "1110C", "capacity": 150}, {"name": "Track 4", "slug": "2140-track-4", "guid": "9bb9a19c-a19b-5173-9a1d-693e66c8ac21", "description": "1120D", "capacity": 150}, {"name": "Track 5", "slug": "2318-track-5", "guid": "4752cac1-c906-594e-a29d-8fcdec06a883", "description": "GB3002 - 3rd floor", "capacity": 150}], "tracks": [{"name": "Track 2", "slug": "3728-track-2", "color": "#000000"}, {"name": "Track 1", "slug": "3727-track-1", "color": "#000000"}, {"name": "Track 4", "slug": "3730-track-4", "color": "#000000"}, {"name": "Track 5", "slug": "3878-track-5", "color": "#000000"}, {"name": "Alternate", "slug": "3879-alternate", "color": "#000000"}, {"name": "Track 3", "slug": "3729-track-3", "color": "#000000"}, {"name": "Keynote", "slug": "3914-keynote", "color": "#000000"}], "days": [{"index": 1, "date": "2023-10-07", "day_start": "2023-10-07T04:00:00-04:00", "day_end": "2023-10-08T03:59:00-04:00", "rooms": {"Track 2": [{"guid": "12e439af-6a7f-5f38-8737-1ccf92ad94a2", "code": "AS3TKT", "id": 35777, "logo": null, "date": "2023-10-07T07:45:00-04:00", "start": "07:45", "duration": "00:45", "room": "Track 2", "slug": "bsidesaugusta2023-35777-3-doors-open-check-in", "url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/", "title": "Doors Open / Check-in", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Grab your badge and freebies, then check out the CTF, exhibitors, lock pick village, and raffle table.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/", "attachments": []}, {"guid": "9d4ba633-8dcc-5753-a873-d1c2c6a4dcb3", "code": "7YJG8E", "id": 35776, "logo": null, "date": "2023-10-07T08:30:00-04:00", "start": "08:30", "duration": "00:30", "room": "Track 2", "slug": "bsidesaugusta2023-35776-2-opening-remarks", "url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/", "title": "Opening Remarks", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Live in Track 2, Simulcast in Tracks 3-5", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/", "attachments": []}, {"guid": "5a977c8f-31cd-5d8f-b929-f126ef3bdc41", "code": "MFAZ7S", "id": 35375, "logo": null, "date": "2023-10-07T09:00:00-04:00", "start": "09:00", "duration": "01:00", "room": "Track 2", "slug": "bsidesaugusta2023-35375-0-dragons-eagles-bears-oh-my-nation-states-cyber-power-a-hacker-reflects-20-years-in", "url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/", "title": "Dragons & Eagles & Bears\u2026 Oh My \u2014 Nation States & Cyber Power: A Hacker Reflects, 20 Years In", "subtitle": "", "track": "Keynote", "type": "Talk", "language": "en", "abstract": "*Live in Track 2, Simulcast in Tracks 3-5*  \nIn this lively session custom developed for BSidesAugusta, Ed Skoudis will look at the evolving nature of how nation states wield power in cyber space through military and other engagements.  Back in the 2000\u2019s, Ed was a member of a US task force working on defining cyber space as a domain for military engagement, along with land, sea, air, and space.  In this session, Ed will reflect on the discussions from that time with what we got right, what we got wrong, and how it\u2019s going today.  We\u2019ll also look at the implications on mission preparedness and cyber ranges for practice.  We\u2019ll consider Cyber Persistence Theory and its application and take a glimpse into where this is all headed, from the perspective of a hacker who got caught up in a series of the most interesting projects in his entire life.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ZKTKAB", "name": "Ed Skoudis", "avatar": "https://pretalx.com/media/avatars/ZKTKAB_efWy592.webp", "biography": "If you mention \u201cEd\u201d when discussing penetration testing or incident response, everyone knows exactly of whom you are speaking. Ed Skoudis has taught upwards of 40,000 security professionals globally and his countless contributions to information security have had immense impact on the community. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first authorities brought in to provide post-attack analysis on major breaches. He\u2019s not just an expert in the field, he created many of the founding methodologies employed by governments and organizations around the world to test and secure their infrastructures.\n\nEd is the founder of the SANS Penetration Testing Curriculum and Counter Hack; leads the team that builds NetWars, Holiday Hack, and CyberCity; and serves as president of SANS Technology Institute. A consummate presenter, Ed is a keynote speaker appearing internationally at conferences, and is an Advisory Board member for RSA.", "public_name": "Ed Skoudis", "guid": "9fb1b4e4-95c9-53d5-a199-65330f98c75f", "url": "https://pretalx.com/bsidesaugusta2023/speaker/ZKTKAB/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/", "attachments": []}, {"guid": "2fb66978-a8b8-544c-8dd2-7f093a558c6d", "code": "EB9KYJ", "id": 34752, "logo": null, "date": "2023-10-07T10:00:00-04:00", "start": "10:00", "duration": "01:00", "room": "Track 2", "slug": "bsidesaugusta2023-34752-from-rdp-to-d-d-unparalleled-remote-desktop-monitoring-reveal-attackers-tradecraft", "url": "https://pretalx.com/bsidesaugusta2023/talk/EB9KYJ/", "title": "From RDP to D&D: Unparalleled Remote Desktop Monitoring Reveal Attackers Tradecraft", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The Remote Desktop Protocol (RDP) is a critical attack vector used by evil threat actors including in ransomware outbreaks. To study RDP attacks, we created PyRDP, an open-source RDP interception tool with unmatched screen, keyboard, mouse, clipboard and file collection capabilities. Then we have built a honeynet that is composed of several RDP Windows servers exposed on the cloud. We ran them for three years and have accumulated over 150 million events including 100 hours of video footage, 570 files collected from threat actors and more than 20,000 RDP captures.\n\nTo describe attackers\u2019 behaviors, we characterized the various archetypes of threat actors in groups based on their traits with a Dungeon & Dragons analogy. The Bards, with no apparent hacking skills, make obtuse search or watch unholy videos. The Rangers stealthily explore computers and perform reconnaissance, opening the path for other characters. The Thieves try to monetize the RDP access through various creative ways like traffic monetizers or cryptominers. The Barbarians use a large array of tools to brute-force their way into more computers. Finally, the Wizards, securing their identity via jumps over compromised hosts, use their RDP access as a magic portal to cloak their origins. \n\nThroughout, we will reveal the weaponry of these different characters such as dControl, xRDP Patch, SilverBullet and previously undocumented host fingerprinting tools. Lastly, we will use our crystal ball to show video recordings of interesting characters in action.\n\nThis presentation demonstrates the tremendous capability in RDP for research benefits, law enforcement (leverage this open-source capability in ransomware takedowns) and blue teams (extensive documentation of opportunistic attackers\u2019 tradecraft). An engineer and a crime data scientist partnered to deliver an epic story that includes luring, understanding and characterizing attackers which allows to collectively focus our attention on the more sophisticated threats.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "D78DJX", "name": "Olivier Bilodeau", "avatar": "https://pretalx.com/media/avatars/D78DJX_LPojO89.webp", "biography": "Olivier Bilodeau leads the Cybersecurity Research team at GoSecure. With more than 12 years of infosec experience, he enjoys luring malware operators into his traps and writing tools for malware research. Olivier is a passionate communicator having spoken at several conferences including BlackHat USA/Europe, Defcon, Botconf, Derbycon, and HackFest. Invested in his community, he co-founded Montr\u00e9Hack, is the President of NorthSec and hosts its Hacker Jeopardy.", "public_name": "Olivier Bilodeau", "guid": "5e224249-2253-515d-b192-bc21ddd26868", "url": "https://pretalx.com/bsidesaugusta2023/speaker/D78DJX/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/EB9KYJ/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/EB9KYJ/", "attachments": []}, {"guid": "2b9e66b4-88d2-5961-a12a-6d2bbcfd904d", "code": "VUPECU", "id": 35774, "logo": null, "date": "2023-10-07T11:00:00-04:00", "start": "11:00", "duration": "00:15", "room": "Track 2", "slug": "bsidesaugusta2023-35774-0-hallway-con", "url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "title": "Hallway Con", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Break", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "attachments": []}, {"guid": "29e3f25c-0fc2-55ce-8d77-af6d10b70971", "code": "FMV8EP", "id": 34745, "logo": null, "date": "2023-10-07T11:15:00-04:00", "start": "11:15", "duration": "00:30", "room": "Track 2", "slug": "bsidesaugusta2023-34745-applying-sysmon-type-filtering-to-elastic-agent-process-auditing", "url": "https://pretalx.com/bsidesaugusta2023/talk/FMV8EP/", "title": "Applying Sysmon-type filtering to Elastic Agent Process Auditing", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Process Auditing is a powerful tool in the detection toolbox. According to @Cyb3rWard0g\u2019s  research, the vast majority of the adversarial techniques in the ATT&CK framework can be detected with process auditing. Unfortunately, this power comes with a price - process auditing generates a lot of results that can be overwhelming to sift through.\n\nIn this presentation, we will walk through a practical option to handle these problems using Security Onion\u2019s Elastic Agent integration as an example. Specifically, we will use @SwiftOnSecurity Sysmon configuration as a source filter and convert it into a format that can be used by Security Onion to filter out known-good results.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "QNCTLT", "name": "Josh Brower", "avatar": "https://pretalx.com/media/avatars/QNCTLT_enQnfTK.webp", "biography": "Josh Brower has been crashing computers since his teens, and now feels fortunate to be doing it professionally. He has spent the last 15 years focusing on InfoSec, particularly network and endpoint detection. He also enjoys teaching around InfoSec issues, especially to non-technical learners - helping them to understand how their actions in the digital world have real-world consequences, as well as how to proactively reduce the risk.\n\nYou can catch him on twitter @DefensiveDepth.", "public_name": "Josh Brower", "guid": "e7af70ac-ef73-5727-8531-2f1f1b8eca7f", "url": "https://pretalx.com/bsidesaugusta2023/speaker/QNCTLT/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/FMV8EP/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/FMV8EP/", "attachments": []}, {"guid": "19971824-8cf5-5915-a30b-7920746ff718", "code": "LFSDER", "id": 35775, "logo": null, "date": "2023-10-07T11:45:00-04:00", "start": "11:45", "duration": "00:45", "room": "Track 2", "slug": "bsidesaugusta2023-35775-0-lunch", "url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/", "title": "Lunch", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Enjoy lunch provided by Chick-fil-A!  A vegetarian option will also be available.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/", "attachments": []}, {"guid": "4914bdb6-9720-5c19-9681-3dbd3adbe7e2", "code": "US9ZGM", "id": 32081, "logo": null, "date": "2023-10-07T12:30:00-04:00", "start": "12:30", "duration": "01:00", "room": "Track 2", "slug": "bsidesaugusta2023-32081-ransomware-playbook-illuminating-artifacts-for-enriched-analysis", "url": "https://pretalx.com/bsidesaugusta2023/talk/US9ZGM/", "title": "Ransomware Playbook: Illuminating Artifacts for Enriched Analysis", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "In the relentless battle against ransomware, comprehensive analysis is crucial for effective defense and mitigation. This talk aims to empower attendees with valuable insights and techniques to uncover critical artifacts and enhance their analysis efforts against ransomware attacks. During this session, we will explore the key artifacts left behind by ransomware operations, shedding light on their significance in the analysis process. Attendees will gain a deeper understanding of ransomware techniques commonly employed by threat actors. By leveraging these techniques we will discuss, attendees will be able to extract deeper insights from artifacts and gain a more comprehensive understanding of ransomware operations. By attending this session, security professionals will enhance their ability to analyze ransomware attacks, identify indicators of compromise, and develop effective mitigation strategies. The knowledge and techniques shared will enable attendees to illuminate the hidden artifacts within ransomware operations, leading to enriched analysis and improved incident response capabilities.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "KMFLKC", "name": "Fernando Tomlinson", "avatar": "https://pretalx.com/media/avatars/KMFLKC_ZX66Ie2.webp", "biography": "Fernando Tomlinson is a Technical Manager for Digital Forensics and Incident Response at Mandiant. Prior to that, he served in the U.S. Army where he retired as a Cyber Warrant Officer. While serving, he was the Senior Technical Advisor for forensics and malware analysis at the U.S. Army Cyber Command, responsible for the defensive actions of all U.S. Army systems. He also served as a Technical Director of a Cyber Operations Center and has led multi-level Digital Forensics and Incident Response and threat hunting teams. Additionally, he is a collegiate cybersecurity Adjunct Professor who enjoys contributing to the community.", "public_name": "Fernando Tomlinson", "guid": "7b835751-a05d-5b18-b449-cfe136951437", "url": "https://pretalx.com/bsidesaugusta2023/speaker/KMFLKC/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/US9ZGM/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/US9ZGM/", "attachments": []}, {"guid": "01682086-c5ff-58b5-a510-73c4b819c0ec", "code": "SH7JEZ", "id": 33906, "logo": null, "date": "2023-10-07T13:30:00-04:00", "start": "13:30", "duration": "00:30", "room": "Track 2", "slug": "bsidesaugusta2023-33906-enhancing-chrome-extension-security-fortifying-your-browser-experience", "url": "https://pretalx.com/bsidesaugusta2023/talk/SH7JEZ/", "title": "Enhancing Chrome Extension Security: Fortifying Your Browser Experience", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "There are over 3 billion Chrome users across the globe, with nearly 200,000 active Chrome extensions available in the Chrome webstore. Chrome extensions have garnered increasing popularity and have become so ubiquitous due to their ease of installation, additional functionality, and customization options. The demand for sophisticated Chrome extensions has become a gateway for attackers to exploit browsers and sensitive information. According to industry data, there was an increasing trend to install malicious extensions, resulting in over 1,300,000 install attempts between 2020-2022.\n\nWith Chrome extensions possessing privileged permissions, attackers can not only get unauthorized access to high value data but can also change the browser behavior by injecting malicious code, leading to critical attacks like XSS and CSRF. Malicious extensions can exfiltrate data unbeknownst to the user, resulting in a breach of privacy. \n\nNo single Chrome security control can fully protect against all exploitations, but a layered approach has a proven success rate. Protecting against malicious extensions requires a multifaceted approach. Not only is a foundational knowledge of browser interactions necessary, but also an understanding of how the extension manifest dictates the permission, privacy, and security of an extension. Furthermore, additional layers to this pipeline should be default-deny, security extension analyzers, and leveraging browser isolation agents to investigate the extension behavior post-loading.\n\nIn conclusion, this presentation will cover the pressing security concerns surrounding Chrome extensions, inform of the present challenges of the available solutions, and highlight our company's innovative approach to mitigating these risks. By implementing robust security measures with enhanced control and monitoring capabilities, we aim to significantly reduce the threats associated with Chrome extensions, ensuring a safer and more secure browsing experience.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "FZ7QJK", "name": "Aishwarya Ramesh Nagarajan", "avatar": "https://pretalx.com/media/avatars/FZ7QJK_1YbUdUf.webp", "biography": "Aishwarya is currently working as a Security Engineer at Cloudflare, inc. Her passion lies in finding ways to improving the security posture of the application, bug bounties and automate security processes. She earned her Master of Science in Cybersecurity from George Washington University, DC and her Bachelor\u2019s in Computer Science Engineering from Anna University, India. She enjoys mentoring budding security enthusiasts, and sharing knowledge to the security community by participating in meetups, hackathons, CTFs and contributing to open source projects. Apart from Security, she has an ardent interest in sports and finance side of things. So, if you spot her in your local cricket team or sports club, don\u2019t get surprised :)", "public_name": "Aishwarya Ramesh Nagarajan", "guid": "736693f8-053d-5d27-97b2-fccb35ac6003", "url": "https://pretalx.com/bsidesaugusta2023/speaker/FZ7QJK/"}, {"code": "3SQXGL", "name": "samuel ogunlade", "avatar": null, "biography": "Samuel is employed as a security engineer for Cloudflare. He is a graduate of University of Oklahoma where he received a Master in Data Science and Analytics and Bachelor in Petroleum engineering. Samuel started his career as a security generalist in Oil and Gas, eventually moving his way up to Incident Response/DNR in the tech industry, ultimately finding his calling in security engineering. Samuel is a Security Engineer for Cloudflare where he leads the mobile device management security as well as builds automations and processes to secure enterprise systems.", "public_name": "samuel ogunlade", "guid": "74da9d59-a888-5a8b-85cd-79b1c43528c0", "url": "https://pretalx.com/bsidesaugusta2023/speaker/3SQXGL/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/SH7JEZ/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/SH7JEZ/", "attachments": []}, {"guid": "b652102a-dab7-5e24-a881-cb660f22d071", "code": "VUPECU", "id": 35774, "logo": null, "date": "2023-10-07T14:00:00-04:00", "start": "14:00", "duration": "00:15", "room": "Track 2", "slug": "bsidesaugusta2023-35774-6-hallway-con", "url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "title": "Hallway Con", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Break", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "attachments": []}, {"guid": "dd9ed44c-e34e-56a3-9e83-ceb7331e4e90", "code": "XFACNL", "id": 31941, "logo": null, "date": "2023-10-07T14:15:00-04:00", "start": "14:15", "duration": "01:00", "room": "Track 2", "slug": "bsidesaugusta2023-31941-trust-unearned-evaluating-certificate-authority-trustworthiness-across-5-billion-certificates", "url": "https://pretalx.com/bsidesaugusta2023/talk/XFACNL/", "title": "Trust Unearned? Evaluating Certificate Authority Trustworthiness Across 5 Billion Certificates", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Security relies on trust, especially when it comes to Certificate Authorities. Browsers ship with many root CAs built in, but are they all equally trustworthy? I examined over 5 billion recent TLS certificates and now I know! In this session I\u2019ll reveal the most and least trustworthy CAs, factors influencing their trust ratings, and how to use this data to protect your organization.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "GXCB3L", "name": "David J. Bianco", "avatar": "https://pretalx.com/media/avatars/GXCB3L_yYJIl8B.webp", "biography": "David is a Staff Security Strategist on Splunk\u2019s SURGe research team. He is also a SANS Certified Instructor, where he teaches network forensics. David has more than 20 years of experience in the information security field, primarily in incident detection and response, threat hunting, and Cyber Threat Intelligence (CTI).  He is the creator of both the Pyramid of Pain and the Threat Hunting Maturity Model, both widely cited defensive security models. Really, he just wants to make security better for everyone, and he has a special interest in helping people get started in their cybersecurity careers. You can follow David on Twitter as @DavidJBianco or on Mastodon as @DavidJBianco@infosec.exchange.", "public_name": "David J. Bianco", "guid": "56ffa78c-d6d1-567d-8cf0-9c15ecf811cb", "url": "https://pretalx.com/bsidesaugusta2023/speaker/GXCB3L/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/XFACNL/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/XFACNL/", "attachments": []}, {"guid": "595f123d-becd-5505-91e8-288202e1a6d3", "code": "WBNTUM", "id": 34702, "logo": "https://pretalx.com/media/bsidesaugusta2023/submissions/WBNTUM/scifi_digital_art_of_a_man_in_front_of_a_computer_w_I2XuRAe.png", "date": "2023-10-07T15:15:00-04:00", "start": "15:15", "duration": "00:30", "room": "Track 2", "slug": "bsidesaugusta2023-34702-race-against-the-machine-rapid-exploit-development-via-llms", "url": "https://pretalx.com/bsidesaugusta2023/talk/WBNTUM/", "title": "Race Against the Machine: Rapid Exploit Development via LLMs", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The recent surge in the advancement of large language models (LLMs) like GPT-4 has brought new complexities to the cybersecurity sphere, significantly diminishing the \"time to exploit\" from a duration of months and weeks down to mere hours and minutes. In this presentation, we will delve into how LLMs can effectively generate viable exploits for a wide variety of Common Vulnerabilities and Exposures (CVEs). The increased speed at which these exploits can be created calls for a swift adaptation from cybersecurity professionals, necessitating a better understanding of the capabilities of LLMs and the implications of their rapid exploit development. This presentation will further shed light on how the quality and amount of input information - ranging from CVE descriptions to vendor documentation - can significantly influence the success rate of the malware code generated by these models. Essentially showing how simple CVE descriptions, designed for good, give AIs enough information to create working exploits. We will explore the creation of exploits for a specific CVE under multiple scenarios, leading to a detailed comparison of the resulting code. This discussion highlights the urgent need for cybersecurity professionals to grasp and tackle the issues brought forth by LLM-powered exploit creation. We will delve into the tangible implications of these findings on aspects of vulnerability management, patch prioritization, and threat detection. These illustrations will effectively portray the gravity of the situation in light of the expedited \"time to exploit\" made possible by LLMs.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "FKQSQS", "name": "Matthew Deluca", "avatar": null, "biography": "A skilled cybersecurity professional with years of experience working with, and in the Department of Defense in support of protecting critical information systems. With a wide variety of additional experience working years at Silicon Valley startups and most recently working with large Fortune 100 companies.", "public_name": "Matthew Deluca", "guid": "5271136a-f805-5bfc-b9dd-37b9bb346d50", "url": "https://pretalx.com/bsidesaugusta2023/speaker/FKQSQS/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/WBNTUM/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/WBNTUM/", "attachments": []}, {"guid": "881cff84-3b5a-57b0-86f2-53ee61b5106e", "code": "9GJ9JC", "id": 34762, "logo": null, "date": "2023-10-07T15:45:00-04:00", "start": "15:45", "duration": "01:00", "room": "Track 2", "slug": "bsidesaugusta2023-34762-drop-it-like-it-s-qbot-bsidesaugusta-remix-detecting-initial-execution-earlier-with-osint", "url": "https://pretalx.com/bsidesaugusta2023/talk/9GJ9JC/", "title": "Drop It Like It\u2019s Qbot (BSidesAugusta Remix): Detecting initial execution earlier with OSINT", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "This talk is about leveraging open source intelligence to track and detect rapidly-changing initial execution techniques used by adversaries. You\u2019ll learn about TA570 and TA577, two threat groups that continuously research, test, and implement new ways to download and run malicious payloads on victim endpoints. One of their favorite payloads is Qbot (aka Qakbot), a fast-moving trojan that can lead to ransomware. Detecting evil execution early can reduce or eliminate the risk of follow-on activity, but frequent changes to Qbot downloaders makes early detection more difficult for defenders. Fortunately there are analysts and researchers dedicated to tracking such changes and sharing them with the security community almost as quickly as they happen.\n\nYou will leave the talk understanding how you can use open source intelligence to help you track changes adversaries make to their initial execution techniques, like in the example above. You\u2019ll be given specific resources you can use to stay up-to-date as threats continue to change and develop. You\u2019ll also be armed with detection opportunities to help detect loaders delivering malware like Qbot. Newcomers to cybersecurity will learn about techniques prevalent in today\u2019s threat landscape. More experienced analysts will go home with up-to-date behavioral and atomic indicators for initial execution detection.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "JRNKCP", "name": "Stef Rand", "avatar": "https://pretalx.com/media/avatars/JRNKCP_015VJPK.webp", "biography": "Stef is an Intelligence Analyst at Red Canary. Prior to joining Red Canary, she was a consultant at Mandiant, specializing in digital forensics and incident response. She graduated from the Augusta University School of Computer and Cyber Sciences in the fall of 2019. Before Stef started her career in cybersecurity she earned a master\u2019s degree in Clinical Psychology. She loves finding new ways to integrate psychology and cybersecurity in her research, writing, and conference presentations. If she's not at her computer she's probably hiking, camping, or crafting.", "public_name": "Stef Rand", "guid": "11c7106a-3f83-56a1-9b06-eb2101da3723", "url": "https://pretalx.com/bsidesaugusta2023/speaker/JRNKCP/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/9GJ9JC/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/9GJ9JC/", "attachments": []}], "Track 3": [{"guid": "b352554c-f096-5fbe-bd2d-aadc081fb9d9", "code": "AS3TKT", "id": 35777, "logo": null, "date": "2023-10-07T07:45:00-04:00", "start": "07:45", "duration": "00:45", "room": "Track 3", "slug": "bsidesaugusta2023-35777-0-doors-open-check-in", "url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/", "title": "Doors Open / Check-in", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Grab your badge and freebies, then check out the CTF, exhibitors, lock pick village, and raffle table.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/", "attachments": []}, {"guid": "1aa1ebea-cba7-59a0-9dc6-e42cbe8cc1fa", "code": "7YJG8E", "id": 35776, "logo": null, "date": "2023-10-07T08:30:00-04:00", "start": "08:30", "duration": "00:30", "room": "Track 3", "slug": "bsidesaugusta2023-35776-0-opening-remarks", "url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/", "title": "Opening Remarks", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Live in Track 2, Simulcast in Tracks 3-5", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/", "attachments": []}, {"guid": "cc3d25a2-a7ea-5998-b555-03f59fa8d1cf", "code": "MFAZ7S", "id": 35375, "logo": null, "date": "2023-10-07T09:00:00-04:00", "start": "09:00", "duration": "01:00", "room": "Track 3", "slug": "bsidesaugusta2023-35375-1-dragons-eagles-bears-oh-my-nation-states-cyber-power-a-hacker-reflects-20-years-in", "url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/", "title": "Dragons & Eagles & Bears\u2026 Oh My \u2014 Nation States & Cyber Power: A Hacker Reflects, 20 Years In", "subtitle": "", "track": "Keynote", "type": "Talk", "language": "en", "abstract": "*Live in Track 2, Simulcast in Tracks 3-5*  \nIn this lively session custom developed for BSidesAugusta, Ed Skoudis will look at the evolving nature of how nation states wield power in cyber space through military and other engagements.  Back in the 2000\u2019s, Ed was a member of a US task force working on defining cyber space as a domain for military engagement, along with land, sea, air, and space.  In this session, Ed will reflect on the discussions from that time with what we got right, what we got wrong, and how it\u2019s going today.  We\u2019ll also look at the implications on mission preparedness and cyber ranges for practice.  We\u2019ll consider Cyber Persistence Theory and its application and take a glimpse into where this is all headed, from the perspective of a hacker who got caught up in a series of the most interesting projects in his entire life.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ZKTKAB", "name": "Ed Skoudis", "avatar": "https://pretalx.com/media/avatars/ZKTKAB_efWy592.webp", "biography": "If you mention \u201cEd\u201d when discussing penetration testing or incident response, everyone knows exactly of whom you are speaking. Ed Skoudis has taught upwards of 40,000 security professionals globally and his countless contributions to information security have had immense impact on the community. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first authorities brought in to provide post-attack analysis on major breaches. He\u2019s not just an expert in the field, he created many of the founding methodologies employed by governments and organizations around the world to test and secure their infrastructures.\n\nEd is the founder of the SANS Penetration Testing Curriculum and Counter Hack; leads the team that builds NetWars, Holiday Hack, and CyberCity; and serves as president of SANS Technology Institute. A consummate presenter, Ed is a keynote speaker appearing internationally at conferences, and is an Advisory Board member for RSA.", "public_name": "Ed Skoudis", "guid": "9fb1b4e4-95c9-53d5-a199-65330f98c75f", "url": "https://pretalx.com/bsidesaugusta2023/speaker/ZKTKAB/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/", "attachments": []}, {"guid": "b9efb86c-eb80-5eae-8f64-46a11a7441cc", "code": "KLATMX", "id": 34252, "logo": null, "date": "2023-10-07T10:00:00-04:00", "start": "10:00", "duration": "01:00", "room": "Track 3", "slug": "bsidesaugusta2023-34252-hacking-demos-dirty-secrets-dangerous-lies-and-asset-intelligence", "url": "https://pretalx.com/bsidesaugusta2023/talk/KLATMX/", "title": "Hacking Demos, Dirty Secrets, Dangerous Lies, and Asset Intelligence", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Dark allies from the nightmare dimension, on an unholy crusade, have assembled a variety of hacking demonstrations for your education and amusement. Secrets and lies across IT, cloud, and embedded devices will be exposed. Strategies for advancing your asset intelligence aimed at disappointing bad actors will be illuminated. You\u2019ll share this knowledge around the water cooler, apply these security strategies within your organization, and become that awesome person everyone wants to hang out with at office parties, regardless of that Fantastic Four shirt you keep wearing.\n \nWhat happens when the industrial robot on a factory floor is overlooked in your asset inventory? We\u2019ll demonstrate what that hack might look like and hacks against traditional IT and cloud assets. Stories from the trenches\u2014secrets and lies involving cybercriminals, nation-state actors, and defenders\u2014will be shared. Strategies for creating and maintaining weaponized asset intelligence that will help keep your organization \u201cleft of boom\u201d will be detailed.\n \nWeak asset intelligence makes organizations vulnerable to risks ranging from advanced persistent threats to advanced persistent auditors. It only takes one missed, weak device to compromise an entire organization. This weakness and low confidence in the data is frequently a function of data management overload, security tools overload, or slow, error-prone, manual efforts. It\u2019s also challenging to correlate data across different departments, and the relevant intelligence exists in product silos. As your attack surface grows\u2014across traditional IT, cloud, IoT, remote employee devices, and SaaS applications\u2014instead of your asset intelligence being a weaponized source for good, it becomes a parade of horribles.\n \nNation-states and cybercriminals want this to continue. Cybercriminals have monetized attacks on your assets, and nation-states have built multi-million-dollar tools to target them, maintain persistence, evade detection, steal IP, and conduct sabotage. These bad actors count on you being passive and want you to fail. Disappoint them! Weaponize your asset intelligence.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "Y9B8QW", "name": "Brian Contos", "avatar": "https://pretalx.com/media/avatars/Y9B8QW_P1RIyLx.webp", "biography": "Brian Contos is the Chief Strategy Officer at Sevco Security. With two IPOs & eight acquisitions, Brian has helped build some of the most successful security companies in the world. He has over 25 years in the security industry as a security company entrepreneur, board advisor, investor, and author. After getting his start with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions, including Riptech, ArcSight, Imperva, McAfee, Solera Networks, Cylance, JASK, Verodin, and Mandiant. \n\nBrian has worked in over 50 countries across six continents. He authored the book Enemy at the Water Cooler and co-authored Physical & Logical Security Convergence with former NSA Deputy Director William Crowell. He was featured in the cyberwar documentary 5 Eyes alongside General Michael Hayden, former NSA and CIA Director. Brian writes for Forbes and regularly presents at conferences like Black Hat, RSA, OWASP, and BSides.", "public_name": "Brian Contos", "guid": "aea82389-a94d-55c5-be4a-9f62daaae97d", "url": "https://pretalx.com/bsidesaugusta2023/speaker/Y9B8QW/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/KLATMX/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/KLATMX/", "attachments": []}, {"guid": "84b36ed3-1776-517b-ba2f-069e5259066d", "code": "VUPECU", "id": 35774, "logo": null, "date": "2023-10-07T11:00:00-04:00", "start": "11:00", "duration": "00:15", "room": "Track 3", "slug": "bsidesaugusta2023-35774-2-hallway-con", "url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "title": "Hallway Con", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Break", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "attachments": []}, {"guid": "79ededc9-5eb3-5d81-8b0b-788f725bcf23", "code": "3J8YJP", "id": 33134, "logo": null, "date": "2023-10-07T11:15:00-04:00", "start": "11:15", "duration": "00:30", "room": "Track 3", "slug": "bsidesaugusta2023-33134-lsa-reaper-a-remote-lsass-extraction-tool", "url": "https://pretalx.com/bsidesaugusta2023/talk/3J8YJP/", "title": "LSA-Reaper: A Remote LSASS Extraction Tool", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "LSA-Reaper is an advanced and versatile command line tool designed to facilitate remote dumping of the process. By using Impacket's wmiexec, smbexec, or atexec tools.\nThe initial step of LSA-Reaper involves conducting a ping sweep across the provided IP addresses or IP ranges. This reconnaissance enables the tool to identify live hosts to prevent timeouts. Once the live hosts are successfully detected, LSA-Reaper proceeds to create an SMB share with a randomly generated username and password. This SMB share serves as the exfiltration point for LSASS dump and as the host for the payloads. Ensuring that the payloads are never written to disk on the Windows hosts.\nLSA-Reaper then runs the net use command on the victim\u2019s machine through Impacket\u2019s wmiexec, smbexec, or atexec, LSA-Reaper orchestrates the mounting of the previously created SMB share as a network drive on the target system. This critical step facilitates data transfer and enhances the overall effectiveness of the LSASS extraction process.\nThe final stage entails the execution of the selected payload such as msbuild, regsvr32, calc.exe, or an EXE file. By employing these utilities, LSA-Reaper successfully extracts the LSASS data and directly saves it to the mounted SMB share. This approach offers an added advantage as it bypasses Windows antimalware systems that may attempt to delete or interfere with the LSASS dump file.\nFinally, LSA-Reaper includes a feature that will automatically bypass the RunAsPPL security feature by leveraging a signed driver that comes bundled with MSIAfterburner to elevate the payload\u2019s process to a PPL with the LSA signature enabling the payload process to interact with the LSASS process without modifying the security level of the LSASS process.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "JEDVQM", "name": "Daniel Cornett", "avatar": "https://pretalx.com/media/avatars/JEDVQM_z4ELhHM.webp", "biography": "Daniel Cornett is a recent graduate from the University of North Georgia receiving a Bachelor of Science in Cybersecurity. Daniel has already been working in the private sector for a little over a year and in that time has passed both the CEH and GSEC exams. Daniel has a passion for coding which has led him to create multiple tools that are using in red team engagements.", "public_name": "Daniel Cornett", "guid": "339c98cb-8b65-5f74-bc2c-b541f5e1d4b3", "url": "https://pretalx.com/bsidesaugusta2023/speaker/JEDVQM/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/3J8YJP/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/3J8YJP/", "attachments": []}, {"guid": "a80c997c-9bbc-5dfe-be79-ddeb7b74247f", "code": "LFSDER", "id": 35775, "logo": null, "date": "2023-10-07T11:45:00-04:00", "start": "11:45", "duration": "00:45", "room": "Track 3", "slug": "bsidesaugusta2023-35775-3-lunch", "url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/", "title": "Lunch", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Enjoy lunch provided by Chick-fil-A!  A vegetarian option will also be available.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/", "attachments": []}, {"guid": "6ad7f1f2-ba78-53e1-b3bb-6b4baaa83e22", "code": "MDJ7PV", "id": 34510, "logo": null, "date": "2023-10-07T12:30:00-04:00", "start": "12:30", "duration": "01:00", "room": "Track 3", "slug": "bsidesaugusta2023-34510-meet-your-nemesis-fighting-data-with-data", "url": "https://pretalx.com/bsidesaugusta2023/talk/MDJ7PV/", "title": "Meet Your Nemesis: Fighting Data With Data", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The offensive industry is about exploring what\u2019s possible. Part of this is observing and taking lessons from other disciplines that have already solved a myriad of related challenges, from proper software engineering practices to using graph theory for offensive problems. But despite various leaps forward over the last several years, the offensive post-exploitation community has yet to fully embrace data analysis and enrichment pipelines beyond basic log aggregation and searching. If offensive tools were structured for automated processing instead of solely human consumption, we could unify post-ex data to exploit the known (and unknown) relationships within the data our offensive tools emit.\n\nImagine a system that could ingest data from any C2 framework or post-ex tool, and could not just automate common operator tasks like binary analysis for known vulnerabilities and hash extraction and cracking of encrypted documents, but could perform complex offline analysis like host privilege escalation. If we could unify all post-exploitation data from offensive engagements we could improve operator workflows, provide tradecraft assistance, facilitate automation of onerous tasks, and uncover new data-driven research opportunities. A year ago, our team embarked on the development of just such a system, and we are excited to introduce the result of our effort: Nemesis.\n\nThis presentation will start by detailing the various red team challenges regarding data, leading into how this influenced Nemesis\u2019 architectural decisions and design. Along the way we\u2019ll cover various time-saving automations Nemesis can perform along with offensive data enrichments and analytics the engine can produce. This is the start of a true universal operator assistance platform, with operator guidance contextualized by data as it comes into command and control platforms. Beyond this, Nemesis will enable the emerging discipline of offensive data analysis, which we hope will unlock possibilities we can\u2019t even imagine.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "GBW7AR", "name": "Will Schroeder", "avatar": "https://pretalx.com/media/avatars/GBW7AR_PYhxY4G.webp", "biography": "Will Schroeder is a member of the R&D team at SpecterOps, where he helps research and develop new offensive techniques and capabilities. He has spoken at a number of industry conferences including Black Hat and DEF CON on topics spanning AV-evasion, Active Directory, post-exploitation, red team tradecraft, BloodHound, malicious access control, malware, and offensive PowerShell. He is also the cofounder of numerous open source projects including Empire, BloodHound, GhostPack, and more.", "public_name": "Will Schroeder", "guid": "952ec702-4f27-5d22-af21-a04e81ea88d1", "url": "https://pretalx.com/bsidesaugusta2023/speaker/GBW7AR/"}, {"code": "JUVSVK", "name": "Maxwell Harley", "avatar": null, "biography": "Max Harley is an operator and red team tool developer at SpecterOps. His passion for cybersecurity and software development has motivated him to release open source tools, mostly focused on safe payload delivery and JA3. Max has given presentations at multiple security conferences including CarolinaCon and BSides Charleston. He is a Clemson University alumni and former president of their cybersecurity club, CU Cyber.", "public_name": "Maxwell Harley", "guid": "483ae5b4-0b07-5a3e-83ad-38eec016ce74", "url": "https://pretalx.com/bsidesaugusta2023/speaker/JUVSVK/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/MDJ7PV/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/MDJ7PV/", "attachments": []}, {"guid": "4a3a17a8-eb56-51ee-b280-c933f7f5c5fc", "code": "WCXFFA", "id": 31773, "logo": "https://pretalx.com/media/bsidesaugusta2023/submissions/WCXFFA/Logo_Boilerplate_AxmrwzD.png", "date": "2023-10-07T13:30:00-04:00", "start": "13:30", "duration": "00:30", "room": "Track 3", "slug": "bsidesaugusta2023-31773-chatapt-a-cybersecurity-red-teaming-framework-which-demonstrates-the-emerging-threat-made-possible-by-leveraging-gpt-to-elevate-high-fidelity-social-engineering-effort-to-an-unlimited-scale", "url": "https://pretalx.com/bsidesaugusta2023/talk/WCXFFA/", "title": "ChatAPT -  a cybersecurity red-teaming framework which demonstrates the emerging threat made possible by leveraging GPT to elevate high-fidelity social engineering effort to an unlimited scale.", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "ChatAPT is a cybersecurity red-teaming framework which demonstrates the emerging threat possible by leveraging Large Language Models (LLMs) such as GPT to elevate high-fidelity social engineering effort to an unlimited scale.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "EUZMM3", "name": "Jonathan Todd", "avatar": "https://pretalx.com/media/avatars/EUZMM3_nCsYbjW.webp", "biography": "Cybersecurity Analyst | Threat Hunter | Software Engineer | Problem Solver", "public_name": "Jonathan Todd", "guid": "15ac37c4-4f3d-523e-968e-203500de3a15", "url": "https://pretalx.com/bsidesaugusta2023/speaker/EUZMM3/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/WCXFFA/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/WCXFFA/", "attachments": [{"title": "Detailed outline of the project.", "url": "/media/bsidesaugusta2023/submissions/WCXFFA/resources/ChatAPT_Outline_MitbhIn.pdf", "type": "related"}]}, {"guid": "f05cee95-2ec3-5f6f-bbff-fe2517b274c6", "code": "VUPECU", "id": 35774, "logo": null, "date": "2023-10-07T14:00:00-04:00", "start": "14:00", "duration": "00:15", "room": "Track 3", "slug": "bsidesaugusta2023-35774-7-hallway-con", "url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "title": "Hallway Con", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Break", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "attachments": []}, {"guid": "47528114-146e-55af-9628-5e1ce28194ae", "code": "9PAKUX", "id": 31701, "logo": null, "date": "2023-10-07T14:15:00-04:00", "start": "14:15", "duration": "01:00", "room": "Track 3", "slug": "bsidesaugusta2023-31701-jwt-misuse-abuse", "url": "https://pretalx.com/bsidesaugusta2023/talk/9PAKUX/", "title": "{JWT}.{Misuse}.&Abuse", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "JWTs are an incredibly flexible tool that make life easier for developers because they are standardized, widely supported, and include important security features by default. However, like any powerful tool, JWTs can be dangerous when used incorrectly, or for unintended purposes. In this talk, I aim to shine a light on common JWT misuse and abuse. I'll start by briefly describing JWTs and common use cases for them. I'll then present real world scenarios of misuse and abuse from applications that I've tested as a consultant, and written as an engineer. As I present each scenario, I'll demonstrate the various features and failures live, and discuss how the specific implementation of JWTs can be hardened. The end result will be an enlightening and entertaining presentation of information and experience that will provide the viewer with a practical knowledge of how, and how not, to use JWTs.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ELBKGE", "name": "Tim Tomes", "avatar": "https://pretalx.com/media/avatars/ELBKGE_0T8xFYA.webp", "biography": "Application Security Engineer with extensive experience in the information technology and security industries. Experience ranges from software development to full-scope penetration testing (red teaming) as both a technician and leader for both the United States Military and private industry. Currently specializing in application security as a trainer and practitioner of web application penetration testing and secure software development.", "public_name": "Tim Tomes", "guid": "0a7f0e21-2b68-53c3-927c-d920967863f9", "url": "https://pretalx.com/bsidesaugusta2023/speaker/ELBKGE/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/9PAKUX/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/9PAKUX/", "attachments": []}, {"guid": "b6c65f27-00bc-518c-a6f5-86f8ec2c2694", "code": "YY3AZB", "id": 34738, "logo": null, "date": "2023-10-07T15:15:00-04:00", "start": "15:15", "duration": "00:30", "room": "Track 3", "slug": "bsidesaugusta2023-34738-don-t-flip-out-rf-hacking-basics-explained", "url": "https://pretalx.com/bsidesaugusta2023/talk/YY3AZB/", "title": "Don\u2019t Flip Out: RF Hacking Basics Explained", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "This session will answer questions related to hacking using radio frequency (RF) devices. We will review past RF hacking events (both those that have happened and those of urban legend). We will discuss common RF hacking tools such as the Flipper Zero, HackRF, and more. Then we will touch on setting up a space for RF experimentation and the types of programs one might want to support RF work such as GNU Radio.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "A8RUDH", "name": "Rachel Jones", "avatar": "https://pretalx.com/media/avatars/A8RUDH_vbZxLwh.webp", "biography": "Rachel Jones has an interdisciplinary background, specializing in space and cyber technology. She has been an analyst at Savannah River National Laboratory (SRNL) since 2020. Previously, Rachel supported the United States Air Force as a civil servant working on space and cyber projects.\n\nRachel is also a PhD Student at the University of North Dakota studying Aerospace Science. She has a Master of Science in Space Management from the International Space University and a Master of Arts in Intelligence with a cyber focus from the American Military University. In addition, she has a Bachelor of Arts in Political Science from LaGrange College and a Bachelor of Science in Computer Networking and Cybersecurity from the University of Maryland Global Campus.", "public_name": "Rachel Jones", "guid": "7b0e9b80-5fa9-521b-9732-36ce67460641", "url": "https://pretalx.com/bsidesaugusta2023/speaker/A8RUDH/"}, {"code": "GHRSKT", "name": "Scott Jordan", "avatar": "https://pretalx.com/media/avatars/GHRSKT_2hHbdxg.webp", "biography": "Scott Jordan has a background in Electronics Design and Reverse Engineering. He has been an engineer with Savannah River National Laboratory (SRNL) since 2022 focusing on Cyber-Physical Security. He has a Bachelor\u2019s of Science in Electrical Engineering from Clemson University. Scott has dabbled in GNU Radio and Hack RF for many years.", "public_name": "Scott Jordan", "guid": "ef9a2d4f-6da4-5f68-a17b-4a79dce532fb", "url": "https://pretalx.com/bsidesaugusta2023/speaker/GHRSKT/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/YY3AZB/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/YY3AZB/", "attachments": []}, {"guid": "f9dca9ff-1e4d-5d05-801c-71ef37403bd9", "code": "DVSJEH", "id": 34758, "logo": null, "date": "2023-10-07T15:45:00-04:00", "start": "15:45", "duration": "01:00", "room": "Track 3", "slug": "bsidesaugusta2023-34758-deception-for-the-win-in-2023-and-beyond", "url": "https://pretalx.com/bsidesaugusta2023/talk/DVSJEH/", "title": "Deception for the Win in 2023 and Beyond", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Honeypots and other deception techniques have existed for decades but rarely are they deployed in most production environments. In this talk we\u2019ll dig into practical and easy ways to use deception and do our best to fix that gap. More specifically, in this talk we\u2019ll share ready to deploy and customize honey tokens, honey documents and similar tools ready to be used in your organization. We\u2019ll work with Security Onion as our detection platform and show you how to get deception deployed quickly and easily to the detriment of the cyber criminals and benefit of your defenses!", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "METNDR", "name": "Tim Crothers", "avatar": "https://pretalx.com/media/avatars/METNDR_lVXi0XD.webp", "biography": "Tim is fortunate to be the CISO for Mandiant as well as lead the Cloud Threat and Adversary Operations team for Google Cloud.  In these roles Tim and his team get to defend Mandiant and Google Cloud from some of the most sophisticated adversaries in the world.  Tim has almost 40 years in the technology space, starting his professional career in 1986, and has been privileged to work in security since 1994.  Over the course of these years he's had the opportunity to work in all aspects of cyber security and has a particular passion for cyber threat intelligence, reverse engineering, and incident response and breach investigation.  He's also authored or co-authored 17 books to date as well as spoken frequently internationally at some of the largest cyber security conferences in the world.  More importantly, Tim is blessed to be the partner of a spouse of 37 years and have 3 kids and 8 grandkids who call him Baba.  Ultimately, Tim has a passion for finding and developing talent as he believes that leaving the world a little better than we found it is everyone's responsibility.", "public_name": "Tim Crothers", "guid": "4bce3b3e-da8a-56f7-9101-9b35a89bf43f", "url": "https://pretalx.com/bsidesaugusta2023/speaker/METNDR/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/DVSJEH/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/DVSJEH/", "attachments": []}], "Track 4": [{"guid": "a815c3ec-8328-5f02-9432-8e4aca96584b", "code": "AS3TKT", "id": 35777, "logo": null, "date": "2023-10-07T07:45:00-04:00", "start": "07:45", "duration": "00:45", "room": "Track 4", "slug": "bsidesaugusta2023-35777-1-doors-open-check-in", "url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/", "title": "Doors Open / Check-in", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Grab your badge and freebies, then check out the CTF, exhibitors, lock pick village, and raffle table.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/", "attachments": []}, {"guid": "8248b734-6188-54c7-b099-465efcce69b4", "code": "7YJG8E", "id": 35776, "logo": null, "date": "2023-10-07T08:30:00-04:00", "start": "08:30", "duration": "00:30", "room": "Track 4", "slug": "bsidesaugusta2023-35776-3-opening-remarks", "url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/", "title": "Opening Remarks", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Live in Track 2, Simulcast in Tracks 3-5", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/", "attachments": []}, {"guid": "bf8bf391-5be0-5821-9c40-0b4d1db6e4ab", "code": "MFAZ7S", "id": 35375, "logo": null, "date": "2023-10-07T09:00:00-04:00", "start": "09:00", "duration": "01:00", "room": "Track 4", "slug": "bsidesaugusta2023-35375-3-dragons-eagles-bears-oh-my-nation-states-cyber-power-a-hacker-reflects-20-years-in", "url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/", "title": "Dragons & Eagles & Bears\u2026 Oh My \u2014 Nation States & Cyber Power: A Hacker Reflects, 20 Years In", "subtitle": "", "track": "Keynote", "type": "Talk", "language": "en", "abstract": "*Live in Track 2, Simulcast in Tracks 3-5*  \nIn this lively session custom developed for BSidesAugusta, Ed Skoudis will look at the evolving nature of how nation states wield power in cyber space through military and other engagements.  Back in the 2000\u2019s, Ed was a member of a US task force working on defining cyber space as a domain for military engagement, along with land, sea, air, and space.  In this session, Ed will reflect on the discussions from that time with what we got right, what we got wrong, and how it\u2019s going today.  We\u2019ll also look at the implications on mission preparedness and cyber ranges for practice.  We\u2019ll consider Cyber Persistence Theory and its application and take a glimpse into where this is all headed, from the perspective of a hacker who got caught up in a series of the most interesting projects in his entire life.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ZKTKAB", "name": "Ed Skoudis", "avatar": "https://pretalx.com/media/avatars/ZKTKAB_efWy592.webp", "biography": "If you mention \u201cEd\u201d when discussing penetration testing or incident response, everyone knows exactly of whom you are speaking. Ed Skoudis has taught upwards of 40,000 security professionals globally and his countless contributions to information security have had immense impact on the community. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first authorities brought in to provide post-attack analysis on major breaches. He\u2019s not just an expert in the field, he created many of the founding methodologies employed by governments and organizations around the world to test and secure their infrastructures.\n\nEd is the founder of the SANS Penetration Testing Curriculum and Counter Hack; leads the team that builds NetWars, Holiday Hack, and CyberCity; and serves as president of SANS Technology Institute. A consummate presenter, Ed is a keynote speaker appearing internationally at conferences, and is an Advisory Board member for RSA.", "public_name": "Ed Skoudis", "guid": "9fb1b4e4-95c9-53d5-a199-65330f98c75f", "url": "https://pretalx.com/bsidesaugusta2023/speaker/ZKTKAB/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/", "attachments": []}, {"guid": "afbd766f-f97c-5209-9840-428eb07cddec", "code": "QEHQDF", "id": 34763, "logo": null, "date": "2023-10-07T10:00:00-04:00", "start": "10:00", "duration": "01:00", "room": "Track 4", "slug": "bsidesaugusta2023-34763-story-time-with-paul", "url": "https://pretalx.com/bsidesaugusta2023/talk/QEHQDF/", "title": "Story Time With Paul", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "I have a story about a time me and a few other folks got together and made life difficult for some really bad people that belong in jail.  It\u2019s a fun story, and the first part of the story begins at BSides Augusta in 2019, which is why 4 years later I want to tell the rest of the story and how it ends in Augusta.", "description": null, "recording_license": "", "do_not_record": true, "persons": [{"code": "TF8TGV", "name": "Paul Melson", "avatar": "https://pretalx.com/media/avatars/TF8TGV_A8zKb6D.webp", "biography": "VP, Cybersecurity Solutions at Target", "public_name": "Paul Melson", "guid": "6c0ef77f-a4f2-5bd9-89bd-5642c33dafed", "url": "https://pretalx.com/bsidesaugusta2023/speaker/TF8TGV/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/QEHQDF/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/QEHQDF/", "attachments": []}, {"guid": "0abea1cd-aa05-55f3-a83a-8b0440757f2a", "code": "VUPECU", "id": 35774, "logo": null, "date": "2023-10-07T11:00:00-04:00", "start": "11:00", "duration": "00:15", "room": "Track 4", "slug": "bsidesaugusta2023-35774-1-hallway-con", "url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "title": "Hallway Con", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Break", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "attachments": []}, {"guid": "26b868f2-484d-51cd-887c-d503e589dbd0", "code": "8L8B9Z", "id": 31907, "logo": null, "date": "2023-10-07T11:15:00-04:00", "start": "11:15", "duration": "00:30", "room": "Track 4", "slug": "bsidesaugusta2023-31907-apteen-ultimate-insider-threat-or-a-series-of-teachable-moments", "url": "https://pretalx.com/bsidesaugusta2023/talk/8L8B9Z/", "title": "APTeen: Ultimate Insider Threat or A Series of Teachable Moments", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "What happens when your most trusted network becomes overrun with potentially malicious activity being carried out by someone you know and love? The real-world experience of a security professional and their teenage child navigating the balance of security and safety while maintaining privacy, respect, and a relationship based on trust and love. This talk goes beyond technology and uses this experience as a lens to understand better and discuss the often-forgotten element in our security practice- the human beings involved.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "AR9Z8Y", "name": "George Sandford", "avatar": "https://pretalx.com/media/avatars/AR9Z8Y_NtK3hCF.webp", "biography": "George Sandford is a passionate advocate for building a more effective and positive security community through expanding diversity & inclusion, mentorship, and helping individuals and teams reach their best potential. He has over 20 years of experience helping clients solve their IT and Security challenges through firsthand engagement, leading exceptional teams, and focusing on customer success.", "public_name": "George Sandford", "guid": "0c99c221-99d3-5996-adaa-69406425bc77", "url": "https://pretalx.com/bsidesaugusta2023/speaker/AR9Z8Y/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/8L8B9Z/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/8L8B9Z/", "attachments": []}, {"guid": "3cfa7aa4-8ed7-58fa-a042-bae3b7e704d1", "code": "LFSDER", "id": 35775, "logo": null, "date": "2023-10-07T11:45:00-04:00", "start": "11:45", "duration": "00:45", "room": "Track 4", "slug": "bsidesaugusta2023-35775-1-lunch", "url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/", "title": "Lunch", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Enjoy lunch provided by Chick-fil-A!  A vegetarian option will also be available.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/", "attachments": []}, {"guid": "07e59aa4-dad2-59fb-8d6b-ec6434daa65a", "code": "KYRHKZ", "id": 33710, "logo": null, "date": "2023-10-07T12:30:00-04:00", "start": "12:30", "duration": "01:00", "room": "Track 4", "slug": "bsidesaugusta2023-33710-harnessing-ml-and-ai-for-next-gen-security-engineering", "url": "https://pretalx.com/bsidesaugusta2023/talk/KYRHKZ/", "title": "Harnessing ML and AI for Next-Gen Security Engineering", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The next generation of cybersecurity engineers will be data engineers who happen to specialize in cybersecurity. This talk aims at showing how cybersecurity engineers can benefit from today's technology to make sense of the sea of data that they are gathering. Currently, we are constantly bombarded with information about GPT, ML, AI, and a variety of abbreviations. The question is, though, how can we as cybersecurity engineers capitalize on these tools? I will answer this question with a concrete example of the usage of ML and AI from the perspective of a cybersecurity researcher. The goal of my talk is to show that, with today's tools, a cybersecurity professional can make new discoveries and invent creative ways of using cybersecurity data for business solutions.\n\nFirst, I will dive into the types of data we encounter in the cybersecurity ecosystem. Then I will analyze the framework of exploratory data analysis (EDA), which includes statistics and visualizations to make sense of an opaque dataset. I will give solid examples of how we engineer features from our data. Finally, I will demonstrate the use of AI to \"question\" your data, help you draw conclusions, and create models to detect malicious behavior.\n\nThis talk includes a demo with Jupyter notebooks and public packet capture data. It demonstrates how we can capitalize on packet captures to discover malicious activity using Pandas AI, Scikit LLM, and a variety of Python libraries. The audience is taken through the journey of raw data, exploratory data analysis, feature engineering, and finally modeling. Through this journey from raw data to models, I aim to describe the possibilities that ML and openAI models have opened for cybersecurity engineers to be creative and resourceful. The code for this talk is in the repo: https://github.com/mundruid/bsides-augusta-2023.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "GMN9YK", "name": "Xenia Mountrouidou", "avatar": "https://pretalx.com/media/avatars/GMN9YK_AKMpZsa.webp", "biography": "Xenia Mountrouidou is a Senior Security Researcher at CyberadAPT with a versatile experience in academia and industry. She has over 10 years of research experience in network security, machine learning, and data analytics for computer networks. She enjoys writing Python scripts to automate the boring things, finding interesting patterns with machine learning algorithms, and researching novel intrusion detection techniques. Her research interests revolve around network security, Internet of Things, intrusion detection, and machine learning. She has authored scholarly papers in the areas of performance modeling, computer networks, embedded computer architectures, and computer network security.", "public_name": "Xenia Mountrouidou", "guid": "9d5621e5-ee59-54fa-b1a6-bd08bfebf65b", "url": "https://pretalx.com/bsidesaugusta2023/speaker/GMN9YK/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/KYRHKZ/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/KYRHKZ/", "attachments": []}, {"guid": "a75dd3ab-7216-5e3e-96c7-3d9e1bd6dc87", "code": "NFLZU9", "id": 33023, "logo": "https://pretalx.com/media/bsidesaugusta2023/submissions/NFLZU9/UtilSec_watercolor_expansive_power_plant_a_white_ba_vN0PH0d.png", "date": "2023-10-07T13:30:00-04:00", "start": "13:30", "duration": "00:30", "room": "Track 4", "slug": "bsidesaugusta2023-33023-how-do-we-secure-critical-infrastructure", "url": "https://pretalx.com/bsidesaugusta2023/talk/NFLZU9/", "title": "How Do We Secure Critical Infrastructure?", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The need for cybersecurity in critical infrastructure environments (e.g., energy pipelines, power plants, nuclear facilities, petrochemical sites, water treatment plants) is at critical levels. In this discussion, we\u2019ll be looking at the current state of cybersecurity in these types of ICS/OT environments, including interesting developments in the ICS/OT attack landscape.  We will also look at top ways to secure these specialized environments and reduce the risks associated with cyber attacks.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "D9YZHS", "name": "Michael Holcomb", "avatar": "https://pretalx.com/media/avatars/D9YZHS_Pp7EXLW.webp", "biography": "Michael Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world\u2019s largest engineering, procurement, and construction companies. His current role provides him with the opportunity to work in securing some of the world\u2019s largest ICS/OT environments, from power plants and commuter rail to manufacturing facilities and refineries. He is currently completing his Master\u2019s thesis on the attack surface of Programmable Logic Controllers (PLCs) with the SANS Technology Institute. Additionally, he maintains cyber security and ICS/OT certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more.\n\nAs part of his community efforts, Michael founded and leads the UpstateSC ISSA Chapter and BSides Greenville conference. He also wrote and taught all six cyber security courses for Greenville Technical College's cyber security program which focused on helping educate the cyber security practitioners of tomorrow. In 2023, he was awarded CyberSC\u2019s MG Lester D. Eisner Award for Cyber Excellence in Leadership for the State of South Carolina.", "public_name": "Michael Holcomb", "guid": "b2e703a7-3d93-58ee-8067-a77376003810", "url": "https://pretalx.com/bsidesaugusta2023/speaker/D9YZHS/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/NFLZU9/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/NFLZU9/", "attachments": []}, {"guid": "e0d6b7f6-67d0-54ae-a450-d900e38b7e18", "code": "VUPECU", "id": 35774, "logo": null, "date": "2023-10-07T14:00:00-04:00", "start": "14:00", "duration": "00:15", "room": "Track 4", "slug": "bsidesaugusta2023-35774-5-hallway-con", "url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "title": "Hallway Con", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Break", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "attachments": []}, {"guid": "3048cb98-b4ed-554e-b613-c580905c91bf", "code": "SBEYDW", "id": 34316, "logo": null, "date": "2023-10-07T14:15:00-04:00", "start": "14:15", "duration": "01:00", "room": "Track 4", "slug": "bsidesaugusta2023-34316-detecting-ghouls-ghosts-in-the-wires", "url": "https://pretalx.com/bsidesaugusta2023/talk/SBEYDW/", "title": "Detecting Ghouls & Ghosts in the Wires", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The rise in ransomware attacks and third-party breach notifications has contributed to reducing the global mean time to detection (MTTD). So, adversary dwell time is likely much higher than perceived. We must also consider the \"unknowns unknowns\" that allow attackers to lurk casually on our networks like silent ghosts. In this talk, we will look at a blue team tactic for Microsoft Windows environments that will help reduce the dwell time of ghouls feeding on our sensitive data and the ghosts haunting our networks. A demo at the end will showcase one way to operationalize the information presented using a custom tool.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "L9GGTA", "name": "Michael Edie", "avatar": "https://pretalx.com/media/avatars/L9GGTA_IiRRdQz.webp", "biography": "Michael is a Senior Security Engineer with over 10 years of experience in the public and private sectors. He is a proactive and iterative cyber threat hunter specializing in detection engineering, DFIR, and automation. Michael has led teams and directed collaborative efforts to develop and implement strategies for mitigating evolving threat trends.\n\nMichael is the Founder and Principal Consultant of Sawbox Consulting, where he identifies and resolves security issues, implements solutions and evaluates security systems for clients. Additionally, he serves as the Executive Director and Co-Founder of SmashTheStack, a prominent educational platform focused on ethical hacking. His dedication to sharing knowledge is further exemplified by his role as a Cybersecurity Author on Pluralsight, where he has created and published several high-quality courses.\n\nMichael holds a Bachelor of Science (B.S.) in Computer Science from the University of Maryland Global College and has obtained multiple certifications, including CompTIA Advanced Security Practitioner (CASP+), Certified Ethical Hacker (CEH), and multiple GIAC certifications.", "public_name": "Michael Edie", "guid": "7adff677-ab4f-5fd5-bf1a-90241136b047", "url": "https://pretalx.com/bsidesaugusta2023/speaker/L9GGTA/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/SBEYDW/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/SBEYDW/", "attachments": []}, {"guid": "e4f12d88-da1e-5622-8aa7-fe34dfd8d171", "code": "VEE8DP", "id": 34693, "logo": null, "date": "2023-10-07T15:15:00-04:00", "start": "15:15", "duration": "00:30", "room": "Track 4", "slug": "bsidesaugusta2023-34693-good-behavior-is-its-own-reward-improving-your-detection-process", "url": "https://pretalx.com/bsidesaugusta2023/talk/VEE8DP/", "title": "Good Behavior is its own reward: Improving your detection process", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "In the realm of cybersecurity, the continuous evolution of malicious threats necessitates robust detection mechanisms. Traditional signature-based detections, which rely on predefined patterns or signatures of known threats, have long been employed to identify and mitigate malicious activities. However, the rising sophistication of cyberattacks, characterized by polymorphism, obfuscation, and zero-day exploits, has exposed the limitations of signature-based approaches.\n\nThis talk delves into the paradigm shift towards behavior-based detections as a superior alternative to signature-based methods. Behavior-based detections focus on analyzing the dynamic actions and patterns exhibited by software, users, or entities, enabling proactive identification of anomalous or malicious behavior. By studying the inherent characteristics of behaviors, such as sequences, frequencies, and contextual relationships, behavior-based detections transcend the constraints of static signatures.\n\nThe key advantages of behavior-based detections lie in their adaptability, effectiveness against unknown threats, and resilience against evasion techniques. Unlike signature-based detections, behavior-based approaches are not reliant on specific signatures or patterns, allowing them to identify previously unseen threats that evade traditional methods. Moreover, behavior-based detections excel in capturing contextual information, understanding normal usage patterns, and flagging deviations from expected behavior.\n\nThis talk explores various techniques employed in behavior-based detections, including machine learning, anomaly detection, heuristics, statistical analysis, and how to properly share knowledge through Alerting and Detection Strategy writeups (ADS). It discusses the merits of these techniques, highlighting their ability to detect zero-day attacks, polymorphic malware, advanced persistent threats (APTs), and insider threats. The challenges associated with behavior-based detections, such as false positives, resource requirements, and privacy concerns, are also examined.\n\nThe analysis and comparison of behavior-based detections with signature-based detections demonstrate the superiority of behavior-based approaches in terms of early detection, reduced false negatives, improved response time, and enhanced adaptability. The effectiveness of behavior-based detections in various real-world scenarios is illustrated through case studies and empirical evaluations.\n\nUltimately, this talk advocates for the widespread adoption of behavior-based detections as a cornerstone of modern cybersecurity strategies. By embracing the dynamic nature of behaviors and leveraging advanced analytical techniques, organizations can fortify their defenses against emerging threats, ensuring the security and integrity of their digital ecosystems.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "JASSXN", "name": "Nicholas Gobern", "avatar": "https://pretalx.com/media/avatars/JASSXN_y69AyuW.webp", "biography": "Nicholas previously served as a cyber officer within defensive cyberspace operations, and now works as a Defensive Security Analyst with SpecterOps where he assists in developing Security Operation Centers for customers, develop detection mechanisms, and assist in the enhancement customer security. \n\nHe has a deree in Computer Science from Hampton University, and holds OSCP, OSWE, and OSEP.", "public_name": "Nicholas Gobern", "guid": "bef4f6f5-78bc-5daa-a99b-c7a88a387bd8", "url": "https://pretalx.com/bsidesaugusta2023/speaker/JASSXN/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/VEE8DP/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/VEE8DP/", "attachments": []}, {"guid": "705d145a-9ccf-5314-a0e4-750c5d70c013", "code": "GDJHNZ", "id": 34756, "logo": null, "date": "2023-10-07T15:45:00-04:00", "start": "15:45", "duration": "01:00", "room": "Track 4", "slug": "bsidesaugusta2023-34756-splunkgpt", "url": "https://pretalx.com/bsidesaugusta2023/talk/GDJHNZ/", "title": "SplunkGPT", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "In the evolving landscape of cybersecurity, professionals are often inundated with vast amounts of data. Splunk has been a game-changer in analyzing and visualizing this data. However, crafting precise queries in Splunk\u2019s Search Processing Language (SPL) requires expertise and can be time-consuming. Enter SplunkGPT \u2013 the start of a solution that harnesses the power of GPT-3 to transform natural language queries into SPL, making data retrieval more intuitive and efficient.\n\nIn this talk, we will journey through the development of SplunkGPT. We will start by exploring the capabilities of OpenAI's GPT-3 in processing natural language queries. Through live demonstrations, we will observe how GPT-3, in its vanilla form, can handle basic queries but falls short when faced with complex, domain-specific questions.\n\nRecognizing these limitations, we will delve into the world of fine-tuning GPT-3. We will unravel the process of collecting domain-specific training data, creating templates, and refining GPT-3 to understand the intricacies of SPL and cybersecurity data. The audience will gain insights into the challenges and best practices of fine-tuning a language model for specialized tasks.\n\nNext, we will unveil the architecture of the semantic parser that integrates the fine-tuned GPT-3 model. We will discuss how this parser converts natural language queries into SPL queries, and how it is seamlessly integrated with the Splunk database.\n\nFinally, we will explore the broader applications and implications of this technology in the cybersecurity domain, followed by an interactive Q&A session.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "HPSBRE", "name": "Jake Coyne", "avatar": "https://pretalx.com/media/avatars/HPSBRE_FNLcZdE.webp", "biography": "Jake Coyne is a cybersecurity professional specializing in offensive security operations. He currently holds the position of Senior Offensive Operator at SIXGEN. Before joining SIXGEN, Jake was part of the U.S. Army Cyber Command and U.S. Cyber Command, where he contributed to cyber operations.\n\nJake earned a Master's degree in Cyber Security from Georgia Institute of Technology and a Bachelor's degree in Industrial Technology from Illinois State University. He holds several certifications in the field of cybersecurity, including Offensive Security Certified Professional (OSCP), Global Industrial Cyber Security Professional (GICSP), GIAC Response and Industrial Defense (GRID), and Certified Information Systems Security Professional (CISSP).", "public_name": "Jake Coyne", "guid": "7e67116f-ff25-5b68-a245-5fadd9089d4a", "url": "https://pretalx.com/bsidesaugusta2023/speaker/HPSBRE/"}, {"code": "Z8FFMT", "name": "Andrew Gomez", "avatar": "https://pretalx.com/media/avatars/Z8FFMT_ktoupL4.webp", "biography": "Andrew is a member of SixGen, where he works as an Offensive Cyber Operator that specializes in network and web application pentesting. Before joining SixGen, Andrew was part of the U.S. Army Cyber Command, where he contributed to the success of defensive cyber operations.\n\nAndrew holds a Master of Science in Cybersecurity from Georgia Institute of Technology and a Bachelor of Science in Computer Science from the University of North Georgia. Andrew has also obtained multiple certifications, including OSEP, OSCP, CRTL, CRTO, and CISSP.", "public_name": "Andrew Gomez", "guid": "62500742-a290-5430-847e-cd4a2fc3ff52", "url": "https://pretalx.com/bsidesaugusta2023/speaker/Z8FFMT/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/GDJHNZ/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/GDJHNZ/", "attachments": []}], "Track 5": [{"guid": "38503ff5-60a8-5287-914d-d1f569b11acf", "code": "AS3TKT", "id": 35777, "logo": null, "date": "2023-10-07T07:45:00-04:00", "start": "07:45", "duration": "00:45", "room": "Track 5", "slug": "bsidesaugusta2023-35777-2-doors-open-check-in", "url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/", "title": "Doors Open / Check-in", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Grab your badge and freebies, then check out the CTF, exhibitors, lock pick village, and raffle table.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/AS3TKT/", "attachments": []}, {"guid": "6ab537df-ed81-56bc-9de8-a3c1a50b5b86", "code": "7YJG8E", "id": 35776, "logo": null, "date": "2023-10-07T08:30:00-04:00", "start": "08:30", "duration": "00:30", "room": "Track 5", "slug": "bsidesaugusta2023-35776-1-opening-remarks", "url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/", "title": "Opening Remarks", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Live in Track 2, Simulcast in Tracks 3-5", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/7YJG8E/", "attachments": []}, {"guid": "9646fa3e-2bd4-50b2-ac81-c0faeb30a65f", "code": "MFAZ7S", "id": 35375, "logo": null, "date": "2023-10-07T09:00:00-04:00", "start": "09:00", "duration": "01:00", "room": "Track 5", "slug": "bsidesaugusta2023-35375-2-dragons-eagles-bears-oh-my-nation-states-cyber-power-a-hacker-reflects-20-years-in", "url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/", "title": "Dragons & Eagles & Bears\u2026 Oh My \u2014 Nation States & Cyber Power: A Hacker Reflects, 20 Years In", "subtitle": "", "track": "Keynote", "type": "Talk", "language": "en", "abstract": "*Live in Track 2, Simulcast in Tracks 3-5*  \nIn this lively session custom developed for BSidesAugusta, Ed Skoudis will look at the evolving nature of how nation states wield power in cyber space through military and other engagements.  Back in the 2000\u2019s, Ed was a member of a US task force working on defining cyber space as a domain for military engagement, along with land, sea, air, and space.  In this session, Ed will reflect on the discussions from that time with what we got right, what we got wrong, and how it\u2019s going today.  We\u2019ll also look at the implications on mission preparedness and cyber ranges for practice.  We\u2019ll consider Cyber Persistence Theory and its application and take a glimpse into where this is all headed, from the perspective of a hacker who got caught up in a series of the most interesting projects in his entire life.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ZKTKAB", "name": "Ed Skoudis", "avatar": "https://pretalx.com/media/avatars/ZKTKAB_efWy592.webp", "biography": "If you mention \u201cEd\u201d when discussing penetration testing or incident response, everyone knows exactly of whom you are speaking. Ed Skoudis has taught upwards of 40,000 security professionals globally and his countless contributions to information security have had immense impact on the community. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first authorities brought in to provide post-attack analysis on major breaches. He\u2019s not just an expert in the field, he created many of the founding methodologies employed by governments and organizations around the world to test and secure their infrastructures.\n\nEd is the founder of the SANS Penetration Testing Curriculum and Counter Hack; leads the team that builds NetWars, Holiday Hack, and CyberCity; and serves as president of SANS Technology Institute. A consummate presenter, Ed is a keynote speaker appearing internationally at conferences, and is an Advisory Board member for RSA.", "public_name": "Ed Skoudis", "guid": "9fb1b4e4-95c9-53d5-a199-65330f98c75f", "url": "https://pretalx.com/bsidesaugusta2023/speaker/ZKTKAB/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/MFAZ7S/", "attachments": []}, {"guid": "a915b34a-1d95-51d0-98f1-e9a92473c953", "code": "WPPRAX", "id": 31860, "logo": null, "date": "2023-10-07T10:00:00-04:00", "start": "10:00", "duration": "01:00", "room": "Track 5", "slug": "bsidesaugusta2023-31860-taken-what-happens-when-a-hacker-s-daughter-goes-missing", "url": "https://pretalx.com/bsidesaugusta2023/talk/WPPRAX/", "title": "Taken: What Happens When A Hacker's Daughter Goes Missing", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "In October 2022, I received the worst call of my life: my 17-year-old daughter was missing. As a cybersecurity professional with a background in digital network intelligence at the DoD, I immediately knew that I could leverage my skills to find her. In this talk, I will share my experience and techniques that helped me locate my daughter. I will walk through the steps I took, including extracting and analyzing data from her digital devices using a PowerShell script, and how this information was used to get the FBI on board. Through this talk, I hope to provide valuable insights and tips to other cybersecurity professionals, law enforcement officers, and parents on how to use digital data to aid in missing persons cases.\n\nThis is not only a personal story but also an educational opportunity to understand how digital data can play a critical role in solving missing person cases. I believe this talk will resonate with the BSides community and will provide attendees with practical skills that can be applied to their own professional and personal lives.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "83RHWV", "name": "Marc Lopez", "avatar": "https://pretalx.com/media/avatars/83RHWV_htKIDf4.webp", "biography": "Marc Lopez is a cybersecurity professional with nearly two decades of experience in cyber and intelligence operations. He serves as a Senior Technical Advisor for offensive operations at Fort Gordon. \nIn addition to his work at Fort Gordon, Marc is a respected educator who teaches cybersecurity bootcamp classes with ED-X at top-tier universities such as Georgia Tech, University of North Carolina (Charlotte), and the University of Utah. His commitment to education is further reinforced by his pursuit of a Master's in Information Technology focused on Information Assurance and Security at American Military University.\nHis list of certifications includes the highly esteemed CISSP, PMP, Linux+, and AZ-900 (Azure Fundamentals). His broad range of knowledge and experience allows him to bring a unique perspective to the multifaceted domain of cybersecurity.", "public_name": "Marc Lopez", "guid": "90bafb6f-0310-5607-9ed5-8f81d3f50674", "url": "https://pretalx.com/bsidesaugusta2023/speaker/83RHWV/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/WPPRAX/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/WPPRAX/", "attachments": []}, {"guid": "f0f26617-0875-5022-9a19-acbb07af832d", "code": "VUPECU", "id": 35774, "logo": null, "date": "2023-10-07T11:00:00-04:00", "start": "11:00", "duration": "00:15", "room": "Track 5", "slug": "bsidesaugusta2023-35774-3-hallway-con", "url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "title": "Hallway Con", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Break", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "attachments": []}, {"guid": "0b1a881c-d35c-54a7-9b5b-94e46358d063", "code": "BAVGJX", "id": 34754, "logo": null, "date": "2023-10-07T11:15:00-04:00", "start": "11:15", "duration": "00:30", "room": "Track 5", "slug": "bsidesaugusta2023-34754-random-numbers-today-and-tomorrow", "url": "https://pretalx.com/bsidesaugusta2023/talk/BAVGJX/", "title": "Random Numbers Today and Tomorrow", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "R.R. Coveyou famously titled a 1970 article, \"Random Number Generation Is Too Important to Be Left to Chance\". In this presentation, I will recap the importance of randomness in computing and the current landscape of pseudorandom and true random number generation. I will also discuss the promise of quantum random number generation from radioactive decay to the use of quantum states of light to gather entropy from a quantum origin. Finally, I will discuss the question of 'trust' in random numbers generated by quantum means.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "XG9ZLQ", "name": "Steven Weldon", "avatar": "https://pretalx.com/media/avatars/XG9ZLQ_ykbhpiY.webp", "biography": "Steven Weldon is the Savannah River National Laboratory Cyber Program Director at the Georgia Cyber Center. He is also an adjunct Instructor at the Augusta University School of Computer and Cyber Sciences.", "public_name": "Steven Weldon", "guid": "0a1f2ac1-8b5f-5a86-8d4e-26d971fe308a", "url": "https://pretalx.com/bsidesaugusta2023/speaker/XG9ZLQ/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/BAVGJX/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/BAVGJX/", "attachments": []}, {"guid": "dad22aeb-80ca-54be-a590-c40557b10c46", "code": "LFSDER", "id": 35775, "logo": null, "date": "2023-10-07T11:45:00-04:00", "start": "11:45", "duration": "00:45", "room": "Track 5", "slug": "bsidesaugusta2023-35775-2-lunch", "url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/", "title": "Lunch", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Enjoy lunch provided by Chick-fil-A!  A vegetarian option will also be available.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/LFSDER/", "attachments": []}, {"guid": "3b3c19d7-e8cd-5d68-9277-1f0ca975700b", "code": "CEEF7W", "id": 31585, "logo": null, "date": "2023-10-07T12:30:00-04:00", "start": "12:30", "duration": "01:00", "room": "Track 5", "slug": "bsidesaugusta2023-31585-dfir-101-clones-drones-prison-phones", "url": "https://pretalx.com/bsidesaugusta2023/talk/CEEF7W/", "title": "DFIR 101 - Clones, drones, & prison phones", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "A couple of years ago, I stumbled into the world of law enforcement Digital Forensics and Incident Response (DFIR).  This talk will share my journey into and discovery of a new niche of IT I didn't know existed.  \nCome for an introduction to the hardware, software, processes, and people of DFIR.\nLearn how those pieces work together to gather data, review, build a timeline, and put the bad guys behind bars.\nLeave with the curiosity to head home, image your phone/computer, and start digging around in your own data.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "PWHDYV", "name": "Mike Judd", "avatar": null, "biography": "Mike has spent many years in the MSP world helping businesses protect and grow their IT systems.  Over that time, I've fixed mice, laid out IT roadmaps, and managed systems & tools that do the behind-the-scenes heavy lifting.  My first computer was an Apple IIc clone, I learned programming on the Atari 2600, and I've braved an AS/400.  Away from the keyboard, I enjoy time with my kids, geocaching, and wood-turning.", "public_name": "Mike Judd", "guid": "f9700130-897e-5f40-9d6c-5cc25d3df9e9", "url": "https://pretalx.com/bsidesaugusta2023/speaker/PWHDYV/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/CEEF7W/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/CEEF7W/", "attachments": []}, {"guid": "621b5431-95c8-5f3f-a8da-a1b482aea25c", "code": "TS7ZPC", "id": 31620, "logo": null, "date": "2023-10-07T13:30:00-04:00", "start": "13:30", "duration": "00:30", "room": "Track 5", "slug": "bsidesaugusta2023-31620-the-security-hitchhiker-s-guide-to-api-security", "url": "https://pretalx.com/bsidesaugusta2023/talk/TS7ZPC/", "title": "The Security Hitchhiker's Guide to API Security", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "API security is so hot right now! Organizations don\u2019t fully understand APIs, how to find them, and secure them. This can feel scary. Don\u2019t Panic. Grab your towel and join me on a meme adventure to explore the API galaxy. We\u2019ll cover the history of APIs. Why people now suddenly care about them and why they\u2019re such a hot topic. We\u2019ll go over some ways to identify APIs within an environment. We\u2019ll cover how API security is different and how to start securing them. We\u2019ll review the API security tooling landscape. Finally, we\u2019ll review resources to get your towel wrapped around API security and answer the ultimate API questions.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "UAJZCM", "name": "Timothy De Block", "avatar": "https://pretalx.com/media/avatars/UAJZCM_XbdgPRN.webp", "biography": "Timothy De Block is a security generalist. He cut his teeth in IT as an Electronic Technician for the United States Navy and the State of South Carolina. He jumped to security in 2012 and has done a little of everything. He reads because he has a strong passion to learn. One of his most recent reads was a Douglas Adams series that included The Hitchhiker\u2019s Guide to the Galaxy (hence the title). He also enjoys Overwatch and forcing his kids on a 13 mile backpacking camping trip. Fin.", "public_name": "Timothy De Block", "guid": "d125c917-bbbf-55ea-be17-3c476bd34673", "url": "https://pretalx.com/bsidesaugusta2023/speaker/UAJZCM/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/TS7ZPC/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/TS7ZPC/", "attachments": []}, {"guid": "0063d825-9f06-50bf-be1b-c816c00c31c5", "code": "VUPECU", "id": 35774, "logo": null, "date": "2023-10-07T14:00:00-04:00", "start": "14:00", "duration": "00:15", "room": "Track 5", "slug": "bsidesaugusta2023-35774-4-hallway-con", "url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "title": "Hallway Con", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Break", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/VUPECU/", "attachments": []}, {"guid": "3ab30516-7728-53e7-98c7-0590d566ab9d", "code": "ZQUUF7", "id": 31676, "logo": null, "date": "2023-10-07T14:15:00-04:00", "start": "14:15", "duration": "01:00", "room": "Track 5", "slug": "bsidesaugusta2023-31676-baby-steps-to-the-future-evolving-into-the-next-gen-soc", "url": "https://pretalx.com/bsidesaugusta2023/talk/ZQUUF7/", "title": "Baby Steps to the Future \u2013 Evolving into the Next-Gen SOC", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Most SOCs are unable to keep up with the attacks of today due to structure constraints surrounding outdated architecture. That structure does not scale to protect the rapidly changing, distributed environments that SOCs are required to defend from attackers that have risen in both number and sophistication. To counter, SOCs must evolve to become 'Next-Gen'. This talk will present concrete steps organizations can take to evolve from today's rigid structures into a dynamic, agile entity that can quickly react to threats of today and tomorrow. The presentation groups these steps into three phases demonstrating clear paths to grow people, modify processes, and change technologies. Additionally, recommendations will be given for adaptations that still provide the advance capabilities needed to protect a variety of enterprise types. Organizations can use the strategies discussed in this talk to help them develop multi-year plans that can protect the enterprise.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "NVLJ7T", "name": "Craig Bowser", "avatar": null, "biography": "Craig Bowser is an infosec professional with over 20 years of experience. After ten years in the Air Force as a communications officer, he has worked as an Information Security Manager, Security Engineer, Security Analyst and Information System Security Officer for contractors in DoD, DOJ and Dept of Energy and is currently a Security Solutions Architect at GuidePoint Security. He has some letters that mean something to HR departments. He is a Christian, Father, Husband, Geek, Scout Leader who enjoys woodworking, sci-fi fantasy, home networking, tinkering with electronics, reading, and hiking. And he has a to-do list that is longer than his open to-do slots.", "public_name": "Craig Bowser", "guid": "a5d73fbf-a461-56f3-b48c-94cae4b1cfb8", "url": "https://pretalx.com/bsidesaugusta2023/speaker/NVLJ7T/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/ZQUUF7/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/ZQUUF7/", "attachments": []}, {"guid": "6b279827-a589-57bc-99ed-7296793d241a", "code": "9V7E7P", "id": 31622, "logo": null, "date": "2023-10-07T15:15:00-04:00", "start": "15:15", "duration": "00:30", "room": "Track 5", "slug": "bsidesaugusta2023-31622-you-ruined-my-christmas-so-i-ruined-your-new-year-dealing-with-a-nation-state-scrooge", "url": "https://pretalx.com/bsidesaugusta2023/talk/9V7E7P/", "title": "You Ruined My Christmas, So I Ruined Your New Year: Dealing with a Nation-State Scrooge", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "As many in the security industry are all too well aware, malicious cyber actors often like to target victims when they may be asleep at the wheel or enjoying some time away from the keyboard -- think Friday night mass exploitation parties, or playing the role of the Grinch on Christmas. But what do you do when the gift you wake up to on Christmas morning turns out to be a years-old intrusion by a stealthy nation-state threat group? Sometimes the answer is to play the game by their rules. This talk will examine just such a case in which Rapid7's Managed Detection & Response and Incident Response services uncovered--and subsequently eradicated--an advanced Chinese threat actor from a customer network by turning the adversary's playbook on its head.", "description": null, "recording_license": "", "do_not_record": true, "persons": [{"code": "GNLM9J", "name": "Lonnie Best", "avatar": "https://pretalx.com/media/avatars/GNLM9J_vbTOmD2.webp", "biography": "Lonnie Best has spent over 12 years in security, with his introduction to the field working physical security at a commercial nuclear power generating plant, and the last 6 of those years helping organizations detect and respond to security incidents as part of Rapid7's Managed Detection and Response (MDR) practice. His experience during that time is wide-ranging, including everything from responding to low-impact commodity malware, to working large-scale Incident Response engagements against advanced cyber criminal and nation state threat actors. Currently,  Lonnie leads a team of world-class threat analysts in Rapid7 MDR's flagship Security Operations Center in Arlington, Virginia, and is helping to evolve traditional MDR service capabilities to extend into the realm of ICS/OT cybersecurity.\n\nLonnie recently ended his military career after serving over 11 years as a Signal Officer in the Army National Guard. His assignments included Platoon Leader and Executive Officer of a Brigade Engineer Battalion Signal Company; S6 for a Brigade Support Battalion; Company Commander of a Network Support Company; Brigade Information Systems Engineer for a Maneuver Enhancement Brigade; and, during the final two years of his service, Information Operations Planner within the 91st Cyber Brigade, where he helped plan and coordinate several major Critical Infrastructure cyber exercises.", "public_name": "Lonnie Best", "guid": "0149c2db-eea6-51cb-bf73-61c176c53cd5", "url": "https://pretalx.com/bsidesaugusta2023/speaker/GNLM9J/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/9V7E7P/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/9V7E7P/", "attachments": []}, {"guid": "311cc57d-730e-5f17-95ed-d70713af48d2", "code": "ZZKJJC", "id": 34293, "logo": "https://pretalx.com/media/bsidesaugusta2023/submissions/ZZKJJC/C0686EA2-0990-4BB7-B2F9-CC7B402F21F6_zG6j3ph.jpeg", "date": "2023-10-07T15:45:00-04:00", "start": "15:45", "duration": "01:00", "room": "Track 5", "slug": "bsidesaugusta2023-34293-threat-hunting-and-hacking-questions-which-get-increasingly-harder", "url": "https://pretalx.com/bsidesaugusta2023/talk/ZZKJJC/", "title": "Threat Hunting and Hacking Questions which Get Increasingly Harder", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Have you ever wondered where you stand among the cybersecurity community? We\u2019re reviewing 30 questions that test your Threat Hunting Maturity with brief discussions that reveal the answer to each. This talk is packed with up-to-date, real world TTPs by Advanced Persistent Threats as well as knowledge of the use of EDRs and SIEMs. This presentation is based on an assessment I\u2019ve titled the Threat Hunting Maturity Exam which gives me a quick snapshot of the strengths and weaknesses of SOC Analysts and Threat Hunters. Come join the discussion. Answer all the questions and show everyone your skills or sit quietly and learn stuff. No judgement zone.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "C7JPZD", "name": "Terry D. Smith II", "avatar": "https://pretalx.com/media/avatars/C7JPZD_Diux26j.webp", "biography": "Threat hunting and Pen testing enthusiast with 7 years of experience currently working for the Cyber Protection Brigade. Certifications include OSCP, GXPN, GCPN, CEH, and CHFI. Education includes a Masters of Science in Information Technology with a concentration in Software Engineering. Top 3% on TryHackMe.", "public_name": "Terry D. Smith II", "guid": "0d0bc17e-e543-5f0e-a28b-237502fd3b7a", "url": "https://pretalx.com/bsidesaugusta2023/speaker/C7JPZD/"}], "links": [], "feedback_url": "https://pretalx.com/bsidesaugusta2023/talk/ZZKJJC/feedback/", "origin_url": "https://pretalx.com/bsidesaugusta2023/talk/ZZKJJC/", "attachments": []}]}}]}}}