Placeholder

A collection of (redacted) stories of using Open-Source Intelligence and Offensive Security Techniques to create so truly crazy yet actionable malicious scenarios to show the overall risk of organizations:
Includes:
• Liquidate the one of largest mining operations in the world.
• How to ruin a good bottle of wine
• Lights out with a .22

Have you heard of the Flipper Zero? It's an all-in-one pocket-sized hacker's dream!

We will explore the various features and applications the Flipper Zero has to offer, in addition to demonstrating several attacks the device can perform to illustrate the potential this device holds.

Whether you've just heard about the Flipper Zero today, or you have been a fan since day one, we'll walk through many features the Flipper offers as well as show some demonstrations of what people have done with this pocket-sized hacking tool.

During advanced red team engagements, a goal may be to compromise an executive's machine within a network. Typically, the proof-of-concept for this type of goal depicts a screenshot of the executive's desktop, email application, or other similar point-in-time proof. In some cases, an organization may be interested in long-term access to an executive's machine, to highlight the potential impact of long-term compromise and access.

Presently, host persistence options are well-signatured by capable Endpoint Detection and Response (EDR) solutions. Options such as auto-startup programs, registry key combinations, and scheduled tasks are under high scrutiny by EDR solutions.

Backdooring a single DLL as a form of host persistence may be feasible with current solutions, such as DLL proxying or using the backdoor factory. However, singularly backdoored DLLs are susceptible to program updates which can remove the backdoored DLL.

DUALITY can solve this problem by presenting tooling and a sequence of techniques to backdoor two or more DLLs, resulting in a 2-in-1 mechanism for initial access and long-term persistence. This solution can outlive multiple simultaneous program updates for longer-term persistence using backdoored DLLs only. Each infected DLL checks and reinfects other DLLs (the DUALS) as needed.

The tooling to be released includes pipelines that perform PIC compilation and a Cobalt Strike aggressor script to interact with backend infrastructure, making this capability operation-ready.

After DUALITY logic in a backdoored DLL executes, shellcode-based process injection is performed from the backdoored DLL to keep one C2 implant alive. An encrypted, clean version of NTDLL is included in backdoored DLLs to aid with stealthy DUALITY logic such as process injection.

Ultimately, by automating and weaponizing DUALITY-backdoored DLLs, this project hopes to bring more attention to applications loading userland DLLs without signature checking.

This talk will dive into the implementation of Azure OpenAI Service for ChatGPT at Kimberly-Clark and how it enabled the business to use ChatGPT with more security controls. Kimberly-Clark, a Fortune 200 organization, wanted a secured space for employees to utilize ChatGPT.

Increasingly, boards looking to better understand how cyber risk impacts their business and are looking to CISOs to provide that context. However, Many CISOs don't possess the skills to effectively translate security into business language. This session will provide actionable guidance and shareable slideware to creating compelling stories around securely enabling business through risk reduction.

This presentation will explore the unique challenges that IoT and OT pose for network scanning and provide solutions for effectively addressing these challenges while ensuring the safety and availability of these systems.

The Solar Winds, 3CX and CircleCI software supply chain attacks exposed gaps in the current application and software supply chain security paradigm, highlighting the need for orgs to zero in on issues unique to software supply chain attacks. Join Field CISO Matt Rose as he unpacks recent attacks, the need to better prioritize secrets, malware, tampering. SBOMs, and application/software behaviors. You will learn some simple steps that application security and third party risk management teams can take to level up their Software Supply Chain Security initiatives.

The dark web is filled with threat actors planning nefarious crimes. Cybersecurity professionals know that threat hunting in these underground environments is necessary, but they don’t know the most crucial step to beginning the process. ‘How do you access the deep and dark web?’ and ‘How do you gain a threat actor’s trust?’ These are the most commonly asked questions of cybersecurity professionals preparing a proactive threat hunt.

Navigating the underground requires dedication to persona management and setting up a safe and secure environment to ensure one does not expose themselves to malicious actors. Senior Threat Intel Specialist at Cybersixgill, Michael-Angelo Zummo, will demonstrate how to set up a secure environment (dirty machine) using Tails, how to find sources in the dark web, best practices when creating your first persona, communicate with threat actors, and of course, how to seek out threats once you gain access to the sources where threat actors plan, play, and profit. All while using real examples that attendees can try for themselves.

From this session attendees will:
1) Gain practical knowledge on the tools threat actors use to remain anonymous and communicate
2) Identify popular sources where threat actors communicate and share malicious tools and sensitive data
3) Learn how to threat hunt once one has successfully infiltrated these underground sources

This talk highlights how core computer science algorithms can guide life decisions and enhance cybersecurity operations. Through real-world examples, we’ll examine three key algorithms, illustrating their value in counterintuitive yet effective cybersecurity practices.

Electronic badges are becoming more and more popular at conferences. They range from very simple, like a PCB powering a single LED, to something much more complex with LEDs, sensors, and buttons. Many conference badges provide an option for users to "add on" to the main badge by means of connecting an SAO ("simple" add-on). This is a great way to get your organization's brand out there. In short, it makes for really great swag and something conference goers will treasure. I will talk about my recent efforts and partnership to create and distribute an SAO for my local hacker/infosec community at an infosec conference earlier this year. Participants earned their SAO by completing a CTF challenge. We had great engagement with the CTF and we had pre-built SAOs ready to go but also gave participants the option to take their SAO board and assemble their own. I will share lessons learned and provide a playbook if you are interested in doing the same for your group.

SaaS has been described as the operating system of business. Therefore it’s essential to protect the sensitive data that is stored and processed in SaaS systems by monitoring for any anomalous or malicious activity. Traditional security monitoring focuses heavily on endpoint, network, and infrastructure audit logs, with a vast amount of resources available to guide network defense priorities. However, network defenders must now shift their focus to also include monitoring for tens to hundreds of SaaS applications, each with its own unique challenges and nuances involving collection, schema, and visibility, without established standards or resources to guide the way.

This problem led to the creation of the Event Maturity Matrix: a comprehensive knowledge base dedicated to SaaS application audit logging. Its purpose is to serve as a fundamental resource for security professionals to gain a clear understanding of the capabilities and nuances surrounding SaaS audit logging. By leveraging this knowledge base, security practitioners can obtain visibility into the types of user activity actions that are logged, see real-world examples of how SaaS applications log user activity, and use these insights to inform their security operations and compliance objectives.

Are you struggling to keep up with false positive alerts? Worried the alerts you ingest will never catch true evil? Are you responding to malicious activity well after occurrence, rather than detecting in real time? If you answered “yes” to any of the above, this discussion is for you. Through this talk, attendees will be equipped with a trusted process to more effectively detect malicious activity in their environment.

Focusing on system binaries that frequently facilitate the download or execution of malicious code (rundll32.exe, msiexec.exe, regsvr32.exe, etc.), publicly available resources will be leveraged to determine normal behavior versus malicious behavior. We’ll walkthrough how to answer questions such as: what are normal command line parameters, process paths, and process lineages? Should this binary be making network connections? What are known abuse techniques of this binary?

We’ll then dive into a handful of options for creating effective detection logic. Delving into examples of real world threats and techniques often utilized by red teams (i.e.,search order hijacking, process injection, privilege escalation), these detection ideas will allow defenders to create alerts that have more meaning and a higher true positive rate.

Nermal is bored, so he decides to post a funny photo of his friend Otto. He thinks he is just joking, but as more people comment, Nermal begins to worry that he has accidentally become a cyberbully. Cyber safety expert Dr. Cybrina helps Garfield and friends choose their words carefully, think before they post, and understand what it means to be kind online.

This presentation will illustrate and describe our experiences in developing and running Security Operation Centers (SOCs). In this presentation, we will provide two distinct perspectives: one from a technical lead's vantage point and the other from upper management. Gain valuable insights into these complimentary viewpoints as we explore the fundamental elements of an effective SOC, address common technical challenges and offer practical solutions to them. Additionally, we will delve into the organizational and logistical intricacies involved in successfully creating and operating a SOC. Join us for an informative session that promises to equip you with a deeper understanding of SOC development and management.

The importance of an Incident Response Playbook and how to create one with an interactive game session.

This abstract explores the exciting intersection of AI and cybersecurity, showing how it can transform engineers into superheroes in the digital world. We delve into the awesome ways AI can level up your cybersecurity game, making you a 10x engineer.