Keynote
Finding a good work/life balance can be a challenge for security professionals. Whether you are drowning in a sea of alerts and notifications, trying to create a maximum output with minimum resources, or constantly wondering if that breach will happen on your watch…it’s no surprise that burnout rates and chronic dysregulation in the security industry are at an all time high. This talk will discuss the stressors that are unique to the security industry, recognize signs of burnout and stress in your team and yourself, and what you can do to help mitigate burnout risk and reduce stress and burnout related insider threats.
To effectively protect Critical Infrastructure from cyber threats, a specialized Security Operations Center (SOC) uses a distinct approach. Unlike a standard IT SOC, where Tier 1 Analysts handle initial event triage, the Critical Infrastructure SOC reverses this hierarchy. The highest-tier analysts, SMEs, form the majority, with lower tiers providing support. Rapid and flawless implementation of detection rules and severity levels for Tier 1 Analysts is impractical. Instead, analysts supporting SMEs gradually become experts and can handle complex Critical Infrastructure alerts, reducing the risk of kinetic impact.
Despite the hopes and dreams of moving to a cloud-centric identity, the reality is Active Directory (AD) is not retiring anytime soon for the organizations that use it. The complexities of how woven into the fabric of a business Active Directory is puts the brakes on even the most ambitious cloud-centric modernization programs. And while Active Directory tends to receive no love from the business, it certainly does from the threat actors – Mandiant has reported that 90% of all breaches they investigate involve Active Directory. Since things are not changing anytime soon, we might as well give AD a little bit of the security TLC.
In this session we will explore the most common blockers preventing organizations from parting ways with Active Directory. And since this staple directory service is sticking around, we will look at the most common threat patterns against Active Directory, and the critical security controls to help keep our users and business secure for as long as AD is here to stay.
Discussions of network segmentation take place in many public forums like conferences and workshops relating to protecting network infrastructure. What needs to be improved is guidance on how to approach it and what steps to take to apply it. As important as the technical design, it is essential to understand the goals of network segmentation for business continuity. There are two perspectives on network segmentation. One is from the perspective of the network engineer, and one is from the perspective of the cybersecurity engineer. This presentation will highlight the different perspectives of network segmentation and share philosophies on approaching it. This presentation will also discuss segmenting network topologies with Access Control List and firewalls and the importance of designing a flexible IP schema.
Companies who are not prepared for the evolving technology and capabilities of deepfakes risk compromising their security, IP, and corporate funds as threat actors expose a vulnerability in security practices. According to Business Insider, the employee of a Hong Kong multinational company recently remitted the equivalent of about $25.6 million — but it turned out to be a deepfake, according to local police. Deepfake social engineering has already occurred in multiple cases leading to CEO dismissals and embarrassment for the company. With the upcoming 2024 election, experts are expecting usage of deepfake technology to increase exponentially. Threat actors will undoubtedly gain access to this technology at lower and lower cost, making the threat to businesses even more prevalent.
In this talk, we will outline the ways companies can ensure they do not fall victim to these types of attacks by implementing low or no tech strategies including training and awareness, but also a process of “trust but verify” to ensure procedures are in place which prevent employees from taking unilateral action based on a deepfake interaction. Ironically, this incredibly advanced AI threat can be defeated with a no-technology solution.
In the aviation world, when bad things happen there is a culture of avoiding the blame game and instead focusing instead on how we can learn from our mistakes to make everyone safer. With the issues surrounding the 737 MAX series of aircraft over the past couple years, the FAA and NTSB have again held the line on focusing on safety and learning from mistakes despite media sensationalization. But we in the cybersecurity community can also take advantage of this learning opportunity. With news and whistleblower accounts of the design and quality issues leading to the MAX series aircraft, there are many parallels to what happens in the cybersecurity space when we fail to properly account for and incorporate the human element into our programs. In this presentation, we will take that same approach of not bashing or blaming but focusing on learning. We’ll step through the issues that have come to light regarding the 737 MAX series and show how those correlate to cybersecurity. We’ll identify what lessons we can learn and how we can apply those when selecting technology and building processes for our organizations’ security programs. Finally, we’ll discuss the Swiss Cheese model as it applies to cybersecurity and examine best practices for closing those holes before they align and result in disaster.
Nim is a statically typed compiled systems programming language. It is described as efficient, expressive, elegant by its creators. In offensive security, deploying Nim binaries are challenging due to the Nim runtime being heavily flagged by AV. Removing the Nim runtime is one way to avoid detection.
Pretty much every enterprise has a vulnerability management program. Management loves these things because they give them numbers and graphs and concrete things they can talk about. Of course, most of them are garbage, but why? It seems so simple to scan the environment, prioritize what's broken, and go fix it. Anyone who has ever had to do vuln management knows that 1) this isn't remotely how it works and 2) that trying to do it this way is a Sisyphean task that will suck the life out of pretty much anyone. So can this be done correctly? Is there a way to get actual security value out of this painful slog without reinventing the entire space? The answer is a surprising yes, and I'm going to help you understand not only why it's so painful today but also how you can reduce the toil and increase the value. More to the point I'll show you how to safely ignore 80% of your vulnerability data.
Panel Discussion: Insider Threats remain one of the largest existential threats to companies and organizations. According to IDWatchdog, 60% of data breaches in companies are caused by insider threats. While much of the focus on mitigating threats is largely based in technological solutions, this panel will discuss the value of positively shaping corporate culture and the role that plays in tandem with or sometimes in place of technological solutions, many of which can be costly and raise privacy concerns for employees. How do corporate leaders find the balance? How do security leaders advocate for non-security related changes which may fall more in line with HR initiatives? We’ve assembled a panel with experience building insider threat programs at some of the most exciting companies in the world, as well as experience in the US intelligence community and in academia.
Navigating the labyrinth of government requirements often feels like decoding an ancient script—filled with urgency, confusion, and concern. Enter the Cybersecurity Maturity Model Certification (CMMC) 2.0, the Department of Defense's latest mandate that sets the gold standard for handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) across the defense industry and beyond. With the introduction of CMMC 2.0, the DoD is not only tightening the reins on contractors and companies but is also extending its reach to public education institutions, demanding swift compliance to safeguard sensitive government data.
This session cuts through the fog of CMMC 2.0, providing an overview of its requirements, processes, and far-reaching implications. We'll dissect the updated framework, shining a spotlight on its streamlined procedures, hierarchical compliance levels, and the novel introduction of self-assessments for certain categories. Our mission? To equip defense contractors, educational bodies, and public institutions with the insights needed to navigate the national security ecosystem's evolving demands seamlessly.
Knowledge retention is one of the most pressing concerns for modern businesses. When employees retire or go to work elsewhere, their insight and experience go with them—which, in the tech field, can even lead to security risks if connections and processes can’t be maintained. Thankfully there is a knowledge management practice for recording and sharing the insight that employees have. In this session we will review the basics of the SECI process, a system that provides a way to record information from an individual and make it shareable to others.
Cybersecurity is a niche field. It can also be an isolating one, especially if you're in the work of incident response and digital forensics. If you are in incident response, whether as an in house responder or contracted specialist, the immediate stress can be extreme. It's not just the work of figuring out the attack and remediating the damage. It's knowing and keeping up with the communication, both internally and externally, informal or compliance required. It can take a physical and mental toll. And then there's the aftermath, whether PR or legal or organization specific. Knowing what you can share and process and with whom (if anyone). And digital forensics? You've got even more control over what you can share. That may not be surprising. But beyond that, there's the potential ramifications of even talking about how what you see, often striking and shocking images, affects you. If you say the wrong thing or let slip you've been affected, that can be used later to question your credibility and competence. This talk will provide a framework for understanding the stress of the job and what you can do to mitigate the danger to self and ensure long-term stability. Are you a practitioner? Come to learn for yourself. Are you in leadership or governance? Come to learn how to support your staff. Neither? Come to learn how to support your community. Because healthy individuals in the profession make a healthier cybercommunity for us all.
In a world of custom hardware implants, specialized spy tools, and outrageous prices for performing red team activities, where does a person sponsored by no state or agency stand in manufacturing their own tooling? In this talk we embrace what it is to be a true "haccer", using resources around you to accomplish your missions! Join as as we discuss how you can cheaply create your own gadgets and tooling for physical engagements!
Is Kubernetes running in your environment? Is it a bit of the wild west still? Have you perhaps started to dip your toes into Kubernetes but you're not really sure where to start when it comes to security?
This is the place for you. Throughout this talk we will cover 10 (or more) best practices that can be applied to help harden Kubernetes within your environment.
Assembly is the foundation of computer science and cybersecurity, yet so few members of the community understand how it works. This talk will introduce the base level of how assembly works, why assembly code and computers in general will always be vulnerable. We will also explore how to get started in assembly, write your own programs, interface with the operating systems. Additionally we will look at how to disassemble binary programs, break disassemblers/av and evade detection.
There's a single goal here: Waste a red teamer's time. I will offer ideas, some new, some old, and others totally crazy - to help blue teamers slow down and catch red teams with a dash of honey. As a red teamer myself, I've been caught, have tripped over decoys, and have seen some really intricately designed honey pots. This talk has story telling, memes, and more.
Final thoughts and giveaways