Training Track | November 2nd-5th
2020-11-02
Friday | November 6th
2020-11-06
track-1
track 2
Workshop
Saturday | November 7th
2020-11-07
track-1
track 2
Workshop
track-1
track 2
Workshop
track-1
track 2
Workshop
11:00
– 16:00
Attack Emulation: Atomic Red Team, CALDERA and More – $395
Attack Emulation tools help you measure, monitor and improve your security controls by executing scripted attacks. Atomic Red Team and CALDERA are two open source attack emulation projects that are mapped directly to the Mitre ATT&CK Framework. This class will provide an overview of the Mitre ATT&CK framework and give you in-depth, hands-on knowledge of how to execute scripted attacks that exercise many of the techniques defined in Mitre ATT&CK. You will be provided with hands-on lab instructions for emulating a variety of attacks and creating visualizations using Mitre ATT&CK Navigator. At the end of this class you will have the knowledge and tools to begin executing simulated attacks within your own test environment where you can create and validate detections in a script-able and consistent way.
Whether you are a student of information security or a seasoned red teamer or network defender there is something to learn from getting involved with in the Attack Emulation space and this course will help you do that.
Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.
Learn more about this course
Darin Roberts
Carrie Roberts
11:00
– 16:00
Modern WebApp Pentesting – $395
Modern WebApp Pentesting is unique in its approach to testing webapps. Too many courses are built around the assumption that a webapp pentester’s skills should grow along a straight line, starting with something like the OWASP Top Ten and culminating in something like Attacking Web Cryptography. Real webapps don’t follow that same path, and neither should real webapp pentesters. Attacking Web Sockets is not more difficult than attacking HTTP traffic, it’s just different. Web APIs are not something you’re qualified to test only after you’ve put your time in on traditional webapps … they’re just different.
Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.
Learn more about this course
Brian King
11:00
– 16:00
Applied Purple Teaming – $395
Applied Purple Teaming (APT) will first introduce students to threat optics on Windows systems. This course will provide instruction for configuring and installing Sysmon to gather endpoint logs. Students will also be introduced to Windows Audit Policies and will get to deploy a high visibility audit policy stack. Windows Event Collection and Forwarding will be implemented to demonstrate the free Windows logging stack built in and licensed under the existing agreement you have with Microsoft. The event collector will finally be configured to ship logs to the Hunting ELK (HELK) where students will get to review threat optics using Kibana. The majority of the class will be iterating through the TTPs of a standard pentest to demonstrate effective logging and detections against some attacks that are challenging to detect. The Atomic Purple Team lifecycle will be used to attack, hunt and detect, and defend against all of the attacks! Come join us for another round of APT with updated materials and to have a great time in the Wild West!
Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.
Learn more about this course
Kent Ickler
Jordan Drysdale
11:00
– 16:00
Advanced Network Threat Hunting – $395
We will spend most of this class analyzing pcap files for Command and Control (C2) communications in order to identify malware back channels. It is assumed that the student will already understand the basics of network threat hunting, so we can immediately jump into applying that knowledge. The goal will be to create a threat hunting runbook that you can use within your own organization in order to identify systems that have been compromised.
Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.
Learn more about this course
Chris Brenton
11:00
– 16:00
Active Defense and Cyber Deception – $395
Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.
Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.
Learn more about this course
John Strand
11:00
– 16:00
Breaching the Cloud – $395
This training walks through a complete penetration testing methodology of cloud-based infrastructure. Starting with no information other than the company name you will learn to discover what cloud-specific assets your target is using. Following the enumeration of cloud services, you will learn how to discover misconfigurations that commonly expose sensitive data as well as a thorough understanding of how to get an initial foothold into a cloud-based organization.
Purchasing any of these training sessions will get you access to the WWHF training session and a ticket to SecureWV 11.
Learn more about this course
Beau Bullock
08:00
– 09:00
Setup / Testing
Every Virtual Con is different. Take this time to make sure that you:
- have logged into the discord channel.
- have DM’d LaunchPass (bot) the activation code from your welcome email.
- have agreed to the SecureWV 11 Code of Conduct, with an emoji.
- check this link to make sure that you are able to access the GoToWebinar streams.
08:00
– 09:00
Setup / Testing
Every Virtual Con is different. Take this time to make sure that you:
- have logged into the discord channel.
- have DM’d LaunchPass (bot) the activation code from your welcome email.
- have agreed to the SecureWV 11 Code of Conduct, with an emoji.
- check this link to make sure that you are able to access the GoToWebinar streams.
09:30
– 11:00
Keynote: Cyber Deception: Even MITRE thinks it’s cool!
In this talk, John will talk about the new MITRE Shield project. This project is all about Active Defense, Cyber Deception and making security fun again.
We will share a ton of free tools and techniques for the attendees.
John Strand
13:00
– 16:00
Vets in Tech – A Panel
Any veteran has a difficult transition from the military to civilian life. An IT career is a lucrative target for any transitioning veteran from any previous military occupation. Some transfer from military IT jobs into a civilian equivalent, others start from scratch. I will assemble a panel of military veterans from several branches in several stages of the transition to discuss their successes and failures. Anyone interested in beginning or advancing an IT career would find the information useful.
Brandon Curnutte
Cyber Security Operations Analyst
13:00
– 14:00
Story time: How I fell into security and what you can learn from my mistakes
As a new parent, books like What to Expect When You are Expecting and What to Expect The Toddler Years were a life saver. Seriously, my 1st kid is alive because of those books! Do you wish you had some type of manual that would walk you through your journey in Information Security? Well, this presentation will provide that kind of guidance in a memorable way. You will learn from my mistakes, revel in my successes, receive guidance to cope with imposter syndrome, and get an understanding of what lays ahead in your career.
13:00
– 14:00
Daleks performing a Jedi Mind Meld: Communicating Risk and Issues
In this talk, whose name is irritating someone, Kevin Johnson of Secure Ideas will explore the problems found when we embed security cross-team. Over the years, we have seen the issues such as overloaded terminology, stupid acronyms, and differing ideas and skills. This talk will discuss the problems, why they exist, and techniques on getting past them.
14:00
– 15:00
Hacker Rights
Sixty percent of hackers don’t submit vulnerabilities due to the fear of out-of-date legislation, press coverage, and companies misdirected policies. This fear is based on socially constructed beliefs. This talk dives into the brain’s response to fear while focusing on increasing public awareness in order to bring legislation that supports ethical hackers, ending black hoodie and ski mask imagery, and encourage organizations to support bilateral trust within their policies.
14:00
– 15:00
Vishing, Vishing Everywhere
Email phishing has long been a big challenge for organizations, but vishing, or voice phishing, is also creating quite the stir. With people scattered from their offices and often working from home, attackers are cashing in on the opportunities to use social engineering to make a paycheck for themselves. According to the FTC, phone-based scams have impacted 11,350 people between January 1st and September 1st, 2020, netting the bad actors over $17.76M from the comfort of their own homes.
From basic extended car warranties, suspended Social Security Numbers and bank account information confirmation, to potential deepfake-based wire transfer attacks, the world of vishing is expanding and refining in to a significant threat for individuals and organizations.
In this session we will discuss the tactics that make these attacks so successful, understand the psychology behind the scams and learn how we can protect ourselves and our organizations from these sorts of attacks.
This session will cover:
- Common vishing scams
- How they are staying anonymous
- Vishing trends
- Defending against the attacks
15:00
– 16:00
If A User Can Ruin Your Network, Your Network Sucks
Whenever a user makes a mistake, the implication is that the user is unaware, and the solution is more awareness training. The reality is that for a user to make a mistake that leads to damage, the system has to have failed and provided the user with an opportunity to cause harm, allowed the user to initiate the harm, and then the harm to be realized. In this presentation, I present user error, as not just user error, but user action for any reason. I then adopt safety sciences and counterterrorism disciplines to provide a framework that allows proactively mitigating user initiated loss via Left of Boom, Boom, and Right of Boom perspective.
15:00
– 16:00
Paying it Forward with Threat Intelligence 2.0
Establishing a threat intelligence program can seem like a daunting task to organizations just dipping their toes into this vast area of information security. In this talk, Katie shares her do’s and don’ts of creating such a program from cultivating valuable intelligence relationships with public and private entities in your communities, to how to safely navigate the dark web to gather intelligence on the most sinister of threat actors. You will learn how to structure a threat intelligence program from the ground up, the value of intelligence sharing, how to network and communicate effectively with technical and non-technical peers alike, and the best way to gather intel from dark web forums without putting yourself at risk.
16:00
– 17:00
Trust, but Verify: Maintaining Democracy In Spite of Информационные контрмеры
There are many important elections this year. As you read this, Russia is already disrupting them.
When we talk about election security, most people think of hacking voting machines. But what about other cyber methods and means of disrupting an election? What can nation state threat actors do today, tomorrow, the day of the election, and after to sow chaos and erode our faith in democracy?
In this session, we’ll discuss how Russia has influenced worldwide elections using cyberwarfare and how we have fought back. We’ll understand the natural asymmetry between how Russia and other countries are able to respond, and how we have changed our approach since 2016.
By the end, we will be brainstorming all of the ways to disrupt an election that countries aren’t prepared for.
Get ready to put your nation state threat actor hat on and disrupt some elections – and maybe even earn some ириски-тянучки.
16:00
– 17:00
Every Cloud Has Its Day
As cloud infrastructure continues to get adopted, attackers are doing everything they can to take advantage of your cloud solutions. In this talk, we’re going to take a look at some real life compromises of ways we have seen attackers abuse the cloud. Specifically we will dive into a compromise that resulted in 10 EC2 instances being deployed into a customers environment to mine bitcoin. This coin miner was the result of a root key compromise that could have gotten out of hand, yet we will also take a look into how we were able to respond in minutes. Along the way I am going to share our investigative process, the lessons we learned from a detection and response perspective, and ways we use automation to find compromises fast.
This talk is for anyone who:
- Wants to learn more about real life incident response in the cloud
- Wants to learn what an adversary does in the cloud
- Is looking for ideas/considerations for detecting/automating AWS
- Is broadly curious about AWS from a security perspective
Myles Satterfield
Detection and Response Analyst, Expel
17:00
– 17:30
No More Secrets
Secrets are meant to be…well secret. Unfortunately on the internet, this is not always the case. They can live anywhere from a git repository, to the memory of IoT devices, to that word document you shared with granny. Many of these are benign but a large chunk of them can be exploited to gain a foothold into a company or used to discover larger vulnerabilities in devices. In some cases, they can indirectly cause severe bodily harm and risk to life. Let us take a journey down the path of what a secret on the open internet really means though the eyes of a researcher.
09:00
– 10:00
A Hillbilly’s Guide to Staying Anonymous Online
Online Privacy… I would imagine that most everyone has something they would not like to have shared with the entire Internet. For some, this may be because of their job; for others it is so they can hide from their previous life. Still others may do it as a way to limit their exposure to attack. During this talk we will discuss techniques of how to hide your personal data from the Internet by the creation of alternate online identities (a.k.a. Sock puppets).
09:00
– 12:00
Advanced Ansible: Inventories and Lookups and Jinja2, Oh My! (with a side of Packer)
If you’re reaching for an Ansible module to get information for your playbook, you’re probably doing it wrong. If you find yourself wishing for nested loops on tasks to extract variables, you’re probably doing it wrong. If you are creating static inventory files to list your hosts, you might be doing it right. Unless you’re not using those inventory files to create the hosts you’re listing. Because then…you’re probably doing it wrong.
It’s okay to use Ansible in a way that works for you. However, there are a lot of powerful options that can make your code more maintainable, easier to collaborate on, and faster to write. Come learn about how to leverage dynamic inventories to get automated host listing, lookups to pull in real-time data, and Jinja2 filters to pare that huge list of facts down to a the list of IP addresses you actually need. We’ll be using an Ansible to create and deploy a Packer configuration file that builds several VM’s including a CentOS and Vyos system.
Holden Fenner
Site Reliability Engineer
10:00
– 11:00
SOC-re Bleu! Insights from the Depths of the Security Operations Center
Cry a little, laugh a lot, and celebrate the daily grind with practitioners from the real SOCs around the world in this moderated panel. During the session, we’ll discuss topics including:
- How to deal with the sometimes-thanklessness of the job
- Tangible operational and technical best practices
- Management do’s and don’ts
- And other real-world triumph and horror stories
10:00
– 11:00
Evolution of Offensive Security and not playing to win
Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a zero-knowledge manner (Red Team Engagement) or full knowledge (Purple Team) with the Blue Team participating in the exercise.
11:00
– 12:00
Phishy Little Liars – Pretexts that Kill
Break down the anatomy of a solid pretext and learn to build custom pretexts, specific to your target organization and their employees, using specific data uncovered during OSINT (Open Source Intelligence) gathering and recognizance.
In this presentation, Alethe will walk attendees through the anatomy of a pretext and failure points in pretexts. Then she will detail her technique for profiling companies and gathering information on a target company and their employees. Finally, pulling everything together, using a combination of OSINT and applied psychology, she will build pretexts and customize them based on the potential targets, their core beliefs, interests and personality types.
This talk is for those who wish to learn basic to intermediate OSINT against a business target as well as those who wish to learn about pretexts and how to create pretexts that will go undetected by targets. Aside from using the gathered OSINT to build a wireframe pretext, Alethe will discuss how to build pretexts that naturally include opportunities to build trust and rapport. As well as way to avoid breaking the vail of the pretext and raising a targets suspicion.
Outline:
Intro & Bio (5min)
Anatomy of pretext (5min)
Pretext Points of Failure (5min)
OSINT (15min)
Building a pretext using OSINT information (10min)
Wrap up and Q&A (5min)
At the end of this talk, attendees will be able to: define the anatomy of a pretext, understand how pretexts fail, conduct OSINT against a company target and its employees and use what they find to build a custom pretext for use in email phishing, voice elicitation, physical assessments or a combination of these attack vectors.
Add more value to your engagements, better prepare employers and their employees, and learn how to create pretexts that your targets are much less likely to question.
11:00
– 12:00
Strange Things are Afoot: Using Faucet SDN Coprocessing for Monitoring and Active Defense
Software defined networking proceeds from the assumption that networking devices are nothing more or less than programmable computers that happen to be tasked with a specific purpose. The logical extensions of this different way of thinking offer enormous benefits to the network operator if properly applied. Centralized configuration and management are obvious benefits, but far from the only ones. The SDN controller’s unique position in the networking stack gives it unparalleled visibility into activity on a network which can be utilized to monitor networks and react to events as they are occurring. Coprocessing can make these reactions appear to be a seamless part of normal network functioning. This talk will give a brief overview of software defined networking through the lens of the Faucet SDN controller followed by a deep dive into the Coprocessing technique and how it can be used to facilitate novel defensive and monitoring workflows.
13:00
– 17:00
The DarkWeb: What is it, how big is it, and how can I securely access it
This virtual workshop provides a deep-dive into the Dark Web and its associated technologies. Participants will gain an understanding of the infrastructure and content of multiple dark nets and learn how to leverage Dark Web opportunities to advance security objectives. The course provides both a structured curriculum and opportunities for students to conduct their own research.
Students will be gain a deep technical understanding of each Dark Net. Hands on exercises will include installing, configuring, and exploring each the Dark Nets: Tor, Open Bazaar, I2P, Freenet and ZeroNet.
Joseph DePlato
CTO & Co-Founder, BlueStone Analytics, LLC
13:00
– 14:00
I broke in, now what? Linux manual privilege escalation 101.
“Outline:
Purple team talk.
– Intro (whoami/id)
– What is exactly privilege escalation?
– If you are a blue teamer…why are you teaching me privilege escalation?
– Explain pentesting like I’m 5 (quick rundown of the required steps to acquire an initial shell).
– Unpopular opinion: Metasploit isn’t the best thing since sliced bread (using meterpreter existing payloads vs creating your own with msfvenom.)
– Kernel exploits:
> For red teamers: why you should stay away from them.
> For blue teamers: Why you shouldn’t rely on them as an IOC.
– Why is it called manual privesc? (Brief explanation of use post/linux/gather/enum_network and what it does).
– Common activity that privilege escalation includes:
> Knowing distro type.
> Applications and services currently running
> Weak File permissions.
> Cron jobs
> Fantastic config files and where to find them! (Configuration files location, where they are, why they are important).
> Enumeration tools”
Melina Phillips
Senior Information Security Analyst
13:00
– 14:00
A Double-Edged Sword: The Threat of Dual-Use Tools
It’s difficult to read any information security news lately without hearing about large corporations being extorted by cyber criminals. In today’s threat landscape, enterprises increasingly rely on red teams to identify risks and mitigate vulnerabilities in their infrastructure, so much so that an entire industry exists around tools to help facilitate this effectively and efficiently as possible.
Dual-use tools are developed to assist administrators in managing their systems or assist during security testing or red-teaming activities. Unfortunately, many of these same tools are often co-opted by threat actors attempting to compromise systems, attack organizational networks, or otherwise adversely affect companies around the world. This presentation will discuss the topic of dual-use tools and how they have historically been used in various attacks. It will also provide case studies that walk through how native system functionality and dual-use tools are often used in real-world attacks to evade detection at various stages of the attack lifecycle. Finally, it will discuss ways that organizations can defend against malicious abuse of otherwise legitimate technologies and toolsets.
14:00
– 15:00
A Pebble in a Silent Pond
Predicting risk is a challenge that all security managers/practicioners face on a daily basis. We spend entire budgets on hardening our defenses but often are at the mercy of external factors. One way of combatting this is understanding the driving force of your security risks. By leveraging social media analytics we can often correlate increased exposure to increased risk. By having your finger on the pulse of sentiment around your company, you can predict risk factors as well as reallocate resources to save you both on the operations front as well as the financial.
14:00
– 15:00
The Target on Your Back – Understanding Phishing Attacks & Prevention
Social Engineering is core to most cyber-attacks and is still the source of more than 90% of malware. Learn how cybercriminals are using social engineering against your organization and tactics on how to identify and prevent these types of attacks. Learn from one of the world’s leading experts on social engineering and hear real-life stories of social engineering attacks that are guaranteed to entertain and terrify.
15:00
– 16:00
Survey Your System Like Facebook Engineers
Ever wonder how fortune 500 companies manage their systems in mass? Is it all about the money and staff? Join me on this session as we combine Powershell with an open-source tool known as “Osquery” to unlock your companies potential to dig up logs, events, anomalies, IOAs, IOCs and more in real-time. We’ll talk about perceived logging vs logging for a purpose, challenges associated with logging and management, how to create your own queries, and a brief run down on performing responsive actions.
Jeramy Kopacko
Senior Solutions Engineer, Sophos
15:00
– 04:00
Exploiting Web APIs
This talk features live demos of Web API exploits against the “Tiredful API”, which is an intentionally broken web app. The objectives are to teach developers, QA, or security professionals about flaws present in a Web Services (REST API) due to insecure coding practices. Examples include: Information Disclosure, Insecure Direct Object Reference (IDOR), Access Control, Throttling, SQL Injection (SQLite), and Cross Site Scripting (XSS). Many of these vulnerabilities are contained in the OWASP Top 10 list.
16:00
– 17:00
It’s Better to Burnout (then to fade away)?
Based on the very real phenomenon of employee burnout, this talk will take an academic and entertaining focus on tackling what is employee burnout, what causes it, and most importantly, how to recognize and escape from the spiral of it. Recent news articles reinforce the problem that burnout causes, and businesses are finally catching on to the need to address it. However, companies do not know where to turn.
Similar presentations given 6-8 years ago were amongst the highest rated and talked about presentations in the respective conference, and the topic has a great deal of sticking power. I will be updating my research for this presentation, and presenting it in the theme of Neil Young’s famous lyric. It will be a good one. Promise. 🙂
Select date to see events.
