The Technical Track is for systems and network security professionals and administrators who work with the technical engineering aspects of information security. Examples of topics included are network penetration testing, technical standards and best practices, intrusion detection, forensics, incident handling, hacking and attack techniques (at a technical level) and protecting the networks, systems, devices and services that form the infrastructure of our organizations.
T1 – Advanced Penetration Testing Techniques
This presentation will cover three advanced penetration testing techniques: 1.) SSH man-in-the-middle attacks, 2.) using a reverse-engineered version of the Sysinternals PsExec tool to evade detection while using the pass-the-hash technique against Windows systems, and 3.) using modern rainbow tables to attack unsalted hashes. These techniques have been field-tested to be highly effective at catching IT admins off-guard and silently widening access to an internal network.
The design and internal construction of the tool for each technique will be analyzed, followed by a demonstration of each (time-permitting). Since the presenter authored all the tools used in these techniques, the analysis will be in-depth and very technical.
As a seasoned security consultant, Joe Testa has over 15 years of experience in the information security industry. He specializes in penetration testing, server & network hardening, source code auditing, and social engineering. In his spare time, he volunteers as a board member and the treasurer of BSides Rochester, a 501(c)(3) charity responsible for hosting an annual information security conference.
Prior to founding Positron Security, Testa excelled as a security researcher and vulnerability test programmer for Rapid7. He holds a Master of Science degree in computer security and information assurance from the Rochester Institute of Technology, along with a Bachelor of Science degree in psychology and computer science from the University of Maryland at College Park.
T2 – SME to Lead, Tips for New Technical Managers
Dennis M. Allen
For career advancement, Subject Matter Experts (SMEs) are often elevated to team lead and manager positions. However, very different skills are needed to achieve success in these new roles. This session will highlight some of the key challenges technical staff face when assuming new leadership functions, and it will provide several lessons learned from others that have made similar transitions.
Dennis Allen is the Education & Training Technical Manager for the Software Engineering Institute’s CERT Cyber Workforce Development directorate, which has implemented several cutting edge training solutions for the DoD and Federal government. He received his B.S. degree in Computer Science from St. John Fisher College, and his M.S. in Information Assurance from Norwich University. Dennis has been with the Software Engineering Institute for 12 years and has more than 25 years of information technology and security experience with fortune 500 companies, government and military organizations, and many small businesses. He has delivered numerous professional training classes, presented at industry conferences, and taught both undergraduate and graduate-level courses. Dennis is continuously looking for innovative ways to improve education, training, and assessment for the next generation cyber warriors.
T3 – Employing Digital Workers for Security Automation
Over the past five years the Cyber Security landscape has changed drastically. Since 2013 there has been 9,727,967,988 records lost or stolen. There are currently around 7.6 billion people on the planet. 2 billion more breaches than there are people in the world!
Based on this explosion of malicious activity, organizations are looking for ways to decrease the amount of time that bad processes are running on a network. Typically, this is attempted by sharing information between tools while leveraging automation through API’s. However, this tends to be a very time extensive and complex method which can leave organizations unable to take full advantage of the investment they made.
There is a better way. Robotic Process Automation (RPA). With RPA, organizations can create an agnostic approach to automation that doesn’t require days of coding or scripting (as API’s tend to require). Instead, an integration can be programmed within hours. Depending on the integration, an organization can shorten their threat window from years, months, or weeks – to minutes. This inevitably provides greater value to current legacy tools. Additionally, it allows understaffed security teams to focus on strategy rather than spending cycles reviewing logs and manual investigations.
Jonathan Borgesen is the Principal Security Consultant for SMP. Jonathan has a decade of experience in the Cyber Security Industry. During that time Jonathan has focused on educating organizations on modern threats as well as the best course of action to protect against those threats. Through this methodology, Jonathan has assisted many organizations in meeting their security goals, whether it be on the Endpoint, Network, or Cloud. Jonathan is passionate about leveraging automation to assist organizations ability to address skills shortages and an increasing threat landscape.
T4 – Machine Learning in Information Security
This presentation will discuss machine learning topics as they relate to information security (MLIS). Topics will begin with some important taxonomy and nomenclature, then move through basic models and types of learning. We will discuss some techniques that have proven useful in the real world and finish up with some thoughts on where MLIS might be headed. Today’s session will be delivered from the perspective of a security guy who has realized that paying better attention in Calc. 3 would have been really helpful.
This presentation will boil down some of the ocean of information gathered in recent months to focus on understanding the point of AI in security, some of the models used for anomaly detection & threat hunting, effectively putting AI to work in the infosec space, and how these techniques can help address real world challenges.
Dain Perkins has been working in the Information Security / Information Technology space for just over 25 years. He is currently employed at PatternEx as Director of Sales Engineering; working with clients, data scientists, programmers, and product managers to develop new and better ways to employ advanced machine learning techniques that address the problems of threat detection. Dain holds a BSc in IT/IS and is a CISSP.
T5 – Exploring How Memory-Mapped Files Hide From Antivirus and Execute Malicious Code
Did you know, that not only can well-known exploit code be dumped into memory-mapped files (MMF) and remain undetected, but that attackers can use to C# to execute that code directly out of MMF.
Join Sirius penetration tester, Ben Holder to find out how shell dumped into non file-backed MMF can remain undetected while in-depth scans are run, and learn techniques that will allow a memory address to be repeatedly identified and utilized for code execution.
Ben Holder has over two decades of IT security experience working as a penetration tester, security researcher, and all-around “breaker of things”. He spent 10 years in the U.S. Navy, and led the CCNA/MCSE education courses that submariners went through prior to assuming IT leadership positions within the fleet. He subsequently worked in submarine weapon system R&D for General Dynamics as the security implementation and design lead. For the last six years, he has focused on penetration testing, gap and regulatory assessments (GRC), and security team development. He currently helps manage and develop Sirius’ Threat Assessment Program.
T6 – Adopting AWS – Learn How to Deploy AWS Services Securely
Implementing new technologies without fully understanding their capabilities can lead to disaster for your organization and your customers. Amazon Web Services (AWS) offers a plethora of services that provide large computing capacity to companies and individuals, quickly and easily. Unfortunately, we’ve recently seen major corporations sustain large breaches as a result of this practice. How and why are S3 buckets getting compromised? How secure are serverless websites? In this presentation we will take a deep dive into AWS and the shared responsibility you and Amazon have to protect your cloud assets. You’ll walk away with the necessary tools to safely and securely deploy solutions into AWS.
Jeremiah Sahlberg is the Director of Information Security at Tevora and has over 20 years of security experience. He holds CISSP, CISM, PCI QSA certifications. Mr. Sahlberg is an executive security consultant and advises clients on establishing security programs and compliance management.
Previously, Mr. Sahlberg held the Senior Director of Protect Operations at NBCUniversal and was the CISO for Tekmark Global Solutions.
Mr. Sahlberg has presented at NCUA-ISAO (2018), NCTA (2017), SINET (2016), New York State Cyber Security Conference (2014 & 2012), and Nevada Digital Government Summit (2010). He guest lectures at NPower and sits on the BoA for Liberty University’s School of Engineering.
T7 – Building the Panopticon: Logging and Alerting With Free Tools
The goal in Jeremy Bentham’sPanopticon was to allow for the complete observation of a large building by a single watchman. This is similar to what threat hunters and blue teamers want – a single point from which to observe all potentially malicious activity happening on a network. This talk presents a toolset that can provide this visibility using a mixture of no-cost and open source tools, deployed on commodity hardware. Learn how to set up alerts for software installations, service restarts, honeytokens, or any other indicator, for zero additional dollars in security spend.
Matthew Gracie has over a decade of experience in information security, working to defend networks in higher education, manufacturing, and financial services. He is currently an Information Security Engineer with Blue Cross and Blue Shield of Western New York. Matt enjoys good beer, mountain bikes, Debian-based Linux distributions, and college hockey, and can be found on Twitter as @InfosecGoon.
T8 – Data Hoarders: Finding Needles in Stacks of Needles
Over the last 10 years, security has gone from “We need more data!” to “Please don’t send us anymore”. This talk will review techniques and strategies designed to help analysts, hunters and engineers take a more successful approach towards analyzing large (TB+) amounts of data. By the end of the talk, participants should have some new ideas and approaches on how to tackle finding needles in a mountain of needles without getting overwhelmed.
James Pleger, CYDERES Director of Threat Intelligence, has been working on security problems for over 12 years, focusing primarily on the defensive side. He has held a wide range of positions; from reverse engineering software in assembly to building high performing threat intel teams. Over his career, James has worked on many interesting projects; including large scale malware analysis platforms and automated exploitation tools.