Thinking about what traces are left when activities occur on a Windows system? Think past the operating system itself! Everything that occurs within the Windows operating system must cross RAM, making it the vessel of an abundant amount of residual data from user activities. Decrypted versions of encrypted data, internet activity, user communication, network information, evidence of program execution, passwords and encryption keys, and more! Much of this data will only be found in memory, leaving no traces behind on the associated endpoint. This lecture will discuss the intricacies of Windows memory, how data gets stored in RAM, and delve into examples of the type of data you can piece together! There’s so much data to find in memory alone, come have a look!

houdinID is a mobile application for physical pentesters to help them identify and strategize attacks against locks encountered in the field. Its dynamic quiz feature facilitates quick lock identification; photos of keyways can be matched with known keyways and key blanks; and its database, which provides information and attack advice on each lock, draws on research from the community of locksport enthusiasts and lock researchers. Moreover, this tool provides a security ranking for each lock that takes into account attacks not considered by current lock rating standards. Learn about lock identification and security ranking, and contribute your own intel to this community-driven project!

This is going to be a talk that dives into our experiences with running a cyber security competition training for local high school students. While it will contain a few jokes and memes, it will cover the ins and outs of how we were able to build a fun and engaging environment despite limited resources. Told from the perspective of university students who constantly seek out and participate in cyber competitions as well as CTF events, the objective of this talk will be to share our experiences giving back to local communities as well as sharing the knowledge/techniques that we have learned along the way.

Game theory is the study of choices and strategies made by rational actors in competitive situations. In this talk, we will model the choices and behavior demonstrated by real-world scenarios of human conflict as well as the actions of participants. Using these models, we will discuss how strategies are formed as well as how they can be influenced.

We start with demonstrations of basic game theory concepts using participants from the audience to play through scenarios such as the prisoners dilemma. From that foundation, I discuss the math behind the choices in these games in order to prove how each player’s choices influence the strategy of their opponent. Next, I will introduce some of the different techniques that can be used to turn games sideways. By adding secret information or the ability to deceive these games can be won more often by an enterprising individual.

By analyzing conflict where strategy and choices determine the outcome we learn more about how to determine the strategies of others as well as influence them with our own decisions. We gain a deeper understanding of strategy and motivation.

This demo-heavy talk with teach you how to attack a Kubernetes cluster, with a new Bust-a-kube scenario themed on the movie, “Inception.” You’ll see a four-stage attack that starts by gaining access in a low-privileged container that was built from a typo-squatted library. From there, we’ll find ourselves in a Kubernetes cluster within a Kubernetes cluster, as with Inception’s “dream within a dream.” You’ll learn how to break this attack with multiple defeneses, including OPA Gatekeeper. Afterward, practice the attack and defense with the open source Bustakube cluster.

So you’ve put a giant pile of data into Splunk… how do you get started digging into it, cleaning it up, making it useful and manageable so that you can derive value from it?

This is a simple methodology for getting started with a new unfamiliar data set that will help you figure out what’s useful so that you can start developing alerts, reports, dashboards etc.

If you want to play along at home, download and boot the VM (well) ahead of time: 30G available disk space required; configurable RAM/CPU bit.ly/shellcon2020-spl.

Are you overwhelmed by the amount of awesome tools that have been released in the past year to help you secure your cloud data? In this talk, we’ll sprint through a number of options that you can start deploying ASAP to secure the data you most care about.

The adoption of cloud services in today’s tech climate is overwhelmingly pervasive, not only with startups, but also larger, more established corporations. The need to scale and accelerate deployments has become blisteringly fast for both IT and engineering teams globally. Security, however, has never really caught up to keep pace. Luckily, enough vendors and consulting groups have built software, both closed and open source, to help IT and security professionals manage this cloud environment adoption. In this session, we will cover the basics of this relatively new space, Cloud Security Posture Management, designed to address customer misconfiguration, mismanagement and mistakes in managing their cloud environment. After some initial background and introduction of some tools related to the space, we will walk through what the IT or security practitioner should worry about in planning to leverage this type of technology to aid your team’s oversight and coverage in assessing cloud usage and adoption.

Amazon Web Services (AWS) is one of the most popular ways for companies large and small to deploy their software and infrastructure. That popularity makes it a prime target for attackers, but what do attacks in AWS even look like? We’ve all heard of the SSRF to metadata trick, but what else can attackers do? With this talk we’ll dive into the tactics, techniques, and procedures a modern Penetration Testing or Red Team can leverage to exploit cloud infrastructure/applications, and what defenders can do to make this more difficult.

This talk is inspired by an episode of Black Mirror. I will be demonstrating a live demo creating a bot who talks like me and can be used to impersonate me online and do social engineering. I will be showing a live demo of how to create such bots over text, voice, or video and walk through various techniques that the attendees can use to create such smart social engineering attacks.

I will also release my GitHub of the AI notebooks as open-source for the attendees to try out and experiment.

Documenting and reporting is a key part of red teaming and generally the part we all look forward to the least. Compared to the rest of the work we do it’s not the most fun and and exciting. Teams generally solve this with ad hoc solutions for note taking, recording and sharing screenshots, and collecting other evidence but these solutions rarely scale. As teams grow and scope expands these are not always easily shared and typically require manual steps to manage. Having to dig through a pile of evidence after an operation to find the one screenshot you need, if you even have it, can be time intensive and cumbersome. ASHIRT solves this by serving as a non-intrusive, automatic when possible, way to capture, index, and provide search over a centralized synchronization point of high fidelity data from all your evidence sources during an operation.

https://www.github.com/theparanoids/ashirt-server

https://www.github.com/theparanoids/ashirt

https://www.github.com/theparanoids/aterm

https://www.github.com/theparanoids/ashirt-helm

Whether network connected or standalone, firmware is the center of controlling any embedded device. As such, it is crucial to understand how firmware can be manipulated to perform unauthorized functions and potentially cripple the supporting ecosystem’s security. This presentation will provide an overview of how to get started with performing security testing and reverse engineering of firmware leveraging the OWASP Firmware Security Testing Methodology (FSTM) as guidance when embarking on an upcoming assessment.

Ever wonder if your TV is watching you watch it? In this talk, we will do a high level discussion on a project from the CIA’s Vault 7 wiki leaks, dubbed “Weeping Angel”.

While the Bluetooth family of protocols continues to claim the spotlight of low energy RF technologies, ZigBee remains an important attack surface to consider due to its heavy deployment in building automation, and even smart home devices. This talk will give a basic breakdown of ZigBee as a technology, discuss the current threats, and look at the tools needed to start hacking this often-overlooked wireless protocol.

When you work in information security, not everyone is thankful for the job that you do. Frequently, you’ll have to work and communicate with people who really would prefer you’d just go away.

We will enumerate some of the common adversarial scenarios you may find yourself in, such as handling vulnerability disclosure with a hostile vendor, or working for a team that doesn’t want a security test, but got one for regulatory reasons. We will also discuss how to identify that you’re in an adversarial scenario, and either get yourself out of it by correcting misconceptions about you and your work, or work through it, using strategies developed over a decade of penetration testing and vulnerability disclosure experiences.

The use of voice recognition is becoming prominent and is on the rise in many pieces of software. Yet there are vulnerabilities and shortcomings of algorithms and technologies that allow attackers to perform voice morphing, theft of voice histories, etc., to perform other destructive attacks and influence companies, individuals, politics, legal proceedings, and more. The possibilities are limitless. This talk identifies those vulnerabilities, risks, and preventions.

SOC analysts need to be able to triage suspicious artifacts identified by alerts or while performing threat hunts. It’s common for SOC analysts to submit artifacts to public sandboxes which could alert threat actors and allow them to quickly pivot and implement new tactics and techniques or to make minor tweaks that will go undetected.

The ability to triage suspicious artifacts is typically viewed as an advanced topic left for highly technical malware analysts. This talk will provide basic examples and demonstrate how to perform initial triage of suspicious artifacts in a safe and operationally secure manner.

Given enough time and resources, advanced adversaries will bypass modern intrusion detection solutions. SIEMs are often configured to gather as much information as possible in an environment, and the resulting value of provided alerts and responses rely on attempting to lower the number of false positives. The goal of The Aerospace Corporation was to conduct an experiment in achieving higher fidelity true positive alerts by utilizing cyber deception concepts. Our research concluded that by through a mix of low and medium interactivity honeypots deployed on a production system, it is possible to gather not only true positive alerts but also threat intelligence on adversaries.

The talk will cover a brief overview of current FOSS deception solutions and will pivot to the research showcasing our own FOSS cyber deception experiment that detects and monitors cyber adversaries.

They say life imitates art, and like the classic hacking films of the 1990’s this talk involves money and banks. Except we made a functioning mock bank, and the money is Jamaican. Join our journey of rediscovery inner workings of Automated Teller Machines (ATMs). Using no existing external infrastructure we dive into our successes and failures as we crossed wires, consoled, and dial-in to real Hyosung ATMs in an effort to become a payment processor. There will be demos, code, and maybe a bit of gum, as we rock the cash box. This talk is meant for beginners or seasoned phreakers alike. Our talk explores the approach and much as the techniques behind our efforts. Our goal is to take you back (at least with hardware) to the glory days of hacking, when phreaking still worked, and blue boxes still roamed free.

There are many important elections this year. As you read this, Russia is already disrupting them.

When we talk about election security, most people think of hacking voting machines. But what about other cyber methods and means of disrupting an election? What can nation state threat actors do today, tomorrow, the day of the election, and after to sow chaos and erode our faith in democracy?

In this session, Allie will discuss how Russia has influenced worldwide elections using cyberwarfare and the means of fighting back. We’ll understand the natural asymmetry between how Russia and other countries are able to respond, and how defensive approaches have changed since 2016.

Expect some brainstorming on all of the ways to disrupt an election that countries aren’t prepared for. Get ready to put your nation state threat actor hat on and disrupt some elections - and maybe even earn some ириски-тянучки.

Infosec is an exciting field and statistics are constantly showing a high demand for individuals with security-centric skills. Whether you’re a student who just graduated, an IT professional pivoting to security, or someone looking for a career change, one ever-present variable is the challenge to transition into infosec. Bypassing the HR Firewall discusses the reality of transitioning into infosec, the challenges involved with that transition, and how to overcome those challenges.

Hiring is hard. Hiring in tech is often harder because we tend to focus on concrete, measurable skills and often ignore or devalue soft skills since they’re not as easy to evaluate. As the gatekeepers of an operation, many security roles face soft skills challenges that other engineering disciplines do not.

Individuals should attend to learn ways to directly improve the quality of your interview process and the new hires that will become your colleagues. Managers should attend to understand how to better facilitate improvements to your Hiring Pipeline and ensure every hire is a Great Engineer.

Leaders are shaped and challenged constantly. Patience and perseverance are what make them considered great. Our community needs mentors and mentees badly. Also, each needs the other and picking the right pairings are important.

How do you become a mentor, a mentee, or both? We’ll discuss how to pick the right role and person. We’ll take a look at how volunteering can present both opportunities and obstacles to becoming a good leader. We’ll look at the cost of burnout and timing for moving on to the next role.

Whether your current staff members are handing in their notice, or that candidate you’re excited to hire is turning down your offer you’re feeling the Information Security skills gap. With unemployment in the security industry at such low levels, the pandemic is reducing the candidates on the market. The skills gap is getting bigger, not smaller.

Candidates are getting more offers and your security team are getting multiple calls and emails offering them the world. You need to make sure that you understand the drivers of why people start looking for new opportunities, as they are the same reasons that candidates accept positions.

Cybersecurity leaders are beginning to recognize they need a new way to cultivate expert talent. Using apprenticeships as a foothold, they can bridge the workforce gap for a much broader population of Americans and bring in a new talent pipeline. To show an example of how this is currently being used in the US workforce, we will look at Purdue University’s Cyber Apprenticeship Program (P-CAP), which provides an implementation path for successful apprenticeships. P-CAP blends traditional models for a Bachelor’s and Master’s degree and is built on the NICE workforce framework. In the program, apprentices can earn a degree while they are employed, gaining simultaneous on-the-job training and mentorship through an employer coalition.

Note: This presentation has content for Salute! attendees.

Transitioning from the Military isn’t simple, but we make it more complicated when we think we are the only ones who do it. The Military has trained us to be flexible and responsive in our leadership and work ethic, why can’t we use those skills when we leave the Military? Preparing for your transition and being your own advocate is not only essential but common sense. Transitioning to an area where the Military or Federal Government is not prevalent is not a hindrance but an advantage if you make it that way.

We’ll work with you in real time on your resume language, and you’ll get group feedback and support on your job hunting situation. We’ll also tell you about the job hunting dogma you need to avoid. Some of the people who have met in these groups stay in contact with each other long after the event is over, and return to give us good news about progress in their careers.

This is a ShellCon U class taught by the RaiseMe instructor team.

Stuck in a bit of a career rut? Perhaps it’s time for you to explore where bits and bytes meet flesh and blood- the fast paced and dynamic world of healthcare security. From insulin pumps to electronic medical records, from pacemakers to PACS systems, modern healthcare is dependent on the same connected technologies that permeate every other aspect of our lives- but the sector is drastically lacking the security talent enjoyed by other industries. The congressionally mandated HHS Healthcare Cybersecurity Task Force of 2017 estimated that most medical facilities across the country lack even a single full time security professional- that’s a lot of patients who need protecting. Join quaddi and r3plicant, physicians by day, hackers by night, as they give you an overview of the operational needs of this space, describe the perspective needed to succeed in healthcare, explore the conundrum between best practices and standard practices and how that may lead to tension between clinicians, administrators, and security professionals, and how you can literally use your skills to save lives.

Supporting under-represented minorities in infosec, including BIPOC (Black, Indigenous, and People of Color), members of the LGBTQ2IA community, neurodiverse people, and disabled people typically looks like creating physical spaces for fostering dialogue or running live events with diverse representation. Unfortunately with wide scale work-from-home requirements and social distancing in place, it can be harder to show up for these communities in a time when they might need it most. This talk will offer practical guidance that can be immediately implemented to create more inclusive environments.

Are you breaking out into the tech field and don’t know where to start? Discuss how you can get over your first obstacle - yourself! In this talk, university students share their journey into tech and discuss the often overlooked parts of the paths they took to get to where they are now. Explore with us on the topic of imposter syndrome and the difficulties many beginners and veterans alike face within the tech industry and how you can combat it.

In many technical communities (security included) there exist both proprietary and community software solutions to solve common problems. Frequently, experience solving such problems with community-developed open-source solutions can be sufficient to gain access to employment opportunities, however dedicating unpaid time to learning those tools can be a struggle.

Luckily (due mostly to coincidence) much popular open source security tooling for security works using the same or very similar platforms and technologies as modern open source IT infrastructure automation (aka DevOps). This means that, depending on project focus, it is possible to use DevOps roles as a paid training opportunity for learning certain blue team infosec skill sets (primarily patch/vuln management, scanning, digital supply chain security, and log management).

During this 30 minute talk Jason will detail tools, technologies, and platforms that are shared between the disciplines. Additionally, some time will be spent discussing ideal projects to participate in to build desirable security skills while being paid for performing DevOps responsibilities. Finally, we’ll touch on supplementary opportunities that might provide additional experience to people for whom this sort of a lateral career transition might be appealing.

Many of us are working from home these days. It is possible that we will continue working from home – at least part time – even after the pandemic becomes a thing of the past. This begs the question of how we, as employees, and our organizations, are protecting our information assets in the COVID-19 world. Are those assets just as protected in the home office as they are when in an office building? We might also find ourselves looking for new work. This may involve increased online activity, including interviews that take place via video conferencing. What are some basic tenets that, when followed, will increase the candidate’s likelihood of success?

The speaker will explore these questions from the perspective of an information security professional that has worked from home full time for 5 years – well before COVID-19. The goal is to provide simple tips to remain secure while at home, and also tips related to avoiding pitfalls while searching for jobs and interviewing online during this new normal that we live in.

Non-Disclosure, IP Rights Assignment, and Non-Compete agreements are staples of the technology world. But do you understand what you’re signing? What makes these agreements good, bad, or ugly? In this talk, we look at why these agreements exist, and some common terms and conditions. We’ll show you how to evaluate them before you sign, defend against an exploitative agreement, and share some stories about agreements gone right…and wrong.

The military has something called the “Rank Structure” and as a service member gets promoted they typically move away from the technical or the doing of the work and start taking on leadership and strategic roles within their respective commands and services. In a lot of traditional Military Occupational Specialty (MOS) the processes and supporting technologies do not change all that quickly, however, the IT field does not operate that way. Military members within the IT MOS field traditionally find themselves in charge and thus lack the time and opportunity to keep up-to-date with the rapid changing pace of technology and can easily find their knowledge base out-dated and struggle to lead and advocate correctly for troops and their assigned mission. Information Security as we know it, changes extremely fast. It takes a lot of effort for senior military members to maintain their skills and knowledge in order to do what’s right for their troops. Taking those senior military members who are now retiring and desire a career in infosec can be challenging due to a perceived lack of skills and hands on experience. Compounding the barriers of entry when transitioning as an active duty military member with over 20...

Many candidates have come to us frustrated by the number of interviews they’ve attended without getting any job offers. Sometimes they need help getting over interview anxiety. Also, some candidates don’t realize that when they receive an offer, they are expected to negotiate. A well-understood negotiation is essential in order to settle on a set of compensation parameters and working conditions that will make them happy, and commit to the company for the long run. This training is in a group environment to offer maximum support and feedback.

This is a ShellCon U class taught by the RaiseMe instructor team.

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff :)

Attendants will be provided with training portal access to practice some attack vectors, including multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS. This includes: Lifetime access to a training VM, vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises.

This workshop is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps: An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers, security issues in government-mandated apps with considerable media coverage such as Smart Sheriff, apps that report human right abuse where a security flaw could get somebody killed in the real world, and more.

Michael Wylie brings to you an introductory hands-on fundamental malware analysis workshop. IT and Cybersecurity professionals will learn the basic skills necessary to safely analyze the characteristics and behavior of malware. Students will walk away with practical techniques and methodologies that can be immediately applied to statically and dynamically analyzing software with an emphasis on malicious software. Gone are the days where incident responders reformat infected systems destroying valuable evidence. Preserving and analyzing malware artifacts will give attendees the skills to understand, at a high level, the techniques and malicious intents of malware that defeated their security controls. Once the threat is understood, additional detective and preventive controls can be put in place resulting in faster response. Throughout this workshop, students will learn about and how to work on labs involving both static and dynamic software analysis. Before diving in, students will be given an overview of malware analysis and be educated on safe responsible malware detonation to minimize the risk of spreading malware. Tools students will explore include: Strings, Wireshark, PEstudio, ProcMon, HxD, Process Hacker, Process Explorer, and more.

This will be a workshop that allows students and professionals to understand both pentesting and AWS by setting up various systems in AWS. Attendees will engage by setting up an attacker host, a couple of victim machines, and a couple of other AWS services. Once the environment is set up, attendees can expect to learn basic pentesting concepts as well as some more intermediate and advanced topics.

There are far too many pieces to the information security puzzle for one person to know them all. That’s OK, but there are still quite a few topics which warrant at least some basic level of understanding. One such topic is the typical malware kill chain. Those interested in different aspects of security may find they know nothing about this. They may also find the desire to learn.

If the best way to learn is by doing then let’s “do” some malware.

Students of this workshop will learn how to:

• Build (harmless) pluggable implants for Windows in C
• Run simple command-and-control and related services
• Tie these pieces together into a usable kill chain

Please note we will not cover evasive or persistence techniques. The instructor is not a malware expert and has no intentions (yet) of arming the populace.

This workshop aims to provide a bit of fun and understanding around botnets and the kill chains used to build them. Students will take away a basic but (hopefully) new perspective on something they may have only read about in passing, but more importantly a spark to encourage continued research and experimentation at home.

Prerequisites

Attendance Requirements