9:10 AM - 10:00 AM

Name:  Ernest "Cozy Panda" Wong
Talk: Learning How to Innovate "1n51d3-th3-B0x": Cyber Defense and Deterrence for the 21st Century

Since our Republic’s founding, Americans have demonstrated a speculative knack and considerable optimism that have translated into innovative solutions for grappling with tough problems. From the first American colonists who made do with limited resources to today’s NASA astronauts who boldly explore space with minimal supplies in order to break free of gravity, Americans have a proud history of discovering new and better ways for getting the job done. Today innovation has become a buzzword in the US Army, and it is helping to shape the vision for the “Army of 2025 and Beyond” as an agile organization able to adapt and prevail in this complex world. But does the US Army have the capabilities needed to protect vital national interests in cyber and to succeed in the Multi-Domain Battle? Does the US Army know how to foster innovations that can keep pace with disruptive cyberattacks so that it is able to triumph against sophisticated peer enemy threats in the not-too-distant future? The rapid growth of the Internet in our globally connected world has meant that the tools within the cyber domain are constantly changing. In such a fluid environment, does America still have the capacity to gain the strategic advantage necessary to effectively out-hack those who attack us in the cyber domain? To make matters worse, there are those who believe the US Army is such an unwieldy bureaucracy that it can’t adapt to win tomorrow’s wars, particularly in places where it lacks expertise, such as space, cyberspace, and other contested areas including the information environment and the cognitive dimension of warfare. This presentation provides a simple framework for analyzing different types of innovation, and in doing so, asks us to think inside-the-box to promote better ways the US Army can defend and deter against attacks within cyberspace.  By analyzing what innovation really means and by highlighting the differences between four distinct types of innovation (disruptive, breakthrough, sustaining, and incremental), this presentation shows us just how easy the US Army can develop and nurture successful innovations for the cyber domain. Learning how to innovate using this inside-the-box methodology will help the US Army to exploit windows of advantage across time and space. Anyone wishing to discover and leverage the most appropriate framework for innovating in this 21st Century will not want to miss this briefing.

Name: Aaron Blythe
Talk: Introduction to Shodan

I imagine it goes without saying that the internet is an insecure place.  With tens of billions of connected devices projected in the next 5 years, this will only become more insecure.  Shodan is a powerful search engine tool that can be used to aid you in making sure that you are not exposing any of your IoT devises (or even web servers or services for that matter) to the open internet.  Aaron will walk through what Shodan is, how to use Shodan, ethics of using Shodan, and many other related topics.

10:45 AM - 11:30 AM

Name: Anthony Maughan
Talk: Using Revello to create a Security Lab in the cloud

Do you ever want to try the latest techniques or develop new technical skills?  Do you find it expensive or hard to find an environment for yourself or your team to practice?  Using the cloud is the perfect place to experiment and learn.  Come see how one cloud provider Ravello can get you quickly into a new security lab.  Go home with a new tool in your tool belt to learn security.

Name: Cody J. Winkler
Talk: Malware: Then, Now and How

The goal of this presentation is to provide a 10-year snapshot of malware to the audience. What did the threat landscape look like 10 years ago vs. what does it look like today, and why is malware still such a huge problem? Malware is still a major security threat to end-users like it was in 2007, but with the added scope of how it can impact entire industries today. Through technical analysis of two major outbreaks within the last year, Mirai and WannaCry (for the sake of time constraints, I could do one or the other, I don’t have to do both), I hope to show the audience that 10-year evolution, a better understanding of what malware can actually do, and a basic understanding of the analytic process (techniques, tactics, and procedures).

12:45 PM - 1:30 PM

Name: Ben Miller
Talk: Hacking up the Chain: Stories and Tips for communication to bosses, VPs, and C's

You know you have the right info, under the risk, and have presented your technical case to CXO or whoever.  But the they don’t listen, or they scoff at the need to take action before they are hacked and become another statistic!  Why do exec’s and non technical not listen to you? Are they just dumb? They can’t read the news? This can be especially frustrating when they hired you to tell them about these problems in the first place! What is a hacker to do?

We hack our communications, message, and delivery.  I’ll present to you the hard earned knowledge of years of telling people how they will be breached and how to say it so your bosses, your VP, or your CXOs actually listen, understand the depth of the risk, and TAKE ACTION.  We just want to help, and surprisingly the execs want our help.  Let’s work to make sure they grok it.

Here’s some of the quick wins:

If you can’t measure it, it isn’t real (to them)

A cool hack is not as interesting (to them), as one that demonstrably affects The Business.

Yes, most exec’s what you to understand the WHY of their plans (and want to know yours!)

Name: Jason Holcomb

Talk: ATT&CK Yourself: Using Discrete Adversary TTPs to Make Your Network and Systems More Defendable

Penetration testing and vulnerability assessment have their place but could there be a security testing technique that provides greater value? In this presentation, we will introduce and explore MITRE’s ATT&CK framework in the context of building discrete test cases around specific attacker Tactics, Techniques, and Procedures (TTP). We will then look at how this type of testing can provide valuable insight into weaknesses in your current defensive posture from monitoring and detection to blocking and response.

Name: Mike Motta
Talk: Securing your company's assets with packets

How to use Wireshark or Observer protocol analyzers to look at packet data for indicators of compromise

Name: Weston George

Talk: Don't be a Hammer.  Learning more tools with VMs and Vulnhub

A lot of people get sucked into using just a couple of tools for vulnerability research.  When I first started out, I focused solely on the Metasploit Framework.  While that is a great utility, there is so much more out there.  In this talk I hope to show that through the use of sites like vulnhub.com, and the walkthroughs they provide, you can branch out into other tools that will greatly expand your skillset, and change the way you approach CTF and vuln assessment.

Name: Jason  Reaves

Talk: Malware C2 over x509 certificate exchange

Malicious actors in the world are using more ingenuity than ever to for both data infiltration and exfiltration purposes, AKA command and control communications. While lots of attention is given to these techniques they are commonly done so after they’ve been used in an incident, making this area of cyber security very retroactive in its defensive posture. The aim in presenting this material is to demonstrate that we can take some lessons from the other areas of cyber security research, namely exploitation, and look at potential use cases in how malware authors could utilize technologies outside of their intended purposes to not only accomplish their goals but also end up bypassing common security measures in the process. Doing this sort of research can lead to more advances in defensive security postures by spurring discussions in the community on how a technique either does or doesn’t bypass security measures.