DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Talks and Workshops Schedule at the Packet Hacking Village at DEF CON 28 Safe Mode

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Announcement! Talks and Workshops Schedule at the Packet Hacking Village at DEF CON 28 Safe Mode

    https://www.wallofsheep.com/pages/dc28

  • #2
    PACKET HACKING VIRTUAL VILLAGE AT DEF CON 28 SAFE MODE
    All times are in PDT. Schedule is subject to change. More details, including registration and streaming links, forthcoming.

    WORKSHOPS SCHEDULE
    Friday, August 7th
    13:00 - 15:00 Intrusion Analysis and Threat Hunting with Open Source Tools
    Josh Stroschein, Jason Williams, Jack Mott
    16:00 - 18:00 Violent Python 3
    Sam Bowne, Elizabeth Biddlecome, Kaitlyn Handleman, Irvin Lemus
    Saturday, August 8th
    09:00 - 11:00 Writing Wireshark Plugins for Security Analysis
    Nishant Sharma, Jeswin Mathai
    13:00 - 15:00 Wireshark for Incident Response & Threat Hunting
    Michael Wylie
    16:00 - 18:00 Advanced APT Hunting with Splunk
    Matt Toth, Robert Wagner
    Sunday, August 9th
    09:00 - 13:00 Bad Active Directory (BAD)
    Dhruv Verma, Michael Roberts, Xiang Wen Kuan
    TALKS SCHEDULE
    Friday, August 7th
    10:00 - 11:00 Media Analysis of Disinformation Campaigns
    Mike Raggo and Chet Hosmer
    13:00 - 14:00 Dumpster Fires: 6 Things About IR I Learned by Being a Firefighter
    Dr. Catherine Ullman
    16:00 - 17:00 Take Down the Internet! With Scapy
    C8 (John Hammond)
    Saturday, August 8th
    10:00 - 11:00 The Vulnerability That Gmail Overlooked and Enabling Threat Hunting
    Ozkan Mustafa Akkus
    13:00 - 14:00 The Worst Mobile Apps
    Sam Bowne
    Sunday, August 9th
    11:00 - 12:00 Packet Acquisition: Building the Haystack
    Chris Abella and Pete Anderson
    WORKSHOPS ABSTRACTS AND BIOS
    INTRUSION ANALYSIS AND THREAT HUNTING WITH OPEN SOURCE TOOLS
    JOSH STROSCHEIN, DIRECTOR OF TRAINING, OPEN INFORMATION SECURITY FOUNDATION (OISF) / SURICATA
    ASSISTED BY JASON WILLIAMS, SECURITY RESEARCHER, AND JACK MOTT, SECURITY RESEARCHER

    In today's threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. In Intrusion Analysis and Threat Hunting with Open Source Tools, you will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches. We will explore key phases of adversary tactics and techniques - from delivery mechanisms to post-infection traffic to get hands-on analysis experience. Open-source tools such as Suricata and Moloch will be utilized to generate data, perform exhaustive traffic analysis, and develop comprehensive threat hunting strategies. By the end of this workshop, you will have the knowledge and skills necessary to discover new threats in your network.

    Josh Stroschein is an experienced malware analyst and reverse engineer who has a passion for sharing his knowledge with others. He is the Director of Training for OISF, where he leads all training activities for the foundation and is also responsible for academic outreach and developing research initiatives. Josh is an accomplished trainer, providing training in the aforementioned subject areas at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon and other public and private venues. Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight, and a threat researcher for Bromium.

    Jack Mott is a security researcher who focuses on open source solutions to detect, track and hunt malware and malicious activity. He has been a signature writer for the Emerging Threats team for several years, producing community/premium Suricata signatures to help protect networks worldwide. Jack is a strong believer in the open source mission as well as helping people and organizations solve security issues with open source solutions. He resides in the USA.

    Jason Williams is a security researcher with global enterprise experience in detecting, hunting and remediating threats with open source technologies. Primarily focusing on network communications, Jason has written thousands of commercial and community Suricata rules for Emerging Threats to help defenders protect their networks. Jason participates as a Signature Development and User Training instructor for the OISF.

    VIOLENT PYTHON
    SAM BOWNE, INSTRUCTOR, CITY COLLEGE SAN FRANCISCO
    ASSISTED BY ELIZABETH BIDDLECOME, PART-TIME INSTRUCTOR, CITY COLLEGE SAN FRANCISCO; ELIZABETH BIDDLECOME, AND IRVIN LEMUS

    Even if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. We build tools that perform port scanning, brute-force attacks, crack password hashes, and XOR encryption. Python is among the top three programming languages in the world, for good reason: it's the easiest language to use for general purposes.

    Sam Bowne (Twitter: @sambowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences. Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner

    Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She is a senior instructor for Infosec Decoded, Inc. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

    Irvin Lemus has served clients throughout California, providing valuable professional services that bring peace of mind to clients as well as security against the constant threats with our ever-connected world.

    Kaitlyn Handleman is a Professional Red Teamer.

    WRITING WIRESHARK PLUGINS FOR SECURITY ANALYSIS
    NISHANT SHARMA, R&D MANAGER, PENTESTER ACADEMY
    JESWIN MATHAI, SECURITY RESEARCHER, PENTESTER ACADEMY

    Network traffic always proves to be a gold mine when mined with proper tools. There are various open source and paid tools to analyze the traffic but most of them either have predefined functionality or scalability issues or one of a dozen other problems. And, in some cases when we are dealing with non-standard protocols, the analysis becomes more difficult. But, what if we can extend our favorite traffic analysis tool Wireshark to accommodate our requirements? As most people know, Wireshark supports custom plugins created in C and Lua which can be used to analyze or dissect the packets. In this workshop, we will learn the basics of Wireshark plugins and move on to create different types of plugins to perform dissection of non-standard protocol, provide macro statistics, detect attacks etc. We will use examples of older and newer protocols (including non-standard ones) to understand the plugin workflow and development.

    Nishant Sharma (Twitter: @wifisecguy) is an R&D Manager at Pentester Academy and Attack Defense. He is also the Architect at Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX and WiMini. He also handles technical content creation and moderation for Pentester Academy TV. He has 7+ years of experience in information security field including 5+ years in WiFi security research and development. He has presented/published his work at Blackhat USA/Asia, DEF CON China, Wireless Village, IoT village and Demo labs (DEFCON USA). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the state of art WiFi Intrusion Prevention System (WIPS). He has a Master's degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, Forensics and Cryptography.

    Jeswin Mathai (Twitter: @jeswinmathai) is a Researcher at Pentester Academy and Attack Defense. He has presented/published his work at DEF CON China, Blackhat Arsenal and Demo labs (DEFCON). He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals, conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.

    WIRESHARK FOR INCIDENT RESPONSE & THREAT HUNTING
    MICHAEL WYLIE, DIRECTOR OF CYBERSECURITY SERVICES, RICHEY MAY TECHNOLOGY SOLUTION

    This workshop will take student's Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we'll examine what different attacks and malware look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. There will be plenty of take home labs for additional practice.

    Michael Wylie (Twitter: @TheMikeWylie), MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more.

    ADVANCED APT HUNTING WITH SPLUNK
    MATT TOTH, SECURITY STRATEGIST, SPLUNK
    ASSISTED BY ROBERT WAGNER, SECURITY STRATEGIST

    You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre ATT&CK framework and how these concepts can frame your hunting. Using Splunk and OSINT, we will hunt for APT activity riddling a small startup's network. During the event, you will be presented a hypothesis and conduct your own hunts, whether it is for persistence, exfiltration, c2 or other adversary tactics. Heck, there might be some PowerShell to be found, too. We will regroup and review the specific hunt and discuss findings and what opportunities we have to operationalize these findings as well. At the end, we give you a dataset and tools to take home and try newly learned techniques yourself.

    Matt Toth is a Security Strategist at Splunk with over 20 years of experience in the Information Technology industry, with a focus on Cyber Security. Working with the US Department of Defense, he has led teams in CyberWar simulations, and has advised senior leadership on new attack vectors and threat actors.

    Robert Wagner is a security professional with 20+ years of InfoSec experience. He is a co-founder of "Hak4Kidz.com", an organizer with Burbsec and BurbSecCon in Chicago, and is on the Board of Directors of the ISSA Chicago Chapter.

    BAD ACTIVE DIRECTORY (BAD)
    DHRUV VERMA, SENIOR SECURITY CONSULTANT, NCC GROUP
    ASSISTED BY MICHAEL ROBERTS, SENIOR SECURITY CONSULTANT, NCC GROUP, AND XIANG WEN KUAN, SECURITY CONSULTANT, NCC GROUP

    This is an introductory to intermediate level Windows active directory (AD) training. The training has two parts: a lecture component, where we'll cover how active directory works and the core things you need to know to attack it effectively, and a series of hands-on labs modeled after real attacks we've performed on client environments. The training will be heavily lab focused, with each student receiving their own AWS environment to play with. The labs are based off of how real modern networks look, not example test environments, and successfully completing each lab involves chaining together multiple vulnerabilities in a realistic kill chain methodology to get domain admin.

    Dhruv Verma is a Senior Security Consultant at NCC Group, an information security firm specializing in application, network, and mobile security. Dhruv has extensive experience performing infrastructure assessments with a special interest in Windows Active Directory environments and projects involving social engineering vectors. He has gotten domain admin on multiple client networks by chaining together vulnerabilities in a very unique and interesting fashion. For instance, Dhruv combined a misconfigured Jenkins server with a AWS IAM privilege escalation attack to gain Domain Admin on an enterprise network via a clone'n'pwn attack.

    Michael Roberts is a Senior Security Consultant with NCC Group. Michael performs web, mobile application and network penetration tests, and has a passion for virtual reality and cooking outside of work life. Michael holds an bachelor's degree in computer and information technology from Purdue University.

    Xiang Wen Kuan is a Security Consultant at NCC Group. Kuan has conducted some infrastructure assessments and first started BAD under the supervision of Dhruv and Michael as his intern project at NCC. Kuan is as exciting as Kashi cereal and likes to eat free food at hacker events.

    TALKS ABSTRACTS AND BIOS
    MEDIA ANALYSIS OF DISINFORMATION CAMPAIGNS
    MIKE RAGGO, CO-FOUNDER, SILENTSIGNALS.COM
    CHET HOSMER, OWNER, PYTHON FORENSICS

    In this session we'll focus on the media aspects of disinformation campaigns with deep analysis of altered images, audio, and video to uncover methods used to twist narratives and mislead perceptions surrounding topical news stories. We'll dive into the taxonomy of fake photos, deepfakes, phishing audio fraud attacks, keyword squatting malware, fake rallies, narrative laundering, nation state fake intelligence. and media generated to inspire mass hysteria. We'll then further categorize these threats by their TTPs and provide methods for enhancing detection and response strategies. Real world examples will be demonstrated to provide deep and tangible insights into this systemic problem.

    Mike Raggo (Twitter: @MikeRaggo) has over 20 years of security research experience. Over the years he has uncovered numerous vulnerabilities in commercial networking, mobile, and security products. His current research focuses on multimedia disinformation campaigns. His research has been highlighted on television's CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols" for Syngress Books, and is a contributing author for "Information Security the Complete Reference 2nd Edition". His Data Hiding book is also included at the NSA's National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon's Certificate of Appreciation.

    Chet Hosmer (Twitter: @chethosmer) is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.

    DUMPSTER FIRES: 6 THINGS ABOUT IR I LEARNED BY BEING A FIREFIGHTER
    DR. CATHERINE J. ULLMAN, SR. INFORMATION SECURITY FORENSIC ANALYST

    Threats surround us like a ring of burning fire. Unfortunately, incident response doesn't come naturally to an operational mindset where the focus tends to be on reactive problem solving. As a volunteer firefighter for over twenty years, investigatorchic has learned a lot about what is and isnt effective. There are surprising parallels between fighting real-life fires and the fire-fighting that passes for today's incident response. For example, striking a balance between swift response and patient reflection is often the difference between life and death, in a very literal sense for the firefighter and a figurative sense for the security professional. It's also all too easy to get tunnel vision and focus on the wrong areas, costing precious time. The security world is full of dumpster fires these days, so join this session to learn from a good firefighter what makes a good security person.

    Dr. Catherine J. Ullman (Twitter: @investigatorchi) is a security researcher, speaker, and Senior Information Security Forensic Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a data forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness amongst faculty and staff via a comprehensive department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous prestigious information security conferences including DEF CON and Hacker Halted. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.

    TAKE DOWN THE INTERNET! WITH SCAPY
    JOHN HAMMOND

    You know Python remains a hacker's favorite language... and for both network defenders and attackers alike, Scapy shines as their favorite Python module! This talk introduces Scapy and its syntax, discusses and showcases multiple attacks that can be performed with Scapy (SYN flood, Ping of Death, DNS amplification attacks and more) as well as offering some defensive techniques to mitigate these attacks. These network attacks are often a "denial of service" and have dire consequences – so you choose your role as an attacker or defender, and be part of either the cause or the solution to take down the Internet!

    John Hammond (Twitter: @_johnhammond) is a cybersecurity instructor, developer, red teamer, and CTF enthusiast. Cyber Training Academy curriculum developer and teacher for the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He personally developed training material and infosec challenges for events such as PicoCTF and the "Capture the Packet" competition at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the University of North Carolina Greensboro, and other events like the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality to showcase programming tutorials, cyber security guides, and CTF video walkthroughs. John currently holds the following certifications: Security+, eJPT, CEH, PCAP, OSWP, OSCP, OSCE, and OSWE.

    THE VULNERABILITY THAT GMAIL OVERLOOKED AND ENABLING THREAT HUNTING
    ÖZKAN MUSTAFA AKKUS, VULNERABILITY RESEARCHER AND PENETRATION TESTING EXPERT, BARIKAT CYBER SECURITY

    The use and working logic of the SMTP protocol is very simple, but it poses different threats. Large e-mail infrastructures such as Gmail can forget important and critical points that may threaten the security of people while using this protocol. By explaining this primitive structure of the SMTP protocol, we will examine the vulnerability that I discovered in Gmail. We will also do live examples.

    Ozkan (Twitter: @ehakkus) is a vulnerability researcher and penetration testing expert in Turkey. While studying sports sciences and technologies, he decided to leave the University and step into the world of Cyber Security. His purpose is to provide added value to the world of cyber security through the training he has given and the research he has conducted. Ozkan publish security vulnerabilities on international platforms that he has discovered. He shares his experiences and works on his personal blog https://www.pentest.com.tr. Ozkan also has many internationally recognized certificates such as OSWE, OSCE, OSCP, OSWP, CEH, CCNA, TSE-STU. He gave trainings and presentations in many universities and institutions in his country. In addition to these studies, He gave the presentation of "0day Hunting and RCE Exploitation in Web Applications" in AppSec Village at Defcon 27.

    THE WORST MOBILE APPS
    SAM BOWNE, FOUNDER, INFOSEC DECODED INC.

    I've audited hundreds of Android apps and now, thanks to the Checkra1n jailbreak, iOS apps as well. Many of these apps have security flaws such as exposing passwords on the phone or in network traffic, but a few of them are spectacularly insecure, exposing the entire user database to every user. I will explain how to perform simple tests to detect such errors and demonstrate them with live apps on both Android and iOS devices. Don't let this happen to your app!

    Sam Bowne (Twitter: @sambowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences. Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner

    PACKET ACQUISITION: BUILDING THE HAYSTACK
    CHRIS ABELLA, P SE, EXTRAHOP NETWORKS
    PETE ANDERSON, SR. SE, EXTRAHOP NETWORKS

    Packet hacking doesn't happen without packets. There are multiple methods to get packets from a network; from local tcpdump and Wireshark all the way to enterprise wide tapping and span aggregation. In this talk, we'll discuss enterprise packet acquisition strategies and challenges, and the methods, tools, and techniques necessary to build the data foundation for effective network-based detection and forensics.

    Garbage data in means garbage analysis out. Chris and Pete have spent decades working with Fortune 500 NOC and SOC teams to implement advanced packet analysis solutions, build better packet pipelines, and get more from those packets.
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

    Comment

    Working...
    X