From Wild West Hackin' Fest 2018 in Deadwood, SD. Presenter: Deviant Ollam
Description: Most folk are aware that it's not a good idea to hand a stranger your keys... some very security-conscious folk are even wary of letting potential attackers SEE your keys. The risks of casting, molding, teleduplication, and quick decoding are real and such caution is merited. However, how many of you have ever actually /performed/ an attack like this yourself? Have you ever witnessed it live and in person?
While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing's best-selling pen testing titles. In addition to being a lockpicker, Deviant is also a GSA certified safe and vault technician and inspector. At multiple annual security conferences Deviant runs the Lockpick Village workshop area, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.
Copying Keys from Photos, Molds & MoreWild West Hackin Fest2018-11-28 | Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: wildwesthackinfest.com
From Wild West Hackin' Fest 2018 in Deadwood, SD. Presenter: Deviant Ollam
Description: Most folk are aware that it's not a good idea to hand a stranger your keys... some very security-conscious folk are even wary of letting potential attackers SEE your keys. The risks of casting, molding, teleduplication, and quick decoding are real and such caution is merited. However, how many of you have ever actually /performed/ an attack like this yourself? Have you ever witnessed it live and in person?
While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing's best-selling pen testing titles. In addition to being a lockpicker, Deviant is also a GSA certified safe and vault technician and inspector. At multiple annual security conferences Deviant runs the Lockpick Village workshop area, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.
#WWHF #WildWestHackinFest #infosecThe Rita Award for Deadwood 2023 goes to...Wild West Hackin Fest2023-11-27 | We are overjoyed to announce that Gerald Auger, Ph.D. received the Rita Award from Deadwood 2023! We hope you give Gerald a warm congratulations!
Each Wild West Hackin' Fest conference, we award someone the Rita Award, which is named after Rita, John Strand's late mother, who helped build up Black Hills Information Security and its tribe of companies. To receive this award, we look for someone who is always positive, optimistic, and always willing to lend a helping hand to the community.
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: wildwesthackinfest.comBHIS - Talkin Bout [infosec] News 2023-10-18Wild West Hackin Fest2023-10-19 | Live from WWHF Opening Night! A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories.Closing Ceremony | John Strand | WWHF Deadwood 2022Wild West Hackin Fest2023-09-22 | Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: wildwesthackinfest.com
Use discount code 100PERCENTOFF for a FREE rambling rant from a not-an-expert expert and typical white guy, clueless as to what he is talking about but showing face to make appearances and panhandle for social clout! Filled to the brim with buzzwords, senseless statistics, and unwanted hot-takes from LinkedIn, you’ll be on the edge of your seat! This is sarcasm (or satire, you decide). Actually, join John Hammond for a candid, unfiltered and unorthodox conversation on where we fall short, what we can learn from it and why that makes us better.
John Hammond is a cybersecurity researcher, educator and content creator. As part of the Threat Operations team at Huntress, John spends his days analyzing malware and making hackers earn their access. Previously, as a Department of Defense Cyber Training Academy instructor, he taught the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He has developed training material and information security challenges for events such as PicoCTF and competitions at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the US Naval Academy, and other online events including the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality showcasing programming tutorials, CTF video walkthroughs and other cyber security content. John currently holds the following certifications: Security+, CEH, LFS, eJPT, eCPPT, PNPT, PCAP, OSWP, OSCP, OSCE, OSWE, OSEP, and OSED (OSCE(3)).
Locksmith is a tool for identifying and remediating the most common misconfigurations and issues with Active Directory Certificate Services installations.
Jake Hildreth is a Senior Security Consultant and member of the Identity Security Team at Trimarc Security, LLC. As a recovering sysadmin with over 20 years of wide-ranging experience in information technology, he configured, administered, or supported almost every technology used by small and medium businesses. His day-to-day work at Trimarc focuses on assessing Active Directory configurations for Fortune 500 companies to help secure their environments. He currently holds the CISSP and Security+ certifications.
Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Scan intends to leverage.
The framework is built around four general vulnerability identification concepts: The vulnerability database, network vulnerability scanning, agent-based discovery, and custom assessor analysis. With these powers combined around an easy-to-use interface Sirius hopes to enable industry evolution.
I will also be demonstrating NSE scripting and script integration
When he gets the chance, Matthew Toussain loves to take on an offbeat challenge. He’s turned a closet into a server room, a table into a computer, and a ’76 Mustang into an electric car. He’s also built an Alexa-enabled home entertainment system out of a car amp, a Raspberry Pi, a computer power supply unit, sheet metal, and plexiglass. It’s that ingenuity that underscores his work as a certified SANS instructor.
A graduate of the U.S. Air Force Academy with a B.S. in computer science and the SANS Technology Institute with an M.S. in information security engineering, he has served as the senior cyber tactics development lead for the U.S. Air Force (USAF) and worked as a security analyst for Black Hills Information Security. In 2014, he started Open Security, which performs full-spectrum vulnerability risk assessments.
An avid runner who also plays piano, guitar and violin, Matthew lives in Texas with a multitude of Cisco switches. In addition to teaching at SANS, he is an avid supporter of cyber competitions and participates as a red team member or mentor for the Collegiate Cyber Defense Competition (CCDC), the annual NSA-led event Cybersecurity Defense Exercise (CDX), and SANS Institute’s NetW
In this hands-on workshop, DomainTools CISO Daniel Schwalbe will build on the search techniques introduced in the “Threat Hunting using Active and Passive DNS” class and will expand the query complexity to include advanced regular expression patterns, globbing, and searching of “lesser known” Resource Record Types such as SOA and TXT. Requirements to participate:
– Laptop, Internet access – Familiarity with basic passive DNS Search concepts, or participation in the previous day’s “Threat Hunting using Active and Passive” workshop – DNSDB API Key (will be provided day of the event) – DNSDB Scout Web Edition: scout.dnsdb.info – dnsdbq install from github.com/dnsdb/dnsdbq – dnsdbflex install from github.com/farsightsec/dnsdbflex
Daniel will provide free access to DNSDB, our passive DNS tool, along with command line (dnsdbq and dnsdbflex) and web (DNSDB Scout) tools for the class and for 30-days following the conference so attendees can visualize how the tool will work within their own environments.
DNSDB is a historical passive DNS database that contains Internet history data that goes back to 2010. A DNSDB API Key will be sent to registered attendees prior to the Workshop.
DomainTools, the leader in domain name and DNS-based cyber threat intelligence, has acquired Farsight Security, a leader in DNS intelligence and passive DNS cyber security data solutions. The acquisition comes as a natural extension of both companies’ long-standing partnership to deliver Farsight’s market-leading passive DNS data via the DomainTools Iris investigation platform to assess risk, map attacker infrastructure, and rapidly increase visibility and context on threats. Farsight’s market leading DNS observation data combined with DomainTools best-in-class active DNS data gives customers the earliest and most comprehensive look into threats emerging outside their network.
/// 📄 Live Chat will take place in the Antisyphon Training Discord: discord.gg/antisyphon
Last March we had the Most Offensive Con that Ever Offensived! online summit event featuring talks and trainings for Red Teamers. Now we’re putting together a similar summit event just for the Blue Team! Blue Teamers have it rough, so we’re putting together an online summit event just for them featuring talks, trainings, and lots of fun and frivolity!
The Antisyphon Blue Team Summit 2023 is scheduled for August 23, 2023, with training August 24-25, 2023.
The summit itself is free, but it does require registration to gain access to the talks and other live-streamed events.
In addition to the free talks and presentations, we are also scheduling classes for Blue Teamers, Red Teamers, Threat Hunters, and many more.What’s up Breaches! | Mishaal Khan | WWHF Deadwood 2022Wild West Hackin Fest2023-08-21 | Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: wildwesthackinfest.com
I’ll show you the various types of data breach sets out there, everything you can gain from them (not the passwords), how to access them, use them for OSINT investigations, pentesting recon, auditing or privacy assessments, and how to prepare yourself for the next breach, because you’re going to be in it!
I’ll show you some popular leaks, public scrapes, stealer logs and data aggregator sets that will help put together the missing pieces and take your investigations to the next level. You will see how I store and parse through the terabytes of data in an efficient manner. I end with some tips on how to protect yourself from the techniques I present.
A jack of all trades, master of some, Mishaal uses his Cybersecurity background along with his Privacy and OSINT skills to spread awareness, educate people and provide actionable next steps to help protect people and organizations from threats they may not be aware of.
With over 20 years of multinational experience, he’s a virtual CISO, certified Ethical Hacker, Social Engineer, the 1st IntelTechniques Certified OSINT Professional, Privacy consultant, coder, and a general problem solver.
His personal examples, anecdotes, and clear thought process allow him to connect with people effortlessly and explain complex matters in a simplified manner.
It is hard to protect what you cannot see. So many times organizations are not aware of all their assets including APIs. They prepare to have their Internet-exposed application assessed during pentests, but have to go through the drill of taking inventory of all the applications. This is a similar task for all external assets, companies do not always know what they have exposed and this makes assessing and securing them difficult. Phillip Wylie discusses how to integrate APIs into External Attack Surface Management (EASM) to improve the security posture of external facing APIs.
Phillip Wylie is a cybersecurity professional and offensive security SME with over 18 years of experience, over half of his career in offensive security. Wylie is the Tech Evangelism & Enablement Manager at CyCognito. He is a former college adjunct instructor and published author. He is the concept creator and co-author of The Pentester Blueprint: Starting a Career as an Ethical Hacker and was featured in the Tribe of Hackers: Red Team.
Adversary emulation has become the go-to testing approach, and for good reason. By acting like real adversaries, red teams can provide effective testing to ensure enterprises detect and respond the way they want to. But there’s a problem—this sounds great in theory, but it often isn’t happening in practice. Using data from real intrusions, this talk will demonstrate how differently testers and real adversaries behave and explain why this can lead to a false sense of security. The presenters will share examples of different techniques, procedures, and tools used by testers and adversaries, including how detecting these differs. The presenters will also break down a spectrum of adversaries, providing the audience with a crawl, walk, run approach to adverary emulation to enable organizations of various capabilities. The audience will learn not only how adversary emulation is often falling short, but more importantly, how to improve testing to achieve better security outcomes.
Adam Mashinchi is the Principal Product Manager for Managed Detection and Response at Red Canary. Before Red Canary, Adam defined and managed the development of enterprise security and privacy solutions with an emphasis on adversary emulation and usable encryption at a global scale, leading numerous technical integration projects with a variety of partners and services.Katie Nickels Katie is the Director of Intelligence for Red Canary as well as a SANS Certified Instructor for FOR578: Cyber Threat Intelligence and a non-resident Senior Fellow for the Atlantic Council’s Cyber Statecraft Initiative. She has worked on cyber threat intelligence (CTI), network defense, and incident response for over a decade for the U.S. DoD, MITRE, Raytheon, and ManTech. Katie hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. Katie has shared her expertise with presentations, webcasts, podcasts, and blog posts, including her monthly livestream, the SANS Threat Analysis Rundown, as well as her personal blog, Katie’s Five Cents. She has received multiple awards, including recognition by SC Media as a Women in IT Security Advocate as well as the SANS Difference Maker Award and the President’s Award from the Women’s Society of Cyberjutsu.
The Ethics of Digital Surveillance: Making Sense of Our Liberties in a Connected Age
With more people transitioning to work-from-home, practical technological integrations have reached new heights. This is great! More tech in our daily lives means new problems, new perspectives, new solutions, and more creativity: widening the field to include all kind of people and situations is a good thing.
However, being an increasingly networked-society also means being increasingly at-risk: if not directly, then indirectly, and not just from “black hat hackers”. We as Cybersecurity professionals wrestle regularly with the data brokerage market and how that connects to maintaining CIA for our clients and our industry: whether those clients practice data brokerage as a business strategy, or whether they are clients seeking cyber-secure tools to help them eliminate data harvesting from their lives. Data collection can be used for good (digital forensics, in one example) or, it can be used unethically, to exploit (as in the alleged case of UNITED STATES V. EPSILON DATA MANAGEMENT, LLC).
I believe that just as in a biological environment, there is an optimal harmony in our digital environment between the data surveillance/collection and personal/corporate privacy models that will best aid our mutual thriving as a civilization which relies on both digital networking and social networking, to live and work.
In my short presentation I will lay out the environment Users unexpectedly find themselves in and talk about preventing paranoia when introducing people to Cybersecurity; outline BOTH the positive and negative applications of data brokerage/surveillance and info-markets; and posit a practical, middle-road cultural/ethical response which we can share with our clients, companies, friends, and family to our increasingly-networked world.
My goal is to encourage reflection.
---Kathryn is currently an associate instructor at ThriveDX and graduated from UCF in Cybersecurity. She likes Star Wars, her cats, and living in the endless summer of southern Florida. linkedin.com/kathryn-et-carnell
Initial access payloads have historically had limited methods that work seamlessly in phishing campaigns and can maintain a level of evasion. This payload category has been dominated by Microsoft Office types, but as recent news from Microsoft has shown, the lifespan of even this technique is shortening. As greatly overlooked vehicle for initial access, ClickOnce is very versatile and has a lot of opportunities for maintaining a level of evasion and obfuscation. In this talk we’ll cover methods of bypassing Windows controls such as SmartScreen, application whitelisting, and trusted code abuses with ClickOnce applications. Additionally, we’ll discuss methods of turning regular signed or high reputation .NET assemblies into weaponized ClickOnce deployments. This will result in circumvention of common security controls and extend the value of ClickOnce in the offensive use case. Finally, we’ll discuss delivery mechanisms to increase the overall legitimacy of ClickOnce application deployment in phishing campaigns. This talk can bring to attention the power of ClickOnce applications and code execution techniques that are not commonly used.
Nick is an operator and red teamer at SpecterOps. He has experience with providing, as well as leading, pentest and red team service offerings for a large number of fortune 500 companies. Prior to offensive security, Nick gained security and consulting experience while offering compliance-based gap assessments and vulnerability audits. With a career focused on offensive security, his interests and prior research focuses have included initial access techniques, evasive Windows code execution, and the application of alternate C2 and data exfiltration channels.Steven Flores Steven is an experienced red team operator and former Marine. Over the years Steven has performed engagements against organizations of varying sizes in industries that include financial, healthcare, legal, and government. Steven enjoys learning new tradecraft and developing tools used during red team engagements. Steven has developed several commonly used red team tools such as SharpRDP, SharpMove, and SharpStay.
Containers are playing their role in the digital transformation by providing a fast deployment of cloud-native applications. Containers are also often viewed as secure, which is true. But how are they really well configured? A demo-based session. The session includes: – Containers 101 – Backdooring Docker containers images – Poisoning images on Azure Container Registry – Compromise containers on Azure Container Instance – Compromise containers on Azure Kubernetes Services – Vulnerability Assessment
Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years’ experience on Microsoft technologies. His day-to-day job is to help companies securely embrace cloud technologies. He has certifications and recognitions such as Microsoft MVP: Microsoft Azure, Offensive Security Certified Professional (OSCP), Offensive Security Experienced Penetration Tester (OSEP), Microsoft Certified Trainer, MCT Regional Lead, EC Council CEH, CPENT, LPT, CEI, CREST CPSA, CRT and more. Frequent speaker at local and international conferences like Global Azure, DEF CON, Wild West Hackin’ Fest, Security BSides, Workplace Ninja, Midwest Management Summit, Hack in the Box etc. Prefers live demos and cyberattacks simulations.
The default logging capabilities from Microsoft are only helpful to a certain extent. This session will discuss how to utilize the Sysinternals tool Sysmon for threat hunting, testing detections and more. The session will explain use cases and look at real examples of Sysmon successfully detection malicious behavior in the wild.
Amanda Berlin is the Lead Incident Detection Engineer for Blumira and the CEO and owner of the nonprofit corporation Mental Health Hackers. She is the author of a Blue Team best practices book called “Defensive Security Handbook: Best Practices for Securing Infrastructure” with Lee Brotherston through O’Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. She now spends her time creating as many meaningful alerts as possible. Amanda is an avid volunteer and mental health advocate. She has presented at a large number of conventions, meetings and industry events. While she doesn’t have the credentials or notoriety that others might have, she hopes to make up for it with her wit, sense of humor, and knack for catching on quickly to new technologies.
Every transaction on the Internet – good or bad – uses the Domain Name System (DNS). In this fast-paced, hands-on workshop, DomainTools Director of Sales Engineering Taylor Wilkes-Pierce, will teach the fundamental investigative techniques and methodologies for leveraging DNS and hosting infrastructure data to more quickly and easily uncover previously unknown connections between seemingly unrelated assets, IP addresses, certificates, registration data, domain names, and more to map online infrastructure.
Requirements to participate: -Laptop, Internet access -Basic knowledge of the Domain Name System (DNS) is required.
DomainTools Iris Investigate allows users to pivot through 20+ years of domain and infrastructure data along with the most up-to-date DNS observations on 400 million+ registered domains from around the world. As a result, Iris Investigate enables defenders to assess whether to allow, conditionally allow, or deny various types of connections and gain visibility into what type of risk an indicator represents.
DomainTools, the leader in domain name and DNS-based cyber threat intelligence, has acquired Farsight Security, a leader in DNS intelligence and passive DNS cyber security data solutions. The acquisition comes as a natural extension of both companies’ long-standing partnership to deliver Farsight’s market-leading passive DNS data via the DomainTools Iris investigation platform to assess risk, map attacker infrastructure, and rapidly increase visibility and context on threats. Farsight’s market leading DNS observation data combined with DomainTools best-in-class active DNS data gives customers the earliest and most comprehensive look into threats emerging outside their networ
From PetitPotam to PKINIT, relay attacks to golden certs, the last year has brought PKI and certificates under the magnifying glass. In this talk we will discuss some of the biggest recent issues both for internal PKI’s and public certs and try to make sense of just what’s going on. We will aim to clarify and classify these issues and rate their criticality as part of the larger Active Directory ecosystem. For each issue we will attempt to discuss possible mitigations and defense, ideas for monitoring and alerting, and in some cases alternatives. The session will conclude with discussions of possible future alternatives and their feasibility for both operational and security teams.
Rick Davis is currently a Senior Customer Engineer at Microsoft focusing on Cybersecurity. With over 20 years in the field he has worked in all industry verticals including public, private and federal sectors in roles ranging from architecture to red team as well as adjunct professor and guest lecturer in areas of statistics, number theory and cryptanalysis. In addition to proactively working with customers to deploy security tools, train staff and better defend their environments Rick works closely with Microsoft’s global Incident Response team responding to some of the largest threats, ransomware outbreaks and other cybersecurity events. He is a subject matter expert on key technologies such as PKI, Active Directory and the Microsoft Defender ecosystem.
Penetration testers should emulate real-world adversaries and demonstrate business risk. A properly scoped pen test of the whole enterprise is a good way to check the enterprise’s resilience against breaches. However, a loss of data (breach) is often much simpler than we think. See three end-to-end breaches live and learn that 1) they’re only rarely complicated, 2) actual exploitation of patchable flaws is rare, and 3) they can happen a lot faster than you think.
Jeff McJunkin founded and consults at Rogue Valley Information Security, who helps businesses understand the business risk resulting from technical flaws, by emulating real-world, realistic adversaries in end-to-end engagements. Rogue Valley Information Security specializes in providing actionable steps for improvement in our reports, along with helping after the report is delivered. Jeff’s background is systems and network administration. He also teaches and authors courseware for the SANS Institute
Threat Hunter Community Discord: discord.gg/threathunterTool Demo – BBOT | The Techromancer | WWHF Deadwood 2022Wild West Hackin Fest2023-07-12 | Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: wildwesthackinfest.com
BBOT (Bighuge BLS OSINT Tool) is an OSINT framework written in Python. It uses a recursive consumer-event system similar to Spiderfoot, but with several improvements, including a more powerful threading engine and a versatile tagging system that automatically labels events according to whether they’re in scope, resolved/unresolved, wildcard, etc. It can be used both as a Python library and as a CLI tool, and natively supports output to the Neo4J Graph Database.
TheTechromancer is a penetration tester at Black Lantern Security, where he travels the world, writing nefarious Python tooling and testing it (with permission) against fortune-500 companies. He is a strong advocate for open source software, and open-sources all his tools, even the crappy ones. At home, he enjoys listening to Synthwave (the coolest musical genre of all time), and spends his time creating digital art and reading lots and lots of books. He really loves books.
We continually see capabilities of various adversaries ranging from ransomware to nation states continue to change their tactics, techniques, and procedures to go after larger and larger companies. Our defenses largely rely on crowdsourced data, but those are largely for more mature companies that have the capabilities of understanding them and building them into their defenses. Defense is still complex, attacks continue to get more complex – how do we fix where lower-risk security breaches are only granted to a small percentage of companies with large security teams. This talk will dive into some previously known data breaches, current methods that attackers are using, and look into the future of how we need to tackle security.
David Kennedy is founder of Binary Defense and TrustedSec. Both organizations focus on the betterment of the security industry. David also served as a board of director for the ISC2 organization. David was the former CSO for a Diebold Incorporated where he ran the entire INFOSEC program. David is a co-author of the book “Metasploit: The Penetration Testers Guide”, the creator of the Social-Engineer Toolkit (SET), Artillery, Unicorn, PenTesters Framework, and several popular open source tools. David has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. David is the co-host of the social-engineer podcast and on several additional podcasts. David has testified in front of Congress on two occasions on the security around government websites. David is one of the founding authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. David was the co-founder of DerbyCon, a large-scale conference started in Louisville, Kentucky. Prior to the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions
GRC analysts have a place in an effective information security program. Often times their routines, impact, and value are not clearly understood. In this talk, Gerald will walk through the reality of a day in the life of a GRC analyst (at Junior, Mid, Senior levels), explain the WHY around the activities being executed, and illustrate both how those functions relate to each other, and how the GRC functions relate within the totality of the information security office. You’ll pay for the whole seat, but you’ll only need the edge!
Dr. Auger is a 17+ year cybersecurity professional, academic, and author with passion for his craft. His cybersecurity-themed YouTube channel, Simply Cyber, is all about good times and hosts a Daily Cyber Threat Briefing livestream. He has built information security programs from the ground up and loves helping businesses protect their assets. Dr. Auger also teaches in the Cyber Sciences department at the Citadel Military College. He holds a PhD in cyber operations and two Masters in Computer Science and Information Assurance.
Jake Williams is the Executive Director of Cyber Threat Intelligence at SCYTHE. He is an incident responder, a breaker of software, and a former government hacker probably wanted by all the cool countries. Likes: threat modeling, application security, threat hunting, and reverse engineering. Dislikes: self-proclaimed thought leaders and anyone who needlessly adds blockchain to a solution that was operating perfectly well without it.
Macro-laced Word documents, malicious HTAs, dumping LSASS, WMI, and Kerberoasting – the bread-and-butter of offensive security. Rarely do binary exploits fall under the purview of “standard” offensive toolkits. Why is this? This talk looks into contemporary exploit mitigations on Windows, such as control-flow integrity and code-signing, and how they affect the cost of developing exploits in today’s age. “Point-and-click” exploits are as good as it gets – but what is the cost-benefit analysis of doing so in the age of modern exploit mitigations?
Connor is a software engineer at CrowdStrike, focusing on vulnerability research and detection. Connor enjoys writing exploits and blogging on the exploit development process. In his free time, he also enjoys history.\
DolosJS is a NAC bypass tool that was designed to be cheap to build, easy to deploy, and extremely hard to detect. DolosJS runs on a NanoPi R2S, making it both small and cheap. The DolosJS software autoconfigures the NAC bypass, making it the perfect penetration testing drop box. Operators can simply plug it into the target network and walk away. The project also includes setup scripts to allow the DolosJS device to call home over cellular LTE networks, ensuring that command-and-control (C2) communications never traverse the target network’s perimeter. When remote access over LTE is not required, the project includes setup scripts to establish C2 over Ethernet, WiFi, or Zerotier/VPN.
Forrest Kasler is a full time Penetration Tester and Social Engineer. As a lifelong nerd and hacker, Forrest loves automating advanced network attacks for his team. He has authored multiple open-source tools for the penetration testing community to address common challenges in day-to-day operations. Key research topics include: NAC bypass, MFA bypass, advanced MitM attack vectors, advanced OSINT, SMTP weaknesses, distributed brute force attacks, offensive data mining, and malware development.
Vajra is a UI based tool with multiple techniques for attacking and enumerating in target’s Azure and AWS environment.
The term Vajra refers to the Weapon of God Indra in Indian mythology (God of Thunder & Storms). Its connection to the cloud makes it a perfect name for the tool.
Vajra currently supports Azure and AWS Cloud environments and plans to support GCP cloud environments and some OSINT in the future.
Raunak Parmar works as a senior security engineer. Web/Cloud security, source code review, scripting, and development are some of his interests. Also, familiar with PHP, NodeJs, Python, Ruby, and Java. He is OSWE certified and the author of Vajra and 365-Stealer.
Riverside is an open-source network visualization tool from inside the network, showcasing live traffic between internal hosts and external remote hosts in a real-time network graph. While capturing netflow and packet information inside of a database, users can traverse backwards in time to analyze previous network activity for enriched situational awareness and a thorough understanding of their network security posture. This utility supplements existing tooling to provide more insight for use cases such as incident response, analysis and investigation, and identification of true assets used within a network environment.
Kaitlyn DeValk is an active-duty Coast Guard (CG) officer, currently completing her Masters degree at the University of Maryland in Computer Science. Prior to graduate school, she completed his undergraduate education at the US Coast Guard Academy in 2019. Her professional experience is primarily in vulnerability assessments and penetration testing. Her certifications include GCIH, GPEN, and CISSP.
SWAIN seeks to help defenders by automating a specific set of functions within “”Microsoft Purview”” (formerly known as Microsoft Compliance Center)
Despite being originally designed for compliance purposes, the “”Content Search”” functionality within Microsoft Purview provides notable email searching capabilities. With features like wildcarding and domain capturing, you are able to find and crush complex phishing campaigns with a single search.
Using SWAIN, you can create a content search, execute that search, and upon you reviewing the results. Choose whether or not you want to purge those emails found in the search.
Hey, I’m Andrew.
I have 3.5 years of experience in cybersecurity across multiple industries including Medical, Financial, and Manufacturing.
Blue teams should be able to protect themselves from threats no matter what their budget is. Small to medium businesses should have a fair shot when it comes to mitigating the biggest cybersecurity risk; Phishing emails. That is what SWAIN is all about!
CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban’s philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone’s security.
Klaus Agnoletti has been an infosec professional since 2004. As a long time active member of the infosec community in Copenhagen, Denmark he co-founded BSides København in 2019.
Currently as Head of Community at CrowdSec one of his current roles is to spread the word and inspire an engaging community.
Maintain access isn’t only in the computer systems and networks, you can also maintain access in the modern web apps due to it’s functionality, I’ve faced a scenario while testing web app made me able to maintain access to the compromised user account even if I don’t have the credentials with exploiting the session handling functionality against the user.
Momen Eldawakhly (CyberGuy), Associate Red Team Engineer at Cypro AB with a demonstrated history of working as Bug Hunter, Penetration Tester and Security Researcher, discovered about 19 0days.
Acknowledged by Google, Yahoo, Microsoft, Yandex, Redhat, AT&T, Oneplus, SecureBug, Starbucks, Comcast, United Nations , IBM, Nokia, Sony and more.
Do not be fooled into thinking compliance controls are the same as strong security solutions. In this talk I will provide specific controls within the frameworks ISO 27001 and SOC 2 Type 2 certifications that can be leveraged to beef up your security. If your company is rushing to implement compliance certifications use this opportunity to implement strong security solutions. All too often minimum standards are implemented when you could have achieved greater outcomes. My topic will present in 15 minutes how to pitch security controls with-in the framework ISO 27001 and SOC 2 Type 2 initiatives. I will start by providing a brief overview of the two compliance frameworks. Then I will provide examples of how security solutions are driven for approval on the back of making progress with compliance. The main objective of this talk is to demonstrate best practices with security whilst still maintaining the compliance certifications management is seeking.
Chief Security Office/ Sr. Director of Information Technology – Copyright Clearance Center
Prior to Copyright, Michael worked in the financial industry for over 15 years as a cyber security professional. His main experience is on cloud forensics, Computer Forensics, Incident Response, and Information Security compliance. He has been an Incident Responder in several major incidents. He currently holds GIAC certifications in GCIH, GCFE, GCFA, and GPEN. He is also a long-term member of High Technology Crime Investigation Association (HTCIA). Currently, secretary and board member of the New England HTCIA chapter.
My first year as a Penetration Tester was an absolute whirlwind. I hacked, I struggled, I drank knowledge from a fire hose, I questioned my entire existence, and I while I succeeded, there was some things I just wasn’t ready for. Had I known these six things then, my transition to pentesting would have been much smoother and quicker. This talk is geared towards newer pentesters or those looking to land their first pentesting role. It highlights things that I feel every pentester should know as well as things you can do to standout to a potential hiring manager.
Jason Downey is a security consultant at Red Siege where he spends 90% of his time hacking clients and 10% of his time cussing at Microsoft Word. With several years of experience shared between both offensive, defensive, and networking roles, he has a well rounded approach to security and enjoys combining knowledge and personality to come up with fun ways to convince people to do things they shouldn’t. When not on the internet, he spends his time kickboxing and bouncing around to random countries.
I often speak to folks who are trying to break into the offensive cybersecurity arena but are struggling to set themselves apart from their peers. Blogs and Github repos, degrees and certificates are all more or less resume bullets anymore, and don’t set you apart from anyone else. Tool development can be great, but unless you develop something spectacular or have a following behind it, those resources quickly fall under the radar.
Joe is a former Army Airborne Infantry Sergeant and Veteran of the Iraq and Afghanistan wars. After serving his country he entered public service, working in a variety of non-profit roles, as well as being elected as mayor of his hometown.
WiFi Bustin’ makes me feel good! This talk will showcase the first of its kind ‘Pwnton Pack’, a Ghostbuster’s inspired take on a wireless penetration testing. Featuring hardware hacking, microcontrollers and wireless attack arsenals bundled into a unique package; come learn why such a pack exists and fun details around the build experience. This talk is meant to inspire newcomers to InfoSec, Arduino devices and provide a fun take on existing methodologies and toolsets. For your WiFi security needs; Who you gonna call?!
Travis began his Information Security career-building *nix chops by managing firewalls and intrusion detection systems with a managed security services provider. After time spent on the defensive side in the corporate world, Travis put on an offensive cap for a consulting role and hasn’t looked back. Travis specializes in penetration testing, focusing on gaining a foothold and expanding to a large compromise while hunting for ‘crown jewels.’ Travis is a proud member of the TrustedSec Force team.
With the rise and permanence of hybrid & remote work, organizations can’t rely on a purely perimeter-based cybersecurity strategy. As Zero Trust architectures start gaining traction, organizations need to shrink their perimeters, leading to a mass of new challenges. While it would be convenient to be able to just implement a smaller version of existing protections, new strategies are required, and solutions need to focus on different areas for holistic security. This talk benefits security professionals from organizations of any size and walks through some ways attackers could exploit a perimeter-based organization’s setup, the failures of some perimeter-based solutions like existing versions of DLP, the challenges of shrinking a perimeter, and recommendations that can be implemented today.
Ian Y. Garrett is the CEO and co-founder of Phalanx, which provides human-centric data security through seamless, secure file transfers & storage.
Have you ever felt that there’s something different as to how your brain works, but you can’t quite put a finger on it? That you excel in some parts of life, but fall behind in others?
The type of person drawn to InfoSec seems to include a lot of folks from the neurodivergent side of the tracks. Autism, ADHD, anxiety, depression, dyslexia, Tourette’s, bipolar disorder, and OCD are some of the more common types of neurodivergence. However, many folks are unaware of their own neurodiversity and how to live with it. If left undiagnosed and untreated, it can cause untold harm to them, their families, and their careers.
I was undiagnosed…and I fell into addictive behaviors and substance abuse to self-medicate away the pain of not knowing what was different about me. But I found help. And after finding the right medication, along with therapy, I can mostly function these days…and without the substance abuse.
This short presentation will explain neurodiversity and show some of the issues that undiagnosed neurodivergents face and how they can be overcome…using my own life as a case study.
I currently work for Gigamon as a Senior Technical Success Manager. I’m retired U.S. Army (Military Intelligence), live in Stevensville, Maryland, and have been working as a government contractor for the last ten years in the areas of operations management, SOC operations, and CTI analysis. I’ve been married for 31 years to a very patient woman, have three adult children (two who are married and have yet to bless me with any grandkids), two cats, a dog, and a Vietnamese pot-bellied pig.
Incident Response Playbook Perfection is an introductory playbook workshop. Playbooks are an important part of any information security program. They offer structure, realistic and flexible procedures to assist in the triage of almost any cyber security situation. There will be a focus on Ransomware and Business Email Compromise as these are currently the most common attack vectors.
As a group we will review playbooks taken from real life attack situations and cover best practices, do’s and don’ts, structure, and maintenance. We will also cover ways to successfully test playbooks by using different defense and response methods that can work in a variety of organizations and situations.
Participants are welcome to bring their own playbooks or example playbooks to the workshop as long as they do not contain any confidential information that may put them or their organization at risk.
Key Takeaways: – Students will be able to take away the following materials and skills at the completion of this course. – Participating in and creating tabletop exercises that map to security frameworks – Understanding and creating IR playbooks and runbooks – Understanding of the importance of tabletops, playbooks, and runbooks in any size organization. – Experience with decision analysis under pressure as a team – Ability to create after action reports and present results
Amanda Berlin is the Lead Incident Detection Engineer for Blumira and the CEO and owner of the nonprofit corporation Mental Health Hackers. She is the author of a Blue Team best practices book called “Defensive Security Handbook: Best Practices for Securing Infrastructure” with Lee Brotherston through O’Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. She now spends her time creating as many meaningful alerts as possible. Amanda is an avid volunteer and mental health advocate. She has presented at a large number of conventions, meetings and industry events. While she doesn’t have the credentials or notoriety that others might have, she hopes to make up for it with her wit, sense of humor, and knack for catching on quickly to new technologies.
Jeremy has focused expertise within the evolution of security convergence, the merger of physical and information security, and cyber-warfare. He is an Information Security Officer within local government and Principal within CodeRed LLC. Previously, he worked within Fortune 500 in enterprise information security as well as physical security through training/contracting. Jeremy researches and tests small UAVs [drones] for their use in defense applications in cyber warfare and intelligence, relying on Open Source technology and OSINT.
Join industry leaders Kip Boyle, Frank Victory, Neal Bridges, and Joshua Mason for a career-building workshop to kickstart or get your cybersecurity career to the next level. The workshop will be broken up into two sessions on separate days. On the first day, we will cover resume writing with tips and insights and review resumes for in-person attendees. On the second day, we will discuss interviews and give techniques for preparation and delivery. We will follow that up by putting an attendee or two in the hot seat and coaching them through what to expect and how to make the most impact.
It’s been a fun ride, but that’s it – I am done. After 30 years of IT and security, I need a change. Cyber will always be a passion, but I am hanging up my spurs as a profession. It’s time for the next chapter in my life. We mentor and talk to people coming into the industry about how to get started. However, we never speak about the end. Do we all want to burn out and die at our desks doing the same thing over and over? Or do we want to take the skills learned as hackers and apply the lessons to other areas of business in life? This talk will cover why I made the decision and offer guidance and mentorship to transition out of the industry. The only constant is change. Will you change before the constant changes you?
Douglas Brush is a Global Advisory CISO for Splunk and an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues. He also serves as a federally court-appointed Special Master and neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery. He is the founder and host of Cyber Security Interviews, a popular information security podcast.
Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, and diversity, equity and inclusion, in the information security industry.
Evading detection by modern AV & EDR can seem daunting and near impossible to the uninitiated. If the idea of trying to get a payload past these defenses seems unattainable and too “l337,” then this talk is for you! I’ll cover some basic concepts and tools you can use to start evading detection and get your payloads running. To the initiated, this is a 101-level talk, but who knows, you might learn a new trick along the way!
Mike Saunders has over 25 years of experience in IT and security and has worked in the ISP, financial, insurance, and agribusiness industries. He has held a variety of roles in his career including system and network administration, development, and security architect. Mike has been performing penetration tests for nearly a decade. Mike is an experienced speaker and has spoken at DerbyCon, BSides MSP, BSides Winnipeg / The Long Con, BSides KC, and the NDSU Cyber Security Conference, and SANS and Red Siege webcasts.
Sure the latest and greatest exploits are fun to play with, but as a pentester (and actual attackers) it is often the simpler things that are still working and allowing access into a network. It is often the older techniques that when used correctly, can yield amazing results. Things that may seem foolish to a newcomer may be the exact thing needed to find weak areas in an organization’s defenses. As organizations shift in their security posture over time it is not uncommon to have gaps in coverage of older types of attacks. This talk is a collection of these types of attacks and techniques. This information has been gathered by talking to several security professionals who have been around long enough to no longer be surprised by anything they see in the industry. People coming to this talk should not expect to necessarily learn anything “new” but to not forget the lessons of the past. This talk will act as a reminder that looking at older attacks can still be very useful and can serve as inspiration for the future.
Brian Halbach graduated from the University of Wisconsin-Stout with a degree in Information Technology Management and a Minor in Computer Science. During college, Brian spent several years working as a help-desk employee, which later led to a career as a Systems Administrator and then Network Engineer for both small companies and Fortune 5 companies. After realizing the lack of security that many organizations had Brian spent time as a lead Network Security Engineer helping organizations deploy the tools, technology, and processes to help make them more secure. After spending years helping defend organizations and realizing that companies still had problems seeing and understanding their security gaps, Brian switched over to red teaming and penetration testing, where he is able to use his knowledge and understanding of people, systems, and programming to bring new insights and intuition to his security testing. One of the things Brian enjoys the most about working in security consulting is being able to talk to clients about their issues and being able to help find answers to security questions when there is not an obvious solution.
What’s more fun than playing a game? Hacking a game (for fun and education, not for griefing of course)! For even more fun, do it live and talk about it! In this presentation, we will highlight the journey of reverse engineering network protocols, building custom client/server/proxy tooling, and hunting for (and possibly exploiting) vulnerabilities. To illustrate this process, we will walk through a real-world case study where we reversed Valve’s GameNetworkingSockets protocol to build custom tools in python and rust, and used them to inspect games, over many weekly livestream sessions. Finally, we will pivot away from games and identify how similar techniques have been used to find serious vulnerabilities in business software. In particular, we will focus on how a better understanding of an application’s network protocols and protocol layers can be crucial to identifying vulnerabilities and weaknesses. Expect to pick up some tips and tricks for writing your own tools
John Askew is a penetration tester, software engineer, and occasional public speaker. He has worked full-time in offensive security since 2007, performing network and application penetration testing engagements for hundreds of clients, from local banks and small businesses to Fortune 100 companies. He is passionate about learning new skills and finding creative solutions to interesting problems, while educating and collaborating with others. Outside of work, he prefers hobbies that don’t involve a computer screen, such as outdoor running and playing the guitar.
Wifi is ubiquitous in our culture. Everything from children’s toys to medical equipment relies on it. It’s found in every coffee shop, mall, and airport across the country, but how secure is it? Should we be trusting the omnipresent free wireless or is it not worth the risk?
This talk takes a first look into wifi hacking and dives into technical details about the attacks presented to ensure that beginners and experts can gain some insight into the techniques they may already be utilizing. We’ll go into details about how the 802.11 spec functions and the flaws at each step of the process that can be exploited.
Armed with the knowledge of how wireless works, we’ll discuss the wireless attack killchain from wardriving for wireless reconnaissance to hooking unsuspecting targets onto rogue access points using karma attacks and abusing the 802.11 spec for deauth capabilities. From here we can segue into attacks against the WPA suite using half-handshake attacks and KRAck. With the wireless communications compromised using any combination of these attacks discussed, we move to the final phase of the killchain and go over DNS spoofing as a means to redirect a targets traffic to malicious endpoints.
After covering the wireless attack killchain from start to finish, I’ll close out with the best methods to stop the killchain before it can even begin.
Dennis Pelton is a hacker, a father, and a professional tinkerer. He currently works as a senior cloud security engineer for Foghorn Consulting, using his background in devops automation to streamline client security and evangelize the shift-left culture. He has been studying and researching information security for over a decade and a half and has built out infrastructure and automation in almost every sector including fintech, medical, defense, education, and manufacturing. This diverse background has shaped his style into a uniquely chaotic blend of security and automation with an eye for compliance.
In his spare time, Dennis designs and builds small electronics to automate attacks with a focus on culturally prevalent targets such as USB and wifi. His best known projects are unofficial defcon badges, and for his 2023 badge he plans to leverage his recent research into wifi. He enjoys learning, tinkering, paying with cats, and drinking dark heavy beers in no particular order.
Why do developers hate cybersecurity folk so much? It’s simple: We break their toys and we call their “babies” ugly, then we fly off into the sunset, leaving developers and the companies they work for with unhelpful, cryptic guidelines and no clue where to start fixing things. We can do better, but in order to do so, we have to change our attitudes and behaviors. There are lots of things we can do, and do now, to improve how we relate to developers and other people we claim we want to help. But first we have to acknowledge that there is a problem, and that we are every bit as much a part of that problem as the others involved.
Additionally, if we are willing to partner with our clients to help them mitigate their vulnerabilities, we can take “security as a service” to whole new levels, opening up service options for our customers and helping them improve their security profile in effective ways.
Bronwen Aker (GSEC, GCIH, GCFE) likes to describe herself as a “constantly evolving geek.” She has worked with computers since elementary school when she was introduced to FORTRAN programming using bubble cards. As an adult, she worked for twenty years in web development, sharing her love and knowledge of computers and the Internet with others by working on the side as a technical trainer in Southern California. In 2017, she changed career paths to enter the world of cybersecurity. She currently holds a Bachelor of Science in Cybersecurity, is a graduate of the 2017 SANS CyberTalent Academy for Women, and is currently working on her Masters in Cybersecurity. She also works for Black Hills Information Security (BHIS) as a technical editor, reading and editing 200+ pentest reports a year, and for the SANS Institute as a Subject Matter Expert in OnDemand Student Support. During the pandemic, she stayed mostly sane thanks to her four dogs and Animal Crossing New Horizons.
New alert hits, is this a threat that could take down your infrastructure? You’ve got to be quick or it could be your company’s name in the news. Let’s slow this down and take the pressure off. “How do you assess a new alert and determine if it is a threat? Is the first thing to just go to VirusTotal, check hashes, google stuff, and see what information there is?” Lets walk through assessing a new alert, how to investigate if something is an active threat, and what questions we should ask to make an educated decision about if something is a threat.
More Details This talk will walk through the investigative process using data from a live sample of Emotet. I will be leveraging screenshots and information from CarbonBlack’s EDR to more easily show process trees but the focus of the talk will be on the process of investigation to determine what this alert is saying, what data points are interesting, and how to leverage those to make a decision about how to handle the alert.
Kellon Benson is a Senior Incident Handler at Red Canary. They found their passion for information security working as a security analyst at their alma mater developing skills in digital forensics, compliance, network monitoring, threat hunting, and more. In their free time, Kellon likes getting away from the computer and enjoys board games, photography, cooking, and going to pop-punk and EDM concerts.
Don’t patch and ignore what your Vulnerability Scanner has to say. Sound like a crazy idea to you? The reality might be surprising. If we ask the usual suspects or even LAPSU$ it becomes obvious that one doesn’t need a scanner to crack a system. In that case, what purpose, if any, does a vulnerability scanner even serve? Conversely, we’re in a LOT of trouble! ASUS, For Example, got hit with a ransomware compromise last year for $40 million, and they paid it! All is not lost, but to beat a human adversary we need a human operator to take on that human threat. How can the hacker mindset turn this problem to our favor, and what tools can we design that are equal to this task?
Vulnerabilities are a Sirius problem. Can the open-source community break the barrier of our private sector overlords? Let’s explore just how.
When he gets the chance, Matthew Toussain loves to take on an offbeat challenge. He’s turned a closet into a server room, a table into a computer, and a ’76 Mustang into an electric car. He’s also built an Alexa-enabled home entertainment system out of a car amp, a Raspberry Pi, a computer power supply unit, sheet metal, and plexiglass. It’s that ingenuity that underscores his work as a certified SANS instructor. A graduate of the U.S. Air Force Academy with a B.S. in computer science and the SANS Technology Institute with an M.S. in information security engineering, he has served as the senior cyber tactics development lead for the U.S. Air Force (USAF) and worked as a security analyst for Black Hills Information Security. In 2014, he started Open Security, which performs full-spectrum vulnerability risk assessments.
An avid runner who also plays piano, guitar and violin, Matthew lives in Texas with a multitude of Cisco switches. In addition to teaching at SANS, he is an avid supporter of cyber competitions and participates as a red team member or mentor for the Collegiate Cyber Defense Competition (CCDC), the annual NSA-led event Cybersecurity Defense Exercise (CDX), and SANS Institute’s NetWars.
OSINT is a field where nearly anything is possible, but where practical usage of OSINT data can be challenging. Practitioners rely on various data sources, some free/open source and some paid. This talk will identify specific data sources that can benefit a cybersecurity practitioner and compare the value of building your own tooling to generate and search OSINT data, versus obtaining it from a third-party provider.
Corey Ham is a tester at BHIS focused on Adversary Emulation and Red Teaming. Corey has been a penetration tester for nearly 10 years.
Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is great, but what other value can a pentest provide by shifting your mindset further left or with a more strategic approach? How often do you focus on the overall ROI of your penetration testing program? This talk will explore what it means to “shift left” with your penetration testing by working on a threat informed test plan. Using a threat informed test plan will provide more value from your pentesting program and gain efficiency in your security testing pipeline. This talk applies to both consultants and internal security teams.
Dan DeCloss is the Founder and CEO of PlexTrac and has over 17 years of experience in Cybersecurity. Dan started his career in the Department of Defense and then moved on to the private sector where he worked for various companies including Telos, Veracode, Mayo Clinic, and Anthem. Dan’s background is in application security and penetration testing, involving hacking networks, websites, and mobile applications for clients. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program. Dan has a master’s degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally, Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that focus is on the right work to reduce risk. Dan can be reached on LinkedIn at linkedin.com/in/ddecloss or on Twitter @wh33lhouse.