Loading…
BSidesChicago 2017 has ended
Saturday, July 15
 

7:30am CDT

Registration, VIP Breakfast
Registration (and for VIPs, breakfast bar)
Come early, register and hang out and make new friends!

Saturday July 15, 2017 7:30am - 8:45am CDT

8:50am CDT

Welcome
Welcome and Opening remarks.
Thank you to all our sponsors!

Speakers
avatar for EvilKat

EvilKat

Over 25 years in the Security field, focusing on building strong security teams and strong security infrastructures with an emphasis on Security Operations, Incident Response and Purple Teams. Based in Chicago and a natural creature of winter, you can typically find her sipping Casa... Read More →


Saturday July 15, 2017 8:50am - 9:00am CDT
Waldorf

9:00am CDT

Keynote by AlienVault
While we sometimes think of new and emerging technology as the ‘future’ of information security, we tend to neglect many of the other components like education, communication, information sharing, and community engagement.  It's up to us in the infosec community to not only provide the spark and medium to fuel technical progress but also to fan the flames of advocacy and vigilance in spreading the good word of security.

In this talk, I’ll discuss the importance of security advocacy, educating your organization on the value of a robust security posture, and raising awareness on how critical it is to share information about breaches and attacks.

Speakers
avatar for Garrett Gross

Garrett Gross

Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network... Read More →


Saturday July 15, 2017 9:00am - 10:00am CDT
Waldorf

9:00am CDT

CTF Session 1

Core Security’s Capture the Flag cyber-range is designed around a rich and fictional, yet realistic, healthcare organization: Mercy Tech Healthcare. Filled with a complete, functioning infrastructure, including novel simulated medical devices, participants will have to opportunity to engage in instructor led tactical missions involving both offensive and defensive techniques.

The Capture the Flag is an excellent opportunity to safely practice techniques in a “cyber range” and to develop and hone skills using a variety of tools, including Core Security’s Impact Pro Software.

Participants will be required to bring a laptop computer that is capable of connecting to a wireless network, and connecting to a Microsoft Remote Desktop Services connection.


Speakers

Saturday July 15, 2017 9:00am - 12:00pm CDT
PDR 3

9:00am CDT

Wazuh – Open Source Security for Host and Infrastructure Monitoring

Host-based security monitoring has become increasingly important as the number and severity of threats keeps growing. In addition, network security monitoring tools are now harder to deploy, and not as efficient as they used to be.

Another driver for the adoption of host-based monitoring tools is the increased need to comply with security regulations (e.g. PCI DSS).

Wazuh started as a fork of the OSSEC project, and has quickly evolved into a more comprehensive solution. It now integrates OpenSCAP and Elastic Stack providing additional security monitoring and analysis capabilities.

In this session we will show you how to deploy and use Wazuh to:

  • Detect intrusion attempts using rules to automatically analyze log data
  • Monitor files integrity, detecting changes in system binaries or configuration files
  • Index and store log data with Elasticsearch to meet PCI DSS compliance requirements
  • Identify malware (e.g. kernel level rootkits) and system anomalies
  • Monitor systems configuration to ensure they meet standards and hardening guides

Speakers
SB

Santiago Bassett

Santiago is the founder of Wazuh, and is known for his contributions to OSSIM (Open Source Security Information Management) and OSSEC projects. He has over 15 years of experience in IT Security, covering advanced network security implementations with Open Source technologies. His... Read More →


Saturday July 15, 2017 9:00am - 12:00pm CDT
PDR 2

10:00am CDT

Break
Saturday July 15, 2017 10:00am - 10:10am CDT

10:10am CDT

Industrial Control Systems (ICS) - The good, The bad & The ugly
Industrial Control Systems (ICS) - The good, The bad & The ugly. A higher level introduction and overview on the current state of the control systems that run essential infrastructure we depend upon (namely power, water, oil & gas). I will highlight how it typically works, whats wrong (and why) and what we can do to improve things.

Speakers
avatar for Matt Cowell

Matt Cowell

Director of Product Marketing, Dragos
Matt Cowell has more than 15 years of experience in industrial control systems (ICS) and operational technology (OT) applications with a focus on networks and cyber security. He has specific expertise in industrial automation and SCADA systems often used in critical infrastructure... Read More →


Saturday July 15, 2017 10:10am - 11:00am CDT
Williford A

10:10am CDT

Defending Cyberspace with "Inside-the-Box" Thinking
Innovation is a buzzword within the US military and is shaping the vision for our forces as being agile organizations able to adapt to a complex world. But does our military have the capabilities to protect vital national interests in cyber? The growth of the Internet in our globally connected world has meant that tools for cyber are constantly changing. Accordingly, do we have the capacity to gain the advantages needed to out-hack our adversaries in this domain? In this talk, we provide a simple framework for different types of innovation to promote inside-the-box thinking for finding better solutions to defend against cyberattacks.

Speakers
avatar for Ernest

Ernest "Cozy Panda" Wong

Chief of Staff, Army Cyber Institute
Lieutenant Colonel Ernest Wong is the Chief of Staff at the ACI. He holds a Master of Military Science from Kuwait’s Mubarak al-Abdullah Staff College and earned a MS in management science & engineering and a MA in education from Stanford. He was a NASA Faculty Fellow and has served... Read More →


Saturday July 15, 2017 10:10am - 11:00am CDT
Williford B

10:10am CDT

Wait, my wireless is doing WHAT?!
A host of sources, threaten our networks. Most common is the use of wireless networks within our enterprises. Sure, it’s convenient, however, many organizations create vulnerabilities because of their wireless networks, sometimes exposing sensitive information that is valuable to criminals. A lot of this started with "War–Driving”, but there are more and more vehicles/methods that attackers are using today that it’s hard to keep up with them. So, let’s just call it “War-XXXing”. Obviously, this begs a couple of questions. What is War–XXXing? Where can it lead? How can I protect my infrastructure?

Speakers
avatar for Dale Meredith

Dale Meredith

Author/Trainer/Consultant, My Mentored Learning, Inc.
Like the Dark Knight, Dale Meredith swoops in and saves the day when no one else can. Dale's expertise is in explaining difficult concepts and ensuring his students have an actionable knowledge on the course material. Straddling the line of fun and function, Dale's instruction is... Read More →


Saturday July 15, 2017 10:10am - 11:00am CDT
Williford C

11:10am CDT

Vulnerability Hunting on Network Devices
Vulnerability hunting on network devices has long been an arcane, occult art-form owing to squamous hardware, strange software, and operating systems that seem to defy both logic and good software development practices. The challenges are great, but the allure of binding such strategically placed devices to your will is strong.  This talk will walk you through building an effective toolset to explore and exploit these network devices, by getting into their very essence, debugging them and using the latest in freely available tools and some very low cost hardware.

Speakers
avatar for Bobby Kuzma

Bobby Kuzma

Security Researcher and Evangelist, Core Security
Bobby Kuzma is a security geek and retired IT consultant who accidentally acquired a CISSP at the tender age of 22. If it processes data, he’s probably tried to make it do bad things. He teaches, mentors, and explores (and occasionally explodes) technology. Four out of five coworkers... Read More →


Saturday July 15, 2017 11:10am - 12:00pm CDT
Williford A

11:10am CDT

An Employee, their Laptop and a Hacker walk into a Bar
If one of your company laptops were lost, what might an attacker be able to do with it? In this string of live hacking demos, we begin as an attacker who has no user account credentials and demonstrate how to hack a workstation, then a server and ultimately reach a domain controller, then STEAL ALL THE THINGS. Learn some easy parlor trick hacks that really work, and more than a dozen ways to protect your organization from them.

Speakers
avatar for Shannon Fritz

Shannon Fritz

Solutions Architect, Concurrency
Shannon Fritz is a Microsoft MVP for Enterprise Security and is the Solutions Architect at Concurrency, Inc.; a Systems Integrator consulting firm focused largely on Microsoft solutions. Shannon has presented at several security conferences including other Bsides events and holds... Read More →


Saturday July 15, 2017 11:10am - 12:00pm CDT
Williford B

11:10am CDT

Developing a Threat Modeling Mindset
Nearly every day we hear about another compromise of a system that involves a breakdown of security. In many cases, the reason for compromise can be traced back to vulnerabilities that were not found or understood and not mitigated. The attacker(s) used those vulnerabilities to carry out threats against the system.

Threat modeling is a way of thinking about what can go wrong and how to prevent it. Instinctively, we all think this way in regard to our own personal security and safety. When it comes to building or evaluating information systems, we need to develop a similar mindset. In this session, Robert provides practical strategies to develop a threat modeling mindset by: understanding a system, identifying threats, identifying vulnerabilities, determining mitigations and applying the mitigations through risk management.

Speakers
avatar for Robert Hurlbut

Robert Hurlbut

Principal Application Security Architect, Aquia
Robert Hurlbut is a Principal Application Security Architect / Threat Modeling Lead at Aquia, Inc. with 30 years of industry experience in secure coding, software architecture, and software development. He speaks at user groups, national and international conferences, and provides... Read More →


Saturday July 15, 2017 11:10am - 12:00pm CDT
Williford C

12:00pm CDT

Lunch
Saturday July 15, 2017 12:00pm - 1:00pm CDT

1:00pm CDT

Between You and Me and the Network Security Boundary
Many organizations have IT environments with zones of varying security requirements. These zones are usually networks that are created to encompass systems that serve different functions, from production web applications to PCI in-scope database servers.

An organization has to make a decision about implementing a security boundary that protects high-security areas from low-security areas. Designing and deploying these solutions can be a complex task, contending with hurdles from compliance requirements and management all the way to just making sure the users can remember how to access all the necessary systems. This complexity leaves many holes that can be exploited by bad guys to get access to the most sensitive data. Most penetration testers will tell you that getting past these barriers, even ones that implement fancy security features such as multi-factor authentication, become bypassable through race conditions and configuration flaws.

This talk will review several common solutions of separating and accessing network zones such as VPNs, bastion hosts, and virtualization along with each solution's most common pitfalls. As we review each implementation, I will talk about both low-hanging and high-hanging fruit in terms of bypass methodologies, while giving real-world examples of leveraging weaknesses such as race conditions and configurations flaws to gain access to secured networks. I will do a deep dive into the architectures that most efficiently secure protected networks such as Microsoft's Privilege Access Workstations (PAWs) as well the management practices that create effective long-term security barriers. 

Speakers
avatar for Patrick Fussell

Patrick Fussell

Penetration Tester, Payment Software Company, Inc.
In preparation for his transition out of the Marine Corps in 2010 Patrick Fussell had his first exposure to the information security world working with the information assurance department. Over the past six years he has worked in numerous roles to increase the security of IT environments... Read More →


Saturday July 15, 2017 1:00pm - 1:50pm CDT
Williford A

1:00pm CDT

Herding Purple Squirrels: An Experienced, Whistle-Blowing Insider's Look at The Dreadful World of Tech Recruiting
Ever feel frustrated, exploited - even objectified - by a technical recruiting experience? Understatement of the year: you’re not alone. The hiring process for technical professionals is often Machiavellian and dehumanizing at best. Technical recruiting expert and security recruiting specialist Eve Adams (@hackerhuntress) will give you the rundown on the most common technical recruiting models, how they profit off you, how you can better profit off them, and how best not to get screwed. This will be equally informative for job seekers and technical hiring managers who want to better understand how to hire the best talent quickly and cluefully. Much dirty laundry will be aired, many whistles blown, and many lulz had!

Speakers
avatar for Eve Adams

Eve Adams

Eve Adams (@HackerHuntress) is an independent recruiter based in Chicago, doing business as HackerHuntress. She focuses on security, devops, backend software and big data engineers and open-source infrastructure roles. Eve has seven years of experience in technical recruiting, including... Read More →


Saturday July 15, 2017 1:00pm - 1:50pm CDT
Williford B

1:00pm CDT

Sucker Punches: Social Engineering Scams and Trends
Phishing and other social engineering scams continue to proliferate and evolve with new hybrid attacks despite the best efforts of endpoint security and gateway solutions to block them. How do you keep up and what are the most effective methods for securing your organization to combat cyber crime?

This session will educate attendees about classic and current social engineering trends. It will also look at recent attacks and how the organizations could have better protected themselves.

This is not a highly technical talk, but neither is the problem it addresses. The session is intended for an intermediate experience level and will examine:
•         Current phishing trends
•         Vishing and Smishing attacks
•         CEO Fraud and W2 Scams
•         Effective mitigation strategies
•         How your end-users can be mobilized as your last line of defense. 

Speakers
avatar for Erich Kron

Erich Kron

Erich Kron is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL... Read More →


Saturday July 15, 2017 1:00pm - 1:50pm CDT
Williford C

1:00pm CDT

CTF Session 2

Core Security’s Capture the Flag cyber-range is designed around a rich and fictional, yet realistic, healthcare organization: Mercy Tech Healthcare. Filled with a complete, functioning infrastructure, including novel simulated medical devices, participants will have to opportunity to engage in instructor led tactical missions involving both offensive and defensive techniques.

The Capture the Flag is an excellent opportunity to safely practice techniques in a “cyber range” and to develop and hone skills using a variety of tools, including Core Security’s Impact Pro Software.

Participants will be required to bring a laptop computer that is capable of connecting to a wireless network, and connecting to a Microsoft Remote Desktop Services connection.


Speakers

Saturday July 15, 2017 1:00pm - 4:00pm CDT
PDR 3

1:00pm CDT

Advanced Wireless Attacks Against Enterprise Networks

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and preconfigured live USBs will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment. Areas of focus include:

  • Wireless reconnaissance and target identification within a red team environment
  • Attacking and gaining entry to WPA2-EAP wireless networks
  • LLMNR/NBT-NSPoisoning
  • Firewall and NAC Evasion Using Indirect Wireless Pivots
  • MITM and SMB Relay Attacks
  • Downgrading modern SSL/TLS implementations using partial HSTS bypasses

Speakers
GR

Gabriel Ryan

Gabriel currently works for Gotham Digital Science at their New York office, where he provides full scope red team penetration testing capabilities for a diverse range of clients. He also contributes heavily to his company’s research division, GDS labs. Previously, Gabriel has worked... Read More →


Saturday July 15, 2017 1:00pm - 4:00pm CDT
PDR 2

2:00pm CDT

Hackers Interrupted
Going beyond a breach or initial damage, let’s examine the minds of the hackers. What drives them to succeed, what makes them fail? It is a difficult task to understand internal motivations of a hacker, beyond the obvious, and rarely anyone tries. The practical approach shows opposite, understanding hacker’s thinking may lead to a reversal of their ill gains. Using practical examples from the largest breaches of today, we will get inside the hackers’ mind and find out how to stop them.

Speakers
avatar for Alex Holden

Alex Holden

Hold Security
Alex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Holden is credited with the discovery of many high-profile... Read More →


Saturday July 15, 2017 2:00pm - 2:50pm CDT
Williford A

2:00pm CDT

Removing Haystacks to find needles - Playing to our Strengths
We all have been fighting the cyber war with SIEMs to detect all the known attacks. In reality, the attack landscape is changing everyday and we cannot predict all possible attacks ahead of time. As security experts we know our environment better than any attacker out there. We cannot ever possibly know all the bad things that have crawled into our environment, however, we certainly know about all known good things in our environment. 

Come learn about how we can put that knowledge into play and change the game from finding the ‘Needle in A HayStack’ to ‘Removing Haystacks to Find Needles’ with some real world customer case studies. 

Speakers
avatar for Monica Jain

Monica Jain

Chief Product Officer, LogicHub
Monica is a veteran of the Security industry with over 15 years of experience in SIEM and Cloud Security. She worked at ArcSight for over 10 years, culminating in managing the flagship SIEM product portfolio. She saw the company grow from zero revenue to IPO, and ultimately acquired... Read More →


Saturday July 15, 2017 2:00pm - 2:50pm CDT
Williford B

2:00pm CDT

"Humans, right?" Soft Skills and Security
Bridging the socio-technical divide is imperative to creating a secure future. The thing is, technologists and "normals" (i.e. non-technical folk, whom I've also heard called "Muggles" at cons-- because that's not demeaning or anything) work differently. We think differently. We speak differently. And until we're able to show normals that we understand their needs and are here to help, they will continue to view us with mistrust.

That, of course, requires that technologists actually be able to understand their needs. In my talk, I leverage insights from cognitive science, psychology, economics, design and other disciplines to help techies and infosec professionals engage with normals, be they executives or users, companies, customers or kids.

This topic should be considered because it is critical to the future of information security. Security won't work until it works for everyone, which includes the non-technical folks who shy away at any mention of "cybersecurity," "hackers," or "two-factor authentication."
 
Technologists are realizing this, and we are at the beginning of a shift in the infosec community: user experience and user interface designers are finding roles at cybersecurity companies; we're seeing tools with dashboards, not the command prompt. But successful user adoption requires education, interaction, and trust-- and that only comes with real-life, in-person interactions. 

Speakers
avatar for Ariel Robinson

Ariel Robinson

Ariel Robinson is a writer and analyst in Washington, D.C. Her academic background is in cognitive science and linguistics, and her career has centered around defense, national security, and technology. Ariel is a communications specialist, and translates for subject matter experts... Read More →


Saturday July 15, 2017 2:00pm - 2:50pm CDT
Williford C

3:00pm CDT

Break
Saturday July 15, 2017 3:00pm - 3:30pm CDT

3:30pm CDT

Cloudy with a Chance of Persistence: AWS Post Compromise Persistence Techniques
The use of Amazon Cloud as a base of operations for businesses is increasing at a rapid rate. Everyone from 2 person start-ups to major companies have been migrating to the cloud. Because of this migration, cloud vendors have become the focus of potential exploitation and various role abuse in order to achieve persistence. This presentation will cover several different methods of post-infection and account persistence along with a discussion on best practices that can be used to protect from such techniques.

Speakers
PE

Peter Ewane

Peter Ewane (@eaterofpumpkin) is a security researcher, sometimes speaker, and a mostly blue teamer for the Alien Vault Labs Team. When not playing with computers, Peter enjoys trying and making interesting cocktails and collecting whisk(e)y.


Saturday July 15, 2017 3:30pm - 4:20pm CDT
Williford A

3:30pm CDT

Murder Mystery – How Vulnerability Intelligence is Poisoning your Information Security Program
In order to solve many modern information security use-cases, organizations have evolved from making decisions based on information gleaned from silo-ed security solutions, towards making more intelligent decisions based upon shared security intelligence. However, integrating vulnerability scanning results into one’s security ecosystem involves a serious hidden challenge resulting in heinous consequences, thereby killing your InfoSec program. This session shares clues on this challenge, step by step, in the form of a Murder Mystery game, ultimately revealing the culprit and strategies to overcome it. Learn, participate, play, and interact! Try to guess “who-dunnit,” and how to avoid similar InfoSec crimes.

Speakers
avatar for Gordon MacKay

Gordon MacKay

CTO, Digital Defense, Inc.
Gordon MacKay, Software/Systems Guru with a dash of security hacking, serves as CTO for Digital Defense, Inc.He has presented at many conferences including Bsides Denver 2017, BSides Boston 2017, ISSA International Conference 2016, ISC2 Security Summit 2016,BSides DC 2016, Cyber Texas... Read More →


Saturday July 15, 2017 3:30pm - 4:20pm CDT
Williford B

3:30pm CDT

x-ways forensics mother fucker, do you use it?
This talk will be a tool review of x-ways forensics. Even though this is commercial software, I found it to be crucial in every single one of my investigations. Forensics is a tough field in that there are few tools that can only be viewed or demo’ed if you are part of an organization or have money to purchase the software. I will show the latest version of x-ways forensics and how it can be used in an investigation. I will also do some small comparisons with encase, autopsy, and forensics explorer to show the differences. This will be beneficial to someone beginning in forensics as I will be going over some forensic techniques or someone who does forensics but has not had the ability to try x-ways. 

Speakers
avatar for Reno Zenere

Reno Zenere

Security Consultant, Trustwave SpiderLabs
Reno Zenere is a Security Consultant at Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. Reno has over 11 years experience in Information Technology in a variety of roles which include Software Support... Read More →


Saturday July 15, 2017 3:30pm - 4:20pm CDT
Williford C

4:30pm CDT

Cashless Society: a Credible Death Threat to Privacy
The idea of a cashless society could be one of the greatest threats to freedom in human history. It carries chilling potential to create an inescapable financial panopticon of monetary surveillance and data collection with unprecedentedly granular resolution. Governments, banks and credit card companies around the world continue to wage war against the ubiquity of cash in a deliberate push towards a future cashless society. In light of its notably incoherent political dynamics, what possible roles might Bitcoin and blockchain technology play in safeguarding social interests in a future without cash? How else might we hedge against the perceived inevitability of this potential dystopian future?

Speakers
avatar for Skye Elijah

Skye Elijah

Co-founder and CEO, CoinBeyond
Skye Elijah is a financial activist and subversive technologist working on issues relating to the nature of technology, digital ethics and the future of sustainable global finance. A former National Science Foundation Merit Scholar, Skye has a Bachelor of Science degree in Theoretical... Read More →


Saturday July 15, 2017 4:30pm - 5:20pm CDT
Williford A

4:30pm CDT

War Stories on Embedded Security: Pentesting, IoT, Building Managers, and how to do Better
If security were easy, we’d have solved it 20 years ago.  Unfortunately for complex networks and systems, we need the basics and more: developer training, correct implementation, cross-training, proper deployment, event monitoring, secure updates, and response planning.  It’s a tall order.  But with the right partners, it’s possible.  Come be entertained and encouraged by Dr. DeMott as he shows some epic fails - that could have been wins.

Speakers
avatar for Jared DeMott

Jared DeMott

Founder - Speaker, VDA Labs
Dr. DeMott is former NSA and Microsoft BlueHat Prize winner. He’s frequently quoted in media, and invited to speak. He’s the founder of Vulnerability Discovery & Analysis (VDA) Labs. You'll find fingerprints of VDA across the InfoSec community: fuzzing, code auditing, exploitation... Read More →


Saturday July 15, 2017 4:30pm - 5:20pm CDT
Williford B

4:30pm CDT

Identity Theft Through OSINT/Social engineering
This talk will demonstrate how easy identity theft has become because of OSINT and the ability to easily social engineer and grab meta data. It will cover how an attacker uses OSINT to build targeted attacks.  How an attacker builds a profile using software to represent their data about you. How an attacker uses data points to pivot from one source to another online. The target was a random target that was picked. Not only does it cover his current activity but his cached activity which enables attackers to target him. The story will show how an initial search to a complete PWNAGE was done on the individual because of a random blog that was discovered. This talk also shows how easily I was able to find his company's email format, private IP addresses which could of completely allowed me to own his companies network because his company allowed BYOD. It will cover how you can better prepare and protect yourself.

Speakers
avatar for Zee Abdelnabi

Zee Abdelnabi

Security Researcher| Technical cyber security manager| Building best in class talent | Experienced in connected car security, SIEM, vulnerability management, threat modeling, security testing and mobile security and is an active security community member.


Saturday July 15, 2017 4:30pm - 5:20pm CDT
Williford C

5:30pm CDT

Sophisticuffs: The rumble over adversary sophistication
It has been a reoccurring theme for corporate victims of a major breach to publicly state that the attack perpetrated on them was sophisticated. Some may even go so far as to have their 3rd party DFIR partner(s) make statements on their behalf to the effect that the attack would have been successful at most companies. All this is done in an attempt to avoid the dreaded assumption of IT Security negligence on their part. Imagine if the press release stated that the attack might have been thwarted if they implemented processes and controls that were recommended by internal staff years ago. While we will never read that statement, many practitioners are left to wonder what was so unique and advanced about this attack. With this presentation we will present analysis of existing public attacks against traits that are more common in truly advanced attacks. These include but are not limited to the ability to operate undetected, precise targeting, use of non-public zero days and custom payloads, ability to defeat in place security controls, strong operational security, speed and of course overall effectiveness. We will also make clear delineations between what constitutes and advanced attack versus an advanced adversary. The output of this will be a model that can be applied to help characterize your adversaries capabilities.

Speakers
avatar for Paul Jaramillo

Paul Jaramillo

Paul Jaramillo has over ten years of experience conducting incident response and enterprise security operations, including a career with the U.S. Department of Energy’s National Nuclear Security Administration. As a Principal Consultant based out of CrowdStrike’s St. Louis office... Read More →


Saturday July 15, 2017 5:30pm - 6:20pm CDT
Williford A

5:30pm CDT

Passing audits for free with Splunk and RT
 Combined these free tools can provide a large portion of the process and documentation (artifacts) you need to pass SSAE, FISMA, and other audits.  Following our process will improve your IT operations as well, by using all that data you're gathering to monitor and improve your performance, uptime, and awareness of your environment.  This presentation will detail the process we use integrating these tools, the output it provides, and how you can turn all that log data into actionable information and audit artifacts.   

Speakers
avatar for Russell Mosley

Russell Mosley

Director, Infrastructure & Security, DYNAXYS
Russell is the Director, Infrastructure & Security of a software and financial services company in the DC area and an organizer with BSides Charm (Baltimore is Charm City!) Russell has seventeen years' experience in IT operations and enterprise defense and is responsible for the... Read More →


Saturday July 15, 2017 5:30pm - 6:20pm CDT
Williford B

5:30pm CDT

Reduce the noise - Practical techniques for Threat Intel processing
More threat data is being produced today than in any time in history. It becomes nearly impossible to gauge whether the threat is relevant to you or not. 

The human factor is highly important, but some automation needed to help with such big datasets. Security analysts should act fast and block the important indicators of compromise.
 
Our talk will cover real-life examples on how to prioritize the activities as well as best practices for TIPs (threat intel platforms), enrichment tools, internal security feeds, and scoring.  

Speakers
avatar for Kevin Libby

Kevin Libby

Kevin Libby has spent 20+ years in the Information Technology field and has concentrated on security related aspects the last 15. During this time, Kevin has architected secure solutions that align with business drivers and initiatives for numerous organizations of all sizes and areas... Read More →
avatar for Nir Yosha

Nir Yosha

Nir started his career as a squad leader in the Israeli Intelligence Corps. He helped with gathering intelligence tracking the growth of terrorist organizations. Nir has over 10 years of experience as a security engineer both in visual and network security areas. He worked for multiple... Read More →


Saturday July 15, 2017 5:30pm - 6:20pm CDT
Williford C

6:30pm CDT

After Party featuring Jess Godwin Sponsored by Wazuh and Qualys
Join us for our after party, featuring music by Jess Godwin. Special thanks to our After Party Sponsors - Wazuh (http://wazuh.com) and Qualys (http://qualys.com)

Come network with new and old friends, stop by and talk with the sponors, or just come for some lite bites and good drinks, not to mention awesome music by Jess Godwin (jessgodwin.com)

Artists
avatar for Jess Godwin

Jess Godwin

Songwriter, teacher, and sometimes actor-when-she-gets-to-play-quirky-people Jess Godwin is proud to call Chicago her home. She takes turns dipping her toes in the music and theatre industry, but her sweet spot is somewhere in the middle of the two. She is happiest when producing... Read More →


Saturday July 15, 2017 6:30pm - 8:00pm CDT
Waldorf
 
Filter sessions
Apply filters to sessions.