Loading…
bsidesaustin2019 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, March 28
 

8:00am

Registration (open all day)
Thursday March 28, 2019 8:00am - 8:45am
Big Tex

8:45am

Open remarks
Speakers

Thursday March 28, 2019 8:45am - 9:00am
Big Tex

9:00am

KEYNOTE: Hacking Your Career
Many people get so busy doing their jobs that they don't manage their careers. This talk will help you take charge of your future and ring success out of every opportunity. Everyone has the potential to achieve great things, but they don't always know how. It is time to get some answers. I am going to share all my lessons learned on the way to becoming a CISO of a billion dollar international company. Whether you are looking to make more money in your current role or climb the corporate ladder, I will show you how to do it and more importantly, how to avoid the pitfalls along the way. Think of this as the cheat sheet to kicking your career's ass. Whether you are just getting started or are already in management, I guarantee that you will walk away with powerful insights and new ideas for how to move your career forward and to help others do the same.

Speakers
KT

Keith Turpin

Chief Information Security Officer and Head of Global Infrastructure Services at Universal Weather and Aviation, a billion dollar, international aviation services company operating 50 locations in 20 countries. Responsible for all aspects of information security and all IT infrastructure... Read More →


Thursday March 28, 2019 9:00am - 10:00am
Big Tex

10:00am

How to Fix the Diversity Gap in Cybersecurity
Women make up just 11 percent and minorities are slightly less than 12 percent of the cybersecurity workforce. Coming from a nonprofit background, which is an industry with a high diversity, to one where it is so unbalanced. It’s disheartening and disappointing.

I’ve connected with persons who are underrepresented in the field, and many after spending years in cybersecurity are leaving the field. From their shared experiences as well as my own, it is clear that the cybersecurity space needs to get real about the lack of diversity in the space, and the necessity to make changes as we approach the estimated shortage of 1.5 million cybersecurity professionals in 2019.

In this talk, we will discuss our brains and how we label and prejudge, hear experiences of underrepresented people in the space, what can be done to fill the gap, and how to increase and retain the number of qualified candidates in cybersecurity.

Outline of talk:
● Background: Statistics and Brains
Overview of today’s statistics about underrepresented in the cybersecurity space, and how we process label/prejudices in our brains.
● Interactive Exercise
Audience takes part in a listening exchange activity.
● Obstacle Storytelling
Over the last year, in addition to my own experience, I’ve collected stories and experiences from dozens of underrepresented persons in the cybersecurity industry who have experienced the glass ceiling and discrimination, leading many of them to ultimately leave the space.
● How to change the 11% and 12%
○ Sharing recommendations from underrepresented in the field
○ Latest research on how to make improvements
○ Three takeaways to begin making a difference today

Speakers
avatar for Chloe Messdaghi

Chloe Messdaghi

Security Researcher Advocate, WoSEC & WomenHackerz
Chloe Messdaghi is a Security Researcher Advocate. Since entering cybersecurity space, she sees security as a humanitarian issue. Humanitarian work includes advising as a UN Volunteer, serving as a board member for several humanitarian organizations and started a nonprofit called... Read More →


Thursday March 28, 2019 10:00am - 11:00am
Big Tex

10:00am

Make Your Organization 10% More Secure
What if I told you that approaching security with compassion and mindfulness could help you increase the efficacy of your organization’s information security program by 10%? Additionally, what if I also told you that a different approach to communicating security needs could make you, and your coworkers, happier at your respective jobs and personal lives? Brain scans show that acts of kindness register more like eating chocolate than, say, fulfilling an obligation. The same pleasure centers light up when we receive a gift as when we donate to charity. Neuroscientists refer to this as “the warm glow” effect.

No, this isn’t a Deepak Chopra life coaching session but rather a talk about how you can wield scientific evidence to entice people to care about something important. This session will explore the benefits of approaching organizational cybersecurity through mindfulness, compassion, and neuroscience versus our traditional heavy-handed methods. Perhaps we can harness this “warm glow” effect to collaboratively make our organizations increasingly more secure.

Attendees will learn how to achieve results without blindly forcing adherence to the rule of law, caring about security until it’s no longer useful or productive, and how to live your life without agonizing over the results.

Speakers
avatar for Andrew Hay

Andrew Hay

CEO, Rising Cyber LLC
Andrew Hay is a veteran cybersecurity executive, strategist, industry analyst, data scientist, threat and vulnerability researcher, and international public speaker with close to 25 years of cybersecurity experience across multiple domains. He prides himself on his ability to execute... Read More →


Thursday March 28, 2019 10:00am - 11:00am
Lil' Tex

10:00am

Mentorship 101
Ever been a Daniel in need of a Mr. Myagi? Are you ready to achieve greatness but with no real clue where to start? Finding a mentor is the first step, but knowing how to make the most of the time spent with your mentor makes the real difference. Join in on a conversation about identifying your person of influence and building a plan together from wax on, wax off to being carried away by the cheering crowd.

Speakers
avatar for Ell Marquez

Ell Marquez

Community Architect, Jupiter Broadcasting / Linux Academy
Passionate technical evangelist at Linux Academy, co-lead of OpenStack Mentoring, recovering Linux Administrator but in the end, just a simple girl happily lost in the world of technology.


Thursday March 28, 2019 10:00am - 11:00am
Stadium

11:00am

Securing the Technology Supply Chain
Supply chains can represent the biggest risk to many organizations. Current data shows that this is a commonly exploited vector of attack and that most organizations struggle to properly address the risks. Learning to secure the technology supply chain means understanding the risk inherent in subcontracting, knowing how attackers might take advantage of the business relationship and why your organization might be targeted. It also requires the security team to be tightly integrated with legal and other less obvious business groups. This presentation will provide an overview of the issues and guidance on building an effective program for your organization.

Speakers
KT

Keith Turpin

Chief Information Security Officer and Head of Global Infrastructure Services at Universal Weather and Aviation, a billion dollar, international aviation services company operating 50 locations in 20 countries. Responsible for all aspects of information security and all IT infrastructure... Read More →


Thursday March 28, 2019 11:00am - 12:00pm
Stadium

11:00am

Security Automation Simplified
Incident response is an intense, high stress, high skill job that relies heavily on human judgement. But for reasons that we can't begin to understand, a big part of an incident responder's job seems to be opening numerous browser tabs and copy-pasting bits of text from one system to another. Security automation can look a lot like magic, and many feel a strong temptation to go buy $HOT_SECURITY_ORCHESTRATION_PRODUCT, but it's really not hard to get started automating SecOps with the tools you already have, a few web hooks, and some artisanal Python.

In this talk we're going to discuss how to automate some security incident response team (SIRT) operations. We'll give an overview of what a typical SecOps/SIRT infrastructure looks like, how and where automation fits in, and dive into some code. We'll walk through a simple example, with screenshots and code, of automating a SecOps process. We want to show that  getting started with security automation doesn't have to be difficult or expensive (though vendors will happily take your money). This is not a "no code required!" approach to automation, but it's practical and easy enough to get started.

Speakers
avatar for Moses Schwartz

Moses Schwartz

Staff Security Engineer, Box
Moses is a staff security engineer working for the Box security incident response team. He's part software developer and part security researcher, with over 10 years experience in industry and government. Nothing hurts him more than watching someone do a tedious, manual task that... Read More →


Thursday March 28, 2019 11:00am - 12:00pm
Big Tex

11:00am

Using the Chrome Dev Tools Protocol for Pentesting and Bug Hunting
The Chrome Dev Tools protocol allows us to hook our code to the browser via an API. This means that we can write our end functions that process requests and responses to aid in our pentesting endeavors. This talk will show how the Chrome Dev Tools protocol works and how we can use it to reverse JavaScript and alter the behavior of an app to find bugs and vulnerabilities. Additionally, a tool will be demoed that can be used for doing just that by writing simple modules in Go called "gorp".

Speakers
avatar for Alex Useche

Alex Useche

Application Security Consultant, nVisium
Alex is an Application Security Consultant at nVisium with over 12 years of experience in the IT industry as a software developer, security engineer, and penetration tester. As a software developer, he has worked and architected mobile and web applications in a wide range of languages... Read More →


Thursday March 28, 2019 11:00am - 12:00pm
Lil' Tex

1:00pm

Spotting Lateral Movement with Endpoint Data
Lateral movement is an integral part of adversary movement into and around networks. This functionality is now built into relatively inexpensive and widely available malware in addition to operating systems for system administration. There is some good news: you CAN detect an adversary moving around your network with the proper telemetry and analysis. This session will arm defenders with techniques to detect six commonly used methods to move laterally using endpoint data.

Speakers
avatar for Tony Lambert

Tony Lambert

Tony is a recovering systems administrator that traded in chasing uptime for chasing adversaries. He is a geek that loves to discover how malicious tools work and learn about adversary techniques. Tony has completed a Masters of Digital Forensic Science from Champlain College and... Read More →



Thursday March 28, 2019 1:00pm - 2:00pm
Lil' Tex

1:00pm

The Art of Defeating Facial Recognition
Privacy is not just an issue of interest to techies. People within the art community are not happy with the idea of ubiquitous facial recognition systems, leading some people to develop techniques to defeat said systems. This talk will provide a high-level overview of the general techniques used by facial recognition systems, and discuss some of the methodologies being used to defeat them (with special attention being paid to artistic solutions).

Speakers
VH

Vic Harkness

MWR Infosecurity
Vic is a security researcher from England. She likes breaking things, reading, and photography.


Thursday March 28, 2019 1:00pm - 2:00pm
Stadium

1:00pm

Vulnerability Management: You're doing it wrong
Threat and vulnerability management (TVM) is a core aspect of every information security program. Many organizations have some level of TVM in place, but frequently these tools are improperly deployed, missing critical automation processes, and are poorly aligned to business requirements. In this presentation, we identify critical aspects often overlooked at many points in the TVM lifecycle -- from architecture and deployment to daily tasks and automation.

If you are familiar with TVM tools and are involved in day to day operations, or if you are architecting and deploying a new installation, you’ll benefit from this talk.

You’ll leave with a better understanding of some best practices for architecting a deployment, building day to day operational tasks, aligning reporting with business processes, communicating vulnerabilities and risk to stakeholders, and adding automation to the TVM life cycle.

Speakers
avatar for Mauvehed

Mauvehed

AHA!
Mauvehed is a Senior Internet Troll and part-time babysitter for Austin Hackers Anonymous. In his spare time he idles in IdleRPG channels on IRC and writes brainf*ck code.
D

Digitalgrease

Digitalgrease formerly yelled at people for making bad decisions with their cars, and now yells at people for making bad decisions with their keyboards.


Thursday March 28, 2019 1:00pm - 2:00pm
Big Tex

2:00pm

Maximal Visibility, Minimal Effort: Getting more value out of your hacking data with MSF 5
Metasploit recently released a major version of the open-source Framework—the first major release since 2011. In this talk, Metasploit Engineering Manager Pearce Barry provides an overview of MSF 5’s “database as a web service” functionality and demonstrates how Framework users (including Kali and Parrot fans) can integrate with their favorite hacker tools, visualize their data, and maximize their understanding of target environments.

Speakers
avatar for Pearce Barry

Pearce Barry

Manager, Metasploit Engineering, Rapid7
Pearce is currently an engineering manager on the Metasploit Team at Rapid7. Having spent a number of years creating-and-wrangling software, including several years in the security space, Pearce enjoys learning how things work (and how they can be broken).


Thursday March 28, 2019 2:00pm - 3:00pm
Lil' Tex

2:00pm

Pitfall : The Art of Productizing osquery
Facebook's cross-platform osquery agent is increasingly being used by security professionals to monitor assets from the lab to the enterprise. Anyone who has tried an osquery configuration and then deployed it to a production server can attest to how easy it can be to shoot yourself in the foot. The presenter breaks down the architectural challenges, lessons learned, and best practices. Then there's the fact that the last functional osquery release was in August 2018, and Facebook' move to internal tools (Buck, Phabricator) has caused a stir. If you rely on osquery in your infrastructure, or have a desire to do so, you will want to attend and come armed with your own questions.

Speakers
AM

Alex Malone

Alex Malone is the lead developer on the osquery agent developed at AT&T Cybersecurity (formerly Alienvault). He is passionate about security and building software that makes our lives easier.


Thursday March 28, 2019 2:00pm - 3:00pm
Stadium

2:00pm

Taste the Rainbow: Windows 10 Challenges for Red, Blue, and Purple Teams
Microsoft has added a significant number of features in Windows 10 that affect the types of evidence that can be found both on disk and in memory during digital forensic investigations. These features include new event logging sources, new artifacts of program execution and file access, compression of in-memory data stores, and much more. The inclusion of these features necessitate that blue team members update a significant portion of their workflow to fully capture events that previously occurred on the system. These features also force red team members to update their workflows if they wish to operate in a stealthy manner. During this presentation, the full range of these new features will be presented along with how they can be accessed, analyzed, and understood. This will include discussion of open source tools along with analysis methodologies. By the end of the presentation, attendees who work in a wide variety of information security roles will understand how Windows 10 changes their daily workflow and how to best take advantage of the new features.

Speakers
AC

Andrew Case

Andrew Case is the Director of Research at Volexity and a core developer of the Volatility memory analysis framework. His professional experience includes digital forensic investigations, incident response handling, malware analysis, penetration tests, and source code audits. Andrew... Read More →


Thursday March 28, 2019 2:00pm - 3:00pm
Big Tex

3:00pm

Scantron - A distributed nmap / masscan scanning framework
This talk is for all the nmap lovers out there! Anyone familiar with nmap knows that it is great for ad-hoc scanning, but doesn't scale when it comes to scheduling, organizing scan results, and automation in general. Scantron solves that and rests on the shoulders of previous frameworks like dnmap, minions, and rainmap.

Scantron is an open-sourced distributed nmap / masscan scanner comprised of two components. The first is a Master node that consists of a web front end used for scheduling scans and storing nmap / masscan scan targets and results. The second component is the scanning agents that pull scan jobs from Master and conduct the actual nmap / masscan scanning.

A majority of the application's logic is purposely placed on Master to make the agent(s) as "dumb" as possible. All nmap target files and nmap results reside on Master and are shared through a network file share (NFS) leveraging SSH tunnels. The agents call back to Master periodically using a REST API to check for scan tasks and provide scan status updates.

Scantron was developed inhouse by the Threat and Vulnerability Analysis team at Rackspace to automate penetration testing scanning and provide network segmentation validation.

Speakers
avatar for Brennon Thomas

Brennon Thomas

Cyber Vulnerability Analyst and Penetration Tester III, Rackspace
Brennon works as a Vulnerability Analyst and Penetration Tester for Rackspace identifying and reducing risks and threats to Rackspace's computer networks. Prior to Rackspace, Brennon worked for the Air Force, in both active duty and civilian roles, and for the private sector. He... Read More →


Thursday March 28, 2019 3:00pm - 4:00pm
Stadium

3:00pm

Unexpected Success: Tips for navigating through security career, certs, and work-life balance
We share an interest in making the most of our time in the workforce: contributing to the field, supporting ourselves and families, learning new things, and staying motivated. I’ve been in information technology since 1995 and in information security since 2006. I’ve learned a few things that may be helpful. This talk will cover:
1. Learning at a discount – How to get trained without paying high dollar prices
• Know your learning style.
• Reading is cool and works better than boot camps (for some of us).
• Choose training videos and webinars thoughtfully.
2. Acing, failing, and just barely passing – Tips for getting through certification exams
• You will pass if you prepare correctly.
• You may ace it if you understand how exam questions are written.
• How I scored in the top 5% on the ISACA CISM exam, after barely passing the ISACA CISA exam – what made the difference.
3. Being different is great
• There’s a place in infosec for art majors, moms, gamers, non-gamers, and all abilities.
• Don’t feel like you have to fit a stereotype of “hacker.”
• Being there for your kids is a priority – and that’s OK.
4. Working with authority figures – I got over myself and you can too
• Listening is more important than speaking.
• That non-technical manager knows something you don’t.
• R-E-S-P-E-C-T
5. Find your motivation
• What are your hobbies and habits?
• Know your strengths and what motivates you.
• Lean into those areas and use them to propel your career.

Speakers
avatar for Miriam Levenstein

Miriam Levenstein

Senior Consultant, NTT Security
Miriam Levenstein, CISSP, CISM, PCI-QSA, CISA, CIPP/E, CCSK - Principal security consultant at NTT Security. 10+ years of cybersecurity experience. Manage and deliver information security, privacy and compliance assessments and advisory consulting services to clients that include... Read More →



Thursday March 28, 2019 3:00pm - 4:00pm
Big Tex

3:00pm

Why your red team shouldn't be special
Red teaming require the use of specialized tools. However, this should not exclude operators from using the same technology, adhering to the same procedures, and following the same policies as their colleagues throughout the organization. Some argue that this will prevent operators from executing on their duties. The contrary is true. With a few exceptions in place and thoughtful architecture considerations, treating red teamers as regular employees will improve their testing and reduce the risk that red teamers bring to organizations.

Speakers
avatar for Isaiah Sarju

Isaiah Sarju

Co-Owner, Revis Solutions
Isaiah Sarju is a Red Teamer. He has contributed to the Microsoft Security Intelligence Report, conducted numerous penetration/red team engagements, and taught students how to become top tier defenders. He plays tabletop games, swims, and trains Brazilian Jiu-Jitsu. @isaiahsarju


Thursday March 28, 2019 3:00pm - 4:00pm
Lil' Tex

4:00pm

And all I got was a T-shirt: How to Leverage Community Volunteering for Career Development
Career progression is typically seen as education, certification, and job moves. However in order to continually advance, we need to build both technical and non-technical skills in different environments that challenge us and give us opportunities to learn. This is increasingly important as LinkedIn’s 2019 Global Talent Trends Report found that 92% of talent professionals agree that soft skills matter as much as hard skills, if not more.

Community volunteering provides career development opportunities, and offers substantial benefits spanning personal fulfillment and career advancement. This notion is supported in the findings I will share from a recent survey among industry professionals, which examines how individuals volunteer in the community, what skills they learn, how employers support them, and how they face stress.

I will discuss ways to get involved and offer tips to ensure volunteers gain more than a T-shirt from their efforts. I will also share best practices for engaging employer support and how job seekers should present this in their career search, while relaying the results of my upcoming job search challenges survey. This session will also encourage employers to be more involved in the community, discussing tips to retain top skilled talent and build their employer brand.

Speakers
KS

Kathleen Smith

COO, ClearedJobs.Net/CyberSecJobs.Co
Kathleen Smith, CMO for CyberSecJobs.Com and ClearedJobs.Net, has coached thousands of job seekers and employers to achieve the mutual goal of employment. Kathleen presents at several conferences each year on recruiting and job search. Some of the conferences she has presented at... Read More →


Thursday March 28, 2019 4:00pm - 5:00pm
Stadium

4:00pm

Purple Packets: Effective Network Defense Against Real-World Attacks
There are two sides to every story. Yin and yang. Day and night. Host and network. Unfortunately, when it comes to enterprise security, many organizations tend to focus heavily on host-based defenses, and apply “just-enough” monitoring to their network. However, the network can be one of the best places to not only defend against the attacker, but also observe and understand the capabilities.


In this talk, we’ll examine techniques with which advanced adversaries utilize your networks. Whether it’s via intricate protocol abuse, malleable traffic, or combinations of protocols to avoid standard detection, there is much to glean from an observation of network traffic.


To help our audience discover just how impactful proper network defenses can be, we’re going to emulate the top techniques followed by a detailed explanation of each attack. Furthermore, we’ll outline specific steps that would have detected and stopped the malicious traffic. Our goal, by the end of the session, is for our attendees to have a solid understanding of how the attacks work and what they need to do to protect themselves.

Speakers
MB

Matt Bromiley

Matt Bromiley is a principal incident response consultant at a top digital forensics and incident response (DFIR) firm where he assists clients with incident response, digital forensics, and litigation support.  Matt brings his passion for digital forensics to the classroom as a... Read More →
avatar for Aaron Soto

Aaron Soto

Aaron Soto is a senior security researcher at Rapid7 on the Metasploit team where he works with a team of exploit developers to identify, test, and integrate the newest exploits.  He also mentors cybersecurity students at the University of Texas at Austin participating in the Cyber... Read More →


Thursday March 28, 2019 4:00pm - 5:00pm
Lil' Tex

4:00pm

The Power of DCShadow
So, you swiped domain admin credentials and want to maintain persistence without getting caught like a script kiddie. By leveraging the "Power of DC Shadow" to exploit the sIDHistory attribute, you will be able to own the forest.
In this workshop, we'll cover how to use sIDHistory and DCShadow in tandem and discuss the types of data that can be injected into Active Directory. Finally, we will show you how to be blue team cyber warrior to detect DC Shadow using deep packet inspection and prevent this attack using IPSEC tunnels.

Speakers
avatar for Don Perez

Don Perez

Manager-Identity and Access, Protiviti
Don Perez has been 18 years’ experience with Active Directory specializing in AD security and Domain Migrations.  He has over 15 years of experience in working for Financial, Utilities, and educational organizations. Currently Don is a manager at Protiviti as part of the Security... Read More →
AS

Adam Steed

Adam Steed prides himself in not just being an Information Security professional but has been part of the Information Security community for the last two decades.  He has over 20 years of experience in working for Financial, Websites and Healthcare organizations. Currently Adam is... Read More →


Thursday March 28, 2019 4:00pm - 5:00pm
Big Tex

5:00pm

Fooling Machine Learning using Adversarial Examples
Adversarial example images appear to be of one class (e.g. dog or car), but are classified by machine learning image recognition systems as a class of the attacker's choosing. This talk covers a conceptual introduction to image recognition via convolutional neural networks, creating adversarial examples, and how the speaker adapted such an attack as a problem in picoCTF 2018, an introductory level capture the flag. The talk concludes with an overview of the current state of adversarial example generation in academia, including the current capabilities of defenses, and how attacks have been adapted for the real world. Prior conceptual knowledge of neural networks is not required.

Speakers
avatar for William Parks

William Parks

Bill is an avid CTFer, having contributed to picoCTF 2017/2018 and plaidCTF 2017. He currently ctfs with Shell Collecting Club, and dabbles in ML in his free time.



Thursday March 28, 2019 5:00pm - 6:00pm
Stadium

5:00pm

Introducing ArTHIR –ATT&CK Remote Threat Hunting Incident Response Windows tool
ArTHIR is a modular framework that can be used remotely against one, or many target systems to perform Threat Hunting, Incident Response, compromise assessments, configuration, containment, and any other activities you can conjure up utilizing built-in PowerShell (any version) and Windows Remote Management (WinRM).
This is an improvement to the well-known tool Kansa, but with more capabilities than just running PowerShell scripts. ArTHIR makes it easier to push and execute any binary remotely and retrieve back the output!
One goal of ArTHIR is for you to map your Threat Hunting and Incident Response modules to the MITRE ATT&CK Framework. Map your modules to one or more Tactics and Technique IDs and fill in your MITRE ATT&CK Matrix on your capabilities, and gaps needing improvement.
Have an idea for a module? Have a utility you want run remotely but no easy way to do it volume? ArTHIR provides you this capability. An Open Source project, hosted on GitHub, everyone is encouraged to contribute and build modules, share ideas, and request updates. There is even a SLACK page to ask questions, share ideas, and collaborate.

Speakers
avatar for Michael Gough

Michael Gough

Founder, Malware Archaeology
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free... Read More →


Thursday March 28, 2019 5:00pm - 6:00pm
Big Tex

5:00pm

Security, Shift Left
“Shift Left” paradigm to integrate security in early stages of product development life cycle by use of automation at every step. Offering security solutions by using a service oriented architecture (SOA) and automation to help on-board product development teams.

The "Shift Left" paradigm has transformed the QA and DevOps industry and now it’s time to do the same with Security! We’ll share how NVIDIA’s Security Tools team is integrating with product teams early in their development life-cycle to help build more secure products at speed of light (SOL). We’ll also highlight the design decisions that led to a SOA platform where individual software components integrated together provide different security related services.
Finally, we’ll discuss how integrating with multiple data sources has enabled us to effectively gather security related metrics and present them on dashboards using various tools.


Speakers
avatar for Dnyanada Annachhatre

Dnyanada Annachhatre

Dee Annachhatre is a Senior Development Leader at NVIDIA’s Security Tools Platform Team. With 14 years of experience in the software industry she specializes in architecting and delivering reliable and scalable systems in a variety of areas especially, online services. Her area... Read More →


Thursday March 28, 2019 5:00pm - 6:00pm
Lil' Tex

6:00pm

F-Secure Happy Hour (location to be announced)
Drinks, snacks, and networking! 

Thursday March 28, 2019 6:00pm - 8:00pm
Big Tex

6:00pm

Party

Thursday March 28, 2019 6:00pm - 8:00pm
 
Friday, March 29
 

8:30am

Registration (open all day)
Friday March 29, 2019 8:30am - 9:00am
Big Tex

9:00am

10:00am

Identify theft through OSINT
This talk will demonstrate how easy identity theft has become because of OSINT and the ability to easily social engineer and grab meta data. It will cover how an attacker uses OSINT to build targeted attacks. How an attacker builds a profile using software to represent their data about you. How an attacker uses data points to pivot from one source to another online. The target was a random target that was picked. Not only does it cover his current activity but his cached activity which enables attackers to target him. The story will show how an initial search to a complete PWNAGE was done on the individual because of a random blog that was discovered. This talk also shows how easily I was able to find his company's email format, private IP addresses which could of completely allowed me to own his companies network because his company allowed BYOD. It will cover how you can better prepare and protect yourself.


Speakers
avatar for Zee Abdelnabi

Zee Abdelnabi

Security Researcher| Technical cyber security manager| Building best in class talent | Experienced in connected car security, SIEM, vulnerability management, threat modeling, security testing and mobile security and is an active security community member.


Friday March 29, 2019 10:00am - 11:00am
Lil' Tex

10:00am

Reversing Education
Reversing Education is a method used to create educational content for self-study. In this talk it is discussed how to research topics from SANS courses and create content to learn the skills as outlined in the SANS course. This method not only helps create self-study content it teaches one how to research topics of interest and terms relevant to the subject. The presentation covers how to collect and organized information collected during education reversing, as well as tools to help memorize and prepare for exams.


Speakers
avatar for Phillip Wylie

Phillip Wylie

Principal Penetration Tester, U.S. Bank
Phillip Wylie is a Principal Penetration Tester at U.S. Bank, Adjunct Instructor at Richland College, Bugcrowd Ambassador and The Pwn School Project founder. Phillip has over 21 years of experience in InfoSec and IT. He has performed pentests on networks, wireless networks, applications... Read More →


Friday March 29, 2019 10:00am - 11:00am
Stadium

10:00am

What do you want to be when you grow up?
Many industries have well-defined points of entry and well-understood education and training requirements. Information Security is not one of those industries. Successful infosec pros often have wildly diverse backgrounds so it is difficult to know which is the "correct" way to enter this field. As our industry has evolved and matured, what do organizations now look for in a candidate? What combination of skills, experience, and education will get you in your "dream job?" SPOILER - there are many predictors of success, and organizations have different priorities, so there is no single answer.

The speaker will describe his experiences as a 22-year veteran of IT and infosec, both from the perspective of working for internal support teams and as a client-facing consultant. In addition to direct observations, this presentation will include the perspectives of other infosec pros that currently work in various capacities in our industry. The goal is not to answer the question of how to successfully develop one's career, as such, but rather to continue the dialogue of what is important to us as we develop our future experts and leaders.

Speakers
avatar for Damon "ch3f" Small

Damon "ch3f" Small

Technical Director, NCC Group
Damon Small began his career studying music at Louisiana State University. Pursuing the changing job market, he took advantage of computer skills learned in the LSU recording studio to become a systems administrator in the mid 1990s. As a security professional he has supported infosec... Read More →


Friday March 29, 2019 10:00am - 11:00am
Big Tex

11:00am

Cons & Careers
“If you compete with others, you may not win. If you compete with yourself, you always win by becoming better.” ― Debasish Mridha

When I got my first job out in the real world, I thought: this is it: All I’m ever going to need to know for my career, for my job. Got a rude awakening that was one of those worthwhile lessons taught outside of school: invest in becoming a lifelong learner.

How do you come across new ideas to keep things fresh? To borrow a saying, if you’re the smartest person in the room, you’re in the wrong room! Attending conferences is one way to learn about different viewpoints. Revisiting ideas is one way to renew our minds and impact the way we think. Peeking into points along a career path will demonstrate an approach to keeping an eye on constant growth, while watching out for warning signs for burn out. Compete against yourself and you’ll Maybe it was the dialog in the scene or suddenly understanding what the writer must have been thinking. The point is, the introduction of new ideas is essential to keep adding value to ourselves and the things we do.

Speakers
SS

SciaticNerd/ Steven Bernstein

Executive Producer, BSidesSATX / SecurityEndeavors
@BSidesSATX coordinator. @BSidesLV AV Staff. IAM practitioner. #InfoSec #podcast host for @SEndeavors @CoderDojoSA Raspberry Pi class Working in the field of Digital Identity since 2002, SciaticNerd is actively involved in the San Antonio InfoSec community, attending and contributing... Read More →


Friday March 29, 2019 11:00am - 12:00pm
Stadium

11:00am

How DevOps Tools and Practices can Improve Your Security Operations
The term DevOps is a hot buzzword right now. Most of the time when you hear of integrating security with DevOps, it is about getting security checks integrated with a CI/CD pipeline instead of at the end of a development cycle. This is critically important for security to remain relevant in the rapidly changing world of the cloud. However, DevOps tools and practices can also have a powerful impact on your security operations. Come learn how DevOps is being used in the Cloud, and how these practices can help security professionals in areas such as: integrating into the development cycle, building and maintaining security tools, collaboration among team members, improving repeatability of security operations, and more.

Speakers
EM

Eric Matlock

na, na
Eric Matlock is a Cloud Architect in the Oil and Gas Industry, and also has over 11 years of experience as a security professional with the Air Force. He has spent time in all three silos of Dev, Sec, Ops, and loves spreading information to help integrate them.


Friday March 29, 2019 11:00am - 12:00pm
Big Tex

11:00am

Turning the Tide - Using Criminal’s Stolen Data against Them
Cyber criminals are constantly upgrading their technology to perform more sophisticated, widespread attacks. Preventing breaches and account takeover begins with understanding how criminals operate. This presentation will guide guests through the criminal’s timeline and methods, as well as explain why existing prevention products aren’t providing the protection organizations think. More interestingly, we will demonstrate how this same data can be used to find criminals true identities! Learn how law enforcement hunts threat actors and how their tactics can be applied to corporate protection.

Speakers
TR

Ted Ross

Ted Ross is an industry veteran of twenty-nine years in the network and security industries. Ted started his career in the U.S. Air Force. Afterward he was the Director of Network Engineering at West Corp, Strategy Architect at Walmart, Executive Technology Director at TippingPoint... Read More →


Friday March 29, 2019 11:00am - 12:00pm
Lil' Tex

1:00pm

BountyCraft - The Panel
Every security tester has some sort of methodology and toolset they use. This "secret sauce" is the essence of good security research. BountyCraft the panel is about disclosing those secrets. The panel will talk through the successful tools and techniques used by the panelists, what do they focus on, and why. They will discuss topics such as advents in tooling, approaches to different types of applications, reconnaissance, vulnerability trends in bounty, and more. Viewers will leave this presentation with knowledge of practical recommendations for hacking methodologies, tools, and tips to better hack. The panelists will talk through vulnerabilities commonly seen as edge cases that have been present on heavily tested sites, and what are the upcoming challenges in the space.

This talk focuses on the current and future of bounty hunting and web hacks that bug hunters or penetration testers can be knowledgeable of what the various environment trends. We will be going over the changes to the web attack landscape and how web hackers, can better find bugs in the web applications that are currently being developed.

Panel includes:
Jason Haddix
Phillip Wylie
Anonymous Hunter

Moderator:
Chloé Messdaghi

Speakers
avatar for Chloe Messdaghi

Chloe Messdaghi

Security Researcher Advocate, WoSEC & WomenHackerz
Chloe Messdaghi is a Security Researcher Advocate. Since entering cybersecurity space, she sees security as a humanitarian issue. Humanitarian work includes advising as a UN Volunteer, serving as a board member for several humanitarian organizations and started a nonprofit called... Read More →
avatar for Phillip Wylie

Phillip Wylie

Principal Penetration Tester, U.S. Bank
Phillip Wylie is a Principal Penetration Tester at U.S. Bank, Adjunct Instructor at Richland College, Bugcrowd Ambassador and The Pwn School Project founder. Phillip has over 21 years of experience in InfoSec and IT. He has performed pentests on networks, wireless networks, applications... Read More →


Friday March 29, 2019 1:00pm - 2:00pm
Big Tex

1:00pm

My quest for (privileged) identity to own your domain
Many solutions offer a variety of features that help combat against credential stealing malware, but tools like BloodHound often fall under the radar. When nearly 40% of organizations do not actively discover their privileged accounts, a new approach to protect against more advanced threats the problem is needed. In this talk I will cover the following:

Techniques - How attackers exploit privileged access gaps
Discover – How to gain insights into privileged accounts and their activities
Enforce – Ideas for auto-remediation and innovative approach to mitigate advanced threats

Speakers
avatar for Nir Yosha

Nir Yosha

Principal Solutions Engineer, Preempt
Nir started his career as a squad leader in the Israeli Intelligence Corps. He helped with gathering intelligence tracking the growth of terrorist organizations. Nir has over 15 years of experience in identity management, user behavior and insider threat analysis. Currently, Nir... Read More →



Friday March 29, 2019 1:00pm - 2:00pm
Stadium

1:00pm

Understanding XSS and CSRF
Come learn in depth about two web vulnerabilities: XSS and CSRF. First we discuss how browsers and web apps work to better understand how it’s possible. Then we will cover the following: how to spot it in the wild, how to exploit it, remediation steps, and impact. How can you make my browser send a request on your behalf? Come learn how!

Speakers
avatar for Christina Mitchell

Christina Mitchell

Security Analyst, Indeed
Christina is an Application Security Engineer at Indeed. She works with the crowdsourced bug hunting platform, and application assessments ranging from 3rd parties and internally developed. She loves to break things and educate.


Friday March 29, 2019 1:00pm - 2:00pm
Lil' Tex

2:00pm

Game Theory for Hackers - Lessons Learned Studying Economics out of Spite
In this presentation we will discuss game theory and its applications to cyber security. Game theory is the study of choices and strategy made by rational actors in competitive situations. Game theory has been used to model war, biology, and even football. In this talk I will demonstrate game theory concepts and show how game theory can be used to model and predict conflict in cyber security through a variety of examples.
We will start with demonstrations of basic game theory concepts using willing (or unwilling if necessary) participants from the audience. Volunteers will play common game theory games, such as prisoner’s dilemma, and I will explain the math behind the choices made. From there, we will build on those concepts by applying them to real world examples from the technical side such as packet capturing, DDoS attacks, and threat hunting as well as use of resources and deterrence from the policy side. With this talk I hope to engage the audience and demonstrate the basics of game theory in a novel and exciting way while proving that game theory can be applied to many aspects of cybersecurity.

Speakers
LV

Lindsay Von Tish

Lindsay Von Tish is a recent college graduate from Anchorage, Alaska. While in college she studied computer science and economics and got her start in hacking by competing in CTFs. In her time in the industry she has gained experience in red teaming, risk management, and digital forensics... Read More →


Friday March 29, 2019 2:00pm - 3:00pm
Big Tex

2:00pm

RATs Without Borders - Moving Your Cheese
Antivirus solutions continue to fail us. This talk will highlight my research of the effectiveness of the leading AV solutions. The overall strategy is to create a RAT in every language, then test it against AV. As part of the talk, I will be releasing the source code for the RATs I have built to date (15+ languages) for red teams to use. Additionally, recommendations will be given to AV vendors to solve the issue and to blue teams to protect their environment until the AV vendors catch up.

The video from the talk, slides, code and raw AV results are here: https://penconsultants.com/home/presentation-rats-without-borders/

Speakers
avatar for Robert Neel

Robert Neel

Owner, PEN Consultants
Robert Neel has over 20 years of experience in the public and private sector in various administrator, defensive, and offensive roles. He is a graduate of NSA’s CNODP program and established USAA’s Red Team, and led it for five years. Robert recently stepped out on his own providing... Read More →



Friday March 29, 2019 2:00pm - 3:00pm
Lil' Tex

2:00pm

Working for a Living
In this talk, Keli will share her journey to a healthier lifestyle which saw her lose over 100 pounds while working in tech. During the 11 month weight loss, she dealt with daily workload changes, weekly product releases, conference travel, and long work days. Having kept the weight off for two years, Keli will also share tips and tricks that anyone in tech can use in their daily routine for a more active and happier lifestyle. Similar to planning a network security strategy, but for less money and an actual decrease in stress, you can plan and implement changes for a healthier life. The results include time for you - and optionally your family, better sleep, and a sense of accomplishment.

Speakers
avatar for Keli Hay

Keli Hay

Personal Wellness Coach and Trainer, Keli Hay LLC
After almost 20 years in information technology and living a sedentary lifestyle, I decided that it was time for a change. I was tired of being tired. My weight was impacting my life in several ways. As a certified personal trainer, I am applying my business skills as a certified... Read More →


Friday March 29, 2019 2:00pm - 3:00pm
Stadium

3:00pm

A Standards-Based Approach to Assessing Your Organization's Cybersecurity Maturity
We were tasked with creating a roadmap for the National Instruments Information Security Program. While we had previously used a Gartner Maturity Model to figure out how far along our organization was, we found their recommendations to be too high level to define a roadmap. After some discussion, we determined that we could use the NIST Cybersecurity Framework to not only assess our maturity, but define risk in our environment, and create a roadmap. This talk will not only show you how we did it, but how you can do it too!

Speakers
avatar for Josh Sokol

Josh Sokol

Information Security Program Owner, National Instruments
Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies, including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information... Read More →
avatar for Alex Polimeni

Alex Polimeni

Principal IT Compliance Specialist, National Instruments
Alex Polimeni runs the IT Compliance program at National Instruments. This is the first conference at which he has spoken. He is an animal enthusiast and once got stuck in a cave.


Friday March 29, 2019 3:00pm - 4:00pm
Big Tex

3:00pm

An epidemiological approach to creating an information security prevention framework
Public health frameworks use a multi-level tiered approach to describe prevention interventions used with medical concerns, behavioral issues, and more. Not every intervention is appropriate for every situation, and no one wants to waste resources by focusing on the wrong thing! Just like a flu shot will not help someone who is dying from a bullet wound, basic security awareness classes and incident response plans are very different types of interventions - although both are crucial in their own ways!

In this talk, this social-scientist-turned-compliance-consultant will discuss how this approach could be applied to information security efforts by re-framing how people think about the programs, policies, and best practices that they are being told to implement and/or follow. This extended analogy can be used to bring people from all departments together to improve buy-in across levels, increase policy adherence, and ultimately make your data safer and your company less susceptible to the consequences of noncompliance.

Speakers
avatar for Chelsey Donohoe

Chelsey Donohoe

R&D Associate/ Compliance Analyst, Red Lion LLC
Chelsey Donohoe is a lifelong learner with a passion for research, education, and effectively communicating data to a variety of audiences. Chelsey has taught undergraduate courses in criminal justice while working on grant-funded research as well as her own original projects. She... Read More →


Friday March 29, 2019 3:00pm - 4:00pm
Stadium

3:00pm

Attacking API Microservices
When security teams think of securing API calls they commonly focus solely on the consumer facing APIs used by mobile apps and client applications to make calls into their environment. This challenge is hard enough, but there's another large attack surface sitting around waiting to be abused, and that's the API services that corporations use for the automation and orchestration of their own cloud environments. Most are commonly protected by simple API keys or static firewall rules that offer little protection to a well resourced attacker. I'll be talking about the discovery and exploitation of these API environments as well as some useful ways to protect yourself from these risks.

Speakers
TL

Tony Lauro

Tony Lauro is Director of Technology & Security Strategy for Akamai Technologies. Tony has worked with Akamai’s top global clients to provide cyber security guidance, architectural analysis, web application and network security expertise. With over 20 years of Information Security... Read More →


Friday March 29, 2019 3:00pm - 4:00pm
Lil' Tex