Subscribe to the RSS Feed

Subscribe to the RSS Feed


Amber Welch – Data Access Rights Exploits under New Privacy Laws
Chloe Messdaghi – How to Fix the Diversity Gap in Cybersecurity
Chris Schafer – Tracking and Blocking Malware Distribution with Automation
Christina Lekati & Tigran Terpandjian – The SEArt of War: The Chimaera Threat Model
Fotios “Fotis” Chantzis – Network Exploitation of IoT Ecosystems
Funsized – Chip Decapping on a Budget
IrishMASMS – Digital Forensics is not just for incident response anymore
Jason Kichen – Hashes to Ashes: Life & Times of Clandestine Infrastructure
Machinist & Ravin Kumar – Swords to Plowshares: Repurposing the Ghost Gunner
Marcus Richerson – Tales from the Lockpicking Village
Security Panda – Let’s Talk About WAF (Bypass) Baby
Wasabi & bluescreenofwin – Competing for the Future: Building and Automation InfoSec Competitions

Data Access Rights Exploits under New Privacy Laws

Amber Welch

New privacy laws such as the GDPR and CCPA have been great advances for personal data rights, although the ability to request access to all the personal information a company has on an individual has created new attack vectors for OSINT. These personal data access requests are usually managed by legal or compliance teams with minimal security review, increasing the potential for phishing, social engineering, and “legal DDoS.” This talk will discuss the personal data access options required in different regions, how most companies respond to data access requests, and the most effective exploits for privacy vulnerabilities. We’ll explore the psychology driving corporate responses to requests and ways these emotions can be exploited, as well as the most likely targets for a weak privacy program.

For the blue teamers, phishing detection and defense strategies will be presented. Rather than ignoring or fighting against the regulations, we’ll look at ways to use these laws to discourage, detect, and disrupt data access attacks. We’ll consider strategies for working with legal teams, getting security involved in the review process, and conducting red team reviews on the data access mechanism. Best practices for identifying data subjects, minimizing the data released, and legally denying abusive requests will be covered. Key sections of the laws you need to know for exploits and defense will be highlighted.

Until she’s accepted for a Mars mission, Amber’s goal is to advance data protection and personal information privacy as a Privacy Technical Lead for Schellman & Company. Amber been assessing corporate privacy compliance programs for the past year and prior to that, managed security and privacy governance for a suite of SaaS products. She has previously worked in companies creating ERP, CRM, event planning, and biologics manufacturing software.

How to Fix the Diversity Gap in Cybersecurity

Chloe Messdaghi

Women make up just 11 percent and minorities are slightly less than 12 percent of the cybersecurity workforce. Coming from a nonprofit background, which is an industry with a high diversity, to one where it is so unbalanced. It’s disheartening and disappointing.

I’ve connected with persons who are underrepresented in the field, and many after spending years in cybersecurity are leaving the field. From their shared experiences as well as my own, it is clear that the cybersecurity space needs to get real about the lack of diversity in the space, and the necessity to make changes as we approach the estimated shortage of 1.5 million cybersecurity professionals in 2019.

In this talk, we will discuss our brains and how we label and prejudge, hear experiences of underrepresented people in the space, what can be done to fill the gap, and how to increase and retain the number of qualified candidates in cybersecurity.

Chloe Messdaghi is a Security Researcher Advocate/PMM @Bugcrowd. Since entering cybersecurity space, she sees security as a humanitarian issue. Data breaches don’t just impact companies, but governments, environments, and people. This can adversely affect lives of the most vulnerable persons as well. Hence, her previous and current humanitarian passion has led her to become passionate about cybersecurity. Humanitarian work includes advising as a UN Volunteer, serving as a board member for several humanitarian organizations. Chloe is also the head of WIST organization, mentor and advocate for inclusion in tech, and founded a nonprofit called Drop Labels.

Tracking and Blocking Malware Distribution with Automation

Chris Schafer

This talk will conduct an analysis of one of the most effective Malware Distribution Networks being used today, form inferences on their distribution methods based on the behavior, and determine how to automatically block those distribution methods (preventing distribution of the malware samples). This process includes automatic collection of the malware being distributed, identifying additional downloaders, and analyses (both static & dynamic) of the stage 1 payloads and stage 2 malware samples.

Chris Schafer started in infosec 7 years ago playing CCDC. Since then, he’s worked extensively with logging, SIEMs, automation, and malware. His greatest professional goal is automating himself out of a job.

The SEArt of War: The Chimaera Threat Model

Christina Lekati & Tigran Terpandjian

In recent years, “red teaming” has become a market buzzword often prompting corporate excitement and weaving an image of “pentesting” in a red cape. This is unacceptable. The essence of red teaming is a healthy mix of “Gegenspiel” (Adversarial Thinking) and “Kontraspiel” (Adversarial Thought), terms coined by Dr. Mark Mateski of Red Team Journal.In the talk we will discuss how “red teaming” is not limited to the digital arena alone but includes physical and social vectors that should be considered for an effective operation. The social category does not only include social engineering but aspects such as history, philosophy, culture and art as well. In this talk, we will explain the logic behind these elements and their interconnection. We will discuss how these elements can provide significant intelligence when dealing with threat actors, and how they can additionally help craft a defense strategy. Drawing from examples and case studies from both the real and fictional world we will expand on Dr. Mark Mateski’s concepts by applying both of them respectively to analyzing the character Grand Admiral Thrawn from the Star Wars universe and the way he successfully does his threat profiling and fusion of intelligence from a diverse number of sources. The parallelism with Grand Admiral Thrawn is considered to be an entertaining yet representative example of applying critical thinking in gathering and analyzing intelligence and conducting threat profiling.Examples from the real world will be provided throughout the presentation as well, showcasing how the elements discussed in the CHIMAERA model have significantly contributed in past cases.

Lastly, participants will have the option to participate in a “debrief”. Participants will be provided with certain threat actors and they will be given a few minutes to research and to think critically to figure out why those threat actors do what they do, not in terms of the TTPs but in terms of their motivations, rationale, etc. Feedback will be provided right after.

Christina is a Social Engineering expert and ethical human hacker. With a background in Psychology, she learned the mechanisms of behavior, motivation, decision making, as well as manipulation and deceit. She became particularly interested in human dynamics and passionate about social engineering. Her writings on social engineering strategies earned her a distinction during her master studies. Christina has participated among other things, in forensic investigations within companies, and in needs and vulnerabilities assessments. She is currently working with Cyber Risk GmbH, a provider of cyber security training programs, as a social engineering expert and trainer.

Tigran (th3CyF0x) is presently an Incident Handler. He has been fascinated with languages, cultures, social psychology, military tactics and history since childhood. Despite a degree in international relations, he stumbled across Cyber Security and decided to pull the trigger and tumble down the security rabbit hole. Along the way, he was beset by the beasts of Compliance (FedRAMP) but found his banner under Red Teaming. Tigran enjoys applying red teaming concepts to conduct threat hunting and is passionate about emulating an adversary. He also loves playing tennis and is an avid practitioner of Krav Maga.

Network Exploitation of IoT Ecosystems

Fotios “Fotis” Chantzis

Internet of Things (IoT) ecosystems are comprised of a large variety of connected devices that are rife with “smart” features and textbook vulnerabilities. With the advent of ever growing interconnection and interoperability of all these devices, protocols that focus on automation have been developed throughout the years. These often assume an environment with cooperating participants – something that rarely happens in the real world. The fast market pace also leads manufacturers to marginalize security as having low return on investment. IoT devices are usually embedded with low-energy and low processing capabilities, deprioritizing security robustness as a result. All of the above combined make for ecosystems with lots of inherent weaknesses. In this talk we are going to present techniques and attacks on network protocols and insecure implementations commonly found in IoT ecosystems. We are going to explore how penetration testers can abuse zeroconf networking protocols like UPnP, mDNS, WS-Discovery and others to conduct a variety of attacks and how to combine a chain of seemingly lower risk findings into an impactful attack. Other IoT security angles will be explored as well: from the default insecurity of video streaming protocols like RTP, heavily used by networked cameras, to the growing usage of IPv6 and what that entails in terms of the security posture of the IoT world.

Fotis (@ithilgore) Chantzis is a principal information security engineer at Mayo Clinic, where he manages and conducts technical vulnerability assessments on medical devices and clinical support systems as well as penetretation tests and red team engagements on the network. Fotis has over 10 years of experience in the information security industry, which includes time spent researching network protocol vulnerabilities and developing security tools. He has been a contributor to the Nmap project since 2009, when he wrote the Ncrack network authentication cracking tool, which he still maintains, and has published a video course on “Mastering Nmap”. His research on network security includes exploiting the TCP Persist Timer (published on Phrack #66) and inventing a new stealthy port scanning technique by abusing the popular XMPP. His most recent research focus has been on medical device & IoT security.

Chip Decapping on a Budget


Introduction to IC decapping including why it’s interesting, standard methods used in industry and how to do it at home without asphyxiation or explosions. Presentation will conclude with photos of decapped ICs.

Funsized is an EE by day, and… still an EE at night. He enjoys building robots and cooking. Sometimes these hobbies are combined in terryfing and delicious ways.

Digital Forensics is not just for incident response anymore


Experienced InfoSec professionals are familiar with leveraging digital forensics in their incident response efforts. There are other opportunities to let the data tell the story, provide insight on risks your organization face, with how to mitigate those risks. What are these opportunities, how can you leverage forensics for these opportunities, & how do you acquire such capabilities?

When leveraging digital forensics, there are opportunities to let the data tell the story beyond our incident response efforts. Let the story provide insight on the risks your organization face, provide insight on how to mitigate, and provide the evidence to take the actions needed. What sort of organizations and what sorts of use cases are there; and what real world examples have organizations been able to leverage digital forensics to identify and manage their risks?

IrishMASMS (@IrishMASMS) is an old school hacker, fighting the good fight in Computer Network Defense (CND)/blue team efforts for over 19 years. Been lurking about since DEFCON 10, DJing the B&W ball at DEFCON 18 (with quite a few AP pool shindigs and private parties along the way). Panel member at HOPE 5, presenter at a couple of Notacon’s, LayerOne, Toorcon, Bsides, and some other conferences that are hard to remember or may lean on the more professional side. Having progressed through the ranks to hiring manager and director level, he has experienced the pain from both sides of the hiring process and desires to improve the situation for the InfoSec community. Is this where we mention cyberderp?

Hashes to Ashes: Life & Times of Clandestine Infrastructure

Jason Kichen

Exploits and implants get all the press, but infrastructure is the bedrock for APT actor operations. It’s the first thing created, the last thing destroyed, and the costliest to have caught, exposed, or otherwise burned. Akin to logistics in traditional military operations, infrastructure is critical: as Admiral H.G. Rickover (USN) said: “Bitter experience in war has taught the maxim that the art of war is the art of the logistically feasible.” Clandestine operations infrastructure possesses an extreme complexity, and this talk aims to describe and explore that complexity in detail. By examining the complexity of APT actor operations from the perspective of their infrastructure, including highlighting the complexity involved alongside a real-world example, this talk help network defenders improve their understanding of the threat landscape and perhaps give ideas for red teamers as well.

Jason spent nearly 15 years as an intelligence officer: designed, executing, and managing offensive cyber and technical operations all over the world. He left the government in 2017 and is working to deprogram as quickly as possible, and is helped in this endeavor by coffee and red wine. He is currently the Vice President for Advanced Security Concepts at eSentire.

Swords to Plowshares: Repurposing the Ghost Gunner

Machinist & Ravin Kumar

In this talk machinist and Ravin look under the hood of the Defense Distributed Ghost Gunner, a very capable desktop-sized CNC mill designed specifically for creating firearms. The overbuilt hardware of the Ghost Gunner lends itself to being a versatile, generalized tool. With some clever code and implementation, this machine is transformed into a more useful, and less legally-sketchy CNC mill.

machinist is the Dr. Dolittle of robots.

Ravin is an engineer and data expert. He’s deployed machine learning models in production and writes production-grade software.

Tales from the Lockpicking Village

Marcus Richerson

This talk will cover a variety of techniques utilized to defeat locks and physical security mechanisms, stories about lock picking villages and provide tips and tricks for hosting a successful lockpicking village.

Marcus has been working in information security over 12 years and currently hacks at Somerset Recon. He actively host and participates in capture the flag hacking competitions and enjoys reverse engineering, exploit development, lock picking, SCADA security, embedded device hacking, web hacking and mobile application hacking.

Let’s Talk About WAF (Bypass) Baby

Security Panda

All modern Web Application Firewall are able to intercept (and even block) most common attacks from the web. However, what happens when an attacker uses HTTP2 to send attack traffic to a web application or service? In this talk we will cover basic attacks against web applications and services using HTTP2 to bypass WAFs and Proxys. Attendees will gain knowledge of how to bypass WAF and Proxies using the HTTP2 Protocol, and steps they can take to protect them selves against these kinds of attacks.

Brett is a Breaker of Web Applications, Leader of a DefCon Group, Maker of Tasty Food, and Owner of a Majestic Beard. He has over 17 years of experience in IT and Security, specializing in Web Application Pentesting, PCI practices, vulnerability scanning, and management.

Competing for the Future: Building and Automation InfoSec Competitions

Wasabi & bluescreenofwin

Ever wonder what it takes to build a information security competition? This talk covers the challenges of building competitions that challenge professions and students that stay fresh and relevant with the constant changes in the industry. This talk will cover the Western Regional Cyber Defense Competition and the efforts we have put into building a more realistic and challenge competition through custom tooling, infrastructure, and applications that we have been building into our competitions. Some of the things we will be covering include using modern tools such as Ansible in combination with our agent “Mr. Smith” which can allow for a highly scalable competition, and how to build and deploy usable ICS systems quickly for competitions.

wasabi: Perpetual researcher, tinkerer of electronics, builder of competitions, and experimenter of IoT.

bluescreenofwin: Senior windows system administrator, maker of beer, and enthusiast Windows hacker. Beer, binary, Battlestar Galactica.