9:00 am

Center Room

Ray Davidson & Dr. Eric Franco

The Neighborhood Needs Cyber Helpers Too; Won’t You Be One?

Ray Davidson, PhD served as dean at the SANS Technology Institute during its founding, and went on to lead the Michigan Cyber Civilian Corps – the first completely civilian, state sponsored team of incident responders in the country. He continues to serve as a mentor, subject matter expert and technical reviewer for the SANS Institute, and for anyone else who will listen.  He holds a doctorate in Chemical Engineering, and several infosec certifications. He has professional experience as a newspaper carrier (on a bicycle!), telephone operator (before TouchTone), pharmaceutical research scientist, and cybersecurity thought follower. He has been a college professor and cofounded a security startup, among other poor life choices. Mostly he is passionate about empowering others to do the right thing. And dance.

Dr. Eric Franco is a Certified Emergency Manager serving as the Cybersecurity Preparedness Coordinator for Wisconsin Emergency Management and directs the strategic efforts of the Wisconsin Cyber Response Team. Eric’s 20 years of experience in K-12 and higher education and 10 years in the IT industry provide a unique vantage point to assist local units of government, public utilities, and school districts prepare for, mitigate, respond to, and recover from cybersecurity incidents.

10:00 am

North Room

Sebastien Spirit & Devin Hamilton

Transforming x86: Building & Defeating Anti-Reversing Techniques

The cat-and-mouse game between malware and malware researchers is everlasting, and the idea of obfuscation is nothing new. This talk aims to shed light on how custom binary obfuscation can be employed and how to determine its effectiveness. Walking through the process and steps that I took to write my code obfuscator with no prior knowledge can share insight and inspire others to try the same and learn from my own mistakes.

Center Room

Andrew Lemon

Oopssec: Learning from threat actors mistakes

Did I tell you about the time I accidentally stumbled into an active Nation State cyber operation? In this talk we’ll be covering the mistakes made by so called “advanced” persistent threats and how their mistakes expose some of the best trade craft that no one is teaching. We’ll be pulling back the curtain and shoulder surfing adversaries by analyzing bash history and infrastructure discovered as a result of bad opsec and sharing the 0-days and scripts we discovered. You’ll learn how motivations and targets define the strategy used by attackers along with the tools and techniques used to compromise those targets and finally how you can discover threat actor infrastructure yourself.

South Room

Jamy Casteel

Hacking the Cloud: Enumerating and Attacking AWS And Azure

In today’s interconnected digital landscape, cloud services have become the backbone of modern businesses, with Microsoft Azure and Amazon Web Services (AWS) being two of the leading providers. This technical presentation delves into the critical aspects of enumerating and attacking Azure and AWS resources from an attackers perspective, shedding light on some techniques, attacks, and mitigation strategies.

11:00 am

North Room

Steven Judd

How to safely "detonate" suspicious content

As IT professionals, especially if we either dabble or work full-time in Digital Security, there are times when you must check to see if suspicious content is legitimate or malicious. This presentation will discuss and demonstrate three approaches for how to safely check the content, how to implement each approach, and the strengths and weaknesses of each approach. This talk isn’t directly about PowerShell, but PowerShell will be used to speed up the setup and usage of the approaches.

Center Room

Michael Gough

All these so-called sophisticated attacks… Can we really detect them?

What does it take to detect all these attacks we read about? Is it possible? Where do we start? What do we do? AHHHHHHHHHHHHHHH… This talk helps to bring an approach to use these reports to improve your security program.

South Room

Rich Lay

Investigating Cybercrime: 1997 – 2019

A former FBI agent shares his personal insights on the evolution of cybercrime throughout the years by summarizing some of his more intriguing investigations.

12:00 pm

Center Room

CISO Showdown

1:00 pm

North Room

Cymber Sletten

Are we losing the hacker mindset?

More organizations are publishing cybersecurity standards, guidelines, and checklists than ever before. This is great news for our industry and gives us a great place to start with when protecting our companies! However, being too reliant on these resources can lead to narrow mindedness. Come and learn more about broadening your perspective and how it can help you protect your organization and grow as a security professional.

Center Room

Stephen Nelson

Out of the hot tub and into the deep end. Secure AI using Local LLM's.

Corporate policy against Public LLM? EG ChatGPT. Concerned with privacy and security, but still want to augment your work with Large Language Model’s. This talk is for you. We will setup two local Large Language Model’s soup to nuts. Walk you through three example use cases for typical cybersecurity pro’s.

South Room

Jennifer Shannon

API-ocalypse Now

Get ready for a wild ride as Jennifer Shannon, a Senior Security Consultant at Secure Ideas, takes the stage to present “API-ocalypse Now” In this thrilling and entertaining session, Jennifer will showcase the vulnerabilities lurking within APIs and the havoc they can wreak if left unaddressed. Through live pentesting demos, she will demonstrate jaw-dropping exploits, mind-bending injection attacks, and authentication bypass techniques that will leave you on the edge of your seat. Join Jennifer as she navigates the dark side of API’s to help you understand and fortify your attack surface in order to prevent the impending API-ocalypse.

2:00 pm

North Room

S M Zia Ur Rashid

The Ghost in Your DNS: Unmasking Subdomain Hijacking

Subdomain hijacking / takeover, a little-known but widespread security vulnerability, involves exploiting DNS misconfigurations to gain unauthorized control of subdomains. This session caters to both offense and defense teams, focusing on hijack methods and its extensive impacts beyond brand reputation, such as data breaches, financial losses, and the compromise of users’ sensitive data. We’ll explore real-world incidents to underline the risks and consequences, introducing various open-source tools that attackers leverage for exploitation and defenders use for detection and prevention. The session aims to equip both sides with the knowledge and tools needed to effectively understand and combat subdomain hijacking.

Center Room

Geoff Wilson

There Will Be Breaches: Stories from the Trenches and Lessons Learned

In this talk Geoff Wilson, CEO of Go Security Pro, will discuss notable data breaches from this past year including the MGM and MOVEit hacks as well as some lesser-known data breaches. Geoff will discuss the changing threat landscape including threat actors targeting service providers and the IT helpdesk, ransomware actors submitting regulatory complaints, and the persistence of business email compromise. Learn how your organization can learn from these breaches and adapt to make the best use of its resources to stay out of the headlines.

South Room

Susan Lindberg

Threading the Needle: Navigating Law and Security

An organization’s cybersecurity team operates at the intersection of technology, budget, and regulation. As security strategists, they chart the course. As first responders, they face the eye of the storm. Meanwhile, they must track and comply with an evolving set of regulations, or face legal risk. Sometimes, the regulations appear well aligned with reality, while at other times, they do not. What makes a cybersecurity law either helpful or at odds with achieving security? This presentation will cover the rapidly changing world of cybersecurity legal obligations, offering insights into the drivers behind new regulations from SEC, TSA, DoD, and others, all with a focus on critical infrastructure. We will discuss how regulations and laws are created, and how input from the cybersecurity community might inform that process. This presentation is designed for anyone interested in gaining a practical perspective on cybersecurity law.

3:00 pm

North Room

Paul Wowk

How to use Application Security Testing as part of an Secure Software Development LifeCycle (SSDLC)

The typical root cause of all vulnerabilities is a weak development process that does not use a mature Secure Software Development LifeCycle (SSDLC). This presentation will discuss the building blocks deploy a secure development process for detecting, remediating, and then ultimately preventing security vulnerabilities in software.

Center Room

Mika Ayenson & Justin Ibarra

Rolling your own Detections as Code

Teams are increasingly adopting software development practices to enhance their detection capabilities. “Detections as Code” (DaC) is a methodology that mirrors the principles of Infrastructure as Code, applying them to the creation, management, and deployment of detection rules. By treating detections as code, security teams can leverage version control, peer reviews, automated testing, and deployment processes to improve the quality, auditability, and speed of their detection strategies. This talk aims to explore the concept of DaC, its benefits, and how its core principles are implemented within the rule management lifecycle using the open source detection-rules repository. We will cover various aspects of managing detection rules as code, including unit testing, validation, exception and action list management, syncing production rulesets, and CI/CD integrations, providing attendees with a comprehensive guide to adopting DaC practices.

South Room

Jonah White

Unveiling the Shadows: Exploring EDR Evasion Techniques

What are the modern methods attackers are using to evade EDR solutions? Jonah White will walk through how to better analyze EDR alerts while also executing regular EDR best practices to avoid common pitfalls.

4:00 pm

Center Room

Final Remarks and Raffle