Kris Wall

ProxyLogon – The Vulnerability That Shook the World: Why AppSec Matters

ProxyLogon was and still is a devastating vulnerability affecting thousands of Exchange servers around the world. The vulnerability was so devastating that we even saw the return of the ChinaChopper webshell. Join us as we discuss:

what ProxyLogon is and what happened
how ProxyLogon works
and a demo of working payloads

Kris Wall is a technology and community leader with a passionate focus on penetration testing and application security with 15 years of experience working at a network and security consultant and is currently finishing his Master’s in Cyber Security and Information Assurance. Kris is passionate about application security and regularly gives offensive and defensive talks at information security conferences, including BSidesOK and the Federal Bureau of Investigation’s annual Information Warfare Summit. Kris is also a community organizer for the local information security groups in Oklahoma City.

Throughout his career, Kris has performed many roles including: Penetration Testing Manager, Penetration Tester, Application Security Assessor, Software and Web Developer, Forensic Analyst, Security Analyst, IT Administrator, and IT Auditor. His former responsibilities include performing security testing, vulnerability and risk assessments, segmentation testing, policy writing, incident response and digital forensics, and secure software development.

Kris frequently provides training to classes on information security, penetration testing, and secure application development.

Steven Marshall

Ways to make cybersecurity training more engadging

End-user training is an important part of any organizations training programs. Many users find cybersecurity training to be boring. In this presentation, we will discuss ways to make cyber-security training more engaging to get the best results.

I’m Steven Marshall, Systems and Security Administrator for the College of Arts and Sciences at the University of Oklahoma. I have worked in the IT industry since 2005 with various roles and titles.

Karthikeyan Govindaraj

GoLang App build version in Containers & HealthChecks in gRPC Containers for Kubernetes

In this session we will solve two different problems with GoLang and Containers. i) Logs are trivial in the world of a developer when it comes to debug. With the container logs, the version is a life saver as it denotes the tag that has been cut from the source code and containerized. We will see how to inject this version dynamically into container image. ii) Health Checks in Kubernetes are important in determining the container’s readiness. With gRPC, its little bit tricky to do that as k8s supports only HTTP and exec formats. We will see how to do that in gRPC containers.

Karthikeyan Govindaraj is a Vice President at BlackRock, where he works on building tools to make apps easier to run on Kubernetes. He contributes to the Kubernetes community as a community member. Karthik is passionate about cloud and cloud-native infrastructure, developer tools & experience, open-source. He has a Bachelor of Engineering degree in Computer Science.

Medium

Nick Harris

Don’t Blame the Intern

Recent comments by current and former CEO’s of SolarWinds have seemingly attributed their massive breach (SolarWinds Orion/Sunburst) to a weak password set by an intern. Even if this was indeed the source of the compromise the fact that a single compromised intern-controlled account could lead to such a wide-scale breach indicates a massive failure in enterprise information security governance and policy, as well as a lack of oversight and accountability on behalf of SolarWinds management and executive staff. Nothing can be completely secure, but without accountability and commitment from an organizations leadership, the security posture of the organization will greatly suffer.

Currently employed as a senior Security Analyst/Architect with the Oklahoma Turnpike Authority. I’ve worked for the House Committee on homeland security in Washington D.C. and did a stint living in the Russian Federation. I have formal experience in offensive security & information security policy.

Samuel Kimmons

Look at me, I’m the Adversary now: Introduction to Adversary Emulation and its place in Security Operations

Adversary Emulation is quickly becoming a hot topic in information security, and there is a good reason for it. Security analysts, threat hunters, and incident responders are constantly facing an onslaught of old and new threats. How can defenders properly prepare for the ever changing threat landscape, improve their skill set, and improve the security posture of their organization? In this presentation I’ll answer those questions by covering: The various forms of Adversary Emulation, where/how it fits into Security Operations, the benefits of using it as a Blue Team training tool, and how to get started!

Samuel Kimmons is the Adversary Emulation Lead at Recon InfoSec. He is responsible for researching, planning, and developing full scope Adversary Emulation Scenarios for Recon’s Network Defense Range Training and the OpenSOC CTF. Samuel got is start in Information Security during his time in the United States Air Force.

Geoff Wilson

Protect Your Business by Adopting a Security Framework

In this talk, Geoff Wilson will detail recent data breaches that his company, Go Security Pro, has been involved in remediating. Geoff will highlight the critical weaknesses that led to these data breaches and how adopting a cybersecurity framework can keep you out of the data breach headlines. Geoff will discuss the pros and cons of security frameworks such as ISO 27001/27002 and the NIST Cybersecurity Framework.

Geoff Wilson is an innovative cybersecurity thought leader with deep experience in defensive cybersecurity strategies. Having studied at Carnegie Mellon University and trained at the National Security Agency, Geoff brings 17 years of cybersecurity experience to your organization.

In his many cybersecurity roles, Geoff has been an IT Auditor, Penetration Tester, Risk Assessor, Forensic Analyst, SOC Engineer, Information Security Officer, Software Developer, Author, University Professor, and Consultant.

Geoff is a business leader having founded Go Security Pro in early 2019 with his co-founder Susan Wilson. Geoff regularly speaks at conferences, presents to executive leadership and boards, and can get in the technical weeds with IT professionals.

Joe Sullivan

Data Governance Programs

Data Governance programs are important for ensuring the proper handling of your organization’s data. In this presentation I will cover the following topics: What data governance programs entail The challenges of implementing a data governance program Utilizing the NIST Privacy Framework in a data governance program How to get executive and organizational buy in for your data governance program How to keep the stakeholders engaged with the data governance program

Joe Sullivan has over 20 years of experience in information security and works as a consultant for Rural Sourcing in Oklahoma City.

In addition to being a SANS instructor, Joe is active in the Oklahoma City information security community as the chapter leader of the Oklahoma City Open Web Application Security Project (OWASP) and is a Cyber Patriot mentor, a GIAC Advisory Board member, and an InfraGard board member. Throughout his career, Joe has acquired numerous certifications including: GSTRT, GSLC, GPEN, GCIH, GCFE, CISSP, CNSSI 4012, CNSSI 4013, CNSSI 4014, NSTISSI 4011, NSTISSI 4015. .

Gordon Rudd

Scalable, Sustainable Cybersecurity for Any Size Organization

This session will focus on how corporate size and growth rate actually dictate cybersecurity methodology, strategy and operations. Setup and maintenance of CyberOps is very different for these companies. IT and Cybersecurity operate in hybrid models, focused on five areas. Successful information security teams must understand each of these areas and their operation to succeed.

Securing fast-growing companies, is difficult to do. Very difficult to do well. This session will give attendees key performance indicators to describe the relationship between each area of excellence and the scalability, sustainability and flexibility required in a cybersecurity program/department.

Gordon Rudd is the CEO of Stone Creek Coaching. Gordon has over 40 years of experience in the IT and cybersecurity in oil & gas, health care and financial services. He is a recognized expert in cybersecurity, ERM, GRC, IT risk management, and compliance program development. Gordon works with the coaching team at Stone Creek helping technical personnel map their careers and achieve their personal objectives. He also serves as our subject matter expert in residence.

Gordon joined Stone Creek Coaching after being the VP, CISO for RCB Bank. Gordon implemented and managed both their cybersecurity program and enterprise risk management program, which included managing internal and external audits and regulatory examinations, creating the vendor management office and implementing a successful continuous process improvement program. Today, Gordon uses his proven ability to energize any department or organization using Stone Creek’s innovative people, process, and technical solutions.

Gordon founded the CISO Mentoring Project 12 years ago and is still an engaged mentor for many aspiring and active CISOs around the world. Gordon is a regular presenter with (ISC)2 an international, nonprofit association for information security leaders, to create and lead educational events, videos and content for their members.

Richard Cascarino

CISA Examination Preparation

Corporations are becoming more and more aware of the risks facing them in the expanded Environment of Business now facing them. Increasingly management is taking a risk management role and IT management is being called to assist at corporate and strategic risk management levels and IT Audit are being required to provide professional opinions and recommendations on IT risk areas.

Richard Cascarino, CRMA, CIA, CISM, CFE is a consultant and lecturer with over 30 years of experience in Large scale, Project Management, Risk, Audit, Governance, Forensic, Internal and IT auditing education and author of the books Internal Auditing-an Integrated Approach and Auditor’s Guide to IT Auditing and Corporate Fraud and Internal Control: A Framework for Prevention published by Wiley in 2013. Data Analytics for Internal Auditors published in 2017 He is also a contributing author to the Governance section of all 4 editions of QFinance: The Ultimate Resource and is a frequent speaker at IIA, ACFE and ISACA workshops and conferences. His latest book, Complete Guide for CISA Exam Preparation came out in October 2020. He has assisted in the implementation and audit of IT and Operational systems as well as the training of Internal Auditors in the USA, UK, and Middle East and throughout Africa. He is a Past President of the IIA – South Africa and founded the African Region of the IIA Inc. He has also served as a member of the Board of Regents for Higher Education of the Association of Certified Fraud Examiners. He developed the BComm Internal Audit for the University of the Witwatersrand in Johannesburg and the Honors program in Governance and Risk at the same university.

Phillip Wylie

Inside The Mind of a Threat Actor: Beyond Pentesting

Red team is a commonly misunderstood offensive security discipline. Red team has been used as a general term for all areas of offensive security just as blue team for defensive security. True red teaming goes Beyond Pentesting and into more adversarial emulation. While there are overlapping skills, there are differences that will be discussed as Phillip shares his experience of going from a pentester to a red teamer. In this talk, you will learn about the different areas that make up red team operations, common tools, and the path to becoming a red teamer. In this presentation, you will learn about resources helpful for a path into red teaming.

Phillip Wylie is an Offensive Security Instructor at INE, Adjunct Instructor at Dallas College, and The Pwn School Project founder. Phillip has over 23 years of experience with the last 9 years spent as a pentester. Phillip has a passion for mentoring and education. His passion motivated him to start teaching and founding The Pwn School Project. The Pwn School Project is a monthly educational meetup focusing on ethical hacking. Phillip teaches Ethical Hacking and Web Application Pentesting at Dallas College in Dallas, TX. Phillip holds the following certifications; CISSP, NSA-IAM, OSCP, GWAPT.

Vincent Scott

CMMC: A Compliance Journey

CMMC is the new DoD framework for cyber defense, the Cybersecurity Maturity Model Certification, and it will shortly be mandated across the DoD supply chain. Not only mandated but it will require an independent third-party audit to confirm that compliance, a massive change from the current world of self-attestation, and corrective plans. By design, this is going to drive a much higher level of cyber compliance across the Defense Industrial Base (DIB), and that means not just some, but a vast majority of companies will have to make significant changes and investments to meet these requirements. It also appears this will not be limited to DoD. There is already discussion and some action to mandate CMMC compliance and audits in other areas of Federal government contracting. This talk will discuss the compliance and security journey of one company.

Vince Scott is a retired US Navy Cryptologist and Information Warfare Officer and currently serves in several roles. As the founder of Defense Cybersecurity Group he is building a new cyber audit company focused on the DoD’s Cybersecurity Maturity Model Certification (CMMC). After a diverse military career, Vince has served as a Director for Oklahoma State Universities Multispectral Laboratory, led the Procter and Gamble cyber incident response and threat intel organization, assisted a broad range of Fortune 500 clients as a Director with PwC Cybersecurity and Privacy, and served as the founding Executive Director of SENTIR Research Laboratories.
Vince earned his bachelor’s in computer science from the US Naval Academy, has completed DoD Acquisition Level II qualification, earned his MS in Management Information Systems from the University of Maryland/Bowie State while residing in the UK, and has earned a graduate certificate in Information Security from the University of Fairfax. He is a 2012 graduate of the Oklahoma State University Veteran Entrepreneurship Program, is a graduate of the Air Command and Staff College for joint planning, and the Joint Forces Staff College senior officer program for strategic and operational planning. He previously served as a member of the Editorial Board for the Journal of Law and Cyber Warfare. He is US Navy certified subject matter expert in Information Warfare and Cryptology, a DoD/CNSS certified Information Systems Security Professional (ISSP), Incident Handler Engineer (IHE), and certified Senior Systems Manager (SSM).

Sourya Biswas

Security on a Budget: Building Security from Scratch

In my career, I’ve had the opportunity to help build the security program for a startup which suddenly became successful enough to become a target. Also, more number of transactions brought it into the ambit of Level 2 PCI compliance, with Level 1 projected in near future. Joining as the second hire to the Tech Security & Compliance team after the CISO, I helped roll out multiple products and services, right from evaluation to managing the implementation projects. Getting buy-in and budgetary approvals from the Board and Executive Leadership required us to develop a staggered, results-driven approach shaped by the concept of Defense in Depth. This presentation will combine lessons learned during my time at the startup with knowledge gleaned from my consulting career advising startup clients on their security postures.

I’m a Principal Security Consultant in the Risk Management & Governance (RM&G) practice at NCC Group, a security consulting firm headquartered and listed in the UK with a major and growing US subsidiary. I have 14 years of experience in Information Risk and Security, and hold an undergrad degree in Information Technology from IIIT Calcutta and an MBA from the University of Notre Dame. I have several articles on cloud computing available online and served as technical editor for an authoritative textbook on the subject. I’m a certified CISSP, CCSP, CISA, CISM, CRISC, CGEIT, PMP and also have several ITIL Intermediate certifications.

That’s all about my second job. My first job is being a father to two adorable and naughty munchkins, 4 and 3 years old.

Julio Tirado

Machine Learning for Auditors

The talk will involve defining various concepts, such as machine learning (ML) vs deep learning (DL), and supervised learning vs unsupervised learning, to provide attendees a basic understanding of the domain. Attendees will also dedicate 5-10 minutes doing some basic python programming (e.g., creating comments, variables, and a function), and dedicate 10-15 minutes writing code using Jupyter Notebooks to build a simple machine learning application using the Scikit-Learn framework. The session will end with some recommendations to further continue learning about AI, ML, and DL and will reference some audit resources via IIA and ISACA to help IT Auditors better prepare for tackling the expected increased adoption of AI technologies.

Julio is an admitted information addict with a passion for learning. His 14-year career in Internal Audit has been dedicated to the Banking industry during which he’s developed an obsessive focus on cybersecurity risk management and finding creative ways to upskill in all things tech. He is a member of the IIA, ISACA, ISSA, ACFE, and Infragard professional organizations. Julio currently volunteers with the Tulsa IIA, ISACA, and ISSA Chapters as the facilitator of the Cybersecurity Roundtable, and serves as the Secretary and Board member of the ISSA Chapter. Prior to his audit career, Julio served in the United States Air Force as an aircrew member aboard an AWACS aircraft in the 964th Airborne Air Control Squadron. When not spending time with his family or obsessing about learning new things, Julio enjoys choking out white belts in Brazilian Jiu-Jitsu for maximum stress relief.

Donovan Farrow

Pretesting the Low Hanging Fruit

This presentation will provided details of a true “hacker”. A true hacker knows technology and how it works. Yes, code is great but if you do not know a server, computer, network works it will be tuff to take it to the next level. During the presentation I will teach the group on what tools I use and how to take advantage of the computer network. The group will not only understand what hacking really is but know how to better protect their company environment going forward.

Donovan Farrow CEO, Founder – Alias Forensics Donovan founded Alias Forensics Inc. in 2010. Born and raised in Oklahoma, Donovan’s vision has always been to create a community that grows and supports a fresh aptitude in Information Security. In the past, he gained over 19 years of experience working for Schlumberger Oilfield Services, Loves Travel Stops, Chesapeake Energy and NTT Security in the fields of Information Technology, Information Security, Digital Forensics, and Incident Response. Donovan currently serves as CEO of Alias Forensics, has provided digital forensic analysis in over 2,000 court cases, 160 Incident Response engagements, 280 penetration tests, Appointed Special Master by the Court, sits on the OCCC Advisory Board, and he is ACE, PCE, CCE and GCFA certified. Donovan was awarded “2020 Most Influential Young Professional”, the “Young Entrepreneur of the Year” Award at the Tulsa Small Business Summit and Awards Ceremony in 2018. Some of the other titles Donovan holds are Expert Witness, Public Speaker, Social Engineer, and Info Sec Trainer. In his spare time, he enjoys clay shooting, travelling, and spending time with his wife and kids.

Anthony Hendricks

I hate lawyers! Working with attorneys during breaches to maintain privilege and your sanity

Last year there were almost 4,000 publicly disclosed data breaches and numerous others that did not make headlines. Despite all the tabletop exercises and updates to the company’s breach response plans, data breaches and cyber incidents can be stressful. One added layer to the stress is that CTO, IT professionals, and internal response team members have to work with outsides lawyers with different priorities. This presentation will explore the role that lawyers play in investigating and responding to data breaches, how lawyers and internal technology professionals can work together, and the benefits for companies when everyone pushes in the same direction. This presentation will also define attorney-client privilege and explain its importance, along with some examples of when companies have failed to maintain privilege during their investigations. The discussion will also explore how working with lawyers can save companies money by cutting off or limiting regulatory investigations and preparing them for potential lawsuits.

Anthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy. Hendricks guides clients facing sensitive criminal, cybersecurity, banking, and environmental compliance issues. He also advises clients on privacy and data protection laws, coaches clients on developing data breach response plans, and represents clients facing enforcement actions related to cyber laws. Hendricks’ research interests include the enhancement of diversity in the field of cybersecurity, the future of data privacy, and the development of cybersecurity policy in midsize cities and rural states. He is a graduate of Howard University, holds two Masters from the London School of Economics, where he was a British Marshall Scholar, and a Juris Doctorate from Harvard Law School.

Antonio Cobo

Impostor syndrome in the IT world from a conference speaker’s perspective

Have you ever compared yourself with other team members and felt like a fraud? Have you ever felt unworthy of your job promotion? Have you ever doubted of your successes? Do you know someone who could have answered “Yes” to any of those questions?

These are symptoms of Impostor Syndrome; it affects most of the people working in IT. It affects conference speakers as well. I will share with you my struggles public speaking and how I fight impostor syndrome on every conference. Hopefully this talk will help you to fight impostor syndrome on your day job and help others who might be suffering in your area of influence.

Antonio is an Agile enthusiast with more than 20 years experience in the IT industry and specialises in Agile methodologies. He comes from a technical background, starting his career as a Java Developer in Spain in 2000, moving to different roles within IT in three different countries. Antonio is passionate about creating and implementing the best solution while continually seeking to improve work methodologies. He is convinced that most of the problems in IT are due to lack of communication! Antonio usually speaks about Agile, DevOps, Project Management and Team management at conferences across Europe and US, such as DevOps Days, JAX and Voxxed Days.

Trent Russell

Analytics Anyone Can Do

Theory is great (apparently there’s this one on relativity that’s a pretty big deal), but we’re practitioners and need the application. In this session we’ll apply a few hands-on analytics techniques that are applicable regardless of your profession or role on your team. By the end of the session every attendee will have the ability to complete an analysis in only four steps. We’ll also go through a list of tools (free tools!) that everyone can use to analyze their data as well as “The Cadillac” of fraud analytics.

Trent Russell is the Founder of Greenskies Analytics. He graduated from the University of Alabama with an MIS degree before joining Ernst & Youngs’ IT Risk Assurance practice where he served multiple industries. He later joined the Financial Service Office at EY and facilitated the development of data analytics procedures for financial statement audits. At Greenskies he develops data analysis and hands-free monitoring solutions for forward-thinking internal audit teams.

Filipi Pires

Threat Hunting | Practical Proving in creative way like a detection and efficiency test in security sensors

During this presentation we’ll show our tests performed in three different solution endpoint security (CrowdStrike,Sophos and Cybereason Solution), where we simulate targeted attacks using many strategies of attacks to obtain a panoramic view of the resilience presented by the solutions, with regard to the efficiency in its detection by signatures, NGAV and Machine Learning, running scripts, such as: Download many malwares within the victim machine, moving all those malware to other folder(expectation of detection without execution), and as well as, an idea in to download these artifacts directly on the victim’s machine using malwares from The Zoo Repository and furthermore, we’ll running scripts with PowerShell downloading daily malwares batches, provide by MalwareBazaar by request using API access. And the end of this presentation, the front responsible for the product will have an instrument capable of guiding a process of mitigation and / or correction, as well as optimized improvement, based on the criticality of risks.

I’ve been working Principal Security Engineer and Security Researcher at Zup Innovation and Global Research Manager at Hacker Security, Staff of DEFCON Group São Paulo-Brazil, I have talked in Security events in US, Germany, Poland, Hungary, Czech Republic, Brazil and others countries, served as University Professor in graduation and MBA courses at Brazilian Colleges as FIAP / Mackenzie / UNIBTA and UNICIV, in addition, I’m Founder and Instructor of the Course – Malware Analysis – Fundamentals (HackerSec Company – Online Course).

Rob Richardson

Securing Docker Containers: Kubernetes just handles that, right?

Securing a container is like securing a virtual or physical machine. You need to understand what’s installed, ensure it’s patched, and reduce the attack surface. But unlike traditional servers, this is done at build time for containers. Journey with us as we build a comprehensive strategy for securing your digital assets that run in Docker, and leave with concrete steps you can apply to your DevOps pipeline today.

Rob Richardson is a software craftsman building web properties in ASP.NET and Node, React and Vue. He’s a Microsoft MVP, published author, frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development. You can find this and other talks on his blog at https://robrich.org/presentations and follow him on twitter at @rob_rich.

Jason Rohlf

Best Laid Audit Plans

The information technology ecosystem serves as the nervous system of your organization. For those who bear the responsibility for evaluating the health of IT programs and systems, one of the most daunting challenges they will face is determining where and how to focus their precious and finite resources. If the goal is to provide the maximum level of assurance that the organization is doing the right things with those limited resources, it is imperative that attention is placed on the areas that are most critical to achieving that end. This session will explore the various approaches and options for performing risk assessment activities that drive a focused and meaningful IT Audit Plan. We will review concepts and approaches related to defining this crucial audit space, including top-down vs. bottom-up evaluations, the various data and criteria that can be leveraged to drive assessment results, and how to carry out holistic assessments for all key IT areas, including security, operations, consumer interaction, finance, regulatory compliance and risk management.

After graduating from Illinois University, Jason Rohlf began working in public accounting and auditing. He eventually moved into the technology world, building and deploying software solutions to help auditors and compliance professionals. He now serves as VP of Solutions at Onspring, a GRC and business process automation platform.

Andrew Lemon

B&E from A-Z

Ever used airbags to open a door? From the old tried and true B&E techniques to the stuff you’ve never heard of—learn the tools and methods of the trade. Peek inside the kit of a red teamer as we cover the ways we broke into your data center even during lockdowns.

Andrew Lemon is currently a Principal Security Engineer at Alias where he serves as the expert on network and security architecture. He is the lead engineer over penetration testing, IT auditing, incident response, security consulting, social engineering, and security awareness training.

Rob Richardson

Continuous Security by Design

Have you struggled to get security baked into your DevOps process or have your security needs taken a back seat to “run fast and break things”? Just because we’re moving fast doesn’t mean we can’t be secure. Join us for this deep dive into adding container scanning to a DevOps pipeline. We’ll enumerate the security tool categories, and give you tips for adding these tools to your development workflow, build pipeline, and production monitoring setup. You can achieve a robust security posture and still release continuously.

Rob Richardson is a software craftsman building web properties in ASP.NET and Node, React and Vue. He’s a Microsoft MVP, published author, frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development. You can find this and other talks on his blog at https://robrich.org/presentations and follow him on twitter at @rob_rich.

Logan Evans

Build Your First Security App in the Cloud

~ Building a Serverless Security Toolkit ~

Blue Team: Build applications to analyze threats and manage risk without having to set up a bunch of VMs

Red Team: Hack faster and smarter with tools that are available anywhere, with infinite storage and scalability

The possibilities are endless!

Founder @ Sugar Security (https://sugarsecurity.com) – Oklahoma cybersecurity software in the cloud – The World’s Sweetest Hackers!

Michael Gough

Incident Response Fails – What we see with our clients, and their fails, preparation will save you a ton of $$$, heartache, maybe your sanity and job

As an Incident Response Principal, we respond to our clients’ incidents and we see a pattern. I have done many a presentation from a Blue Team perspective recommending you do some things, so let’s take a look at what we regularly see that our clients fail at, that either caused the event, made it worse, or why it went undetected. This is a teaching moment that I want to share with you to take back to your organization to prepare for an inevitable event. I talk about the 3 Cs’ Configuration, Coverage, and Completeness and this helps us to understand what kind of process that is needed to address the whole of the problem and how these map to your security program and why organizations suffer so badly during a security event. How is your logging? Is it enabled? Configured to some best practice? (hopefully better than an industry standard that is seriously lacking). Have you enabled some critical logs that by default are NOT enabled? Do you have a way to run a command, script, or a favorite tool across one or all your systems and retrieve the results? What is that we Incident Responders need and use to investigate an incident and what are the typical recommendations we make to all our clients that they fail to do? Sadly a lot of what we need, you already have and is free, nothing to buy, just process and procedural improvements. This talk will describe these things and how to prepare, and be PREPARED to do incident Response, or if you hire an outside firm, what they want and need too. The attendee can take the information from this talk and immediately start improving their environment to prepare for the inevitable, an incident.

Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic for NCC Group. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael presents at many security and technology conferences helping to educate on security that attendees can go back to work and actually do. Michael is a primary contributor to the Open Source project ARTHIR. Michael is also co-developer of LOG-MD, a free and premium tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael is co-host of “THE Incident Response Podcast”. In addition Michael also ran BSides Texas entity (Austin, San Antonio, Dallas and Houston) for six years and lead for the Austin Conference.

Log-MD.com

Aaron Crawford

Exploring the Hacker Mentality for Positive Solutions

Hacking is often perceived in a negative light by the world in general. In this talk Aaron Crawford demonstrates how he crafted a community solution to help prepare for active shooting scenarios by embracing the hacker mentality and applying it to the issue. Learn a step-by-step process to take your existing skillsets and commit righteous hacks for the benefit of the world around you. This is the one talk on hacking that will help others and cannot be placed in a negative light. This talk will help to elevate your existing possibilities and arm you with the ability to hack to help.

Aaron Crawford is a security professional and prolific author with over twenty-six years of experience in the industry. You can find him on a regular basis helping others to learn about security and on his podcast Social Engineering Tips.

Filipi Pires

Discovering C&C in Malicious PDF with obfuscation, encoding and other techniques

Demonstrate different kind of structures in the binaries as a PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malware’s and where it would be possible to “include” a malicious code. By the end of this “talk” it will be clear to everyone, differences in binaries structures, how can the researcher should conduct each of these kind of analyzes, besides of course, it should seek more basic knowledge, with file structures, software architecture and programming language.

I’ve been working Principal Security Engineer and Security Researcher at Zup Innovation and Global Research Manager at Hacker Security, Staff of DEFCON Group São Paulo-Brazil, I have talked in Security events in US, Germany, Poland, Hungary, Czech Republic, Brazil and others countries, served as University Professor in graduation and MBA courses at Brazilian Colleges as FIAP / Mackenzie / UNIBTA and UNICIV, in addition, I’m Founder and Instructor of the Course – Malware Analysis – Fundamentals (HackerSec Company – Online Course).

Ochaun Marshall

A Shock to the System: Static Analysis for Real AppSec

Static analysis (SA) is one of the few techniques that provides a low-level examination of source code. When SA is combined with DevOps automation and traditional pentesting, it can offer valuable insights that help with implementation and remediation efforts. Ineffective use, however, overwhelms development teams with false positives and causes dysfunctional communications with security teams. This talk goes over several toolkits for static analysis based on language and tech stack. After that, we will talk about how to use automation to create workflows for developers and application security engineers. We will conclude with cultural transformations needed to make effective use of these tools and techniques.

Ochaun (pronounced O-shawn) Marshall is a developer and security consultant with a background in education and machine learning. He has taught courses on computer science and software development. In his roles at Secure Ideas, he works on ongoing development projects utilizing Amazon Web Services and breaks other people’s web applications. He is passionate about secure cloud development and blasts Two Steps from Hell while hacking, blogging and coding.

By the way, do you know of any good D&D sessions going on in the Charlotte area? I’ve got a Lizardfolk Forge Cleric already rolled up and I’m looking for a game.

Oklahoma's Premiere Information Security Conference

Join Our Live Streams

Sign-In to Join the ChatClick Here!

Conference

Swag

News

Sponsors

Sponsors

Virtually Awesome

The Show Must Go On

Schedule

Keynote

Kicking Off

9:00 CDT

Tanya Janca

10:00 CDT

Threat Hunting | Practical Proving in creative way like a detection and efficiency test in security sensors

Analytics Anyone Can Do

A Shock to the System: Static Analysis for Real AppSec

11:00 CDT

Securing Docker Containers: Kubernetes just handles that, right?

Best Laid Audit Plans

B&E from A-Z

11:30 CDT

Impostor syndrome in the IT world from a conference speaker’s perspective

I hate lawyers! Working with attorneys during breaches to maintain privilege and your sanity

Discovering C&C in Malicious PDF with obfuscation, encoding and other techniques

12:00 CDT

Pretesting the Low Hanging Fruit

Machine Learning for Auditors

ProxyLogon – The Vulnerability That Shook the World: Why AppSec Matters

1:00 CDT

Security on a Budget: Building Security from Scratch

CMMC: A Compliance Journey

Exploring the Hacker Mentality for Positive Solutions

2:00 CDT

Inside The Mind of a Threat Actor: Beyond Pentesting

CISA Examination Preparation

Incident Response Fails – What we see with our clients, and their fails, preparation will save you a ton of $$$, heartache, maybe your sanity and job

3:00 CDT

Scalable, Sustainable Cybersecurity for Any Size Organization

Data Governance Programs

Protect Your Business by Adopting a Security Framework

4:00 CDT

Look at me, I’m the Adversary now: Introduction to Adversary Emulation and its place in Security Operations

Don’t Blame the Intern

Build Your First Security App in the Cloud

4:30 CDT

GoLang App build version in Containers & HealthChecks in gRPC Containers for Kubernetes

Ways to make cybersecurity training more engaging

Continuous Security by Design

5:00 CDT

Closing Remarks

Code of Conduct

Sign-In to Join the Chat
Click Here!