Are you capturing the right logs? Are your logs complete? Would you be able to detect the next Solorigate attack? These questions may keep you awake at night. But using DeTT&CT and the MITRE ATT&CK Framework can help you understand where you need to shore up your logging. Let me show you how!

In this session, we’ll discuss why the ATT&CK Framework is important for threat detection. Then we’ll dig into how you can use DeTTECT to identify the areas of your environment where your logging may not be comprehensive enough to catch the threats in ATT&CK. It’s a fun exercise and very visual. Best of all, I’ll walk you through the steps you’ll need to perform to set this up on your own.

In this talk Geoff Wilson will detail the hacker’s view of your vulnerabilities and how many of the targeted weaknesses are not on your radar. Geoff will detail associated exploits, best practices for thwarting these attacks, and how to manage vulnerabilities in 2022.

Geoff Wilson, CEO of Go Security Pro, will detail the hacker’s view of your vulnerabilities and how many of the targeted weaknesses are not on your radar. Geoff will detail GO’s most reliable Red Team exploits and the most effective strategies for thwarting these attacks in 2022. Geoff will also discuss incorporating the hacker’s view of your vulnerabilities into your vulnerability management program. This talk is appropriate for both security leadership and technical cybersecurity personnel.

My favorite thing about video scoping calls is seeing the shocked look on a customers face when I start asking questions like are you still running 2 on prem exchange servers? Did you upgrade your solarwinds serv-u? Is the default helpdesk password still Company123? All of this and more from OSINT!

How does an attacker fingerprint your organization for a targeted attack? What information can be gleaned from the internet? In this talk will demonstrate how we use OSINT to assist in scoping an engagement and building a profile we can use on our assessments. We’ll use real life examples and show the Tools, Techniques and procedures to enable you to identify your organizations attack surface and how you can reduce it. You’ll learn what secrets your DNS records are giving up, how to use google to find information, leveraging shodan to identify leaks like SMB or DNS, and how we find valid usernames and passwords to spray at your VPN!

This talk will walk attendees through the validation process during a penetration test using real world examples.

With the growing need for application security and the testing from security researchers, bug bounty programs, and penetration testers, organizations and their staff must understand how to take in vulnerability reports and quickly validate the finding. This validation includes not only determining the validity of the flaw but the risk it exposes the organization. In this demonstration, Kevin Johnson of Secure Ideas will walk attendees through these validation techniques and show attendees the techniques he and his team use in their daily workflow.

When it comes to Windows environments, effective account and device tiering is critical for protecting an organization’s systems and data. Three accounts isn’t too much; three’s (or more) company. I’ll be covering what tiering is and often overlooked areas that should be separated. And demos!

When it comes to security, the goal is to make an attacker’s job as difficult as possible. The more hurdles they must jump through, the easier it should be to detect and stop them. Unfortunately, common practices around how and where administrative accounts are used in Windows environments reduces the race down to only a couple of jumps (or maybe just a sprint). Through examples of what I have seen while testing multiple organizations and a demonstration or two, this session will show why device and account tiering is critically important for making a network a virtual obstacle course.

COVID disrupted supply chains critical to our society exposing how vulnerable they are. Supply chains are more than logistics, more than risk assessments, SOC reports on a vendor’s cybersecurity, or due diligence. Supply chains need ongoing monitoring and third-party risk management. TPRM is key.

This presentation will give attendees the processes and procedures they will need to properly select a vendor, perform due diligence, determine inherent risk, calculate residual risk, manage contracts, establish ongoing monitoring, document and report to senior management and the board, maintain oversight & accountability and terminate vendors; all while protecting their supply chains.

Over the last decade, I’ve had the privilege professionally of building and cultivating some Open Source projects and communities. To start off this isn’t a tools talk, this is a talk about the soft skills you have to have to be able to succeed as a leader in an Open Source project. My journey started tending the frequently asked questions for a small Linux Distribution called CRUX, and then years later professionally moved to the OpenStack-Chef project to build OpenStack clouds. I’ve grown other projects along the way helped build tooling and communities some successful and still running today, others were just flashes in the pan. 

I’ve learned a ton on this journey; honestly still am, but I have some lessons that are hard learned and hopefully I warn pitfalls that can cause wasted cycles and pain.

I’ll be going over:

– This isn’t a tools talk
– Scoping your project
  – Personally-backed
  – Corporate-backed
– Empathy and audience is important
  – Celebrations
  – Defeats
– Successful traits of Open Source projects
  – Trust
  – Clear Vision
  – Have a plan to move on if needed
– Honestly, is it even worth this hassle?

Application security struggles to keep up with modern development. Attacks against applications will only continue to grow. Web3? DevOps? Pipeline? Supply chain? With so many buzz words amidst a myriad of undiscovered vulnerabilities, where does your incident response team start after an incident?

With modern application development moving at a feverish pitch, application security is struggling to catch up. Attacks against applications continues to grow in the wild west of new and untested development ideas. Web3? DevOps? Pipeline? Supply chain? With so many buzz words and an untold number of zero days yet to find, where does digital forensics fit? Where does your incident response team even start after an incident?

Join us as we discuss the wild and wacky world of digital forensics in the modern era of application development and develop strategies to prepare your application security team for a breach.

Open source intelligence is a rich source of data for blue teams. However, how and why to make use of it can often elude us. This talk aims to equip defenders with the tools to make use of publicly available information and enrich their defense.

In this talk BosintBlanc walks defenders through 7 fundamentals of Open Source Intelligence while detailing their best uses and practical applications. Through case study conducted and investigated prior to the event he will showcase how and WHY your team should be utilizing the rich data source.

Working with Fortune 500s & government agencies we’ve interrogated over two million production IoT devices. We’ve identified threats & trends, compiled statistics, summarized cases, & evaluated common offenders. We’ve assembled tactics that organizations can employ to mitigate risks.

Enterprise Internet of Things (IoT) security today is analogous to IT security in the mid 1990s. It was a time when security awareness was limited, countermeasures and best practices weren’t broadly applied, and attackers explored, compromised, controlled, and exfiltrated data from systems with minimal resistance. In short, enterprise IoT security sucks as bad today as that unpatched Windows NT 3.51 sever with an RS-232 connected modem that IT forgot about.

Working globally with Fortune 500 enterprises and government agencies we’ve interrogated over two million production IoT devices. Across these two million devices we’ve identified threats and trends, compiled statistics, summarized compelling cases, and evaluated common offenders. We’ve also assembled tactics that organizations can employ to recognize value from their IoT devices while minimizing risk and ensuring that devices that are secure today will stay secure tomorrow.

Security issues are compounded by the quantity of IoT devices. Our analysis indicates that most organizations have about five IoT devices per employee. The global IoT market has grown from $100 billion in 2017 to over $1 trillion in 2022. There are over 46 billion connected devices today and 30 billion (65%) of those devices are IoT. We are increasingly dependent on consumer, enterprise, industrial, and military IoT devices for cost reduction, supply chain logistics, productivity gains, security, and everything in between. Despite the criticality of IoT, our security hasn’t kept pace. In the enterprise, we’ve identified that we simply don’t know:

● What IoT devices we have – guesses based on legacy asset discovery solutions are consistently off by at least 50%
● When our firmware was last updated – in many cases the firmware is end of life and the average IoT firmware age is six years
● If our credentials follow organizational policies – passwords that are default, low-quality, don’t have scheduled rotations, and lack centralized management are the norm
● How vulnerable our IoT devices are – at least half of the IoT devices we’ve interrogated have known, high to critical level CVEs

While enterprise IoT security currently sucks, it doesn’t have to be that way. By evaluating the security risks and the inherent limitations of IoT, you can leverage tactics that will have a rapid and positive impact on security.

Attendee takeaways:
● Discover your IoT devices, diagnose their security, and define their limitations
● Employ tactics to improve your IoT security and communicate their status to stakeholders
● Restate key findings derived from the interrogation of two million production IoT devices