10:00 AM
Thursday |
Opening Remarks |
| Information about what all ya'll Jawn are about to experience! |
Russell Handorf |
10:30 AM
Thursday |
Keynote |
| A moment of reflection. |
Peiter "Mudge" Zatko |
11:30 AM
Thursday |
Whose Threat Actor is it Anyway? Hands-on Training using the KC7 Platform to Learn How to Hunt Real Adversaries. |
Many defensive cybersecurity roles, such as those in Incident Response, Security Operations, and Threat Intelligence, require ana
lysts to detect, track, and mitigate the activities of cyber threat actors using data from sensors within the company. However, beginners often face significant challeng
es in accessing this data for learning purposes due to legal and privacy barriers. Even seasoned analysts are limited in the range of threat actors they can learn from,
as it depends on the specific organization being targeted and the organization's ability to effectively log such activities.
To address this issue, KC7 offers rich (albeit fictitious) datasets that are accessible to all analysts, enabling them to learn how to effectively hunt adversaries. By u
tilizing the provided data sets, analysts can learn how to track adversary activity across all seven phases of the cyber kill chain. Many of the threat actors in our dat
a sets are modeled after real adversaries.
In this hands-on workshop, attendees will:
Utilize Azure Data Explorer (ADX) and the Kusto Query Language (KQL) to investigate a realistic intrusion dataset.
Investigate cyber adversary activity within various logs, including email, web traffic, and endpoint logs.
Employ multiple techniques to pivot and track the activity of Financially-motivated and Advanced Persistent Threat (APT) actors.
Provide recommendations on actions a company can take to enhance their protection against cyber threats.
This workshop is ideal for newbie analysts with no experience tracking threat actors, but will also challenge cybersecurity analysts who currently work in the field.
Gain the real world skills you need to be an effective cybersecurity analyst! |
Waymon Ho |
1:00 PM
Thursday |
So, what do I have to do?- New legal and regulatory require
ments for security & privacy |
| Federal and state regulators are finally taking security and privacy seriously, or at least that's what the sal
es reps are saying. Recent SEC guidance on breach disclosure has generated a flurry of vague white papers and sales calls. What are your current requirements and what's
FUD? I'll discuss current HIPAA, SEC and security requirements under California, New York and Massachusetts law. |
Alex Muentz |
2:00 PM
Thursday |
Activate the Cyber Within |
"Activate the Cyberathlete Within" is an informative and educational talk that aims to introduce attendees to t
he world of cybersecurity competitions, specifically Capture The Flag (CTF) events. The talk is designed for a broad audience, including students, professionals, and any
one interested in cybersecurity.
During the talk, attendees will gain a thorough understanding of what a cyberathlete is and what the playing field of CTF events looks like. They will learn about the va
rious types of challenges that participants encounter during the competitions and what it takes to compete at the highest levels. In addition to exploring the competitiv
e side of cybersecurity, the talk will highlight the benefits of participating in CTF events. Attendees will discover how the challenges and teamwork required in these c
ompetitions can help develop essential problem-solving skills and cultivate a community of like-minded professionals in the field. Attendees will learn how to identify a
nd improve their technical skills, and build a strong team.
Attendees will leave the talk with a deeper understanding of the world of cybersecurity competitions and the skills and strategies needed to become a successful cyberath
lete.
|
Mansi (Musa) Thakar |
2:30 PM
Thursday |
How to Get Started in Cybersecurity |
My talk will be centered around the student's perspective entering cybersecurity to work as a professional. I have come across ma
ny good resources, and developed tactics that are helpful to anyone looking to bring themself into the field, that is resource-constrained (i.e. lacks time and money).
We'll address 4 main difficulties of entering / transitioning to Cyber:
- As a student, it is difficult to be taken seriously when seeking professional employment. Especially if you do not have ste
llar grades, great connections, or came from an environment that afforded you top learning opportunities. How can you overcome lack of opportunity when attempting to ent
er cybersecurity?
- If you're coming from a different career or non-tech background, you might have to re-tool your skillset. Yes, there are no
n-technical roles in cyber, but a little extra technical knowledge will help you excel. How and where do you learn new things in cybersecurity or stay on top of trends?
- If you're not already employed in cyber, then odds are you don't know people working in cybersecurity. How do you start bui
lding your network and where can you meet people working in the cybersecurity industry?
- If you're a student with a full class load or non-student (potentially out of a job) and looking to change fields completel
y, you might be working with a tight budget and little time. How do you make the most of the few dollars and hours you have?
|
Victoria Joh |
3:00 PM
Thursday |
Linux Secure Boot with TPM and FDE |
Not all Linux distributions enable Secure Boot boot by default. Secure Boot defends against attacks that target
a computer's boot process. By default, many Linux distributions are vulnerable to these types of attacks.
In this talk, I'll discuss the reasons why someone would want to use Secure Boot. I'll discuss the benefits of using Secure Boot. I'll describe how to configure Secure B
oot. I'll describe how to enable Trusted Platform Module (TPM) verification of boot process files in addition to Secure Boot. I'll cover how to store decryption keys for
LUKS encrypted drives in a TPM. Storing LUKS keys in a TPM protects them against theft and improves the usability of booting from LUKS encrypted drives. Examples using
Kali Linux and Arch Linux will be shown. |
David Collins |
4:00 PM
Thursday |
High Availability in MySQL using Group Replication |
A common way to combat fault-tolerance is to make your databases redundant. However, the CAP theorem is particu
larly relevant to distributed databases and describes trade-offs between Consistency, Availability and Partition Tolerance. MySQL Group Replication is a clustering solut
ion by MySQL, which provides a well designed packaged solution for Highly Available MySQL out of the box. Topics discussed in this talk will include:
- An overview of how MySQL Group Replication works
- High Availability with MySQL Group Replication and MySQLRouter
- Failure scenarios with a cluster and recovery methods |
Shayan Patel |
10:00 AM
Friday |
The Payphone You Have Dialed Has Been Disconnected -- The State (and Revival) of Payphones in 2023 |
| Payphones were once ubiquitous in the US, but now you'd be hard-pressed to find one--especially in working orde
r! While most people have largely forgotten about payphones, we are trying to figure out what is still out there and how to bring them back! In this talk we will explore
the current state of payphone infrastructure framed though exploratory phone scanning/usage tracking, COCOT oddities, and revival/preservation projects like our own Phi
lTel. We'll discuss what it takes to build up your own VoIP-based free-to-use payphone service and how, through it, you can not only place/take calls from the PSTN but r
elive the joys of phreaking the phone system by way of the telephone hobbyist network PhreakNet! |
Mike Dank & Naveen Albert |
11:00 AM
Friday |
Job Hunting in this Strange New World |
|
This talk is a constantly evolving instructional guide to finding a new job for both old and new job seekers. The job market has
radically shifted and adjusting to the changes is easier if you understand how to work with them. Limited to only one hour, we hit the high points to make the process ea
sier and more likely to succeed. Handouts/links provided. |
Brian Martin |
1:00 PM
Friday |
Cyber Fusion Center for Security Defense |
The concept of a cyber fusion center is a novel way to approach cybersecurity defense. By employing a fusion center model teams
can encourage, measure, and refine, interactions between various pursuits in the cybersecurity defensive team. By defining inputs, outputs, and performance indicators,
leaders can encourage alignment and cooperation to extend capabilities of their cybersecurity teams.
This talk aims to help define what a cyber fusion center is, and how it can be composed. It will focus on an operations centric fusion center with the Security Operatio
ns Center (SOC) serving as the hub of the fusion center while supporting, and being supported by, advanced services such as digital forensics, malware analysis, threat h
unting, cyber threat intelligence, engineering, adversary simulation, vulnerability management, and more. |
Justin C. Klein Keane |
2:00 PM
Friday |
Hacking drones and Robots! |
| Recently I've built a drone designed for wireless RF interception and it can go against other drones or be used
for wireless security testing. I've also released open source instructions and code on how to build and deploy it. I've also presented it at DEFCON 31 two weeks ago as
the Strix Interceptor. Coming back to Philly I'm working on fixing and upgrading it based on the advice and recommendations from DEFCON I got. It's been a long journey g
etting to this point and I'd like to talk about that trials, tribulations and risks I took to get the development working. Why I built it because my neighbor built a min
i RF drone and I wanted to disable that his so I built a bigger drone in retaliation. How the FCC and FAA are super super aggressive about testing and how certain moves
can land people at a state district office to explain why they built an interception drone. |
Alex Thach |
2:30 PM
Friday |
Closing Remarks |
| Let's see how this went! |
Russell Handorf |