Loading…
Attending this event?
October 25-28, 2017!! We’re going to have so much fun! Hopefully you can join us!
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Friday, October 27
 

TBA

0wning the network with CrackMapExec v4.0
Ever needed to pentest a network with 10 gazillion hosts with a very limited time frame? Ever wanted to Mimikatz entire subnets? How about shelling entire subnets? How about dumping SAM hashes? Share spidering? Keeping track of all the credentials you pillaged? (The list goes on!) And doing all of this in the stealthiest way possible? Look no further than CrackMapExec!  CrackMapExec (a.k.a CME) is a modular post-exploitation tool written in Python that helps automate assessing the security of *large* Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off the Land": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection, IDS and IPS solutions. Although meant to be used primarily for offensive purposes, CME can be used by blue teams as well to assess account privileges, find misconfigurations and simulate attack scenarios. In this demo heavy talk, I will be showing off v4.0, a major update to the tool bringing more feature and capabilities than ever before! Additionally, we will be taking a deep dive into the internals of the tool itself to understand what makes it 'tick', how to properly defend against it and how to customize it to your needs! If you are interested in the latest and greatest Active Directory attacks/techniques, weaponizing them at scale and general cool AD stuff this is the talk for you!

Speakers
avatar for Marcello Salvati

Marcello Salvati

Security Consultant
Marcello Salvati (@byt3bl33d3r) is a security consultant who's really good at writing bios. He's so good at writing bios that he was awarded the 'The Best Bio Ever from *insert date when bios became a thing* to 2017" award. (Totally legit award. Don't Google it, Bing it). His bos... Read More →


Friday October 27, 2017 TBA
TBA

TBA

A Year of Reading Everyone Else's Emails
Last year I released a tool called MailSniper which assists in locating sensitive data being sent within emails. Over the past year, a number of other pen testers and I have used this tool to search emails, and have found users sending CCNs, passwords, and insider intel all in cleartext over email. I will show some of these examples and will demonstrate step-by-step how to remotely compromise an organization through an external mail server. 

Speakers
avatar for Beau Bullock

Beau Bullock

Security Analyst, Black Hills Information Security
Beau Bullock is a Senior Security Analyst at Black Hills Information Security. Prior to joining BHIS, Beau‘s primary role has been implementing security controls to protect information and network assets. He has held information security positions in the financial and health indu... Read More →


Friday October 27, 2017 TBA
TBA

TBA

Bitcoin At The Gates: Cybersecurity & The Coming Global Financial Revolution
Fiat currencies around the world are beginning to transition to a purely digital form. Venezuela just killed the 100 bolivar note, India removed the 2000 and 4000 rupee notes, and the EU just removed the 500 euro note.  With a purely digital fiat currency, governments expect to expose black market monetary stockpiles, increase the number of participants in the banking system, and improve fiscal efficiency.  But there is also a juggernaut preparing to assault financial institutions: cryptocurrencies.  Money is flowing freely, with no capital controls, and the metadata surrounding financial transactions is more valuable than the money itself--yet often poorly secured.  It does not really matter if bitcoin is a fad or if the Hyperledger project can live up to its promise: blockchains are a disrupting technology and they will destroy established business models.  It is very likely the Bretton Woods economic system as we know it will transform before our eyes in the next few years.

This all poses a huge security risk as fintech businesses can no longer be secured in the way a traditional bank was, with locks, vaults, and stern guards.  The digitalization and outsourcing of digital processes in the financial world transforms IT companies handling these assets and processes into new forms of banks themselves.  We’ll discuss how the collision of infosec and finance is leading to a redefinition of what money itself means to governments and to you.

Speakers
avatar for Tarah Wheeler

Tarah Wheeler

Born in a log cabin on the prairie to a ___ and an itinerant ___, Tarah Wheeler had a humble upbringing of fighting the status quo, sticking it to the man, and shooting prairie dogs because they’re good eatin’.  An emeritus member of the Order of the Orange Badge, Tarah has founded or been in the first 10 employees of many successful companies, mostly because she hates filling out job... Read More →


Friday October 27, 2017 TBA
TBA

TBA

Building a Successful Internal Adversarial Simulation Team
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk, we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a roadmap to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us. This is an update to our 2016 Brucon talk. We plan to discuss what have we accomplished regarding the above in the last year. We plan to show how we have progressed with the automation of attacker activities and event generation using MITRE’s Cyber Analytics Repository & CAR Exploration Tool (CARET) along with pumping these results to Unfetter (https://iadgov.github.io/unfetter/) for aggregation and display in a useful format

Speakers
avatar for Chris Gates

Chris Gates

Sr Security Engineer, Uber
Chris joined Uber in 2016 as a Sr Security Engineer. Chris has extensive experience in network and web application penetration testing as well as other Information Operations experience working as an operator for a DoD Red Team and other Full Scope penetration testing teams (regu... Read More →
avatar for Christopher Nickerson

Christopher Nickerson

Lares Consulting
Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on Information security and Social Engineering in order to help companies better defend and protect their critical data and key information systems. He has created a blended method... Read More →


Friday October 27, 2017 TBA
TBA

TBA

Domain Password Audit Tool
Live demo and more information on the tool I wrote to generate password usage statistics in a Windows domain. This tool is useful to penetration testers and security professionals who have the ability to dump password hashes from a Windows domain controller. The Domain Password Audit Tool (DPAT) is a python script that will generate an interactive HTML report to help you understand password use in an environment and identify issues. https://github.com/clr2of8/DPAT

Speakers
avatar for Carrie Roberts

Carrie Roberts

Sr Red Team Engineer, Walmart


Friday October 27, 2017 TBA
TBA

TBA

Extending BloodHound for Red Teamers
BloodHound has changed how red and blue teams approach risk in Active Directory environments. The interface is slick, the install is painless enough considering the dependencies, and the pre-built analytics deliver actionable intelligence. However, BloodHound isn’t just another fire & forget tool, it’s a platform for users to build on. The foundational elements – a reliable backend, a means for ingesting, querying, and displaying data – are already taken care of. The piping is in place for users to extend the already-great features and tailor it to their specific job function or workflow.

This talk will cover how I’ve adapted BloodHound to enhance my workflow as a penetration tester. I’ll demonstrate custom extensions used to track and visualize compromised nodes, highlight privilege gains, represent password reuse between users or computers, blacklist unwanted nodes and relationships, and more. Folks who attend this talk will gain a solid understanding of BloodHound’s underlying Neo4j data structures, as well as how to write Cypher queries in order to build their own BloodHound customizations.

Speakers
avatar for Tom Porter

Tom Porter

Sr. Penetration Tester, PSC/NCC Group
Tom (@porterhau5) is a penetration tester by trade, however his roots are on the blue team writing netflow analytics and providing network situational awareness. Tom holds a handful of certifications from SANS, as well as degrees in Mathematics and CS. When there's not a baseball... Read More →


Friday October 27, 2017 TBA
TBA

TBA

I'll Let Myself In: Tactics of Physical Pen Testers
Many organizations are accustomed to being scared at the results of their network scans and digital penetration tests, but seldom do these tests yield outright "surprise" across an entire enterprise. Some servers are unpatched, some software is vulnerable, and networks are often not properly segmented. No huge shocks there. As head of a Physical Penetration team, however, my deliverable day tends to be quite different. With faces agog, executives routinely watch me describe (or show video) of their doors and cabinets popping open in seconds. This presentation will highlight some of the most exciting and shocking methods by which my team and I routinely let ourselves in on physical jobs.

Speakers
avatar for Deviant Ollam

Deviant Ollam

The CORE Group
While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the... Read More →


Friday October 27, 2017 TBA
TBA

TBA

Make Email Great Again – Lessons Learned from a Year of Malicious Emails
Email is a large threat vector for many organizations. This is an area that could allow any outside entity to communicate directly with employees. Two of the most common attacks are phishing and malicious content delivery. Phishing is an attempt to capture a victim’s credentials or information that could lead to a system compromise or data leakage. Malicious content delivery, on the other hand, is a way for an attacker to send the victim an email with a malicious email attachment or link that could potentially compromise the victim’s system. In an effort to combat this attack vector a process was designed to annihilate emails that contained such threats. Emails that get reported are analyzed to determine which comprise of threats. Emails containing threats are eradicated, whereas benign emails are silently disregarded. The whole process and life cycle of the malicious emails were documented in way to show the efficiency of the process and are detailed to get a full understanding of this attack vector. The metrics that will be mentioned are from reported malicious emails, which is a good start to understanding how defenses could be implemented or improved against the email threat vector. The talk will emphasize the whole process from emails that get reported, to the analysis, and to the remediation of threats. This talk will also mention the various techniques to prevent compromises from malicious office documents and other dangerous attachments.

Speakers
avatar for Nicholas Penning

Nicholas Penning

Security Technology Engineer, BIT SD
Born and raised in Hulett, Wyoming. Dakota State University Graduate (B.S. Computer and Network Security, M.S. Information Assurance [Cyber Security Spec]). Employed at State of South Dakota Bureau of Information and Telecommunications as a Security Technology Engineer. Typical... Read More →


Friday October 27, 2017 TBA
TBA

TBA

Peakaboo - I own you: Owning hundreds of thousands of devices with a broken HTTP packet
Imagine that you've purchased your small a cheap IP security camera to feel just a little better with your own physical security. Now imagine that the people who designed that camera know nothing about secure programming, security or programming at all. Imagine that your precious camera can be hijacked into a botnet with only one broken HTTP packet. Now stop imagining. In the end of 2016, my fellow researcher Yoav Orot and I published our research paper about hundreds of thousands of white labeled IP security cameras being vulnerable to a simple attack that allows an attacker to gain complete control of the camera, including code execution as root without any ability to patch. Our research was published in dozens of website and was even covered by security blogger Brian Krebs. We did not publish any technical details yet since we had to wait for the vendor's answer. This talk will dive deeply into the product, our research process and into the vulnerabilities themselves. I will walk through all of the steps in our research (from hardware hacking to firmware dumping and just plain old reversing) and demo the exploits and explain, step by step, where the developers went wrong, what could have been done to avoid this situation and why this problem is so severe. There will be root shells, there will be exploits, there will be tears. Attendees of this talk will leave with some insights about IoT security and embedded device hacking.

Speakers
avatar for Amit Serper

Amit Serper

Principal Security Researcher, Cybereason
Amit leads the security research at Cybereason's Boston HQ. He specializes in low-level, vulnerability and kernel research, malware analysis and reverse engineering on Windows, Linux and macOS. He also has extensive experience researching , reverse engineering, and exploiting IoT... Read More →


Friday October 27, 2017 TBA
TBA

TBA

Security Theme Parks: You Must Be This Tall to Ride the Internet
In this presentation, I'll be walking attendees through some of the primary attacks causing breaches today. He will discuss what the attacks are, how they happen and what organizations and employees can do to prevent them. This presentation is designed to discuss the breaches based on real-world examples and provide actionable solutions.

Speakers
avatar for Kevin Johnson

Kevin Johnson

CEO, Secure Ideas
Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security s... Read More →


Friday October 27, 2017 TBA
TBA

TBA

Sun Tzu and the IoT of War
TLDR: “In the midst of chaos, there is also opportunity” Applying the strategies and precepts of this ancient treatise on bellicose arts to the attack and defense of Internet of Things. Using examples from recent InGuardians work, we will look at some of the most common ways to exploit IOT devices and what we suggest can be done to raise the bar in their defense.TLDR: “In the midst of chaos, there is also opportunity” Applying the strategies and precepts of this ancient treatise on bellicose arts to the attack and defense of Internet of Things. Using examples from recent InGuardians work, we will look at some of the most common ways to exploit IOT devices and what we suggest can be done to raise the bar in their defense.

Speakers
avatar for Mike Poor

Mike Poor

Wartime Consiglieri, InGuardians
Mike is a founder and senior security analyst for the DC firm InGuardians, Inc. In the past he has worked for Sourcefire as a research engineer and for SANS leading their intrusion analysis team. As a consultant, Mike conducts incident response, breach analysis, penetration tests... Read More →


Friday October 27, 2017 TBA
TBA

TBA

The Art of the Jedi Mind Trick
The hacker/security community continues to struggle with how to get our message across to others. We know what's wrong, what's insecure, and what needs to be done to fix the problems. BUT...we seem to hear more stories about failure rather than success stories. Maybe WE are part of the problem. It's easy to give a talk at a conference where you're "preaching to the choir" and everyone speaks your language, but how do you fare when you are trying to give the message to your boss, or your bosses' boss, or C-Level management? This talk explores a variety of techniques that I’ve learned over my 20+ years of consulting/advising customers about how to get the right message to the right people so real change happens. I'll explore obstacles, attitudes, and challenges that I've faced in hundreds of companies; practical methods for getting your point across; helping others to understand what you are saying; learning to speak their language; and helping them to draw the desired conclusion. This is part art, part science, and maybe a little luck - but I believe there are skills you can learn that will make you a successful communicator and get your message heard.

Speakers
avatar for Jeff Man

Jeff Man

Principal Consultant, Man InfoSec Consulting
Respected Information Security expert, advisor, evangelist, mentor, and co-host on Paul's Security Weekly. Over 34 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment... Read More →


Friday October 27, 2017 TBA
TBA

TBA

The World is Y0ur$: Geolocation-based Wordlist Generation with Wordsmith
Popular wordlists such as Rockyou and Uniq are great when used with a variety of rules and big hash sets. But what about the hashes that you aren't able to crack? And what about those users with a base word not found in a standard dictionary?

Queue Wordsmith, a tool that creates wordlists that are tailored to the target’s location. We’ve parsed and analyzed several geographic databases to find road names, cities, counties, landmarks, sports teams, and more for regions all around the world. Built using a modular framework and hosted on GitHub, Wordsmith’s database can easily be updated by anyone with a text editor and an interest in geolocation or spatial databases. With data from 249 countries and territories, Wordsmith can bolster typical dictionaries by adding the name of that unique street that a person grew up on, or by appending a region’s postal codes, all so you crack those hard-to-get hashes.

Speakers
avatar for Sanjiv Kawa

Sanjiv Kawa

Sr. Penetration Tester, PSC/NCC Group
I enjoy searching for creative ways to break into restricted networks and applications. I also like to write tools that automate things or make a life a little easier. Something I’m trying to get better at is binary analysis and exploit development. When my laptop battery dies... Read More →
avatar for Tom Porter

Tom Porter

Sr. Penetration Tester, PSC/NCC Group
Tom (@porterhau5) is a penetration tester by trade, however his roots are on the blue team writing netflow analytics and providing network situational awareness. Tom holds a handful of certifications from SANS, as well as degrees in Mathematics and CS. When there's not a baseball... Read More →


Friday October 27, 2017 TBA
TBA

TBA

Windows Operating System Archaeology
The modern Windows Operating System carries with it an incredible amount of legacy code.The Component Object Model (COM) has left a lasting impact on Windows. This technology is far from dead as it continues to be the foundation for many aspects of the Windows Operating System. You can find hundreds of COM Classes defined by CLSID (COM Class Identifiers). Do you know what they do? This talk seeks to expose tactics long forgotten by the modern defender. We seek to bring to light artifacts in the Windows OS that can be used for persistence and privilege escalation. We will present novel persistence techniques using only the registry and COM Objects.

Speakers
avatar for Matt Nelson

Matt Nelson

Security Researcher
Matt Nelson (@enigma0x3) is a red teamer and security researcher. After spending time as a system administrator, he brings a passion for researching and pushing new offensive and defensive techniques into the security industry. | | Blog: enigma0x3.net
avatar for Casey Smith

Casey Smith

Casey Smith (@subtee) has a passion for understanding and testing the limits of defensive systems.


Friday October 27, 2017 TBA
TBA