Loading…
Deadwood 2020 (Virtual Con)

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, September 23
 

5:00pm MDT

Exploits, Research, Tools, and the Impact to Security
There is a lot of discussion right now on the impact of releasing exploits, new research, and tools. Some say that the release of anything has a negative impact on security while others tout that it drastically improves security. This talk will walk through the impact of these very different topics and a discussion around what makes sense and what doesn't. Let's take a quick trip down memory lane and dive into looking back over the past 20 years how we've matured and what impact the security industry has had on the world.

Speakers
avatar for David Kennedy

David Kennedy

David Kennedy is the founder of TrustedSec, Binary Defense Systems, and DerbyCon.  TrustedSec and Binary Defense are focused on the betterment of the security industry from an offense and a defensive perspective.  David also serves as a board of director for the ISC2 organization... Read More →


Wednesday September 23, 2020 5:00pm - 5:50pm MDT
Track 1

6:00pm MDT

Everything I Needed to Know About Cybersecurity I Learned from WarGames

The 1983 movie WarGames captured the imagination of many of us growing up. The intrigue! The folly! The computers! This movie holds a special place in many hearts of cybersecurity professionals today, and for good reason. It is the ultimate cyber movie! And all life on the planet depends on it! Let’s explore an old classic and review many of the lessons of cyber that still ring true today, all in one classic film. It is highly recommended, but not required, that you watch the movie before the talk.

Speakers
avatar for Doc Blackburn

Doc Blackburn

Doc Blackburn has IT experience spanning four decades in application and software design and administration, server and network administration, cloud services and website development, along with security and compliance management and experience in several other technical disciplines... Read More →


Wednesday September 23, 2020 6:00pm - 6:50pm MDT
Track 1

6:00pm MDT

Workshop - Atomic Red Team & MITRE ATT&CK
Atomic Red Team is an open source project that helps you measure, monitor, and improve your security controls by executing simple “atomic tests” that are mapped directly to the MITRE ATT&CK framework. This workshop will provide an overview of the MITRE ATT&CK framework and give you in-depth, hands-on knowledge of how to execute atomic tests that exercise many of the techniques defined in the MITRE ATT&CK framework.

Get more details here: https://wildwesthackinfest.com/deadwood/workshops/atomic-red-team-mitre-attck/ 


Wednesday September 23, 2020 6:00pm - 8:00pm MDT

7:00pm MDT

Oh Noes! A new approach to IR tabletop exercises - Brought to you by Expel
So what’s a prepared security professional to do in absence of real incidents? Play pretend! In Oh Noes! you and your fellow players create characters with unique abilities and skills. Then, you role-play your character through various cybersecurity incidents you might experience in real life.

Along the way, you’ll roll dice, gain experience points and increase your skills. You’ll also learn about strengths and weaknesses in an organization and get familiar with an IR plan. Join us for Oh Noes! and build muscle memory around the incident response process so that when a bad thing happens, you'll know what to do.

Speakers
avatar for Bruce Potter

Bruce Potter

Bruce is responsible for cyber risk management at Expel (expel.io) and ensuring the secure operations of Expel’s services. He also remains perpetually frustrated that employees pronounce CISO not-the-way-he-wants... Read More →


Wednesday September 23, 2020 7:00pm - 9:00pm MDT
 
Thursday, September 24
 

8:30am MDT

Welcome to Wild West Hackin' Fest
Speakers
avatar for John Strand

John Strand

John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20... Read More →


Thursday September 24, 2020 8:30am - 8:50am MDT
Track 1

9:00am MDT

Keynote - (Most) Everything You've Been Told About Threat Hunting is a Lie, and That's Okay
As leaders, we've been told that to Do Security in the 20s, we have to have the capacity to "Threat Hunt". As individual contributors, we've been told that traditional SOC analysts are on the way out, to be replaced by mystical "threat hunters". So, what is threat hunting, really? How can you do it in your environment today, what value does it bring, and what people and technologies does it require? How do you build a threat hunting program with a big budget, or a tiny one? What skills do you need to grow to be great at threat hunting? These questions and more will be tackled as we discuss why we need to threat hunt and what it practically can and cannot do.



Speakers
avatar for Lesley Carhart

Lesley Carhart

Lesley Carhart is a Principal Incident Responder at Dragos, focusing on industrial control system security. She's been working in cybersecurity for over 12 years and is extremely active in the community. In her free time, she enables knife fights.


Thursday September 24, 2020 9:00am - 9:50am MDT
Track 1

10:00am MDT

A Pitmaster's Guide To Security
Preparing great BBQ requires adherence to certain methods and principles. This is also the case when it comes to designing and deploying security controls. However, in the same way that some cooks ignore those proven techniques and ruin a good cut of meat, IT and security professionals also often fail to follow established best practices when architecting security solutions. This results in vulnerabilities and eventually breaches of those environments. This session will show how we can take lessons from good BBQ techniques and apply them to our security architecture. We'll examine five rules all good pitmasters follow and see how those same rules can form a framework of security defense design that eliminates common pitfalls. By the end of this talk, you'll not only have a clearer vision for improving the defensive posture of your IT systems, you'll also be better equipped to smoke a killer brisket!

Speakers
avatar for Alyssa Miller

Alyssa Miller

Alyssa Miller is a hacker, security advocate, cyber security professional and public speaker with almost 15 years of experience in the security industry. Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs... Read More →


Thursday September 24, 2020 10:00am - 10:50am MDT
Track 1

10:00am MDT

Jeepers Creepers: Advanced OSINT using MongoDB, Node.js, and VivaGraph to mine massive datasets
This talk is about the benefits of building custom OSINT APIs and key lessons learned through visualizing scope. There will be a short tutorial on how to use the powerful VivaGraph library to literally "connect the dots" while mining large OSINT data sources. By visualizing our targets, it often possible to bypass certain whois privacy protections, find useful runaway SPF records, gain insights on key vendors used by the target organization, and find previously overlooked attack paths. The talk then shifts to a real-world example of how we built a MongoDB database that allows us to quickly search every forward DNS record known to Rapid7's Project Sonar (hundreds of gigs of text data) and expose it through an API for tooling. We will cover key hurdles we hit while working with such a huge dataset, techniques we used to mine big data on a shoestring budget, and key takeaways for pen testers. There will be plenty of demos with "Scope Creep": https://github.com/fkasler/scope_creep

Speakers
avatar for Forrest Kasler

Forrest Kasler

Forrest Kasler is a full-time penetration tester and social engineer. As a lifelong nerd and hacker, Forrest loves writing tools and automating advanced network attacks for his team. He also enjoys giving back to the hacking community through open source tools like Humble Chameleon... Read More →


Thursday September 24, 2020 10:00am - 10:50am MDT
Track 2

10:00am MDT

Workshop - Catch me if you can - Seeing the Red through the Blue
This workshop will help improve both red and blue skillsets through a series of hacks, where you as an attendee will have to identify malicious activities on a series of targets.

The trainer (Red Team) will perform a series of attacks on the hosts within the in.security LAB, running commands, tools and utilising techniques used in the field. You (the Blue Team) will then need to use the in-LAB ELK stack to identify the malicious activities and raise the alarm! This will upskill both attackers in understanding the various attack flows that could compromise their cover and defenders in understanding how to detect them.

“The best defence is a good offence” applies as much in cyber as it does in sport. Understanding the attack flow is important in consolidating knowledge, so you’ll get to see every attack the trainer carries out before you’re set off to hunt down the evidence. This heightened mindset will then up your game in the field to better detect the traces, logs and data that can give an attacker away.

Get more details here: https://wildwesthackinfest.com/deadwood/workshops/catch-me-if-you-can-seeing-the-red-through-the-blue-workshop/


Thursday September 24, 2020 10:00am - 12:00pm MDT

11:00am MDT

Hunting by Numbers: Defensive Hunting Program and Outcomes
Crowley walks through the steps he wants Network Defenders to go through to hunt. Step by step on how to prepare, how to select hunts, data to collect in advance, data to collect along the way, and how to put the tools away when you're done so the next hunt is more productive and effective. He discusses easy ways to report on the effort with tangible outputs (including easy to collect metrics) that demonstrate the value of hunting to your management and constituents.
This talk presents your new way to establish the routing for hunting, explains how this relates to SIEM Use Cases, and gives a winning strategy to gain the time to actually take this proactive measure in your organization. Less "we don't have time to hunt" and more "hold my flask and stand back."

Speakers
avatar for Christopher Crowley

Christopher Crowley

Christopher Crowley has 20 years of industry experience managing and securing networks, his first job in the field was as an Ultrix and VMS systems administrator at 15 years old. He is a Senior Instructor for the SANS Institute, the course author for SOC-Class.com. He holds a multitude... Read More →


Thursday September 24, 2020 11:00am - 11:50am MDT
Track 1

11:00am MDT

Whoops. I accidentally helped start the offensive intel branch of a foreign intel
When I left the service and the NSA I was offered a job that seemed waaaay to good to be true. Turns out it was. This talk will discuss how I came to work on the UAE's Project Raven, what signs I missed because I was being naive, and how other transitioning intelligence personnel can avoid making the same mistake.

Speakers
avatar for David Evenden

David Evenden

David Evenden is an experienced offensive security operator & analyst with 12 years of experience in the Intelligence Community where he learned Persian Farsi, worked at NSA Red Team and was a member of an elite international team operating in conjunction with coalition forces to... Read More →


Thursday September 24, 2020 11:00am - 11:50am MDT
Track 2

12:00pm MDT

Keynote - The War for Control of DNS Encryption
Pervasive monitoring of the Internet by both government, corporate, and criminal actors has triggered an encryption wavefront as wide as the Internet itself. DNS, as the map of the Internet's territory, is seen as especially sensitive and there are now several competing encryption standards waiting to be deployed. In this short talk, Dr. Vixie will explain the original problem, describe the protocol-level solutions, and then show how vendors like Google, Mozilla Corporation, Microsoft, and Apple are deploying these technologies across their product lines. Opinions may also be offered.


Speakers
avatar for Paul Vixie

Paul Vixie

 Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, Chief Executive Officer and Cofounder of award-winning Farsight Security, Inc. He was inducted into the Internet Hall of Fame in 2014 for work related to DNS.  Dr. Vixie is a prolific author of open source Internet... Read More →


Thursday September 24, 2020 12:00pm - 12:50pm MDT
Track 1

1:00pm MDT

How I spent my Covid-19 Spring vacation or Extreme Telecommuting Security
With the C-19 pandemic we were all thrust into a new dynamic of remote work (you know – Work From Home!). This dynamic put people, systems, technology and processes to a test which they were not prepared or designed for.
The challenges of updating and adapting policy to accommodate a work force heretofore not working from home, ofttimes without a company issued laptop, to one where business was conducted using available platforms while continuing to properly protect information (both corporate and regulated), were unexpected and difficult to grasp. Clear communication of what was permitted where, intermixed with rapid assessment and associated acceptance of risks, kept us all jumping.
Unexpected complications arose from enlisting elements in the user’s home office which, while not permitted in policy, had to be re-evaluated for this modified situation. Even simple tasks, such as providing headsets to work with softphones and webinars were not only challenged by supply chain delays, but also by disabled computer interfaces. Additionally, employees not used to remote work needed handholding in unexpected ways.
I will cover: issues raised of moving to a 100% remote workforce almost overnight, solutions discovered and the constant reassessment of them, plans to prevent recurrence of issues discovered while supporting a larger (10x) overall remote work force, restart impacts as more essential services spin up, and resuming essential functions which cannot operate remotely.

Speakers
avatar for Chelle Clements

Chelle Clements

Chelle has been associated with computer science and cyber security for roughly 25 years. She has an AAS in Environmental Science from Northern Virginia Community College, and a BS and an MS in Information Systems Management from University of San Francisco. She is an Army Veteran... Read More →
avatar for Lee Neely

Lee Neely

Lee Neely is a senior IT and security professional at LLNL with over 30 years of extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions. He currently leads LLNL’s Entrust team and is the CSP lead for new technology... Read More →


Thursday September 24, 2020 1:00pm - 1:50pm MDT
Track 1

1:00pm MDT

Resilient Detection Engineering; What did the bear do in the woods
There is a lot of detection content out there. Yet a lot of it is geared towards a certain indicator or something that was found in an online article or threat report. While this is maybe catching stuff, it is inherently flawed.
A lot of those detections have a certain tunnel vision and are not resilient against attackers deviating from the default TTPs. I plan to address this by showing my workflow to develop more resilient detections and learn a lot about the tools I try to detect in the process.

Speakers
avatar for Olaf Hartong

Olaf Hartong

Olaf Hartong is a defensive specialist and security researcher at FalconForce. He specialises in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects.Olaf... Read More →


Thursday September 24, 2020 1:00pm - 1:50pm MDT
Track 2

1:00pm MDT

Workshop - How to Give Technical Talks
So much of your success in a technical field is tied to one question: Can you effectively share information? You have so many ways to do it – twitter, blogs, articles, giving tech support online, writing documentation, etc. There’s one more in the corner that we don’t naturally go to; public speaking. That’s a real shame – so many of us avoid that at all costs when it’s a very positive way to teach and share enthusiasm about a topic.

Please note that Bill will present from 1PM to 3PM MT. After that, attendees will have the following two hours to practice what they’ve learned and receive feedback from others in the WWHF conference Discord channel. The Discord small group workshop will occur from 3PM to 5PM MT.

Get more details here: https://wildwesthackinfest.com/deadwood/workshops/how-to-give-technical-talks/

Speakers

Thursday September 24, 2020 1:00pm - 3:00pm MDT

2:00pm MDT

Hackers Don't Wear Black Hoodies, They Wear Capes
Sixty percent of hackers don’t submit vulnerabilities due to the fear of out-of-date legislation, press coverage, and companies misdirected policies. This fear is based on socially constructed beliefs. This talk dives into the brain's response to fear while focusing on increasing public awareness in order to bring legislation that supports ethical hackers, ending black hoodie and ski mask imagery, and encourage organizations to support bilateral trust within their policies.

Speakers
avatar for Chloé Messdaghi

Chloé Messdaghi

Chloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights... Read More →


Thursday September 24, 2020 2:00pm - 2:50pm MDT
Track 2

2:00pm MDT

Tao and the Art of Tshark Fields
One cannot intuitively grasp the concept of Tshark Fields. It is known through actually experiencing it as part of one's everyday being. There is a difference between knowing the path and walking the path, so this talk will provide hands-on examples of how Tshark Fields can shepherd order into your universe. Bring a laptop with a copy of Wireshark/Tshark. We will supply the data files and the path to enlightenment.

Speakers

Thursday September 24, 2020 2:00pm - 2:50pm MDT
Track 1

3:00pm MDT

Bypassing Antivirus: With Understanding Comes Ease
The job of a penetration tester is to emulate real-world, realistic adversaries to compromise the client, and explain the business risks of the technical findings. Those pesky real-world adversaries bypass AV all the time, even with essentially the same malware, over and over.

How do they do it? Simple. By understanding what traps AV is setting, you can step around, jump over, or disable those traps before sauntering to your destination unhindered. I can't help with your saunter, but I can help you understand and bypass AV using arbitrary payloads (whether Cobalt Strike, Metasploit, Covenant, Mystic, SILENTTRINITY, or whichever) in many ways, all in less than an hour.

Speakers
avatar for Jeff McJunkin

Jeff McJunkin

Jeff McJunkin is the founder of Rogue Valley Information Security, a consulting firm specializing in penetration testing and red team engagements. Jeff has a long background in systems and network administration that he leveraged into web and network penetration testing, especially... Read More →


Thursday September 24, 2020 3:00pm - 3:50pm MDT
Track 1

3:00pm MDT

Threat Hunting, Quick and Dirty: S1/E4: Eewww! Zeek Ate a Worm!
Segmented worms (phylum Annelida, with tens of thousands of species) are truly ancient creatures, dating back to at least the early Cambrian Period—more than 500 million years ago! They continue to proliferate today, during the modern Internet Period, with new species emerging regularly.

In this episode, we explore the use of Zeek and other tools to rapidly facilitate our interest in "helminthology": the study of parasitic worms. Our focus will be on foundational techniques that have stood the test of time, regardless of species encountered.

[Note: This is Episode 4 of a series of Threat Hunts. The previous three are:
S1/E1: 492063616E207374696C6C2073656520796F7521
S1/E2: Seriously, I Really Can Still See You
S1/E3: Do you C2? If you do, ICU.
They can be found on the Wild West Hackin' Fest YouTube channel.]

Speakers
avatar for Jonathan Ham

Jonathan Ham

Jonathan Ham is a network forensics and defensive cyber operations expert with more than two decades in the field. Jonathan literally wrote the book on network forensics (as well as the first mainstream instruction on the topic), based on his experience advising in both the public... Read More →


Thursday September 24, 2020 3:00pm - 3:50pm MDT
Track 2

3:00pm MDT

Workshop - Advanced Cubicles and Compromises
What makes a great tabletop exercise? Many organizations run a tabletop exercise to check a box for compliance standards, but don’t maximize the value of the time spent. Often they don’t engage the audience or force them to think enough about the problem to find areas of improvement. Further, they assume their decisions will always work during the exercise. In this workshop, we will not only discuss how to build a tabletop exercise that addresses real risk for an organization, but how to make it fun and engaging for teams at all levels of an organization.  

Get more details here: https://wildwesthackinfest.com/deadwood/workshops/advanced-cubicles-and-compromises/

Speakers

Thursday September 24, 2020 3:00pm - 5:00pm MDT

4:00pm MDT

A Quick Guide to Your Rights
Sixty percent of hackers don’t submit vulnerabilities due to the fear of out-of-date legislation, press coverage, and companies misdirected policies. This 15 minute talk will focus on the current landscape for hacker rights and what is needed to improve it.

Speakers
avatar for Chloé Messdaghi

Chloé Messdaghi

Chloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights... Read More →


Thursday September 24, 2020 4:00pm - 4:15pm MDT
Track 1

4:00pm MDT

Quickstart Guide to Insider Threats - You’re Adversary Within
Continuing the “Quickstart Guide” Series, this talk is intentionally read as both “Your Adversary Within” and “You Are (The) Adversary Within”. Attendees of this talk will walk away with quick and practical information on how to consider and justify, executing insider threat scenarios in their organizations; as well as recommendations on where to start when attempting to use free and easily implemented solutions.

Speakers
avatar for Adam Mashinchi

Adam Mashinchi

Adam is SCYTHE’s VP of Product Management where he leads the project management, design, and quality assurance departments. Before SCYTHE, Adam defined and managed the development of enterprise security and privacy solutions with an emphasis on usable encryption at a global scale... Read More →


Thursday September 24, 2020 4:00pm - 4:15pm MDT
Track 2

4:25pm MDT

Fallout TV Tonight: RFCs for Rebuilding Civilization Post-Apocalypse
Are we living in the last days? Is the apocalypse upon us? Who knows? But one thing is for certain, that when the big one does hit, we will need to communicate to survive. And how do we learn to communicate post-apocalypse and rebuild civilization? RFCs...that's how. And not just any RFCs...April Fools' RFCs to be precise. Join me as I show you how the April Fools' RFCs will help us reestablish communications throughout the post-apocalyptic world...AND discover their shocking true origin!

Speakers
avatar for Chris Culling

Chris Culling

Chris Culling is happily married, retired from the U.S. Army, and works as a CTI Analyst for MindPoint Group. He has three adult children, a dog, two cats, and a Vietnamese Pot-bellied pig. Chris has earned a number of industry certifications, is deciding which ones to allow to expire... Read More →


Thursday September 24, 2020 4:25pm - 4:40pm MDT
Track 2

4:25pm MDT

Increasing efficiency of threat intelligence collection by leveraging cyclical automation
Threat intelligence is very important for cyber defense operations. Our current state of TI is still operating as a process instead of a cycle and is very manual. Cyclical automation is a new concept that is being developed to fit Threat Intelligence and overall IT needs. It comes from Weather Forecasting and can help us reduce delay in automation considerably and making everything work much more efficiently.

Speakers
avatar for Mike Forgione

Mike Forgione

Mike Forgione is an experienced security, automation, and data engineer. He is the Director of Operations for Shadowscape, Inc. an intelligence driven cybersecurity services company. Mike has filled many roles over his 8 years of cybersecurity experience to include an analyst, SIEM... Read More →


Thursday September 24, 2020 4:25pm - 4:40pm MDT
Track 1

4:50pm MDT

Not Just Another Con Talk About Red Tools and Blue Detections (Hint: It's Neither)
Theme: Networking Across Industries
Executive Problem Statement: This is what happens when you network effectively: People just ask you to show up, remind you if you forget, get pushy when you're late, and still accept whatever it is you want to talk about in a slide deck.




Thursday September 24, 2020 4:50pm - 5:40pm MDT
Track 1

5:45pm MDT

Mixology - Homemade White Russians with John Strand
It's been a great day of talks, now it's time to relax and start the happy hour!  Join John Strand as he teaches you to make homemade White Russians right in your own kitchen.  You won't want to miss this!  

Speakers
avatar for John Strand

John Strand

John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20... Read More →


Thursday September 24, 2020 5:45pm - 6:00pm MDT
Track 1

6:00pm MDT

Choose your own Blue Team Adventure with The Unicorn Company, INC. (1)
**Please note: This game will start at two times: 6PM MT and 6:30PM MT**

It’s 4:45pm in the office (remember when that was a thing?). On a Friday. Almost time for the weekend! Your mind turns to your plans. An evening of Glam hosted by Alyssa Miller tonight. Catch up on that episode of Cooking with Bryson with Dave Kennedy, you are definitely going to try to make Dave’s Famous Wings on Saturday. Then, an online Zoom meet up with friends to play Backdoors and Breaches. John Strand promised he’d be the DM! And Sunday morning, well, absolutely nothing, you plan to sleep until the afternoon.

Then the phone rings. Do you answer it?

And so begins your adventure! An educational, fun, and humorous opportunity to learn about different aspects of incident response where YOU choose what happens next!


Speakers
avatar for Bryson Bort

Bryson Bort

CEO, SCYTHE
Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity... Read More →


Thursday September 24, 2020 6:00pm - 6:30pm MDT

6:00pm MDT

Competitive Backdoors & Breaches Tournament!
Play the Incident Response Card Game from Black Hills Information Security and Active Countermeasures in an all-new, fast paced way with Competitive Backdoors & Breaches. Though the game (card deck included in your swag bag) is originally designed to help you conduct tabletop exercises and learn about various attack tactics, tools, and methods you will now be assigned brackets and face off solo against fellow InfoSec professionals.

The tournament will take place between 6PM and 8PM MT on Thursday and on between 2PM and 4PM MT on Friday. Demos will be going on constantly during both days so you can learn the game beforehand. Only a limited number of people will be able to participate! Registration will be announced during the conference and brackets will be filled on a first come, first serve basis.

Thursday September 24, 2020 6:00pm - 8:00pm MDT

6:30pm MDT

Choose your own Blue Team Adventure with The Unicorn Company, INC. (2)
**Please note: This game will start at two times: 6PM MT and 6:30PM MT**

It’s 4:45pm in the office (remember when that was a thing?). On a Friday. Almost time for the weekend! Your mind turns to your plans. An evening of Glam hosted by Alyssa Miller tonight. Catch up on that episode of Cooking with Bryson with Dave Kennedy, you are definitely going to try to make Dave’s Famous Wings on Saturday. Then, an online Zoom meet up with friends to play Backdoors and Breaches. John Strand promised he’d be the DM! And Sunday morning, well, absolutely nothing, you plan to sleep until the afternoon.

Then the phone rings. Do you answer it?

And so begins your adventure! An educational, fun, and humorous opportunity to learn about different aspects of incident response where YOU choose what happens next!


Speakers
avatar for Bryson Bort

Bryson Bort

CEO, SCYTHE
Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity... Read More →


Thursday September 24, 2020 6:30pm - 7:00pm MDT
 
Friday, September 25
 

9:00am MDT

Detecting Encrypted Radio Communications Using Universal Hacker Radio
Radio communications are used to establish communications without the need for wired connections. They also provide a degree of safety to personnel supporting dangerous processes. These benefits come with additional risk. Radio communications are externally accessible, meaning that they expose their networks to the public.
This presentation will demonstrate how to capture radio communications of 900 MHz radios that are commonly deployed in operational technology (OT) environments. The tool Universal Radio Hacker (URH) will be used to quickly isolate the radio communications, transform those transmissions to data packets, and review the packets for encryption.

Speakers
avatar for Don C. Weber

Don C. Weber

Don C. Weber, founder of Cutaway Security, has devoted himself to the field of information security since 2002. He has extensive experience in security management, physical and information technology penetration testing, web assessments, wireless assessments, architecture review... Read More →


Friday September 25, 2020 9:00am - 9:50am MDT
Track 2

9:00am MDT

The Workforce Gap in Cybersecurity
The workforce gap in cybersecurity has been widely highlighted and analyzed. It is clear we do not have enough technical workers with foundational cybersecurity skills to fill the positions needed to protect businesses, government, and our collective critical infrastructure. The other undisputed challenge is that there is not enough diversity in the pipeline to solve critical cybersecurity problems from different lenses. This presentation will introduce a novel model for recruiting, educating, and retaining women in cybersecurity through the CybHER™ program in The Beacom College of Computer and Cyber Sciences at Dakota State University (DSU). We have found that by introducing the principles of cybersecurity to middle school girls through positive hands-on activities, more girls become engaged and will continue exploring the field in collegiate programs. The CybHER program has impacted more than 20,000 girls in over 130 events in the last seven years. To this end, enrollment data was collected for six years, and from Fall 2013 to Fall 2019, The Beacom College has seen a 595% increase in women studying in our undergraduate cybersecurity programs, which consist of computer science, cyber operations, and network and security administration.


Friday September 25, 2020 9:00am - 9:50am MDT
Track 1

9:00am MDT

Workshop - Threat Hunting Using DNS
Every transaction on the Internet – good or bad – uses the Domain Name System (DNS). In this fast-paced, hands-on workshop, Farsight Security CEO Dr. Paul Vixie will teach the fundamental investigative techniques and methodology on how to use DNS to combat cyberattacks, from phishing to e-crime to nation-state attacks.

Get more details here: https://wildwesthackinfest.com/deadwood/threat-hunting-using-dns/

Speakers
avatar for Paul Vixie

Paul Vixie

 Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, Chief Executive Officer and Cofounder of award-winning Farsight Security, Inc. He was inducted into the Internet Hall of Fame in 2014 for work related to DNS.  Dr. Vixie is a prolific author of open source Internet... Read More →


Friday September 25, 2020 9:00am - 11:00am MDT

10:00am MDT

Jump-Oriented Programming Exploits with the JOP ROCKET
When exploited are developed from scratch, in a modern Windows system you often must use code-reuse attacks, Return-oriented Programming (ROP), as a means to overcome certain mitigations, such as Data Execution Prevention (DEP), to make it possible to execute shellcode; ROP is in a sense, a necessary evil to move forward. ROP is well established and requires the use of specialized tools, such as Mona, in order to discover ROP gadgets. However, another code-reuse attack paradigm is possible: Jump-Oriented Programming (JOP). While JOP is similar to ROP, but it is also very different in many significant ways. While ROP is well known and frequently used, most exploit developers have never heard of JOP, or have only passing familiarity. In some academic literature, there were claims that JOP had NEVER been done in the wild. That was false, it has been, but there were just a handful of times where it was known to have done so. What made JOP totally infeasible, to a large extent, was the fact that there was no dedicated tool to help facilitate JOP, unlike with ROP.  Moreover, the information on how to actually do JOP was extremely limited, with some academic journal articles providing scant, highly imited discussion. There was absolutely no practical information on how to actually do JOP in a Windows environment. All of these made it very challenging to do JOP.

All this changed in 2019, when Dr. Brizendine created and released the JOP ROCKET, providing a tool that makes JOP feasible, and providing guidance on how to use JOP in a Windows environment.

Make no mistake about it--JOP is an elite alternative to ROP, and it is not for the faint of heart. If you are looking to push and challenge yourself, then you owe it to yourself to learn about JOP. In this talk, we will first introduce code-reuse attacks, providing some background on both ROP as well as JOP. Then we will focus discussion on the new JOP ROCKET, an exploitation tool created right here in South Dakota. From there, we will get into the nitty-gritty of JOP exploit development in a Windows environment, walking people through the steps, explaining the various complex nuances and gotcha's (and there are many). This talk will also include a working JOP demo, which will provide a walk-through on how to do JOP with a sample exploit. We will even provide a special JOP exploit challenge for attendees that wish to try it on their own!

This talk is very empowering, as attendees will challenge themselves and learn about a new type of code-reuse attack that they have likely never encountered. Key takeaways are that they will be excited to go challenge themselves by trying to do JOP in an exploit, and they will be empowered because they have knowledge to start mastering one of the esoteric, dark arts of software exploitation. It truly is liberating to see with JOP and low-level exploitation, how we are limited only by our imagination, to rise up and do things we may have never dreamed possible.

Speakers
avatar for Dr. Bramwell Brizendine

Dr. Bramwell Brizendine

Dr. Bramwell Brizendine is an Assistant Professor of Computer & Cyber Sciences at Dakota State University. He is the Director of the Vulnerability and Offensive for Offensive and Novel Attacks (VERONA) Lab at DSU. Dr. Brizendine is a subject matter expert in software exploitation... Read More →
avatar for Austin Babcock

Austin Babcock

Austin Babcock is pursuing his Master's of Computer Science at Dakota State University. He specializes in software exploitation, enjoys hunting for vulnerabilities, and has begun to find some success with bug bounties. He has become skilled at utilizing JOP in exploits. Austin has... Read More →
avatar for Dr. Josh Stroschein

Dr. Josh Stroschein

Dr. Josh Stroschein is a subject matter expert in malware analysis, reverse engineering and software exploitation. He is the Director of Training for OISF, where he leads all training activity for the foundation and is also responsible for academic outreach and developing research... Read More →


Friday September 25, 2020 10:00am - 10:50am MDT
Track 2

10:00am MDT

You Don't Have to Be Crazy to Work Here
Cybersecurity professionals spend most of their day focused on the health and well-being of the environments in their care. However, the cost of reducing risk and keeping our networks safe often comes at the price of our professionals' mental health. Many InfoSec professionals burn out, suffer from anxiety and depression, and turn to unhealthy coping mechanisms, which further exacerbate underlying psychological and physical health issues.
This talk will alleviate the stigma around mental health and stress the importance of open and frank dialog about this serious issue impacting our community. I will share my journey, reverse engineer the stigma of mental health in business, and look at ways we can hack mental health in productive and meaningful ways.

Speakers
avatar for Douglas Brush

Douglas Brush

Douglas is an information security executive with over 26 years of entrepreneurship and professional technology experience. He is a globally recognized expert in the field of cyber security, incident response, digital forensics, and information governance. In addition to serving as... Read More →


Friday September 25, 2020 10:00am - 10:50am MDT
Track 1

11:00am MDT

Converting Blue Team expertise of customer networks into advanced host-based alerting
What happens when the dream of host event log aggregation is realized and you have to figure out what to do with ALL that data? Through solutions such as Splunk and the Elastic Stack, many blue teamers finally have access to millions/billions of windows event logs, Sysmon, endpoint protection logs, and other log types. Often the challenge of creating alerts off this data looks a lot like attempt to implement Sigma and hope you can alert on evil. This presentation will describe how to transform a blue team’s knowledge of a customer’s network into advanced signature creation. We will cover my experiences in tuning to a customer’s traffic and creating alerts on the negative space, simplify complex Sigma rules, future proof alerts against schema changes, and consider search performance at the same time. Additionally this presentation will show how to take events collected during Red Team engagements and build alerting that is specific to the customer environment that will pay dividends in the future.

Speakers
avatar for Stephen Spence

Stephen Spence

Stephen Spence is currently a Cybersecurity Analyst at DISA Defensive Operations Center - Europe.  He enjoys implementing creative solutions to improve detection and alerting. Before joining the team, he worked in most of the varied aspects of the cyber profession from vulnerability... Read More →


Friday September 25, 2020 11:00am - 11:50am MDT
Track 2

11:00am MDT

Emulating adversaries through attack chains
End-to-end adversary emulations take a significant time to plan and execute. Furthermore, the remediation of people, process, and strategic technology findings take even more time. What is the Red Team to do between these engagements? They can emulate adversary TTPs through Attack Chains!



Speakers
avatar for Jorge Orchilles

Jorge Orchilles

Jorge Orchilles is CTO of SCYTHE and lead of C2 Matrix project. He is a published author who holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science, respectively. Jorge led the offensive security team at Citi... Read More →


Friday September 25, 2020 11:00am - 11:50am MDT
Track 1

12:00pm MDT

Purple Teaming with Runbooks for PlexTrac
Everyone knows PlexTrac as “The Purple Teaming Platform,” and our support for purple engagements has been taken to the next level with the creation of Runbooks for PlexTrac.
Tune in to “Purple Teaming with Runbooks” for an engaging demo of the new module in action. See how Runbooks helps you rapidly plan Purple Team engagements through intuitive selection of Tactics, Techniques and Procedures. Witness the execution of that plan from both the red and blue perspective, to include in-platform data collection and evidence triage. Finally, see the data exported into our robust reporting system for effortless communication to stakeholders (blink and you’ll miss this last part!).,  
Plan, execute, and report with Runbooks for PlexTrac.


Friday September 25, 2020 12:00pm - 12:30pm MDT
Track 1

12:30pm MDT

When VLANs, Firewalls, & Cloud Security Groups Fail
Business, viewing IT as a competitive differentiator has demanded speed, efficiencies and enterprise environments that integrate easily into business processes. IT has delivered utilizing DevOPs/Cloud Models. Along with it has come risk, compliance concerns and IT management hassles. Traditional segmentation techniques like VLANs, Firewalls and Cloud Security Groups fail to provide visibility, automation and granular protection enough to be utilized. Micro-Segmentation, also known as Software-Defined Segmentation has risen to handle a broad spectrum of use cases and provide that much needed speed, granularity and automation necessary to succeed.

We will dive into the concept of software-defined segmentation and the challenges it brings about, along with outlining the essential components and steps that should be on your list when embarking on a segmentation project to guarantee an improved security posture.




Friday September 25, 2020 12:30pm - 1:00pm MDT
Track 1

1:00pm MDT

Haunted Security: Lessons learned in the stretching gallery
Security is a wild and scary ride for some, a place of comfort for others.  In this presentation, Kevin Johnson of Secure Ideas will discuss how the foundations of everything we do are critical to our success.  The talk will explore the ethics, the knowledge, the community, and the pitfalls in each of these areas.  Based on the portraits in the stretching gallery of the haunted mansion, many of the things we do are actually based on dangerous assumptions and actions.  Kevin will discuss the ways that we can strengthen our foundations and improve the things we do every day.

Speakers
avatar for Kevin Johnson

Kevin Johnson

Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions... Read More →


Friday September 25, 2020 1:00pm - 1:50pm MDT
Track 2

1:00pm MDT

The Secret Thoughts of a Successful Hacker
Exploring Impostor Syndrome and Pluralistic Ignorance in Pentesting
“What if they find out I’m not as smart as they think I am?”“If I can do it, anyone can do it.”
“I can’t pull this off?  Who am I kidding?”
“Lucky me, I was in the right place at the right time.”
Have you ever asked yourself these types of questions? Studies suggest that more than 70% of people experience the impostor syndrome phenomenon at some point in their career, no matter what field they are in. Impostor syndrome combined with pluralistic ignorance can be catastrophic. Pluralistic ignorance can be described as “no one believes, but everyone thinks that everyone else believes”. Together it can make you feel like you are constantly privately rejecting the norm, but publicly go along with it. You have mistakenly assumed everyone else accepts it because they are smarter/faster/better than you are.
This talk will help you identify those thought patterns that undermine your ability to feel as capable as others know you are and take ownership of your well deserved success.  Being proactive, asking the right questions, and once you know there is a problem, start working on the solution.

Speakers
avatar for Nadean Tanner

Nadean Tanner

When my 7 year old introduced me to his second grade class, he put it best: "My Mom teaches the good guys how to keep the bad guys out of their computers. She has a blue light saber."I have been in the technology industry for over 17 years in a variety of positions from marketing... Read More →


Friday September 25, 2020 1:00pm - 1:50pm MDT
Track 1

1:00pm MDT

Workshop - How to Sell Security to C-Levels
Given that “security” is such a vital component to an organization’s success, why do so many security leaders have trouble getting upper management to properly fund security projects? I find this tends to be a translation issue. You are trying to speak Dothraki to a bunch of Klingons. In this talk, I’ll discuss how to position security within your organization so that it’s perceived as business enablement rather than cost overhead.
Get more details here: https://wildwesthackinfest.com/deadwood/workshops/how-to-sell-security-to-c-levels/

Speakers

Friday September 25, 2020 1:00pm - 3:00pm MDT

2:00pm MDT

Developer Tools as Webapp Pentesting Trainer
Ever since “view source” in the earliest web browsers, it’s been easy to see exactly what’s going on in a webapp and in the browser. Every webapp you ever use has no choice but to give you the (client-side) source code! It’s almost like there’s no such thing as a “black box” webapp pentest if you think about it… We’ll look at the Developer Tools in the latest Firefox with a pentester’s eye. Inspect and change the DOM (Document Object Model), take screenshots, find and extract key bits of data, use the console to run Javascript in the site’s origin context, and even pause script execution in the debugger if things go too fast... Maybe we’ll convince you that you can realistically do a big chunk of a webapp pentest without ever leaving the browser.

Speakers

Friday September 25, 2020 2:00pm - 2:50pm MDT
Track 1

2:00pm MDT

Password cracking beyond 15 characters and under $500
Most of us understand that it is a good idea to tailor an attack to a password policy. That being said, most password policies are fairly homogeneous. Does a minimum eight characters and at least three of four categories for complexity sound familiar? The hashcat-herders among us have prepared well for this endeavor. Many have hoarded hundreds of gigabytes of dumped passwords from hacked sites using these exact kinds of policies. Which means, when the hashes get dumped, sometimes more than half of a domain can be cracked in a single day.

So… what if you have to crack passwords written under a different policy, like a paranoid 15 character minimum? Those gigabytes of dictionaries, full of shorter passwords, aren’t going to rockyou into domain admin anymore. It’s time to dive into the hashes with combinations of combinators, purple rain attacks, and word-level linguistically correct Markov chains.

Along with the techniques themselves, this presentation will include the real-world results of various cracking attacks against a ~6000 person domain, at a Fortune 500 with a mature security program. As well as some recommendations for policies that allow memorable passwords while actually making them difficult to crack.



Speakers
avatar for Travis Palmer

Travis Palmer

Travis Palmer is a Red Team Engineer at Intercontinental Exchange and a certified OSCP and OSCE. Most recently he has been a "surprise" backup speaker at DEFCON 27, DEFCON Red Team Village Staff, and a speaker at Wild West Hacking Fest and Cisco Offensive Summit. He is a fan (and... Read More →


Friday September 25, 2020 2:00pm - 2:50pm MDT
Track 2

2:00pm MDT

Competitive Backdoors & Breaches Tournament!
Play the Incident Response Card Game from Black Hills Information Security and Active Countermeasures in an all-new, fast paced way with Competitive Backdoors & Breaches. Though the game (card deck included in your swag bag) is originally designed to help you conduct tabletop exercises and learn about various attack tactics, tools, and methods you will now be assigned brackets and face off solo against fellow InfoSec professionals.

The tournament will take place between 6PM and 8PM MT on Thursday and on between 2PM and 4PM MT on Friday. Demos will be going on constantly during both days so you can learn the game beforehand. Only a limited number of people will be able to participate! Registration will be announced during the conference and brackets will be filled on a first come, first serve basis.

Friday September 25, 2020 2:00pm - 4:00pm MDT

3:00pm MDT

Entrepreneurial Adventures: Starting a (Cyber) Company
So you’re not crazy, you just want to start your own company. Which kinda takes a level of crazy. We’ll talk through what it takes to be an entrepreneur, different kinds of companies, the market, back-office administration, pricing and economics, and my experiences starting three companies.

Speakers
avatar for Bryson Bort

Bryson Bort

CEO, SCYTHE
Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity... Read More →


Friday September 25, 2020 3:00pm - 3:50pm MDT
Track 1

3:00pm MDT

Modern Red Team Weaponization
With offsec tooling migrating from PowerShell to C# these last few years, it's made it easier to leverage the .NET framework in a way that equips operators seamlessly on their red team operations; giving them time to really focus on what matters -- the engagement. Additionally, building tooling and payloads on the fly can leave behind forensic artifacts that contribute to early detections and a reduced dwell time, leading to frustrated operators and potentially burned infrastructure.
In an effort to seamlessly equip operators and reduce leaving breadcrumbs, this presentation will walk through methods for modern red team weaponization of offsec tooling. First we will step through the build process which will include automated builds, continuous integration/deployment, and C2 framework integration. Next, we will step through OPSEC considerations for payloads and tooling in an effort to reduce the breadcrumbs being left behind from assemblies. Finally, we will take a look at payload tradecraft for calling managed code (C# tooling) from unmanaged C++ (stub/launchers), low-level syscalls using C#, and code execution leveraging the Windows kernel.

Speakers
avatar for Mike Felch

Mike Felch

Mike is currently a Red Team R&D Engineer at CrowdStrike and prior Black Hills Information Security red teamer. He began his career in 1997 as a Linux administrator which eventually led to numerous offensive security and engineering roles with a focus on hardware/software security... Read More →


Friday September 25, 2020 3:00pm - 3:50pm MDT
Track 2

3:00pm MDT

Workshop - Intro to Git for Security Professionals
This workshop is to provide an overview and introduction
 to the version control system Git. This workshop will help provide an introduction to security professionals that may have no background in software development, that would like to start using their favorite open source tool, or even more, to find ways to contribute back.
Get more details here: https://wildwesthackinfest.com/deadwood/workshops/intro-to-git-for-security-professionals/

Speakers

Friday September 25, 2020 3:00pm - 5:00pm MDT

4:00pm MDT

Keynote - The Definition of Insanity
This talk is based on the famous saying, "The definition of insanity is doing the same thing over and over again, and expecting a different result". This is certainly true in information technology and cybersecurity. In this talk Marcus will discuss the past, present, and future of security failures.

Speakers
avatar for Marcus J. Carey

Marcus J. Carey

Marcus Carey is currently an Enterprise Architect at ReliaQuest. Marcus is renowned in the cybersecurity industry and has spent his more than 20-year career working in penetration testing, incident response, and digital forensics with federal agencies such as NSA, DC3, DIA, and DARPA... Read More →


Friday September 25, 2020 4:00pm - 4:50pm MDT
Track 1

5:00pm MDT

Closing Ceremony
Speakers
avatar for John Strand

John Strand

John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20... Read More →


Friday September 25, 2020 5:00pm - 5:30pm MDT
Track 1
 
  • Timezone
  • Filter By Date Wild West Hackin' Fest 2020 - Deadwood Sep 23 -25, 2020
  • Filter By Venue Deadwood, SD, USA
  • Filter By Type


Filter sessions
Apply filters to sessions.