BSidesDFW 2021

A chinese dragon

Villages / Speaker Bios

Confessions of a Shitty SysAdmin

It's a common belief that SysAdmins make great Infosec professionals. Many believe this is due to their wide knowledge of software and technologies. In reality, it's because THEY KNOW WHERE THE DEAD BODIES ARE!

That's right. Learn from the mistakes of real sysadmins. Witness and learn the mistakes of current and former Systems Admins so this doesn't happen to you!

@R41nM4kr
Andy Thompson is part of the CyberArk research labs doing ongoing research into offensive technology and information security trends.

He spent his "time in the trenches" as a senior systems admin, security engineer, architect, and advisor.

Andy is also a "travel hacker" and travels all over the world with his family, all on a tiny budget.

Protecting the penguin! Linux security as amour!

In this talk, the speaker will go thru securing a linux system. This talk will start where all good security should start - at the beginning!

The talk will describe the how to develop good security posture.
Does the selection of an linux distribution matter? Yes, actually it does!
We'll look at the security controls and how they need to be applied to the development of a server.
We then look at the tools to build boxes - namely by establishing a vm environment on which to develop linux servers and the scripts / techniques to secure them.
We then use this tool to build boxes. Dealing with the box after the build is like traveling to Mars, once you get there, take a picture of your feet! Take your favorite control checking software (OSCAP?) then get a good measurement on your vulnerabilities.
Then the fun really begins - what to configure first, what to throw out, and what to add to it.
We then talk about ownership - how do you keep up your investment.

@001bordam
Madrob is a 20 year veteran of all things infosec with regards to linux and solaris systems. In this time, John has been hacked, smacked, fired, and spent a lovely morning discussing the finer points of system hacking with our favorite three letter agency.

Information Applications of Lessons Learned from the Weapons from the Stone, Bronze, & Iron Ages

Human history is often broken into epochs defined by what we were able to accomplish. Our accomplishments have been both limited by and enabled by the tools we have available. These tools are given aspects and features by the materials they are made of. This area of study is so important we have devoted an entire field of research to learning and developing new applications of matter. We call this field material science. Lessons from the accomplishments of humankind of the past can be applied to the present and be used to peer into the future. Similarly, the principles gleaned from history may have applications in the modern day defenses.

@jacenrkohler
Jacen Kohler received his BS in Computer Engineering from the University of North Texas. While studying there, he was president of the student cybersecurity club and led a capstone senior design team doing research for NASA to develop an IP addressing scheme for high ping networks of spacecraft. After graduating, Jacen went to work for a large investment bank, running their global social engineering program and supervising approvals of all new applications with data leaving the banks network. He is currently working at a big four consulting firm where he helps clients from a variety of industry verticals to implement cyber and information security programs such as threat & vulnerability management programs, security communication plans, and customer data encryption programs.
jacenrkohler.net

PowerShell's Return to Power

Over the past few years, we saw the rise of popularity of offensive C# over PowerShell. This sparked a plethora of new OffSec focused C# tools and executables bypassing the watchful eye of the security community. However, this shift of focus has allowed attackers to garner new techniques on how to bypass and defeat the organic controls that Microsoft has put into place to protect the scripting application. We believe that PowerShell exploits and attack methods are still alive and well. With PowerShell still being deployed on every machine by default, there is still a massive security hole for your organization that could allow an attacker to navigate your environment without ever needing to place an executable "on disk".

Dahvid Schloss
Dahvid is a Manager and Lead in the Offensive Security service offering within Echelon. With over 10 years of cyber-attack and defense experience, Dahvid has previously worked as a Red Team Operator with a Big Four firm, served in the military, leading, conducting, and advising on special operations offensive cyber operations, and has developed an extensive framework in PowerShell. His background in cybersecurity includes logical, social, and physical exploitation as well as incident response and system/network device hardening.

Can Cryptocurrency Replace the US Dollar?

Cryptocurrency has the potential to revolutionize world finance and world politics. As a currency, however, crypto still has a lot to prove. Good money has three requirements: reliable medium of exchange, meaningful unit of account, and stable store of value. Computer coders and digital revolutionaries have only just begun. A key milestone will be whether cryptocurrency can replace the US Dollar as the world's reserve currency - a pillar of international relations since World War II. That is unlikely in the near term, but over the horizon, anything is possible.

This talk offers a framework for understanding cryptocurrency's past, present, and future. It details the security challenges associated with cryptocurrency investment, dissecting numerous vulnerabilities and mitigations. It examines why the economic potential of cryptocurrency is intimately tied to its political impact. Investors, from citizen to nation-state, must weigh the benefits and risks of cryptocurrency on tactical and strategic scales.

@KennethGeers
Dr. Kenneth Geers is an External Communications Analyst at Very Good Security. He is an Atlantic Council Cyber Statecraft Initiative Senior Fellow, a NATO Cooperative Cyber Defence Centre of Excellence Ambassador, and a Digital Society Institute-Berlin Affiliate. Kenneth served for twenty years in the US Government: in the Army, National Security Agency (NSA), Naval Criminal Investigative Service (NCIS), and NATO. He is the author of "Strategic Cyber Security", editor of "Cyber War in Perspective" and "The Virtual Battlefield", and technical expert to the "Tallinn Manual".
Citations

First Contact with Container Security

In the cloud companies are transitioning to the use of microservices at a rapid pace. While this model decreases time to market, it also increases supply chain security risk and lowers visibility. According to the Cloud Native Computing Foundation, 92% of companies surveyed are using containers in their production environments. It seems that when it comes to transitioning part of your cloud ecosystem, resistance is futile.

Your containers are likely hosting applications that deliver content to customers. Meaning that your container runtime is exposed to the internet. As modern runtime environments are complex, they present multiple attack vectors. Even the best security is not a guarantee against an attack.

Join Ell Marquez to discuss how we can mount our last line of defence when the Enterprise is breached, keeping our crew (assets) from being assimilated.
@Ell_o_Punk
ellopunk.com

The Cognitive Stairways of Analysis

You might hear this term all the time. What does it really mean? How do you analyze data? Unfortunately, this is something I had to sort out on my own when I landed my first info sec job as a cyber security analyst intern. I have learned a lot since that day, but I still feel there is a huge gap in training when it comes to analysis.

This presentation will focus on six of the analytic models I found during my research and the key takeaways I used to create my own process. Next, I will introduce my new analysis framework the Cognitive Stairway of Analysis. Currently, there are three Stairways and I will guide audience members step by step through each one. Finally, I will apply the first Stairway to a cyber threat intelligence example. I created this framework as well as this presentation to help newer analysts in the field, but I hope the presentation can be equally exciting to seasoned analysts. So, if you fall into one of these categories or are just a huge analytics nerd like myself, please join me in this presentation. You will not be disappointed.

@threathuntergrl
Nicole Hoffman is currently serving as an Intelligence Analyst at GroupSense, a digital risk protection company delivering customer-specific intelligence. She recently created the analytic framework the Cognitive Stairways of Analysis. Nicole has her Bachelor's in Information Technology with a minor in Cyber Security and is Security+ certified.

While pursuing a degree in the medical field, Nicole became the unofficial helpdesk for many of her professors and decided to pivot into a career in technology. While struggling to break into infosec, Nicole worked as a financial fraud analyst and fell in love with threat hunting and behavioral analytics. Her diverse background has made her the well-rounded analyst she is today.

Nicole has a passion for helping those starting out in the field and gives back to the community through her blog as well as her various speaking engagements. She hopes to inspire and educate others by sharing her own experiences as well as the results of her in depth research. Nicole recently moved to Texas with her family and spends a lot of free time exploring. When she is not exploring, she enjoys reading comic books, playing video games, and watching as many medical dramas as possible.
threathuntergirl.com

Automated Triage Collection at Scale in the AWS Cloud

During a cybersecurity incident, answers are needed quickly. This generally starts with an incident responder performing a triage collection to pull back targeted host-based artifacts for analysis. Manual workflows to perform this triage collection are not only time consuming but also prone to human error and inefficient. This talk will discuss an event-driven workflow to perform these triage collections at scale in the AWS cloud. It leverages AWS Systems Manager (SSM) to perform triage collections from Windows and Linux EC2 instances and can accommodate EC2-backed containers as well. This solution is easily customizable and will output triage collection packages to S3 that can be tailored to fit a company's IR standard operating procedures.

@tracer_tick
Ryan Tick is Manager for KPMG based out of Dallas, where he helps clients in the areas of DFIR and cloud IR automation in AWS. Prior to KPMG, he was a senior cloud engineer for Goldman Sachs, responsible for securing their footprint in the AWS cloud. Ryan previously presented at a variety of conferences, including AWS re:Invent and fwd:cloudsec. He is 4x SANS certified and 5x AWS certified.
linkedin.com/in/ryan-tick

Target Acquired

In information security, we love to refer to terms like OPSEC, OSINT and Social Engineering. We need to go deeper into the human intelligence and counterintelligence disciplines to really identify the tradecraft and techniques used to target organizations for access to critical systems. Nations states have always targeting employees with placement and access, now we are seeing Ransomware gangs doing the same.

@cr00ster
linkedin.com/in/christopher-russell

Credential Compromise: Well what Now?

An offensive and defensive look at user credential compromise. What an adversary hopes for and a defender prepares for.

@naterang
Nate ia a former sysadmin and Blue Teamer who turned to the Red Team "Dark Side". Nate currently leads a Red Team and lives in Dallas, Tx. When not identifying new attack paths, Nate can be seen having a beer in his garage or trotting his dog.

Hack Your Dog: Dog Training, Communication When There is No Common Language, And applications in Cyber/Information Security

Training your dog to be an upstanding model citizen in human society is a challenge. Not only do dogs not speak English, they don't comprehend any human language and we are just as incapable of speaking theirs.

So who do you get your dog to behave and do what you want them to do?

The same way we have to communicate what we want clients/customers/employees to do in cyber and information security. We break things down to bite size chunks and start simple. Start small and aim for continuous growth and improvement. Reward and praise often to help build habits. Shaping behavior to become automatic.

This talk will have lots of puppy pics (mostly mine)

@jacenrkohler
Jacen Kohler received his BS in Computer Engineering from the University of North Texas. While studying there, he was president of the student cybersecurity club and led a capstone senior design team doing research for NASA to develop an IP addressing scheme for high ping networks of spacecraft. After graduating, Jacen went to work for a large investment bank, running their global social engineering program and supervising approvals of all new applications with data leaving the banks network. He is currently working at a big four consulting firm where he helps clients from a variety of industry verticals to implement cyber and information security programs such as threat & vulnerability management programs, security communication plans, and customer data encryption programs.
jacenrkohler.net

Hashcat and Survivorship Bias: Cracking uncommon passwords

An easy trap to fall into when cracking passwords is to model off what has already been found. While this will generally yield some success, it ignores those that do not follow the pattern. Applying models based on Survivorship Bias can improve discovery of complex passwords that would otherwise remain uncracked.

@rhodejo
Jon Rhodes is currently employed as Principal Adversarial Engineer at Truist. He specializes in cloud and webapp pentesting and is a member of the Synack Red Team. In his free time, he enjoys spending time with his family, swimming, and gaming.
linkedin.com/in/rhodejo/

Just Because It's Crazy Doesn't Make It Wrong - Bringing Your Hacker POV to the Election Hack Discourse

I work in IT. When family and friends have questions about anything remotely related to tech, they ask me. So when the election happened, it wasn't even over yet and I was inundated with questions about election hacking! Was it possible? How bad was it? How can we prove it?

@CrazyOldWoman3
Rhonda is an IT and Web grease monkey who can be found on twitter at @technodallas. Her election fan girl twitter is at @CrazyOldWoman3. BIG fan of open source, which may be why her latest passion is finding the best Texas weeds to plant in her yard.

HTTP and De-Sync Attacks

Whether you are a network defender, web application pentester, or total noob, this presentation will teach you something. From the history of the protocol to pipelining and HTTP Request Smuggling, we'll see how HTTP works and how it can be broken. In addition to a deep dive into HTTP De-Synchronization attacks popularized by James Kettle (@albinowax) in 2019, you will see demonstrations of two attacks. Attend this presentation and walk away with a deeper understanding of the HTTP protocol, how web requests are processed, and novel HTTP attack techniques.

@nopantrootdance
Cary is an offensive security engineer working for a Fortune 500 institution. He is a combat veteran and graduate of the United States Military Academy at West Point. He utilized his degree leading teams within the Army Engineer Corps and Cyber Command. His certifications include CISSP, OSCE, OSCP, and OSWE.
hooperlabs.xyz

Code of Conduct (CoC)

A chinese lion statue

Behave yourselves!

Security BSides Dallas - Fort Worth was founded to facilitate the exchange of information and the development of relationships. We welcome and encourage the expression and debate of ideas. We also recognize that we do not have to agree in order to listen to, and/or understand, a given point of view. However, there is a language and a behaviour that is appropriate and expected in achieving that discourse.

Harassment and/or abusive behaviour will not be tolerated.
Any participant that experiences and/or witnesses inappropriate behaviour is expected to report said behaviour to event staff.
Any participant that experiences and/or witnesses inappropriate behaviour is encouraged to ask the offending individual to stop.
Any participant asked to stop a behaviour is expected to comply immediately.

Event organizers reserve the right to respond to observed and/or reported behaviour in a manner deemed appropriate, including but not limited to expulsion without refund and referral to the relevant authorities.

It is our goal to ensure that the event is welcoming, enjoyable, and safe for all participants.
Be exemplary for each other. See something, say something.