***BEGIN THOTCON TRANSMISSION**********************************************
  _____     _   _      U  ___ u   _____      ____     U  ___ u   _   _     
 |_ " _|   |'| |'|      \/"_ \/  |_ " _|  U /"___|     \/"_ \/  | \ |"|    
   | |    /| |_| |\     | | | |    | |    \| | u       | | | | <|  \| |>   
  /| |\   U|  _  |u .-,_| |_| |   /| |\    | |/__  .-,_| |_| | U| |\  |u   
 u |_|U    |_| |_|   \_)-\___/   u |_|U     \____|  \_)-\___/   |_| \_|    
 _// \\_   //   \\        \\     _// \\_   _// \\        \\     ||   \\,-. 
(__) (__) (_") ("_)      (__)   (__) (__) (__)(__)      (__)    (_")  (_/  

*** SPEAKERS **************************************************************

Confirmed 0xB Speakers/Abstracts/Bios
Keynotes (50 Minute)
  • Renaud Deraison - "TBA"
    • Bio: Renaud Deraison is chief technology officer of Tenable. Prior to co-founding Tenable, Renaud redefined the vulnerability management market by authoring Nessus, the world's most widely deployed vulnerability scanner. Renaud continues to contribute to the global security community, including authoring several patents related to network scanning and security and publishing his work in a variety of respected books and magazines. In 2019, Renaud was recognized by SC Media as a Visionary of the Last 30 Years.
    • Abstract: TBA
  • Emmanuel Goldstein - "TBA"
    • Bio: Emmanuel Goldstein directs the organization 2600 Enterprises, Inc., publishes a magazine called 2600: The Hacker Quarterly (which has associated monthly meet-ups around the world), and hosts the hacker convention Hackers on Planet Earth (HOPE). In 1993, he testified before the United States House of Representatives Subcommittee on Telecommunications. He was questioned in relation to the content of 2600 as part of discussions concerning the Digital Telephony Bill; also known as the Communications Assistance for Law Enforcement Act. He is the host of both the weekly radio programs Off the Hook on WBAI-FM and Off the Wall on WUSB-FM. While Off the Hook often includes a panel of guests and is frequently centered on technological topics, Off the Wall is usually narrated by himself and has covered a wide range of topics. Off the Hook has been on the air since 1988. He directed the 2001 film Freedom Downtime, a documentary about the incarcerations of Kevin Mitnick and Bernie S that also examines alleged distortions in mainstream media coverage of Mitnick's case.
    • Abstract: TBA
  • Katie Nickles - "TBA"
    • Bio: Katie Nickels is a Principal Intelligence Analyst with Red Canary as well as a SANS Instructor for FOR578: Cyber Threat Intelligence. She has worked in network defense, incident response and cyber threat intelligence for over a decade, including in her prior role as the Threat Intelligence Lead for the MITRE ATT&CK team. Katie has shared her expertise with presentations at Black Hat, the FIRST CTI Symposium, SANS Summits and other events. She is also a Co-Chair of the SANS CTI Summit and the FIRST CTI Symposium. Katie serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM.
    • Abstract: TBA
  • Maddie Stone - "TBA"
    • Bio: Maddie Stone is a Security Researcher on Google Project Zero where she focuses on 0-days used in-the-wild. Previously, she was a reverse engineer and team lead on the Android Security team, focusing predominately on pre-installed and off-Google Play malware. She has also spent many years deep in the circuitry and firmware of embedded devices including 8051, ARM, C166, MIPS, PowerPC, BlackFin, the many flavors of Renesas, and more. Maddie has previously spoken at conferences including Blackhat USA, REcon, OffensiveCon, KasperskySAS, and more. She earned her Bachelors of Science, double majoring in Computer Science and Russian, and a Masters of Science in Computer Science from Johns Hopkins University.
    • Abstract: TBA
FULL Length (50 Minute)
  • Valentina Palmiotti - "Reverse Engineering for Persistence - How APTs find new hidden ways to hide on your systems, forever."
    • Abstract: Persistence is a technique used by threat actors to keep access to systems across reboots, credential changes, and other miscellaneous disruptions. Establishing persistence on a target system is a key goal for any APT group looking to conduct long term operations. It’s also a key goal for smaller stakes malware creators who target average users. When you suspect you are infected with malware, the first step is to find where it first gains execution when your system starts up. How can we make sure something unknown or malicious isn’t running every time our computer or device turns on? Can modern Antivirus or Endpoint Detection Software save us? In short, when it comes to APTs, probably not. This talk will discuss the approach APT groups take to find new hidden ways to silently persist on a system. It will discuss how popular endpoint persistence scanners fall short and how APTs evade them. I will walk through an example, tasking myself with finding a novel persistence technique on a machine running Windows. This will include demonstrating reverse engineering on a system binary to discover the technique. This talk is targeted at those interested in reverse engineering and operating systems. It's intended to give a big picture discussion on how to identify specific OS components for binary analysis and have success in finding something interesting.
    • Bio: Malware Researcher at The Vertex Project, former Vulnerability Researcher at Point3 Security. "Hacker" hobbyist, for research purposes only.
  • Olivia Stella - "Airplane Mode: Cybersecurity @ 30,000+ Feet"
    • Abstract: Imagine being in charge of a system where you own the product. You do not own the software and the hardware is proprietary. You need to coordinate with multiple vendors for any updates or modifications and you’re under strict government regulation. By the way, the product has a lifespan of 20 - 30 years. Welcome to the world of aviation cybersecurity, where safety and security live together. At a high level, this presentation will cover what is aviation cyber security, the unique challenges it represents and why the industry is captivating.
    • Bio: Olivia Stella is a cybersecurity analyst for American Airlines focusing on aviation cybersecurity, vulnerability management & pen testing.
  • Yashvier Kosaraju - "Zero Touch Container Security Automation"
    • Abstract: Deploying containers using Kubernetes has become the new defacto deployment standard most companies are turning towards. Developing with containers is very different from traditional development practices and so is securing these containers & deployments. Traditional approaches of security do not scale well with the high paced container world. Automation and CI-CD integrations are more effective ways of keeping your containers secure without slowing your developers At Twilio, we are deploying container security @ scale focussing on the 'shift left 'ideology, providing early feedback to developers via GitHub pull requests, feedback embedded in the build-system, slack messages etc. This includes Kubernetes policies, container image scanning in the pipeline and more. We are working on automating most of the process such as creation of PRs for updating the Dockerfiles to use the latest and secure versions of base images as they are released, tracking new vulnerabilities in already deployed containers. This allows us to move fast and work with the developers and not block them. In this talk I will walk you through the different checkpoints you can have in a container security workflow and our journey from manually scanning containers and creating vulnerability tickets to a completely automated 'bot run' workflow, including motivations (other than having to do less manual work), architecture, feedback loops, some fun stats, lessons learnt and future plans.
    • Bio: Yash manages the Product Security Team at Twilio.
  • Anxious Rabbit - "./senua -v | The SWIFTly Sneaky Reddit Command and Control"
    • Abstract: Command and control is an essential part of system compromise. The traditional methods are cool but let's change it up! Why not use Reddit for your command and control like other APTs? And why not pair that with a custom Mac Swift application to challenge the thought of "Macs are more secure"? This talk will show a deep dive into the Swift coding language and how the Senua application uses Swift and API calls to its advantage. This includes code examples and methods used to minimize artifacts to further hide the true intentions of the application.
    • Bio: Zach is a fan of modern coding languages and is a hobbiest researcher who likes granulated sugar on pancakes.
  • Rob Rehr && Derek Olson - "Scout's (dis)Honor: Using Government Hacking Tools to Win a Pinewood Derby"
    • Abstract: Every year, we compete as Team Cheetah in our office's Pinewood derby competition - always seeking new ways of racing within the grey area of the unwritten rules. In the past, we've maliciously modified our car to beat competitors, but this year we wanted to take things a step further. Using reverse engineering tools, we hacked a pinewood derby race timing system to understand how it worked and set out to exploit its functionality to win. This talk will cover how we reverse-engineered the firmware from the track's microcontroller using Ghidra, modified this firmware image to include new functionality, and then created a system that covertly made us the winner of every race we competed in. We'll cover the techniques we used, our method for winning, and even demonstrate why Team Cheetah is number one!
    • Bio0: Rob is a hardware hacker by day, design deliriant by night. Senior Electrical Engineer and prototyper at IDEO.
    • Bio1: Derek is a Senior Software Designer at IDEO. I aim to fuse art and design with software, sensors, wires, and solder.
  • Daniel "unicornFurnace" Crowley - "A Roadmap For Safer Cryptographic Code"
    • Abstract: The world keeps making the same decades-old cryptographic mistakes over and over again, from small one-person dev teams to software giants. While developers have mostly learned not to invent their own encryption algorithms, most of the mistakes being made have nothing to do with the choice of algorithm. By now, shouldn't we have figured out how to eliminate these problems? Why is it so hard to get it right? There's a series of problems that make it hard for developers (even security-conscious ones) to avoid even basic, well-known mistakes when writing cryptographic code. It's currently so hard that cryptographers' main advice to developers is to avoid touching cryptography at all. However, sometimes developers really do need to handle cryptography and when they do, they need more substantial guidance than "Just Say No To Cryptography". In this talk I will discuss a number of factors that make it hard for developers to write strong cryptographic code today and give a number of suggestions for what academics, educators, security practitioners, and library maintainers can do to make things better for the future.
    • Bio: Daniel directs research at X-Force Red, has been working in infosec since 2004, makes his own beer, and is a baron in Sealand.
  • Lodrina Cherne - "Stalkerware capabilities in the real world"
    • Abstract: Can using technology risk your personal safety? Tracking information can be shared with attackers and facilitate cyberstalking in multiple ways including key logging and screen sharing. Exploration of recent court cases and investigations will be shared and attendees will learn what resources can help individuals experiencing digital abuse at the hands of a technical adversary.
    • Bio: Lodrina Cherne is a Product Manager at Cybereason + a DFIR instructor at SANS. Ask her how to fight for people wrongly impacted by tech.
  • Joshua Jay Herman - "Tweetnet : A way to make fake tweets using GPT2"
    • Abstract: Here we will go over how to apply GPT-2 a generative text deep learning system to make fake tweets. We will go over how to individually target a specific person and also a pretrained model (tweetnet) that I have made that could be applied to make sock puppet accounts.We will go over data preparation and also deployment. Understanding of Attention based deep learning systems Python and tensorflow will be helpful.
    • Bio: Python developer at BOA . Machine learning enthusiast. Curious about distributed ledger technologies. Lover of beautiful code and data.
  • Ben Sadeghipour - "Owning the Cloud Through SSRF and PDF Generators"
    • Abstract: With how many apps are running in the cloud, hacking these instances becomes easier with a simple vulnerability due to an unsanitized user input. In this talk, we'll discuss a number of different methods that helped us exfil data from different applications using Server-Side Request Forgery (SSRF). Using these methods, we were able to hack some of the major transportation, hospitality, and social media companies and make $50,000 in rewards in 3 months.
    • Bio: Ben is the Head of Hacker Education at HackerOne by day, and a hacker by night.
TURBO Talks (25 Minute)
  • Nir Gaist - "Unstoppable Ransomware - Reality or Myth?"
    • Abstract: Remember WannaCry - the ransomware attack that two years ago infected Windows devices across 150 countries and resulted in an estimated damage of $4B?. What is often forgotten is that WannaCry was completely preventable. Microsoft had issued a patch two months prior to the attack. If you think WannaCry was bad, how about a technique that organizations do not have any protection from? This talk will cover a Windows evasion technique called “RIPlace” that, when used to maliciously alter files, bypasses most existing ransomware protection technologies. In fact, even Endpoint Detection and Response (EDR) products are blind to this technique, which means these operations will not be visible for future incident response and investigation purposes. The technique leverages an issue at the boundary between a Windows design flaw and improper error handling of an edge-case scenario by filter drivers of security products. While not a vulnerability per say, the technique is extremely easy for malicious actors to take advantage of with barely two lines of code. RIPlace abuses the way file rename operations are (mis)handled using a legacy Windows function. I will review existing ransomware detection methods, the workflow of a typical ransomware and provide a live demo of RIPlace bypassing a number of anti-ransomware technologies. Finally, I will share a ransomware testing tool we are releasing for the community to play with.
    • Bio: Nir Gaist started programming at age 6 and launched his pentesting company at age 9. Since then he's been teaching and tinkering with tech.
  • David Hetu - "Pricing and Mapping The Underground Economy: An Analysis of Contracts On The Biggest Online Hacking Forum"
    • Abstract: Hackforums is known as the script kiddie forum of hacking where most up and coming hackers drift to. Past investigations have shown however that many established hackers are still very much active on the platform and use it to transact illicit goods and services. This presentation builds on the contract section of the forum that has archives going back over 1 year. This contract section provides detailed information on the transactions that hackers have negotiated over Hackforums. Using tens of thousands of contracts scraped from Hackforums, we provide an analysis of the true cost of hacking tools and services, not those advertised publicly on the forum. We moreover conduct social network analysis of the actors involved in the transaction of illicit goods and services to identify key players and map the structure of the social organization of the illicit trades facilitated by Hackforums. This presentation will provide security professionals with new and solid evidence of the inner workings of the underground illicit economy as well as provide a new methodology to identify key players in hacker networks based on the best practices of the social network analysis field.
    • Bio: David Hetu has a Ph.D. in criminology. He has spent the last 10 years researching online crime and offenders and their social organization.
  • Allie Mellen - "Trust, but Verify: Maintaining Democracy In Spite of Информационные контрмеры"
    • Abstract: The presidential election isn't for a year, and yet as you read this, Russia is already disrupting democracy. When we talk about election security, most people think of hacking voting machines. But what about other cyber methods and means of disrupting an election? What can nation state threat actors do today, tomorrow, the day of the election, and after to sow chaos and erode our faith in democracy? In this session, we'll discuss how Russia has influenced our elections using cyberwarfare and how the US has fought back. We'll understand the natural asymmetry between how Russia and the US are able to respond, and how the US has changed its approach since 2016. By the end, we will be brainstorming all of the ways to disrupt an election that the US isn't prepared for. Get ready to put your nation state threat actor hat on and disrupt some elections - and maybe even earn some ириски-тянучки.
    • Bio: Allie has a B.S. in computer engineering and has held many engg roles over the past ten years. Now, she writes about security at Cybereason.
  • Patrick Sayler - "Automated Social Engineering for the Antisocial Engineer"
    • Abstract: Interactive voice response (IVR) technology, combined with cloud based services, results in a customizable robodialer to social engineer unsuspecting targets and immediately utilize results.
    • Bio: Patrick Sayler is a Senior Security Consultant at NetSPI, where he leads their phone-based and on-site social engineering services.
  • Jack Cable - "The Year of the Vulnerability Disclosure Policy"
    • Abstract: It's an exciting time for vulnerability disclosure. Over 800 companies now offer vulnerability disclosure policies (VDPs), and that number is increasing every day. With such policies, not only are hackers better protected in disclosing vulnerabilities, but the public can stay better informed about security practices across organizations. 2020 is proving to be a breakout year for vulnerability disclosure policies, which will soon to be present across every U.S. federal agency, the elections industry, and more. Yet with these advances comes an increased need to ensure such policies are effective and protect both organizations and hackers. As evidenced by past legal disputes, the process of building and abiding by a VDP is nontrivial. In this talk, learn about the history of the VDP, ongoing legal troubles, and best practices moving forward to ensure the efficacy of VDPs. Case studies of action by the United States and Netherlands governments demonstrate that VDPs can be implemented as a standard in order to increase public security. By structuring VDPs in the right way, such policies can be implemented to offer transparency critical to increasing public trust around security.
    • Bio: Jack Cable is a top bug bounty hunter and student at Stanford who advises places like the Pentagon and Stanford on vulnerability disclosure.
  • Soya Aoyama - "2020: A Local Hacking Odyssey - MITM attack against password manager"
    • Abstract: I have focused on attacks that vendors don't acknowledge as vulnerabilities, which occur after a computer has been compromised. I defined them as local hacking. And I could steal all the information I needed to sign in remotely from password manager.
    • Bio: Soya Aoyama is researcher at Fujitsu, and organizer of BSidesTokyo. Soya gave presentation in BSidesLV, GrrCON, DerbyCon and more in past.
  • Siddharth Coontoor - "Where's my dough?! A look at web skimming attacks on e-commerce websites"
    • Abstract: We've all heard of credit card skimmers installed at ATMs and gas stations that steal credit cards from oblivious customers but what happens when attackers target online commerce websites? In this talk, we shall explore an always persistent threat to e-commerce websites known as web skimming. More and more e-commerce websites (British Airways, Newegg, Macy's, etc) have been compromised by web skimming attacks which resulted in attackers successfully stealing millions of credit cards by leveraging a variety of innovative attack vectors from phishing campaigns to injecting scripts through compromised domains. We shall take a look at several such attacks and web skimmer tools like Magecart's Inter and Pipka, and discuss security best practices for hardening e-com sites and protecting your shoppers and your reputation.
    • Bio: An application security enthusiast that thrives in the "clouds". A clumsy coder by nature who loves securing softwares.
  • Xena Olsen - "Adversary Detection Pipelines: Finally Making Your Threat Intel Useful"
    • Abstract: Security teams often feel like they're in a losing battle with threat intel. They don't know how to make threat intel useful or operationalize it within their organizations, especially if there isn't a dedicated full-time team. In this talk, we'll help you extract more value out of your threat intel program, giving you an easy win to level up not just your team, but the other teams in your security department. First, we'll explore why true attribution is so hard, from false flag operations and proxy attackers to obtaining all the forensic data you would need and even possible coordination with law enforcement or government agencies to perform true attribution. We'll discuss TTPs and how they're a lower-cost way of tracking threat activity groups for most organizations. Then we'll introduce Adversary Detection Pipelines, how they can add value through prioritizing defensive and offensive activities as well as a discussion on the practical implementation of them in any organization. Finally, we'll conclude by looking at case studies of how purple teams can leverage Adversary Detection Pipelines to enhance their operations and encourage an intelligence driven security program.
    • Bio: SANS Women's Academy graduate, 6 GIAC certifications, MBA IT Management, and D.Sc. Cybersecurity student at Marymount University.
  • Eric Michaud - "Grey Skills"
    • Abstract: Your physec kit may be lacking. A quick look at a variety of tools from the basic to the sophisticated 0day still present physical penetration from 30 years ago.
    • Bio: Eric is an expert in physical and cyber security with over 15 years experience. He has spoken numerous conferences around the world, and his skill at opening impossible-to-pick locks earned him a place in locksport history with the "Michaud Attack." He co-founded and served on the Board of Directors for The Open Organisation of Lockpickers and is referenced widely in academic papers, talks and books including Open In Thirty Seconds, and No Tech Hacking. He was a computer and physical security analyst at Argonne National Laboratory, where he worked on Nuclear Security, counter proliferation tools development, and voting machine security. Eric worked as the Director of Hardware Curation at ExploitHub, and was recently the Founder of Rift Recon and August Security. Eric has an abiding love for projects at the intersection of art and technology, and is a long-time collaborator with the Cacophony Society and Austrian avant-garde art group Monochrom.
  • EvilMog - "From Print Spooler to Silver Ticket"
    • Abstract: Traditionally machine account NTLM challenge responses were considered useless, learn how pentesters leverage machine accounts to take over your environment. Print Spoolers, Exchange Servers, NTLMv1 Reversing and other techniques are reviewed to level up your pentest game. As a defender learn how to defend against these devastating attacks.
    • Bio: EvilMog is a Bishop Of the Church of Wifi, Member of Team Hashcat, Multiple Black Badge Holder and General Shenanigator for X-Force Red
  • Steve O'Reilly - "From Zero to Near-Hero: How I conquered 1980's Nintendo technology to capture a THOTCON Gold Badge"
    • Abstract: In 2017, THOTCON 0x8 held a Tool Assisted Speedrun (TAS) contest. Entrants submitted a video of a Nintendo Entertainment System (NES) game edited with the FCEUX application, an open-source NES and Family Computer Disk System emulator. FCEUX's TAS Editor enables the execution of a game's button presses with extreme precision.  This allows a player to optimize the game sprite's speed, action and timing with a goal of completing the game as quickly as possible. In essence, a TAS video is animation with a console game as the medium. The TAS contest presented an opportunity to learn the FCEUX application and then demonstrate creativity in producing a video that would be judged on style and performance as opposed to speed. Prior to entering, I had never heard of TAS videos and my gaming experience was limited to casual play at best. I also had no experience in editing Read Only Memory (ROM) of NES games.  But my passion for learning how things work and getting stuff for free compelled me to take up the challenge. This turbo talk will summarize how I approached the contest's scope and then created the winning entry (https://www.youtube.com/watch?v=GXmfqpXwkeY). I will also present the various applications and resources used in customizing the THOTCON themed ROM.
    • Bio: Technical Editor, Offensive Security, LLC., former FBI Special Agent and USMC infantry officer. Bug bounty researcher for Synack Red Team.
  • Shamrock Hoax - "Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes"
    • Abstract: Doppelpaymer ransomware programmatically leverages ProcessHacker's kernel driver to kill Windows services that are protected by Microsoft's Protected Process Light (PPL). This talk will discuss the methods used to drop Processhacker on a system, launch and hijack the process, take control of its driver loading process, bypass Processhacker's safeguards that prevent anonymous communication with the driver, and the specific IOCTLs leveraged to kill the target protected processes. Ransomware typically needs to kill specific Windows services (databases, for example) in order to release locked files. If the Windows service is protected by PPL, then killing the process from userland becomes difficult. This technique sidesteps PPL by abusing a legitimate tool to kill the target processes and allows the ransomware to encrypt files in-use by the service. It also opens the door for abusing other legitimate tools that typically require user interaction to function.
    • Bio: Shamrock Hoax is a nerd who enjoys writing, exploit dev, RE, math, and billiards.
  • Jesson Soto - "Abusing WebViews to steal all the files"
    • Abstract: Let's explore the world of Android WebViews through two popular applications - an Android email client and an advertising platform. Through these case studies, we will learn how insecure WebViews provided remote attackers and advertisers access to user's external storage..
    • Bio: Jesson is a security consultant at Carve Systems, where he hacks everything from mobile applications to embedded devices and more.
  • Yuliana Bellini - "Kings of an underground empire- Inside of re-shipping operation"
    • Abstract: Inside a typical re-shipping operation that converts stolen credit cards into resellable merchandise, there is much more than meets the eye. We will take a journey inside several major re-shipping operations to see how the crime is enabled, where the goods and money flow, and much more. We will do a case study of one of the kingpins of re-shipping, his connections, power, influences, and gains. Also, we will lift a veil of major operations and how simple it is to find the criminals and their mules.
    • Bio: As a Dark Web expert, Yuliana deals with the most notorious cyber criminals using her technical and psychological skills.
  • DNS Princess - "Photo vault apps for your private pictures don't work."
    • Abstract: Vault apps claim to protect your private photos from spying eyes and hackers. These apps will remove photos from your phone's gallery and store them in a secure place with optional features such as using passcodes or obfuscated fake apps. This talk breaks down where and how those pictures are stored as well as security concerns these apps present.
    • Bio: alissa = ["PhD student", "Anti-Fraud SOC Manager", "Dog Mom", "Researcher", "Boilermaker", "Forensics Instructor", "Teaching Assistant"]
  • Karin Childress Wiley - "New path to Cyber"
    • Abstract: The word "apprenticeship" is in the national zeitgeist for a reason. The combination of a Presidential Executive Order, government support, and business leaders' recognition that paid, standardized training programs cultivate expert talent has led to increased apprenticeship programs across the country. The presentation will specifically show how industries such as transportation and cybersecurity are moving forward and succeeding in helping new candidates enter their occupations using apprenticeships as a foothold. However, more must be done to reach populations that could benefit the most from this earn-and-learn model. Currently, apprenticeships play a small role in the job training process for the U.S. population, especially outside the skills trade occupations. By leveraging apprenticeship as a method to accelerate education, credentialing, and ultimate employment, the industry will create new and cost- effective avenues toward bridging the workforce gap for a much broader population of young Americans. Proliferating faster than any other labor sector, cybersecurity jobs are expected to have a 37% growth rate between 2018 and 2022, with millions of job openings. Recognizing the increasingly significant role of this sector in protecting national security, it is time for employers to look to the innovative solution of apprenticeship to curb this substantial workforce shortage Using FASTPORT's perspective as a contracted Apprenticeship Industry Intermediary for the U.S. Department of Labor and in tandem is Purdue University's Cybersecurity Program (P-CAP), this presentation will help businesses in the cybersecurity sector to understand how to start or enhance apprenticeship programs as a method to recruit, train, and employ the next generation of cybersecurity talent.
    • Bio: Karin spends her working hours thinking about new/better/old-made-new ways to bring people into tech - especially Veterans.
  • Jimi Sebree - "Automated Dylib Hijacking"
    • Abstract: Applications on macOS use a common and flawed method of loading dynamic libraries (dylib), which leaves them vulnerable to a post-exploitation technique known as dylib hijacking. Dylib hijacking is a technique used to exploit this flawed loading method in order to achieve privilege escalation, persistence, or the ability to run arbitrary code. This talk provides an overview of the attack vector and the process involved in exploiting vulnerable applications. Additionally, the process of automating the exploitation of vulnerable applications will be demonstrated and discussed in depth.
    • Bio: Jimi Sebree is a principal research engineer on Tenable's Zero Day Research team.
  • Shannon Fritz - "Is that a PickleNIC in your Pocket or are you just Cap'n Password Hashes?"
    • Abstract: When a device is set to automatically connect to wifi it may actually be exposing themselves AND the networks to attack, but what you can do about it? The PickleNIC is a combination of custom hardware and software that was built to automate the collection and cracking of WPA2 Password Hashes. Hear the story about my daily commute with a raspberry pi that collects thousands of hashes using hcxtools and then automatically submits them to hashtopolis for distributed cracking. We'll cover how the PickleNIC works and how it was built in order to help expose the risks in a fun way that (hopefully) encourages better security practices by my friends and strangers. You too can have a pickle in your pocket, in your bag, or in your car, and you'll get all the information you need to make your very own PickleNIC today. This is going to be fun!
    • Bio: Shannon Fritz spends most of his time working with customers on improving device security, management and provisioning processes.
  • Nick Roy - "OSINT and the Hermit Kingdom. Leveraging online sources to learn more about the worlds most secret nation"
    • Abstract: OSINT tools provide security analysts with a powerful set of tools and data that can be leveraged to discover accounts, infrastructure, and long forgotten services that are still running. Using these sources we can research specific companies or users, find easy targets for bug bounties, and begin reconnaissance efforts against our own systems. Learn more about different techniques to gather information while examining North Korea's public facing infrastructure and their state sponsored operating system.
    • Bio: Nick Roy is currently a Senior Security Specialist at Splunk focusing on security automation.
Track X - Mini Workshops (120 Minute)
  • Jay Margalus && Rudy Ristich - "Hacking the Thotcon 0xB Badge"
    • Abstract: In this workshop, attendees will learn the ins and outs of the THOTCON 0xA board. We'll cover the board's layout, components, and (some of the) code on the badge. We'll also teach you how to hack the badge to make a small toy. There will be no badge puzzle spoilers revealed in this workshop, though you may learn some interesting skills to help you overcome challenges. Bring your own laptops, cables, badges, etc.
    • Bio0: Jay is the Faculty Director of DePaul University's makerspace network. He is an industrial-game designer.
    • Bio1: Rudy is the Vice President at Workshop 88
  • David Pearson && Eric Poynton - "Aye Aye IoT: Wrangling and Defending Against the Risks of Unmanaged Devices"
    • Abstract: By 2020 it's estimated the number of unmanaged devices will bypass the number of managed devices within a typical organization. These unmanaged devices don't have typical policies or endpoint controls which makes it extremely difficult to understand how they communicate with the network. This lack of visibility makes it virtually impossible to understand what an organization's true threat landscape is. This workshop is the culmination of more than a year of research into identifying unmanaged devices using behavioral cues fundamental to how IoT devices function. This method can be used to understand risks associated with unmanaged IoT devices, including: Has this device provided an entry point into your organization that either completely or partially bypasses your defenses? Do they connect/talk to official resources? Are they trying to? Are these systems participating in any attacks that could affect the reputation of your organization? Ahead of Black Hat 2019, Microsoft released a report on Russia's APT28 using IoT devices as gateways into the network, which highlights that not all environments are segmented the way you'd expect. This workshop will include a demo of an instance from Awake's third-party testing efforts that model this scenario (and more) perfectly.
    • Bio0: David Pearson is the Head of Threat Research at Awake Security. He conducts R&D on methodologies to make SOC teams more accurate & efficient
    • Bio1: Eric Poynton is Lead Threat Hunter at Awake Security. He successfully discovers and investigates compromised devices in enterprise networks.
  • Dr. Amit Elazari - "Security Policy and Regulation Trends for Security Researchers"
    • Abstract: Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Internet of Things Security and Coordinated Vulnerability Disclosure (CVD) and more are among the most active and developing areas of security regulation around the world. This talk would introduce the audience to the variety and influx of legal and regulatory concepts and proposals shaping the future of security focusing on recent trends. Highlights will include coordinated vulnerability disclosure, frameworks for secure development, supply chain transparency, researchers' collaboration, IoT Security, anti-hacking laws, and more. We will also talk about bug bounties and vulnerability disclosure, industry best practices in this area and recent trends, and how they may impact the security research ecosystem as a key stakeholder in this environment.
    • Bio: Dr. Amit Elazari is Director, Global Security Policy at Intel Corporation and a Lecturer at UC Berkeley's School of Information Master in Information and Cybersecurity. She holds a Doctoral Law Degree (JSD) from UC Berkeley School of Law, a world leading institution for law and technology, and graduated summa cum laude three prior degrees. Her research in information security law and policy has appeared in leading technology law journals, presented at conferences such as Black Hat, RSA, USENIX Enigma, USENIX Security, BsidesLV, BsidesSF and DEF CON, and featured at leading news sites such as The Wall Street Journal, The Washington Post and the New York Times. In 2018, she received a Center for Long Term Cybersecurity grant for her work on private ordering regulating information security, exploring legal safe harbors for security researchers. She practiced law in Israel.
  • John Bambenek - "The War Over Your DNS Queries and What to Do About It"
    • Abstract: Recently, with the advent of DNS-over-HTTPS, tech companies like Google and Cloudflare have been locked in a battle with ISPs like Comcast and others about who should be able to see DNS queries and monitor user behavior. The reality is, the fight isn’t about privacy but about which set of big companies get to be the sole recipient of your private information. The solution isn't to let one side or the other have your data, it's to run your own resolver. This talk will discuss DNS and why For-Profit Intelligence Agencies (like Google and Comcast) can get with your information. Additionally, how to run your own DNS resolver will be discussed with a focus of how to do that at home and in small organizations without budgets. Lastly, discussion of how to secure DNS queries from malicious activity with a Pi-Hole and Response Policy Zones will be demonstrated so not only consumers take control of their DNS usage, but they can also use DNS to block phishing, ad tracking, and other malicious activity directed at themselves, their families, and their organizations.
    • Bio: John Bambenek is VP of Security Research and Intelligence at ThreatSTOP, President of Bambenek Consulting LTD.
***END THOTCON TRANSMISSION************************************************



Main Menu:
1. Home 2. About
3. Call For Papers 4. Call for Villages
5. Contests 6. Speakers
7. Schedule 8. Venue
9. Registration A. Sponsors
B. Contact C. Links
D. Archive E. Exit
Select: _

© 2009-2021 THOTCON Infinity NFP