Jared Haight, Microsoft
Keynote: Giving back to infosec: A beginners guide to being helpful
“The infosec community is driven by passionate people who give back through software, talks, teaching, etc. Its one of the things that makes our community a “”community””, but a lot of people don’t feel like they have anything to offer. Those that are new to the industry don’t feel like they know enough and veterans don’t think they have anything original to contribute.
In this feel good talk of the year, we’ll cover how everyone is an awesome and valuable human being who can help make our industry even better. We’ll go over how to contribute to Open Source Projects, how to submit to CFPs, how to help with cons, as well as other ways to help. We’ll also talk about the benefits of not being a sponge and how giving back can advance your career, help you make friends, make you more attractive, increase your APMs, and lead you true happiness.”
Jose Fernandez, CompSec Direct
Talk: Frony Fronius – Exploring Zigbee signals from Solar City
Solar equipment is becoming more readily used in homes and businesses due to cost savings, eco-friendly conservationism and current tax incentives. Companies like SolarCity use Power Inverters/Meters from 3rd parties in order to provide it’s services while making the solution affordable for customers. This research will focus on understanding the communication between the Inverter, Internet Gateway and web portal used to view electrical consumption of subscriber.
Brad Duncan, Palo Alto Networks – Unit 42
Keynote: Malware Distribution Trends
Criminals distribute malware using both wide-scale methods and targeted attacks. In this presentation, Brad discusses malware distribution trends noted during his day-to-day research as of January 2018. This talk examines three distribution methods: email, social media, and the web. This presentation contains several up-to-date examples of malware through mass-distribution including ransomware, information stealers, and cryptocurrency miners. Brad also covers a recent rise in tech support scams through popup browser windows with phone numbers to criminals posing as Microsoft support personnel.
Killan Ditch, Coalfire
Talk: Desist with Demanding Domain (aka, Stop Skipping the Strays)
Many penetration testers will hop into a network and single-mindedly chase Domain Administrator (DA) privileges. Having achieved that singular goal, some even call it quits and chalk up the test as a win. Various tools and strategies leveraging Active Directory, such as PowerShell Empire, BloodHound, and CrackMapExec, have emerged to assist and even automate the process of initial compromise through pivoting and privilege escalation. However, such tunnel vision on exploiting Windows Active Directory frequently leads to outright dismissal of the impact that the compromise of machines or accounts outside of a domain can have. This talk will explore assorted reasons why testers should consider stray non-member machines worth attacking and stop skipping them in the headlong pursuit of DA. Such consideration will include infrastructure hosts, rogue machines, and forgotten servers.
Esteban Rodriguez, Coalfire
Talk: Do more with less: Combining small findings to make a big impact
Talk: Insecure Obsolte and Trivial: The Real IOT
Over the last few years Hardware Hacking has become a much more prevalent testing and attack avenue, however it is often misunderstood. This talk is meant to give a basic understanding of Hardware Hacking techniques, tips and tricks. In addition to real world examples and demos using budget oriented software and hardware.
Pedro Ortiz, Evertec
Talk: Blue Team Journal
Throughout time we have had to defend ourselves somehow. Nowadays, all around the world, 24/7, there are groups of people trying to defend the computers and networks in different companies. This talk is just a peek of the situations that a computer/network defender has to deal with in a day to day basis.
Carlos Perez, Tenable Security
Keynote: Reinventing Self
Looks at the hacker mentality and how it sets those with it, the ability to reinvent themselves by applying the same TTPs to their environment .