This information is from a previous year. Please visit shellcon.io for up to date information.

Talks

All times are in Pacific Daylight Time (UTC-0700).

  • Track: Main Channel: Friday 10/09 @ 1030-1125 PDT

Thinking about what traces are left when activities occur on a Windows system? Think past the operating system itself! Everything that occurs within the Windows operating system must cross RAM, making it the vessel of an abundant amount of residual data from user activities. Decrypted versions of encrypted data, internet activity, user communication, network information, evidence of program execution, passwords and encryption keys, and more! Much of this data will only be found in memory, leaving no traces behind on the associated endpoint. This lecture will discuss the intricacies of Windows memory, how data gets stored in RAM, and delve into examples of the type of data you can piece together! There’s so much data to find in memory alone, come have a look!

Read More

Tarah Melton, GCFA, GREM, is a digital forensics examiner with a background in the Federal Government, supporting customers focused on counterterrorism, cyber defense, and incident response. Her responsibilities included forensic lab management and conducting digital forensic investigations in both the US as well as overseas, completing two deployments to Afghanistan....

Read More

twitter @melton_tarah
  • Track: Main Channel: Friday 10/09 @ 1130-1155 PDT

houdinID is a mobile application for physical pentesters to help them identify and strategize attacks against locks encountered in the field. Its dynamic quiz feature facilitates quick lock identification; photos of keyways can be matched with known keyways and key blanks; and its database, which provides information and attack advice on each lock, draws on research from the community of locksport enthusiasts and lock researchers. Moreover, this tool provides a security ranking for each lock that takes into account attacks not considered by current lock rating standards. Learn about lock identification and security ranking, and contribute your own intel to this community-driven project!

Read More

Tiffany Cheezem is a hacking apprentice with X-Force Red with a particular interest in physical pentesting. On the weekends, Tiffany can be found out in the mountains tracking ungulates and spying on birds, because someone’s got to find out if they’re real.

Read More

twitter @caticorn_sun
  • Track: Main Channel: Friday 10/09 @ 1200-1255 PDT
  • Slides

This is going to be a talk that dives into our experiences with running a cyber security competition training for local high school students. While it will contain a few jokes and memes, it will cover the ins and outs of how we were able to build a fun and engaging environment despite limited resources. Told from the perspective of university students who constantly seek out and participate in cyber competitions as well as CTF events, the objective of this talk will be to share our experiences giving back to local communities as well as sharing the knowledge/techniques that we have learned along the way.

Read More

Silas is an experienced undergraduate cyber security specialist with a demonstrated history of working in the information technology industry. Professional experience in system administration, incident response, digital forensics, threat mitigation, technical support, and penetration testing.

Read More

twitter @SighLessShen

Jimmy is an undergraduate student interested in computer science and cybersecurity. He has participated in various cybersecurity competitions including CyberPatriot and CTF contests. Additionally, he has submitted security vulnerabilities to companies such as Google.

Read More

twitter @jimfutsu

I am a student at Cal Poly Pomona studying cybersecurity. I am interested in Linux, digital privacy issues, and The Smiths!

Read More

twitter @FBetern0
  • Track: Main Channel: Friday 10/09 @ 1300-1355 PDT

Game theory is the study of choices and strategies made by rational actors in competitive situations. In this talk, we will model the choices and behavior demonstrated by real-world scenarios of human conflict as well as the actions of participants. Using these models, we will discuss how strategies are formed as well as how they can be influenced.

We start with demonstrations of basic game theory concepts using participants from the audience to play through scenarios such as the prisoners dilemma. From that foundation, I discuss the math behind the choices in these games in order to prove how each player’s choices influence the strategy of their opponent. Next, I will introduce some of the different techniques that can be used to turn games sideways. By adding secret information or the ability to deceive these games can be won more often by an enterprising individual.

By analyzing conflict where strategy and choices determine the outcome we learn more about how to determine the strategies of others as well as influence them with our own decisions. We gain a deeper understanding of strategy and motivation.

Read More

Raised in the woods of Alaska, Juneau attributes her love of hacking to a childhood spent building and breaking things. After studying computer science and economics she moved to Dallas, Texas and took a job as a network security engineer. In Dallas; Juneau found a home in the local community...

Read More

twitter @Jun34u_sec
  • Track: Main Channel: Friday 10/09 @ 1400-1455 PDT

This demo-heavy talk with teach you how to attack a Kubernetes cluster, with a new Bust-a-kube scenario themed on the movie, “Inception.” You’ll see a four-stage attack that starts by gaining access in a low-privileged container that was built from a typo-squatted library. From there, we’ll find ourselves in a Kubernetes cluster within a Kubernetes cluster, as with Inception’s “dream within a dream.” You’ll learn how to break this attack with multiple defeneses, including OPA Gatekeeper. Afterward, practice the attack and defense with the open source Bustakube cluster.

Read More

Jay Beale works on Kubernetes and cloud native security, both as a professional threat actor and as a co-lead of the Kubernetes project’s security audit working group. He’s the architect of the Peirates attack tool for Kubernetes, as well as the @Bustakube Kubernetes cluster. Beale created Bastille Linux and the...

Read More

twitter @jaybeale linkedin Jay Beale
  • Track: Main Channel: Friday 10/09 @ 1500-1555 PDT
  • Slides

So you’ve put a giant pile of data into Splunk… how do you get started digging into it, cleaning it up, making it useful and manageable so that you can derive value from it?

This is a simple methodology for getting started with a new unfamiliar data set that will help you figure out what’s useful so that you can start developing alerts, reports, dashboards etc.

If you want to play along at home, download and boot the VM (well) ahead of time: 30G available disk space required; configurable RAM/CPU bit.ly/shellcon2020-spl.

Read More

Mary is a member of the Splunk Trust, an elite brain trust of about 60 of the most experienced Splunk users around the globe who give back to the Splunk community. She has worked in the threat detection and response space for various industry leaders in gaming, media, and entertainment...

Read More

twitter @cyphoid_mary
  • Track: Main Channel: Friday 10/09 @ 1600-1625 PDT
  • Slides

Are you overwhelmed by the amount of awesome tools that have been released in the past year to help you secure your cloud data? In this talk, we’ll sprint through a number of options that you can start deploying ASAP to secure the data you most care about.

Read More

Daniel has 15+ years experience in the creation and deployment of solutions protecting networks, systems and information assets. He has a Masters of Science in Networking and Telecommunications from the University of Pennsylvania and is a former Director of Security, DevOps and IT at a fintech company with over $1.5...

Read More

twitter @dant24
  • Track: Main Channel: Friday 10/09 @ 1630-1655 PDT
  • Slides

The adoption of cloud services in today’s tech climate is overwhelmingly pervasive, not only with startups, but also larger, more established corporations. The need to scale and accelerate deployments has become blisteringly fast for both IT and engineering teams globally. Security, however, has never really caught up to keep pace. Luckily, enough vendors and consulting groups have built software, both closed and open source, to help IT and security professionals manage this cloud environment adoption. In this session, we will cover the basics of this relatively new space, Cloud Security Posture Management, designed to address customer misconfiguration, mismanagement and mistakes in managing their cloud environment. After some initial background and introduction of some tools related to the space, we will walk through what the IT or security practitioner should worry about in planning to leverage this type of technology to aid your team’s oversight and coverage in assessing cloud usage and adoption.

Read More

As a security {engineer | data scientist}, Henry operates as an information/data security architect, previously as a security consultant and developer in both the security and networking industries. In his current role, he interfaces with internal business partners in providing architectural guidance and aligning the business with best practices. As...

Read More

twitter @bazinga73 linkedin Henry Canivel github hcbomb
  • Track: Main Channel: Friday 10/09 @ 1700-1755 PDT

Amazon Web Services (AWS) is one of the most popular ways for companies large and small to deploy their software and infrastructure. That popularity makes it a prime target for attackers, but what do attacks in AWS even look like? We’ve all heard of the SSRF to metadata trick, but what else can attackers do? With this talk we’ll dive into the tactics, techniques, and procedures a modern Penetration Testing or Red Team can leverage to exploit cloud infrastructure/applications, and what defenders can do to make this more difficult.

Read More

Nick Frichette currently works as the team lead for the Penetration Testing Team at a large financial services company. His primary focus is on web application and AWS with a dash of containerization. In his free time he does vulnerability research, blogs regularly on his website, collects certifications, and...

Read More

twitter @frichette_n
  • Track: Main Channel: Friday 10/09 @ 1800-1855 PDT

This talk is inspired by an episode of Black Mirror. I will be demonstrating a live demo creating a bot who talks like me and can be used to impersonate me online and do social engineering. I will be showing a live demo of how to create such bots over text, voice, or video and walk through various techniques that the attendees can use to create such smart social engineering attacks.

I will also release my GitHub of the AI notebooks as open-source for the attendees to try out and experiment.

Read More

Tamaghna Basu, OSCP, GCIH, RHCE, CEH, ECSA, co-founder of neoEYED Inc. He has 15+ years of experience in the cybersecurity domain. He is a mentor for Stanford University Cyber Security Program and SANS certified mentor for the course - “Sec 504: Hacker Techniques, Exploits, and Incident Handling”. His main areas...

Read More

  • Track: Main Channel: Saturday 10/10 @ 1000-1055 PDT

Documenting and reporting is a key part of red teaming and generally the part we all look forward to the least. Compared to the rest of the work we do it’s not the most fun and and exciting. Teams generally solve this with ad hoc solutions for note taking, recording and sharing screenshots, and collecting other evidence but these solutions rarely scale. As teams grow and scope expands these are not always easily shared and typically require manual steps to manage. Having to dig through a pile of evidence after an operation to find the one screenshot you need, if you even have it, can be time intensive and cumbersome. ASHIRT solves this by serving as a non-intrusive, automatic when possible, way to capture, index, and provide search over a centralized synchronization point of high fidelity data from all your evidence sources during an operation.

https://www.github.com/theparanoids/ashirt-server

https://www.github.com/theparanoids/ashirt

https://www.github.com/theparanoids/aterm

https://www.github.com/theparanoids/ashirt-helm

Read More

Joe is a member of the Red Team at Verizon Media where he plots world domination and builds offensive tooling. He has a passion for reverse engineering, exploitation, teaching, and sharing research with others. He is the undisputed champion of the Brawndo and Booze competition from DEFCONs past with his...

Read More

twitter @jrozner
  • Track: Main Channel: Saturday 10/10 @ 1100-1155 PDT
  • Slides

Whether network connected or standalone, firmware is the center of controlling any embedded device. As such, it is crucial to understand how firmware can be manipulated to perform unauthorized functions and potentially cripple the supporting ecosystem’s security. This presentation will provide an overview of how to get started with performing security testing and reverse engineering of firmware leveraging the OWASP Firmware Security Testing Methodology (FSTM) as guidance when embarking on an upcoming assessment.

Read More

Aaron Guzman is co-author of the “IoT Penetration Testing Cookbook” and is a Technical Leader within Cisco Meraki’s security team. He leads open-source initiatives that provide awareness around IoT security defensive strategies as well as lowering the barrier of entry into IoT hacking under OWASP’s IoT and Embedded Application Security...

Read More

twitter @scriptingxss
  • Track: Main Channel: Saturday 10/10 @ 1200-1255 PDT

Ever wonder if your TV is watching you watch it? In this talk, we will do a high level discussion on a project from the CIA’s Vault 7 wiki leaks, dubbed “Weeping Angel”.

Read More

From notepad to Dreamweaver to Flash to the CMS, this failed web developer turned hacker back in the early 2000’s. It wasn’t until his own apps began getting hacked that he turned to application security and never looked back. A man of many hats, mostly white, he is currently a...

Read More

github nodisassemble
  • Track: Main Channel: Saturday 10/10 @ 1300-1355 PDT

While the Bluetooth family of protocols continues to claim the spotlight of low energy RF technologies, ZigBee remains an important attack surface to consider due to its heavy deployment in building automation, and even smart home devices. This talk will give a basic breakdown of ZigBee as a technology, discuss the current threats, and look at the tools needed to start hacking this often-overlooked wireless protocol.

Read More

Maxine is a US Army Veteran, who recently graduated from the University of Washington – Tacoma with a BSc in Information Assurance and Cybersecurity. She has experience as a Security Analyst hunting wireless threats and vulnerabilities, and currently works for IOActive as a Security Consultant applying her knowledge to help...

Read More

twitter @FreqyXin
  • Track: Main Channel: Saturday 10/10 @ 1400-1455 PDT
  • Slides

When you work in information security, not everyone is thankful for the job that you do. Frequently, you’ll have to work and communicate with people who really would prefer you’d just go away.

We will enumerate some of the common adversarial scenarios you may find yourself in, such as handling vulnerability disclosure with a hostile vendor, or working for a team that doesn’t want a security test, but got one for regulatory reasons. We will also discuss how to identify that you’re in an adversarial scenario, and either get yourself out of it by correcting misconceptions about you and your work, or work through it, using strategies developed over a decade of penetration testing and vulnerability disclosure experiences.

Read More

Daniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis...

Read More

twitter @dan_crowley
  • Track: Main Channel: Saturday 10/10 @ 1500-1525 PDT

The use of voice recognition is becoming prominent and is on the rise in many pieces of software. Yet there are vulnerabilities and shortcomings of algorithms and technologies that allow attackers to perform voice morphing, theft of voice histories, etc., to perform other destructive attacks and influence companies, individuals, politics, legal proceedings, and more. The possibilities are limitless. This talk identifies those vulnerabilities, risks, and preventions.

Read More

Kim is working as a Teaching Assistant at CityU School of Technology & Computing and is a full time M.S. Computer Science student and security researcher. Currently Kim focuses on exploit development and mobile application exploitation. She finds her passion in helping people elevate their technical skills and knowledge, especially...

Read More

linkedin Kim Nguyen
  • Track: Main Channel: Saturday 10/10 @ 1530-1555 PDT
  • Slides

SOC analysts need to be able to triage suspicious artifacts identified by alerts or while performing threat hunts. It’s common for SOC analysts to submit artifacts to public sandboxes which could alert threat actors and allow them to quickly pivot and implement new tactics and techniques or to make minor tweaks that will go undetected.

The ability to triage suspicious artifacts is typically viewed as an advanced topic left for highly technical malware analysts. This talk will provide basic examples and demonstrate how to perform initial triage of suspicious artifacts in a safe and operationally secure manner.

Read More

Dances with the dark arts • Mischievous Architect • TWVvd1dhcmU= • @ctfjawn • @defconphilly DC☠215 • Blue Team Village • about.me/veii0x • @woprsummit

Read More

twitter @ttheveii0x

Jonas Eichinger currently works as a Sr. Consultant for Security Risk Advisors. His focus is Digital Forensics & Incident Response, malware reverse engineering, defensive tool development, and cloud security. Any time not spent taking apart payloads, investigating security incidents, or knowledge sharing is divvied up between fermenting cabbage, collecting vintage...

Read More

  • Track: Main Channel: Saturday 10/10 @ 1600-1655 PDT
  • Slides

Given enough time and resources, advanced adversaries will bypass modern intrusion detection solutions. SIEMs are often configured to gather as much information as possible in an environment, and the resulting value of provided alerts and responses rely on attempting to lower the number of false positives. The goal of The Aerospace Corporation was to conduct an experiment in achieving higher fidelity true positive alerts by utilizing cyber deception concepts. Our research concluded that by through a mix of low and medium interactivity honeypots deployed on a production system, it is possible to gather not only true positive alerts but also threat intelligence on adversaries.

The talk will cover a brief overview of current FOSS deception solutions and will pivot to the research showcasing our own FOSS cyber deception experiment that detects and monitors cyber adversaries.

Read More

Henry Reed is a senior at California State University, Northridge and an intern in the Cyber Defense Solutions Department at The Aerospace Corporation. Reed obtained the Security+, RHCSA, and GPEN certifications, extensively researched both offensive and defensive cyber operations (managing to get yelled at by Aerospace’s IT in the process),...

Read More

twitter @MemeticHenry
  • Track: Main Channel: Saturday 10/10 @ 1700-1755 PDT

They say life imitates art, and like the classic hacking films of the 1990’s this talk involves money and banks. Except we made a functioning mock bank, and the money is Jamaican. Join our journey of rediscovery inner workings of Automated Teller Machines (ATMs). Using no existing external infrastructure we dive into our successes and failures as we crossed wires, consoled, and dial-in to real Hyosung ATMs in an effort to become a payment processor. There will be demos, code, and maybe a bit of gum, as we rock the cash box. This talk is meant for beginners or seasoned phreakers alike. Our talk explores the approach and much as the techniques behind our efforts. Our goal is to take you back (at least with hardware) to the glory days of hacking, when phreaking still worked, and blue boxes still roamed free.

Read More

Wasabi is a security researcher who dabbles in the arts of system administration. He participated in CCDC, CPTC, and many CTFs as a competitor before starting to help organize cyber defense competitions himself. He is now the Black Team lead for WRCCDC.

Read More

twitter @spiceywasabi

Forrest Fuqua is a DoD Subcontractor CyberSecurity Pentester and Auditor. Owner of Hatchan, He designs interesting projects while saving the interweb with his work on the Archive Team. Redteam of NECCDC.

Read More

twitter @JRWR
  • Track: Main Channel: Saturday 10/10 @ 1800-1825 PDT

There are many important elections this year. As you read this, Russia is already disrupting them.

When we talk about election security, most people think of hacking voting machines. But what about other cyber methods and means of disrupting an election? What can nation state threat actors do today, tomorrow, the day of the election, and after to sow chaos and erode our faith in democracy?

In this session, Allie will discuss how Russia has influenced worldwide elections using cyberwarfare and the means of fighting back. We’ll understand the natural asymmetry between how Russia and other countries are able to respond, and how defensive approaches have changed since 2016.

Expect some brainstorming on all of the ways to disrupt an election that countries aren’t prepared for. Get ready to put your nation state threat actor hat on and disrupt some elections - and maybe even earn some ириски-тянучки.

Read More

Allie Mellen has spent the past decade in engineering, development, and technical consulting roles at multiple venture-backed startups, as well as research roles at MIT and Boston University. Her passion is combining technology and entrepreneurship, having run her own successful iOS development company out of college and been an investment...

Read More

twitter @hackerxbella linkedin Allie Mellen

© 2021 ShellCon