One of the core disciplines of security is understanding how systems communicate over the Internet. This skill set is crucial to spotting abnormal behavior and attack patterns. In this class, we will go beyond the fundamentals of how IP communicates and dive into the subtle nuances. This will help the student identify anomalous patterns when they occur.
As a cyber security defender and investigator, we often just get to analyze an environment that suffered a ransomware attack after the ransomware execution, where we are trying to make our way back in time to understand the scope and initial infection vectors of a breach. However, knowing how attackers operate and having an understanding of their tools can help tremendously to conduct a more effective analysis and response and ultimately lower the impact of such attacks. This is why in this workshop we will teach you how to perform the common steps of every phase in a ransomware attack scenario as the attacker, from initial infection to impact.
I’ve always been fascinated by social engineering. How it’s a factor in over 90% of all breaches. And how it can also work against self described social engineering subject matter experts. How can this be? This is just the tip of the psychological iceberg… Consider that the placebo effect can still work, even when you know it’s a placebo.
This course aims to teach the fundamentals of the Python programming language such that a student will gain a beginning to intermediate level of competency with the language. Labs will be presented in a Capture the Flag (CTF) style format as well as some more comprehensive programming tasks.
The goal of this course is to provide the core components that make up a successful Incident Response program. Students will learn how to get started on their IR journey, what to prioritize, and why boring stuff like policies and procedures are just as important as technical digital forensics skills.
Over 13 million Small businesses have 9 or fewer employees. This is over 90% of businesses in the United States alone. In this talk we will look at the challenges and how to overcome them from Ownership buy-in, lack of resources and vendor apathy.
In our talk, we will explore the use of table top exercises in cybersecurity, focusing on their role in enhancing incident response capabilities. We’ll dive into the concept of gamifying these exercises for improved engagement and efficiency.
Table Top gamified experiences can be used to build and continually update incident response playbooks, ensuring relevance in a rapidly evolving threat landscape. Any on at this talk will leave with practical strategies for integrating table tops into their cybersecurity toolkit!
We will also present an interactive demo… Can you survive the Cyber Game Master bot!?
Reporting is generally boring. As social engineers, we often get wrapped up in the hustle and bustle of performing the engagement and report writing falls to the side. While the reports do go out and we meet client obligations, a serious question arises: Are we providing meaningful measurements, metrics, and advice to the client?
If you’re like me, you have spent some portion of your career working with events generated from on-premise systems. With the move toward cloud, I noticed that logs that I took for granted and expected to have were no longer available. The intent of this talk is to drive greater awareness of what the defender will see (and more importantly what they will not see) when a signing key certificate is extracted, a SAML token forged and access token is utilized in an Azure AD / M365 environment.
Intrusion detection works best when you can discover the attacker while they are still in the system. Finding out after the fact does little to protect your systems and your data. Ideally, you would want to set an alarm that an attacker would trigger while limiting the damage to your environment. We know from many recent breaches that attackers commonly try to expand their foothold in a system by finding and exploiting hardcoded credentials in environments they have accessed. We can use these behavioral patterns to our advantage by engaging in defensive cyber deception.