Logs Out: An IR Mystery - LitMoose
Join us for an afternoon who-dun-it – an environment has been murdered and the logs have a secret to tell. You have been invited to the conference room, a few will get a gift from a Mr. Admin, and you all have something in common. Was it Mrs. Peacock in the DC with the reverse shell? Or maybe Colonel Mustard in the ESXi cluster with vCenter creds? Help solve the mystery before it’s too late, and the auditors arrive!
Defending Beyond Defense - Catherine Ullman
Assumptions burn defenders every day. Perhaps the most pernicious one is that systems and their controls will always work as designed. Best practices in security may be good guidelines, but unfortunately also suffer from these same blind spots. For example, best practice recommends the use of LAPS for local administrator account passwords of domain-joined computers, yet misconfiguration of active directory can turn it from a protective control into a vulnerability.
But what if there was a way to challenge these assumptions up front? The best way to dismantle these types of assumptions is to experience how deeply flawed they are. There is no better way to gain first hand experience into this perspective than immersion in the offensive security space. In this talk we'll explore how to immerse yourself in the offensive security world to obtain this knowledge without needing to change careers or obtain additional certifications.
By being more informed about offensive security, defenders are better able to recognize relevant intel, understand existing threats, and more readily discover attacker behavior. Join me as I discuss how there's more to defending than just defense, and how you can find and engage with the amazing resources that are out there waiting to be explored.
Click Here to End the World - Johnathan Rogers
A new week, a new vulnerability or at least that’s the way it seems to go. With every new vulnerability we cybersecurity professionals are told that the sky is beginning to fall and shortly all of cyberspace will come to an end. As it was for Chicken Little though, so it is for us and we continue forward holding our breath waiting for the end to come. Here we are stuck in this cycle bouncing from vulnerability to vulnerability with a constant headache
The question becomes how do we deal with the constant pressure of this cycle? How do we reasonably handle vulnerabilities without losing our minds? In this talk we will talk about how one can avoid getting stuck in the loop of this vulnerability hype cycle and how we can maintain a reasonable mindset while dealing with so many vulnerabilities. What are the things we should look at to determine if a vulnerability is all noise or if it is something to be concerned with. At the end of this talk listeners will be equipped to better handle vulnerabilities without getting caught in hype and hopefully having some sanity left.
The Dog Was the Mastermind - Wolfgang Goerlich
It’s a mystery. Everything seemed to be going fine. We finally had enough budget and we actually had the right people. But then, for some seemingly unexplained reason, the project went off the rails. Sure, there were clues. People had their pet theories. Maybe we’re not ready for identity and access management or mature privileged management. Perhaps zero trust architectures are all smoke and mirrors.
Some thought the hiring manager was clueless, or the CISO tone deaf. The trouble is, without solving the puzzle, we know we’re simply going to find ourselves in the same unexpected and unexplained situation. This session will present five mysteries and ask you, the Circle City Con audience, to find the villain.
We’ll conclude with a framework for avoiding the crime of unsuccessful projects. Pull out your magnifying glass and get ready. You don’t need to have a name like Hercule Poirot or Benoit Blanc or Sherlock Holmes to get better at solving the mystery of cybersecurity failures. Here are the clues you can look out for.
What is a firewall? Understanding common security tools and concepts - Zach Raizen
The goal of the presentation is to focus on "raising the bar" for everyone around concepts and tools that are standard within the information security field. I want to ensure that even less technical security teams and business teams understand what is being referred to when IT or Security mentions they are using these tools and what the key benefits and limitations are. By broadening the understanding of these, I think it helps us all work together to develop even stronger security solutions and identify solutions which don't inhibit necessary functions.
We all use firewalls, VPNs, antimalware solutions, WiFi, cloud services, and IoT devices as a part of our everyday lives, either knowing about them or not. There is a lot of misleading information out there on what will keep you safe, and instead of busting myths, I want to educate people on the strengths and limitations of these solutions so they know what to look for and how to gauge the level of protection they may need or get, based on their own risks.
When management asks you: “Do you accept Agile as your lord and savior?” - Daniel Lagos
So you’ve been told that your organization is going to implement Agile methodologies across ALL of IT, and not just in development. And you’ve been given the responsibility to implement it in Security Operations, and without a clear plan or measurable objectives other than “make the team more efficient”.
While one can complain that someone in the C-Suite heard of the book “Scrum: The Art of Doing Twice the Work in Half the Time”, you still have a job to do. So the basics of Project Management, Agile, Scrum & Kanban are covered and how one can shoehorn these concepts into working in an operations context. Oh, and there will also be some finagling of where DevOps stands regarding Agile and Operations.
Will the Real Zero-Trust Please Stand Up - Chris Griffin
The OSSTMM (Open Source Security Testing Methodology Manual), created in 2001, has become a name in Compliance and Security methodologies.
The OSSTMM is referenced in many security books, by NIST and even included in PCI's penetration testing guidelines among many other sources.
This talk will give a short intro to the OSSTMM for anyone unfamiliar with it but then break out into Trust (a vulnerability) and how to apply (the OSSTMM 10) controls relating to it.
While it is impossible to educate someone on the whole methodology in 30 minutes or even a whole day, this will be set to peak interest and spark creative thought.