Contests

09:00 AM

Gottlieb Conference Center

Capture The Flag Contest (CTF)

Core Security’s Capture the Flag cyber-range is designed around a rich and fictional, yet realistic, healthcare organization: Mercy Tech Healthcare. Filled with a complete, functioning infrastructure, including novel simulated medical devices, participants will have to opportunity to engage in instructor led tactical missions involving both offensive and defensive techniques. The Capture the Flag is an excellent opportunity to safely practice techniques in a “cyber range” and to develop and hone skills using a variety of tools, including Core Security’s Impact Pro Software. Participants will be required to bring a laptop computer that is capable of connecting to a wireless network, and connecting to a Microsoft Remote Desktop Services connection. https://www.coresecurity.com/
Expo

09:00 AM

Expo and Hacker Village

Born In The Wrong Century: Bladesmithing & Blacksmithing

by Spijk Selby 

This is a booth in the Expo and Hacker Village and runs 9-4:30 during expo hours. It involves demonstrations and is not a presentation. Custom, bench-made knives continue to grow in popularity, but most are made using power tools and \"stock reduction\": taking metal blanks and grinding them into knife shapes. But traditional bladesmithing and blacksmithing, using a coal-fired forge and hammering steel, is alive and well. Blacksmiths don't make horseshoes (farriers do that); they forge steel to make tools, furniture, railings, light fixtures, decorative items, cooking utensils and weapons. Spijk Selby will show his wares, and discuss how contemporary blacksmiths operate, and how to set up your own forge.

09:00 AM

Expo and Hacker Village

Hacking The Pentagon

by Daniel Lim, Cyber Operations Officer (17A), 780th MI BDE, US Army 

This is a booth in the Expo and Hacker Village and runs 9-4:30 during expo hours. It involves demonstrations and is not a presentation. In this workshop, participants will get a taste of penetration testing and offensive cyber operations by using real-world exploits to attack (i.e. "hack") Windows servers. They will utilize off the shelf tools and simple scripting to go through the stages of footprinting/scanning, enumeration and attack. The workshop will be facilitated by a US Army Cyber School instructor who will guide participants through the various exercises. Infrastructure will be hosted on AWS EC2 instances so anyone with a SSH capable computer will be able to participate (a limited number of laptops will be provided by CornCon). The workshop will close with a brief discussion of the practical implications of this technical demonstration. The ultimate goal is for participants to leave the workshop with a better understanding of the techniques behind and manner in which cyber security affects the real-world.
Kids

09:00 AM

Kids Track

The Ethics of Creating and Hacking Technology

by Jen Fox, Sr. Security Consultant, VioPoint 

[20 minutes] Jen Fox will speak to kids about the ethical use of technology. Once you realize that programs and systems are vulnerable, what are you going to do about it? You understand the technology, you have a responsibility to wear a white hat and responsibly disclose vulnerabilities you find, and help defend against the black hat hackers.
Track 1

09:00 AM

Main Speaker Track

Opening Keynote: Secrets of Superspies

by Ira Winkler, President Secure Mentem 

[60 minutes] Everyone perceives spies as unstoppable entities who can come at organizations with unlimited resources. The reality is that the most advanced adversaries almost always resort to very stoppable methods, and they are only successful due to the fact that they are met with trivial countermeasures. This session uses case studies to demonstrate typical espionage methods, and the simple countermeasures that can stop the most advanced operations.

10:00 AM

Main Speaker Track

How I would Have Done It: Practical Election Hacking

by John Bambenek, Manager of Threat Systems, Fidelis Cybersecurity 

[90 minute shared session] For much of the past year we have been talking about election-related hacking and the various alleged attempts by Russian-affiliated groups to influence the 2016 Presidential election and the 2017 French Presidential Election. The reality is, those attempts largely didn't influence many votes. This talk will focus on methods of how a successful influential operation and election "hacking" campaign would operate and how the outcome could be affected by foreign (or covert domestic) parties.
John will speak alongside John Bumgarner in a 90 minute session on election hacking and nation state disinformation and influence.

10:00 AM

Main Speaker Track

Nation State Disruption and Influence with Info Ops

by John Bumgarner, Chief Technology Officer (CTO) at U.S. Cyber Consequences Unit 

[90 minute shared session] Prior to the birth of the internet foreign intelligence services manipulated another country's political process by handing our flyers, hanging posters, writing articles in local papers, and occasionally killing a candidate.  The majority of these tactics only reached a limited subset of a given population.  Today foreign intelligence services can use the internet to reach a larger and more diverse section of a country's population. The speed of the internet provides rapid dissemination of information to influence someone opinion, spark discourse or create physical chaos. In some extreme cases foreign intelligence services coupled with military forces have taken over sections of other country after sowing the seeds of disinformation in the region. John will speak alongside John Bambanek in a 90 minute session on election hacking and nation state disinformation and influence.

11:30 AM

Main Speaker Track

Restoring Trust in the Age of Digital Deception

by Katie Hanahan, Regional Director Agari 

Despite decades of technological advancement and billions of dollars invested in security solutions, humans remain the most vulnerable attack vector of any digital business. People and things pretending to someone or something they’re not can bypass even the most sophisticated defenses and trick people into trusting and clicking on something they shouldn’t. Spearphishing, BEC, ID deception and many other forms of what we call digital deception can lead to catastrophic security breaches even after just one successful attack. So ask yourself, how are you defending the human part of your network? How protected are you against digital deception attacks such as spearphishing that exploit human judgment? What if you didn’t have to worry about what digital attack vector cybercriminals would use to get to your people next?

12:00 PM

Main Speaker Track

Beware: The Ocean is Full of Phish

by Todd Fitzgerald, SVP, Chief Administrative Officer Information Security and Technology Risk, Northern Trust 

[60 minutes] This session will examine the impact of phishing, the hidden costs of phishing, the changing nature of security awareness programs, and will present a case study of an implementation of a cloud-based phishing and awareness program. Participants will walk away with an understanding as to how to develop an Interactive training program for our mobile, ever increasing millennial workforce. Come see and discuss the effects of this and other interactive behavioral-based training.

01:00 PM

Main Speaker Track

Educational Pathways to the Cybersecurity Workforce

by Daniel Stein, Acting Branch Chief for Cybersecurity Education and Awareness DHS 

[60 minutes] The demand for cybersecurity professionals is at an all-time high, and the future cybersecurity workforce is sitting in your classrooms today. Over the past year, there were over 300,000+ job openings in this field. How can we fill this exponentially growing work gap? DHS recognizes that this involves a long term solution, where students need to be exposed to cybersecurity concepts early on, have learning opportunities to sharpen their skills, and ultimately, pursue a cybersecurity degree by seeking further education.
The Department of Homeland Security’s Cyber Innovation Center (CIC) has created a project-driven, application-based curricula to support the Nation’s need for a knowledgeable and competent cybersecurity workforce. Through curricula outline in the National Integrated Cyber Education Research Center (NICERC), students are exposed to real-world applications of STEM and cybersecurity topics.
The Cybersecurity Education and Awareness (CE&A) branch has partnered with the CIC to support this cyber-integrated curricula. This partnership has fostered other resources including cyber competitions and summer camps to help students continually build interest and aptitude in cybersecurity. Ultimately, students pursue a cybersecurity degree at a top school, designated by DHS and National Security Association (NSA). Graduates can enter the cybersecurity workforce with the required STEM and cyber-related knowledge and skills needed.
Representatives from both the CIC and CE&A office will discuss the importance of and current efforts in primary education in cybersecurity, the knowledge and skills gained in secondary education and value of industry certifications, and the push to fill government and private industry cyber positions.
Daniel will be joined by his colleague Kevin Nolten for this presentation.

02:00 PM

Main Speaker Track

Social Media Risk: Why You Weren’t Hired or Fired

by Michael Kiefer 

[30 minutes] Social media is the new game changer in risk management. Your job application, background check, continued employment is being monitored or will be be shortly. In many corporations the Company owns the executive social media profile. Every new job you may have to create a new social profile. Corporations, unions, contractors, activists, hactivists and nation states monitor people, places and things on the internet (Surface, Deep & Dark). Social media risk is covered in FFIEC compliance as Operational, Legal, Compliance and Revenue risk. Healthcare, Energy and other vertical markets typically follow the FFIEC in America and Globally. Mr. Kiefer will take you though the growing risk in Social, where it was to where it is going with some topical examples.

02:30 PM

Main Speaker Track

Diversity in Cybersecurity (Panel)

by Katie Hanahan, Regional Director Agari  , Lauren Kinsey, Cybersecurity Awareness and Inclusion Advocate  , Bob West, CEO Echelon One  , Sarah Isaacs, Co-Founder Conventus  , Danielle Kingsbury, President and Founder CyberSecPsych  ,

[60 minutes] A panel of security industry executives will discuss barriers and opportunities facing underrepresented communities in the cybersecurity field. The panel will be moderated by Katie Hanahan, of Agari. Topics will include how to encourage diversity in the workforce throughout the career life cycle, as well as how companies can work to be more inclusive and the benefits that brings to the table.

03:30 PM

Main Speaker Track

Cyber Investigations & The Fuzz

by Nick Selby, Detective, DFW Police Department 

If you've ever filed a cyber crime complaint with the cops, you'll have noticed it didn't go well. Here's what the fuzz seek from complainants, and how you can help them help you.
Track 2

10:00 AM

Workshops

How to Create a Hacker’s Swiss Army Knife w/Parrot

by Xe1phix 

[30 minutes] I will be giving a live demo of several Parrot Linux use cases. Parrot is a GNU/Linux OS specializing in:
  • Security (custom hardened kernel)
  • Anonymity (tor, i2p, veracrypt, LUKS)
  • Pentesting (OSINT, vuln analysis, exploitation, forensic analysis, etc).
Parrot Linux was selected by linux.com for the best linux distro of 2017. (https://www.linux.com/news/learn/sysadmin/best-linux-distributions-2017) The main topic for this presentation is a live demo on how to install parrot onto a dvd & usb (LUKS Encrypted Persistence storage). Parrot can run live on memory from a live dvd or usb, no hard drive needed. If there is time available, I will also cover: Cryptography I will explain GNUPG fundamentals, and its importance. Then I will demonstrate:
  • How create a gpg key
  • How to encrypt then decrypt a file
  • How to configure a hardened gpg.conf file.
Anonymity I will explain the importance of anonymity software in the modern internet ecosystem. I will then demonstrate:
  • How to use tor to protect yourself & your identity access the clearnet, and the darknet.
  • How to use i2p to securely & anonymously communicate with eepsites.
  • How to remove metadata
Finally, I will provide a brief overview on the pentesting tools offered by Parrot Linux. Parrot Linux offers hundreds of pentesting tools. For legal reasons I will only explain the tools use and where to find more information on them. My goal for this presentation is to give a talk which provides to the audience a useful skill which they can walk away with. I will give away a few preinstalled live disks & usbs to individuals most interested in the subject. I will also pass out linux cheatsheets, as well as a list of commands used so the audience can replicate the steps I performed in the presentation. I have been using parrot for 3 years, and volunteering within the community for 5 months now. I have written for the parrot wiki:
  • (https://docs.parrotsec.org/doku.php/anonsurf)
  • (original: https://github.com/xe1phix/ParrotSecWiki/blob/master/AnonSurf.txt)
  • (Parrot OS demo: https://www.youtube.com/watch?v=KZmXTnOlmME)

10:30 AM

Workshops

Abusing Normality: Data Exfiltration in Plain Site

by Aelon Porat, Information Security Manager, Cision 

[30 minutes] As a defender, you can recognize a potential compromise when a new WMI class appears on an endpoint that constantly connects to mflzwsyimbwkrlnvhrp.xyz. But how likely are you to notice a regular-looking Symantec virus definition file, placed in its designated folder, on a machine that’s communicating with a Wikipedia-based C&C, about once a week and only after previous, legitimate visits to the site? Or a malware saving keystrokes to a Word dictionary file, reading it five days later using Outlook, embedding the captured data in an email header to a legitimate-looking recipient?
This talk will cover common and uncommon channels attackers can use to communicate and hide information. From prefetch files and Search Index to event logs and Recent Documents, free disk space, Excel templates, and many otherwise inconspicuous objects, the goal of this talk is to show that a clever attacker can hide anywhere that is considered too normal and noisy to monitor.

11:00 AM

Workshops

A Good Shell is Hard to -Find- Choose

by Killian Ditch 

[30 minutes] Given the plethora of remote command shell payloads out there, how does one decide which to use? Should an initial foothold such as a webshell be upgraded to an interactive shell; if so, why and how? Perhaps a Meterpreter payload would be best. That decision then leads to the following question of should it be a standard Windows or Linux Meterpreter payload? Maybe it should be a PHP or Java Meterpreter instead. This talk will discuss the various differences in the aforementioned options among others, with the goal being to impart an understanding of which payloads may be best suited for which situations and why. Many of the assorted options will be demonstrated in scenarios derived from situations encountered in real penetration tests to exemplify the need for the ability to differentiate between payloads.

12:00 PM

Workshops

Facebook Education and Diversity Program

by Stephanie Siteman, Information Security Program & Operations Manager, Facebook 

[30 minutes] This presentation covers the gaps discovered by the information security leaders at Facebook: Quality cybersecurity education lacking and inconsistent across universities, lack of diversity in cybersecurity programs. Stephanie Siteman discusses what Facebook is doing to change this, and what they hope to accomplish.

12:30 PM

Workshops

Anatomy of a Breach

by Aaron R. Warner, CEO & Lead Security Strategist, ProCircular, Inc. 

[30 minutes] Security breaches are interesting to discuss in the abstract and fun to simulate, but the real thing can have a very real and human impact. This will be a first-hand review of an actual breach of a small accounting firm, the experience of working with outside counsel, the truth about bringing the FBI into the conversation, and the impact on a business owner.

01:30 PM

Workshops

Repairing the internet with Responsible Disclosures

by Victor Gevers (0xDUDE), Senior Security Specialist Dutch Government 

[30 minutes] In 2016 a non-profit organization GDI.foundation, operated by volunteers started reporting vulnerabilities as responsible disclosures (coordinated vulnerability disclosures) and helping victims of ransom attacks worldwide under the name PROJECT366. As chairman & co-founder of that organization I would like to share the experiences and challenges they have faced so far. In the last 19 years Victor Gevers (@0xDUDE) has made over 5,250 security reports without getting in trouble with the law. In this talk, you’ll be taken through the experiences of the last 19 years in “how you could report ‘bad news’ and show our attempts to report as many vulnerabilities as humanly possible and how to deal with those on the other side, the organizations who receive these reports and the challenges each side faces.
The GDI foundation has been been mentioned by international press in 2017 which only covers a small aspect of our work:
GDI.Foundation is a non profit organization that strives to make the internet safer. We have discovered and reported hundreds of data leaks and thousands of security issues worldwide.

02:00 PM

Workshops

Hacking Medical Devices: Don’t Let Your Pacemaker Skip a Beat

by Charles Parker 

[30 minutes] Medical devices have become more prevalent as the population has aged. The hardware application has changed from being externally affixed to internal and a connected IoT. Although these are exceptionally useful, they are also problematic as InfoSec has not been applied to the application and hardware, allowing for vulnerabilities. This will explore the lack of security, vulnerability, examples, and remediation.
The speaker will bring a non-functioning pacemaker for display.

02:30 PM

Workshops

Forensics Workshop: Quick, Easy, & Free Windows and Linux Timelines

by Phil Polstra, Associate Professor Bloomsburg University 

[60 minutes] This workshop will be led by Dr. Phil Polstra, author of several definitive books on system forensics (Linux, Windows...)

An accurate system timeline is often a part of a forensic investigation.  Generating these timelines is often a painful and time consuming process.  It can takes hours to build a timeline, even with expensive software costing 10's of thousands of dollars.  Once the timeline has been finally created, query and display options tend to be limited.

In this workshop you will learn how to make infinitely flexible timelines in mere minutes using 100% free and open source software.  Python will be used to quickly collect file metadata which is stored in a MySQL database. Some convenient scripts for generating various types of timelines from this data with be presented.  Timestamp updating rules will be discussed.

Requirements: A laptop running a recent version of Linux with at least 20GB of free disk space (can be in virtual machine).  This machine should have Python 2 & 3 and MySQL installed.  For good performance at least 8 GB of RAM (16 If running a virtual machine) is recommended.