The following presentations are locked in to be presented at SAINTCON 2021. More content is being added every day as we review and approve them for the conference. Check back frequently for updates.
Cloud (AWS, Azure, GCP, etc.) providers make the sharing of resources as easy and convenient as the push of a button, but how often do users unintentionally also share sensitive information which would enable an attacker and/or red teamer to gain a foothold into the targeted cloud environment? Join us in this action-packed session, where we will explore a few practical cloud-centric attack vectors, which may have disastrous consequences for unprepared organizations.
Tips and Tricks for your PaloAlto Firewall. Automate security tasks, gather intelligence, and all without spending a bunch on expensive subscriptions.
Bring your career questions to ask @d1dymu5, @sketrik, @AlicesLabyrinth, and @sj. @zodiak will moderate this panel where you will learn how to successfully take the next step in your career, whether that means first job, your next job, a promotion/raise, or finding that last jump to carry you through to retirement. We will answer your questions about careers, advancement, negotiating, resumes, and more with informal, fun discussions and stories.
How was the SAINTCON network designed? What did it take to put it all together? What interesting traffic and analytics have you seen? What lessons have been learned? Find answers to these questions or bring your own questions.
What went down, what rocked, what stumped you. We’ll walkthrough the highlights of the game, and solve some of the puzzles.
Come and find out what the crap everyone is saying in the security world!
Nature is cool and teaches us a lot about heuristics and social engineering. Let’s exploit it.
A lot of people approach password cracking as a total brute force and fail to correctly categorize the probability of a password being cracked based on a well crafted and thought out dictionary attack augmented with rules and/or with masks.
Grab the attention of your C-suite by having them fully engaged in a choose your own adventure style tabletop exercise and shows how damaging Ransomware can be while teaching about the many variables in play.
Security isn’t just the domain of the cyber security folks, it’s a constant threat that needs to be constantly monitored and tweaked. System administrators need to be aware of, and deploy, policies that compliment security tools while mitigating the spread of malicious actions. This discussion will focus on the mind-boggling array of tools (many of them free) Microsoft and others provide, and give examples of ways to automate the deployment and maintenance of security enhancing features like user and device white lists, hardware, software, and BIOS version reporting, patching, and mitigating vulnerabilities detected during security scans. Tools and methods covered may include Powershell, Active Directory, System Center Configuration Manager, Windows Sysinternals, Least Privilege Model, and more. Actual topics may vary based on interaction with attendees.
How to grow and use your infosec/cyber/hacker network to progress and grow your career.
Embedded device security has come a long way since the days of telnet and default passwords. Product vendors are now securing their devices but how effective are they? We’ll focus on the techniques one solar vendor utilizes. We’ll show what works and what doesn’t and cover bypasses for many IoT security measures. Attacks in this talk are beneficial to system designers, hobbyists, and researchers.
This talk will explore various FBI cases over the past 10 years with regards to cryptocurrencies.
A follow up to the dumpster-diving antics presented in the Home Lab 2019 edition! A lot has changed in the Home Lab space in the past two years. Chip shortages, supply line interruptions, storage hoarding, as well as increased popularity in Home labs have made finding great deals on under-valued hardware more difficult than it has been historically. Don’t even mention trying to find a GPU for a password cracking lab (actually do mention it, we can still get them). This just means we work harder and dig deeper in the dumpster of used hardware to find the deals! We’re going to hit the main pillars for Home Labs (Compute, networking, and storage) and update the best bang for the buck items as well as give upgrade paths to those that have already started their homelab journey. We’re also going to discuss some ultra low-power / low-noise options for our friends just getting started or those looking to keep it quiet and simple. This year we’re going to focus a bit more on the actual use / functions of homelab as well and dipping a bit into homeprod. Some projects / systems can be set up to make you (and your co-habitants) lives easier, safer, and more enjoyable. After all, keeping the co-habitants happy is sometimes the key to getting more homelab gear! Whether this is the first foray into homelabbing, or you are a seasoned veteran; there will be something for everyone (not to mention some laughs at my expense over some of my more ‘out-there’ ideas that just didn’t quite pan out).
It seems every device that is purchased now has a simple request: “Connect me to the internet”. This sentiment always bothered me as I never knew why connectivity was always required for what seemed to be the most straight-forward single-function devices. I spent some time first-hand researching various IoT devices (cameras, smart TV’s, light switches, Google Cast devices, etc) to see their behavior when they were connected to a network. As I looked through the lan traces, I was shocked to see random outbound traffic flows to data centers in China on obscure UDP ports, subnet sweeps gathering data about all of the devices on its broadcast domain, and other ‘features’ that may be useful in some scenarios…but are terrifying in the wrong context (UPnP, looking at you here). Join me on a journey of “who’s being naughty on my network”; using packet captures, looking at shady third-party web portals to ‘control’ your smart devices, random things you agree to when you are setting up your new devices, as well as some other fun discoveries I made along the way. We will then go over how you can strike a nice balance between functionality and security in both corporate IoT use as well as in your home.
Dumping credentials from Windows computers is a common technique for attacks and Mimikatz is the go to tool for covering a variety of techniques. There are many built-in settings for Windows that will reduce the attack surface and limit access to the credentials even further. Come learn some of the Mimikatz techniques and how they can be limited with the right settings.
The Center for Internet Security recently updated their Critical Controls (now on version 8). Finding, understanding, and adopting a control set is a foundational part of creating/developing an information security program, and the CIS Critical Controls are built for organizations of all sizes. Come and learn about the latest version of the CIS Critical Controls, and how the most recent version affects how you can implement it in your organizations.
Namesquatting with package managers is nothing new, but if you are using private hosted packages on your own index or from a git repository, you may be inadvertently exposing your dev, build, and production environments, as well as any networks they operate in, to this class of supply chain attack. Learn how these attacks work, what can go wrong if you get caught in an attack, and most importantly, how to improve and validate your development, testing, and deployments to avoid these attacks altogether. The focus of this presentation is on Python using the default package manager pip. These attacks, mitigations strategies and the core concepts apply to nearly every language with a public index for downloading and distributing 3rd party code used in developing and deploying applications.
100 tools (more or less) in 60 minutes!
Offensive Security Tooling has been a debate that’s sparked huge discussions, particularly in the Twitter information security community. What is OST? Why is it a big deal? Why should we care, and what can we do? I hope to present a balanced overview of the discussion, outline some of the existing arguments, and provide a jumping off point for others to consider and join in on the conversation. While this is an only an introduction into the argument, it is intermediate technical as I will present the specific tools and capabilities of OST, and what that means for the industry in technical terms.
All the logs might be in the SIEM (Security Information and Event Management system), but if you’re spending your days twiddling your thumbs and scrolling #infosec Twitter indefinitely, you might be overwhelmed by the amount of data and possibilities that are ahead of you. This sad situation can leave your SIEM feeling lonely and underutilized, despite being one of the top requirements of enterprise level security teams. Attendees of this talk will leave with ideas to make their SIEM feel like a valued team member, including quick ways to identify logging blind spots, threat hunting opportunities, and automation inspiration.
Mobile devices are becoming increasingly powerful and are cheap. This presentation will discuss tools and methods for turning these cheap mobile devices into powerful pen-testing devices.
From a red teamer perspective, the Man In The Middle position is that obscure place that provides you with powerful opportunities to attack victim machines on the same LAN without them knowing. On the other hand, defending against MITM is an often overlooked concept, however, this can be a costly mistake as these attacks can lead to a compromise on a much larger scale. This presentation will provide an overview of why you should care about defending against MITM on the LAN and go over few practical examples.
Managing vendor risk is more than just gathering annual questionnaires. In this presentation, we’ll explore strategies for identifying, ranking, and managing vendor risk with the business and the vendor.
D4rkm4tter has been obsessed with monitoring wireless networks and has built hardware to meet the challenges of scanning and testing in the most busy and client dense environments. The WiFi-Kraken Lite contends with these issues in a smaller package without sacrificing any monitoring performance. This project is the results of years of research into the most effective way to scan and audit wireless in a single box that can be easily deployed or used as a hardened terminal in the most rugged conditions. The WiFi-Kraken Lite consists of a single-board computer which connects 12 wireless radios that enables scanning and auditing WiFi, Bluetooth, LoRaWAN and other commonly used wireless protocols. The number of wireless devices is growing as well as the way those devices are being connected. Having an all-in-one wireless monitoring solution will give you the ability to track this data across these bands and give you the best picture of what’s happening in the air around you. This demonstration will provide you the information so that you can build your own all-in-one monitoring device. You will also gain an overview of capture technologies including Kismet that will help you perform this type of analysis in your own environments. Finally once the data is capture, you will get an understanding of efficient data processing using tools like Wireshark and d4rkm4tter’s own PCAPinator tool.
I will walk participants through how to secure Office 365 online exchange without breaking the bank and buying Azure AD Premium licenses.
I’ll go over the basics of pin tumbler locks, tools required for lockpicking and pick a few locks.
I’ll go over the basics of bypassing, latch slipping, loiding, various bypass tools including slim jims, under-the-door-tool, DDT, and Pope’s favorite,
Using the traits from the Myers Briggs and Enneagram of Personality to tailor your Social Engineering strategy for your organization. Improve your pretexts by knowing your targets’ core fears and motivations, and then use these considerations to identify weaknesses and to ultimately build up those in your organization to be stronger allies with your security program.
We will explore RF from the ground up spending a bit of time on how it works and how it’s accessible to the public (including us hackers). We will then briefly survey RF attacks in the wild and why they’re interesting. The last half will include a discussion on how to get started (including super cool gadgets) and a demo software/hardware configuration for using a computer to interact with an RF device.
A panel discussion with long-time members of the USHE penetration testing team and IT leaders. We’ll discuss tactics, strategies, and outcomes of over 10 years of systemic penetration testing within the Utah System of Higher Education.
What is Zero Trust and how does it fit in my environment.
Security comes naturally to you, but speaking doesn’t. Packets and code make sense, but people and politics don’t. You’ve got a lot to offer, but people aren’t taking you seriously. This presentation goes over the 10 mistakes I made that slowed my career in Information Security, and what you should know to avoid them.
All about the badge! – How we made the badge
You’ve been promised passwordless options for years. Now that it’s coming to be a reality, is it actually as secure as it’s being sold? Or is it just another vaporware offering that is crazy complex and not consumable for the masses? This session will define the scope of what systems/applications can be passwordless, the risks around this solution as well as the various alternatives stepping you into this solution. We’ll pick apart one of the solutions achieving this dream and the security around it. I’ll even roll back the covers of how it’s working in my day to day work life.
This talk will cover everything you need to know in order to get up to speed in the world of password cracking. We will cover what password hashes are, why password hashes should always be used, the basics of cracking password hashes, and techniques to increase efficiency of your password cracking. Towards, we will cover Hashcat, how to use it, and how give it enough horsepower to burn out electrical outlets in your home…ask me how I know.
Using python web scraping, this talk will touch on the privacy implications when using web scraping to pull data from the internet. Starting with county jails and mugshots, there are some pretty obvious issues that can arise from someone who had a mugshot taken but may have not been convicted of anything. We will explore this and other issues concerning our privacy with publicly available data from scraping and mining the internet.
We will go over all the interesting bits, cool hacks, and protections from some of my past security presentations (Owning MFA, Breaking Federated Identity, Advanced Phishing, etc.) and highlight awesome hacks from other women in cybersecurity.
This presentation will show how the cyber security class started for Alpine School District three years ago. Their first visit to SaintCon and how they went on to place first in the state with Cyber Patriots two years in a row.
Attackers are targeting your users with phishing. It’s happening. You can’t ignore it. You need both effective prevention tools and user training to help your company not become the next victim. This presentation will teach you how to develop and implement an effective internal phishing program and provide guidance on using opensource tools and an overall architecture to help get your users trained up on how to detect and repel phishing attacks.
Come learn “Grifting” from the best.
Vulnerability Management has been a disaster for the last 20 years in IT. It’s IT’s problem, it’s security’s problem, but in the end everyone suffers when we do it poorly. While there has been a glut of tools for finding vulnerabilities that’s only the very top of the iceberg. The entire lifecycle: identification, triage, mitigation, and reporting is broken and needs to be rethought for modern IT and risk thinking. This talk addresses each of the Vulnerability Management lifecycle and draws upon 20+ years experience advising, building, and operating vulnerability management programs across various market verticals and organization types to draw conclusions and suggest ways to address, if not outright fix, some of the badly broken parts. If you’re still scanning, dumping to spreadsheet, emailing people, and hoping things get fixed – you need to listen to this talk.
We’re going to be hacked. We’re going to have the site DOSed. We’re going to have someone click a link. So what should we do right now to get ready, and what will we do when it happens? This is going to be Incident Response 101. We’ll talk about how to get ready, how to get your baselines, and what to watch for. We’ll talk about what you need to prepare so you can be ready to take action when it” happens, and you don’t get blinded by information overload and the fog of war.”