(Agenda sessions and times are subject to change)

2:30 PM - 4:00 PM
3:00 PM - 3:30 PM
3:30 PM - 6:00 PM
4:00 PM - 8:00 PM
6:30 PM - 8:00 PM
8:00 PM - 10:00 PM
8:00 AM - 9:00 AM
9:00 AM - 9:05 AM
9:05 AM - 9:35 AM
9:35 AM - 9:40 AM
9:40 AM - 10:25 AM

The objective of this talk to to create dialogue about the changing landscape concerning cloud environments. It doesn't matter which of the big three cloud providers we focus on, there is lacking conversation around how we identify sketchy activity of threat actors. Currently we are overwhelmed with threat actors leveraging cloud services to host attacking infrastructure, identify buckets and accounts with weak security controls, hosting stolen data, and many more nefarious types of activity. What are we doing about it? I'll share my research and techniques for hunting across cloud services, identifying attacker activity, and strengthen your cloud environment. Disclaimer: I will try not to rag on any specific cloud providers.

O'Shea Bowens
O'Shea Bowens - Null Hat Security

Come learn Kubernetes attack TTPs in this demo-heavy presentation! We'll demonstrate the attack path that fully compromises the Def Con Kubernetes Capture the Flag (CTF), picking up flags and movie references. You'll learn techniques that you can use on real-world Kubernetes attacks and map these to the Mitre Att&ack Framework. Finally, you'll gain a stronger understanding of the security controls in and available to Kubernetes cluster.

Jay Beale
Jay Beale - InGuardians
10:25 AM - 10:30 AM
10:30 AM - 11:15 AM
11:15 AM - 12:40 PM
12:40 PM - 1:10 PM
1:10 PM - 1:15 PM
1:15 PM - 2:00 PM


Creating a team made up of individuals with seemingly opposed objectives can be challenging. However, when carefully managed, creating space for collaborative conflict can be a magnificent driver of innovation and change. This is the heart of the “Purple” mindset.

In this presentation, we will share our process of humbly discovering ways to create and foster collaborative conflict during our research sprints and security exercises. Topics include team culture and structure, democratic project selection processes, research sprint planning, exercise planning, project deliverables, lab infrastructure, and attack and analysis automation. Philosophical discussions will be grounded with real-world examples from Purple Team research sprints and exercises completed earlier this year, such as multi-cloud lateral movement, CI/CD pipeline compromise, and attacks against hybrid identity systems.

We believe our experiences will help those interested in creating new Purple Team capabilities or further developing an existing practice.

Trenton Ivey Ryan Marcotte Cobb
Trenton Ivey - Secureworks
Ryan Marcotte Cobb - Secureworks

Open source code has become ubiquitous in modern software, but recent research highlights some troubling security risks. Veracode’s State of Software Security: Open Source Edition v11 found that 79 percent of third-party libraries are never updated after initial inclusion in a codebase. The research also found it takes more than a year for developers to fix 50 percent of vulnerable libraries. These findings further illustrate the security risk posed by third-party code and a “set it and forget it” mindset. In this session, Chris Eng, Chief Research Officer at Veracode will present these and other research findings, including a deep dive into the most vulnerable libraries and languages, and developer insights into vulnerability remediation habits and techniques. Attendees will gain an understanding of the security implications of third-party libraries and how to manage the ever-changing open source landscape.

Chris Eng
Chris Eng - Veracode
2:00 PM - 2:05 PM
2:05 PM - 2:50 PM

It's no surprise with the exponential explosion of connected devices from smart TVs to home automation to remote monitoring, manual review of security related events isn't keeping pace (and hasn't for a while). Automation, AI, and data analytics is not a new concept to the domain of cybersecurity and nearly all vendors proudly proclaim the virtues of these technologies deployed in their products. Then why do the majority of cyber professionals seem to shun data analytics and avoid unlocking the potential of data science techniques in daily operations??? In this presentation, we will tackle the fundamentals of data science including data acquisition, graph analytics, artificial intelligence, and machine learning. Within the context of those domains we gently introduce the key concepts of statistics, path finding, centrality, modeling, classification, feature sets, training, and more. Sound complicated? Don't worry! This presentation isn't for PhD's, it's for the real world cyber operator. All concepts include practical applications to threat hunting, attack surface modeling, cyber intelligence mapping, and anomalous event detection. Open source tools including network graphing and AI enabled threat modeling to accompany presentation!

Michael Schladt
Michael Schladt - General Electric
2:50 PM - 2:55 PM
2:55 PM - 3:25 PM
3:25 PM - 3:30 PM
3:30 PM - 4:15 PM

Active Directory Attack Paths are nothing new yet every organization struggles to control the problem and eventually gives up. In this talk we'll cover why that is starting with the basics of an Attack Path and how it is formed in Active Directory. We'll then cover some of the existing approaches and why they've been unsuccessful. Finally, we'll cover effective Attack Path Management principals and how everyone can start today using the free and open-source BloodHound.

Justin Kohler
Justin Kohler - SpecterOps

Sometimes the most entertaining (and instructive) stories are ones where the good guys don't necessarily win. Nick Leghorn is an information security professional who has done more incident response than most people would ever hope to see in their lifetime, and not all of it has gone to plan. In this talk Nick will walk through some of the most interesting examples of incident response gone wrong (including at least one incident featured in newspapers around the world) and discuss the lessons learned from each one. Hopefully by learning from these examples we can all prevent the same issues in the future.

Nick Leghorn
Nick Leghorn - The New York Times
4:15 PM - 4:20 PM
4:20 PM - 5:05 PM

How a Physical Pentester is educating people like your family and friends about Social Engineering in the middle of a pandemic. All the way from Brazil, Marina Ciavatta is an innocent looking girl who actually breaks and enters into the biggest companies in her country using Social Engineering. Telling her stories through talks around the world and also at family and friends gatherings (like the bar table), she learned how people respond to Security and Hacking tips when you make then funny and relatable. Prepare to have some fun with some Physical Pentesting tales and scratch your brain as well with some challenges regarding how we talk and educate people on their own common day to day Security issues.

Marina Ciavatta
Marina Ciavatta - Hekate, Inc.
5:05 PM - 5:10 PM
5:10 PM - 5:40 PM
5:40 PM - 6:05 PM
6:05 PM - 8:05 PM
8:05 PM - 8:35 PM
8:35 PM - 10:35 PM
8:00 AM - 9:00 AM
9:00 AM - 9:05 AM
9:05 AM - 9:35 AM
9:35 AM - 10:05 AM
10:05 AM - 10:10 AM
10:10 AM - 10:55 AM

VDI Deployments are in over 90% of all the Fortune 1000 companies and are used in almost all industry verticals, but are they secure? With the rise of Work From Home VDI deployments have grown and become much more common with the pandemic in 2020. The goal of most VDI deployments is to centrally deliver applications and/or desktops to users internally and externally, but in many cases their basic security recommendations haven’t fully deployed, allowing an attacker to gain access. This talk will review the basic design of the top two solution providers, Citrix and VMware along with some notes on Windows Azure Virtual Desktop as a growing solution. We will go over these solutions strengths and weaknesses and learn how to quickly identify server roles and pivot. We will also examine all the major attack points and their defensive counters. If you or if you have a client that has a VDI Deployment you don’t want to miss this talk.

Patrick Coble
Patrick Coble - VDISEC
10:55 AM - 11:00 AM
11:00 AM - 11:45 AM
11:45 AM - 1:10 PM
1:10 PM - 1:40 PM
1:40 PM - 2:10 PM
2:10 PM - 2:15 PM
2:15 PM - 3:00 PM

In 1970, engineers blew up a whale. No, really, they did, and they thought it was the best idea to solve a rotting carcass problem. While this example doesn't appear to be related to application security, we see this misunderstanding or disregard for results quite often as we test. In this presentation, Kevin Johnson of Secure Ideas will walk attendees through various tests from his career as an application penetration tester. These examples will include the problems Kevin and his team found and the techniques for finding the issues in your applications. After listening to the presentation, the audience will understand the flaws, how they are misunderstood, and how to look for them in their own software development practices.

Kevin Johnson
Kevin Johnson - Secure Ideas

Sysadmins, CISO’s and compliance officers run pentests on their internal and external infrastructure, and commonly ignore their wireless footprint. However, access to a corporate wireless network is seldom monitored and provides covert access to an attacker. Think a long random passphrase or individual user authentication will protect your perimeter? Think again. Current wireless attacks take advantage configuration oversights, deceiving end users, and circumventing what had been thought to be reasonable network segmentation. Such compromise can have disastrous implications resulting in the “attacker from the parking lot” scenario. Curious to see how a compromise from a “secure” wireless network happens? This talk will discuss their evolving wireless pentest methodology and answer audience questions.

Eric Escobar
Eric Escobar - Secureworks
3:00 PM - 3:05 PM
3:05 PM - 3:35 PM