SOTB2019 PRESENTATIONS

DOORS OPEN 08:00 MAY31

SEE ALSO THE EVENTBRITE PAGE

Modern Threats to ICS and SCADA Environments

Christopher Williams

We will begin with a discussion of historic threats and how we go here, some definitions of ICS/SCADA terms for IT professionals, a discussion of the types threat actors, defenses, and a live demonstration of attacking SCADA elements using Modbus and DNP3 protocols.

Docker in 20 minutes

Lauren Rainbolt

This 20 minute version will be a brief overview of what Docker is, an example of industry use, and a live demo for how to run a docker container on your personal machine. At the very least, the audience will walk away with a basic working knowledge of Docker and how to use it for personal projects. They'll also have enough info to do more research and make a case for their companies to leverage docker and kubernetes.

Introduction to Open Source Intelligence Gathering (OSINT)

Dwayne Tucker

What is Open Source Intelligence Gathering (OSINT)?  How and why to use it in Cyber security Engagements.  Real world examples of how OSINT was used. Resources available to help with OSINT.  

Modern Active Directory Attacks

Blake Townsend

Pass the hash still works in 2019 (WTF!!!!!!), but for how much longer.  A look at Active Directory attacks with a focus on 'Living off the Land' and staying undetected.

PowerShell To The People

Jimmy

This presentation is to help people, hopefully in most skill levels, learn something new about PowerShell and hopefully provide new ideas and ways they can use it in their every day infosec job.

Vulnerability Discovery to Patch to CVE

Dustin Noe

I am currently in the process of disclosing a vulnerability found in a security camera system. The vendor has acknowledged and set a patch date for May 3rd. My talk will highlight the DoS vulnerability (with demo) and the process one must take to responsibly disclose.

Memory Analysis with Volatility Framework

Evan Wagner

From zero to Yara with Volatility Framework. Memory analysis can help fill gaps in your coverage if you don't have Sysmon or an expensive EDR solution and want to get process execution trees, open file handles, mutexes, executed command lines, browsed folders and much, much more. In this talk I will give some background on the tool, it's fork Rekall and where they both fit in. Then we will discuss memory acquisition, supported formats and how to select the correct OS build profiles. Basic plugin usage will be conveyed for displaying useful information and to dump out intact files/process executables for performing further analysis. Then I will demonstrate techniques that I use for responding to alerts and identifying malware and behavior from indicators. Finally I will give examples on how to write Yara rules and to script out Volatility commands to further enrich the data and then visualize it for easier analyst consumption.