The Pivot

In today’s threat landscape, the attacker is an insider. Whether a state-sponsored actor or cybercriminal, attackers typically first compromise the endpoint with a client-side exploit and then pivot. In this session, we take a deep dive into how attackers pivot through organizations, identify the telltale signs of a pivot, and most importantly, identify steps for defending against it.

Speaker

Jonathan Trull (@jonathantrull)

Jonathan Trull is currently the VP – Information Security for Optiv and previously held the CISO role for Qualys. Before joining Qualys, he was the CISO for the State of Colorado, where he oversaw the information security operations for 17 executive branch departments. He formed the state’s first Cyber Crime Task Force, charged with conducting criminal investigations into computer crimes, developing and sharing cyber-intelligence, and working with local government and private sector partners to increase cyber-resiliency. He is a Certified Information Systems Auditor, Offensive Security Certified Professional, and was recently named by the SANS Institute as one of the 2013 People Who Made a Difference in Cybersecurity. He also teaches at Regis University in the Information Assurance Program.

Detailed Presentation

The Seven Most Dangerous New Attack Techniques, and What's Coming Next

Which are the most dangerous new attack techniques for 2016/2017? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.

Speaker

Alan Paller

Alan Paller founded SANS, a college and training school that has trained more than 145,000 cybersecurity technologists in 72 countries. Paller oversees a global program that celebrates people responsible for remarkable improvement in cyber-risk reduction. He has testified before the Senate and House and was a charter member of the President’s National Infrastructure Assurance Council. In 2010, the Washington Post named Paller as one of seven people “worth knowing in cyber security.” He serves on the NASA Advisory Council, chaired the DHS 2012 Task Force on Cyber Skills and headed the FCC Task Force on Best Practices in Cybersecurity. Earlier, Paller helped build one of the first large software companies, took it public and merged it into a larger company listed on the NY Stock Exchange.

Detailed Presentation

Hacking Critical Infrastructure Like You’re Not a N00b

This presentation is targeted towards an audience that already understands how to compromise the embedded systems that run a process and now is looking at manipulating the physics of the process itself. In as much as time allows, it will cover all the things necessary to accomplish more than exercising the automatic shutdown logic of a process.

Speaker

Jason Larsen

Jason Larsen is a Principal Security Consultant for IOActive. Larsen is a professional hacker specializing in critical infrastructure and process control systems. Over the last several years he has been doing focused research into remote physical damage. Larsen graduated from Idaho State University where he worked doing Monte Carlo and pharmacokinetic modeling for Boron-Neutron Capture Therapy. He was one of the founding members of the Cyber-Security Department at the Idaho National Labs, which hosts the ICS-CERT and the National SCADA Tested. Larsen has audited most of the major process control and SCADA systems as well as having extensive experience doing penetration tests against live systems.

Detailed Presentation

Cybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil

One of the industries most plagued by cyberattacks is the oil and gas industry. Several attacks against such companies as Aramco have been executed. SAP and Oracle systems are widely used there and are responsible for business critical processes such as Digital Oilfield Operations, Hydrocarbon Supply Chain and others. How you can prevent those attacks? The presenters will give answers.

Speaker

Alexander Polyakov (@sh2kerr)

Founder of ERPScan, President of EAS-SEC.org project, and recognized as an R&D professional and Entrepreneur of the year, Alexander Polyakov’s expertise covers the security of enterprise business-critical software like ERP, CRM, SRM and industry-specific solutions from SAP and Oracle. He has received several accolades and published over 100 vulnerabilities. He has authored multiple whitepapers such as annual award winning “SAP Security in Figures” and surveys devoted to information security research in SAP. Polyakov has authored a book about Oracle Database security and has presented his research on SAP and ERP security at more than 60 conferences and trainings in 20+ countries in all continents. He has also held trainings for the CISOs of Fortune 2000 companies, and for SAP SE itself.

Detailed Presentation

Breaking Closed Systems with Code-Signing and Mitigation Techniques

Code signing is abundant in the enterprises and consumer space. This session will review the current landscape showing attacks against several open (Windows, Android, Mac) and closed (IOS, automotive operating) systems and show anomalies found by Venafi Labs focused on the theft and misuse of code signing certificates to breach organizations and propose a solution on how to address the issues.

Speaker

Gavin Hill

Director of Threat Intelligence, Venafi

With over a 15 years of experience in product development and product marketing in the cybersecurity space, Gavin Hill is particularly adept at identifying where enterprises are at risk and developing products that mitigate the risks related to evolving cyberthreats. At Venafi he is responsible for the threat intelligence, focusing on Next-Generation Trust Protection.

Detailed Presentation

…But Now I See—A Vulnerability Disclosure Maturity Model

Someone politely knocks on your door and reports that there’s a hole in your wall big enough for a person to climb through. You immediately threaten legal action. Crazy? In the world of vuln research, this happens. This session will review a Vuln Disclosure Maturity Model created describe best-in-class practices. For any company wanting to get better bug reports faster—this session is a must.

Speaker

Katie Moussouris (@k8em0)

Katie Moussouris is the Chief Policy Officer for HackerOne, a vulnerability response and structured bounty platform. She is a noted authority on vulnerability disclosure and advises lawmakers, customers and researchers to legitimize and promote security research and help make the Internet safer for everyone. Moussouris’s earlier Microsoft work encompassed industry-leading initiatives such as Microsoft’s bounty programs and Microsoft Vulnerability Research. She is also a subject matter expert for the U.S. National Body of the International Standards Organization (ISO) in vuln disclosure, vuln handling processes and secure development. Moussouris is a visiting scholar with MIT Sloan School, doing research on the vuln economy and exploit market. She is a New America Foundation Fellow.

Detailed Presentation

Linguistic Passphrase Cracking

With the constant increase of availability of processing power comes the need for longer passwords and hence the need for usage of passphrases in order to remember them. But are passphrases really safe? This session will explain how to crack passphrases up to 20 characters long, where normal password attacks most often fail, in a reasonable timespan using a normal gaming PC and a Markov process.

Speaker

Mikael Simovits (@mikaelsimovits); Peder Sparell

Mikael Simovits, Founder and CEO of Simovits Consulting, is working as a Senior IT and Information Security Consultant. Simovits originally has an M.Sc. degree in electrical engineering and is a cryptologist. He has also published a book on the subject. Simovits has been lecturing cryptology at both Chalmers University of Technology and Royal Institute of Technology / Stockholm University in Sweden. He is also a CISSP.

Peder Sparell has a master of science in computer science and engineering, and is now working as a security consultant at Simovits Consulting in Sweden. He also holds the CHFI certification and has eight years of experience in the security business with a relatively recent change of focus from facility security to cybersecurity.

Detailed Presentation

Hacking a Professional Drone

Professional drones are now actively used across various industries to perform daily critical operations. In this awareness session, Nils Rodday will perform a live hack which exploits vulnerabilities of the professional drone and effectively compromises the security of the system to take over control. His session will also discuss practical fixes and approaches for remediating these issues.

Speaker

Nils Rodday

Nils Rodday is currently employed as an IT Security Consultant. He holds MSc degrees in computer science from the University of Twente (Netherlands) and the University of Trento (Italy). The specialization track he chose within the EIT Digital double-degree master program was Security & Privacy, leading to a final degree project with the title “Exploring Security Vulnerabilities of Unmanned Aerial Vehicles.” 

Detailed Presentation

Autonomous Hacking: The New Frontiers of Attack and Defense

Vulnerability analysis has largely been a process that requires substantial human expertise. However, very recently there has been a push for completely autonomous hacking systems, which can find flaws, exploit them and even provide patches, all without any human intervention. This talk presents recent advances in autonomous hacking and provides lessons learned from participating in the DARPA CGC.

Speaker

Giovanni Vigna (@lastlinelabs)

CTO, Lastline

Dr. Giovanni Vigna has been researching and developing security technology for more than 20 years, working on malware analysis, web security, vulnerability assessment and intrusion detection. He is a Professor in the Department of Computer Science at UCSB and the director of the Center for CyberSecurity at UCSB. He is also the CTO at Lastline, Inc., a company that focuses of protecting enterprises from advanced malware. He is known for organizing and running an annual inter-university Capture The Flag hacking contest that involves dozens of institutions and hundreds of students around the world. He also leads the Shellphish hacking team, who participated in a number of DefCon CTFs, winning in 2005, and recently qualifying for the DARPA Cyber Grand Challenge.

Detailed Presentation

Bruh! Do you even diff?—Diffing Microsoft Patches to Find Vulnerabilities

Ever wondered how to find bug fixes residing in Microsoft patches? In this presentation we will take a look at the tools and techniques used to reverse engineer Microsoft security patches. Many organizations take weeks to push out patches to their domains. If an attacker can locate the fix and get a working exploit going, they can use it to compromise your organization.

Speaker

Stephen Sims (@steph3nsims)

Security Researcher, SANS Institute

Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Sims currently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling and penetration testing. Sims has an M.S. in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute, having written courses on exploit development and penetration testing. He is a Co-Author of Gray Hat Hacking 4th Edition. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications. In his spare time Stephen enjoys snowboarding and writing music.

Detailed Presentation

Braking the Connected Car: The Future of Vehicle Vulnerabilities

In this presentation, analysts from Kelley Blue Book’s Automotive Industry Insights will illustrate how the connected car is quickly becoming an unrestricted playground for cyberthreats and how the next generation of in-car technology will intensify already-present vehicle vulnerabilities.

Speaker

Akshay Anand (@iamakshayanand); Karl Brauer  (@karlbrauer)

Akshay Anand is the Senior Insights Analyst for Kelley Blue Book’s KBB.com. In this role, he develops and provides insights reflecting Kelley Blue Book’s position as the market leader for new- and used-car research. Anand regularly produces data and reports, developing and sharing powerful storylines and actionable information with executives in the automotive industry. This information also is shared for media release with coverage from top-tier publications, and Anand regularly lends his insight on automotive news and information via commentary to media.

Karl Brauer serves as the Senior Director of Automotive Industry Insights for Kelley Blue Book. In this role, he develops and provides insights to position Kelley Blue Book as the market leader for new- and used-car research. Working with many departments within Kelley Blue Book and AutoTrader Group, Kelley Blue Book’s parent company, Brauer cohesively synthesizes available data and reports, developing and sharing powerful insights with the automotive industry. In addition to this role, Brauer is a Senior Editor and regularly contributes to Forbes.com, CNBC.com and other publications. As a veteran industry analyst, Brauer has been interviewed by, or appeared on, the New York Times, CNN, CNBC, the Wall Street Journal and more.

Detailed Presentation

Securing Today’s Online Kids

Technology is an amazing enabler for kids today, but it also brings unique risks. This interactive talk will cover the top three risks facing kids online today, and what parents can do to help protect them. This talk is based on the experiences and lessons learned from numerous security professionals who are parents just like you.

Speakers

Lance Spitzner  ( @securethehuman )

"Director, SANS Securing the Human

Lance Spitzner has over 20 years of security experience in cyberthreat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and published three security books. Spitzner has worked and presented in over 25 countries and helped over 350 organizations plan, maintain and measure their security awareness programs. In addition, he is a serial tweeter (@lspitzner), avid blogger and works on numerous community security projects. Before working in information security, Spitzner served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois-Chicago."

Detailed Presentation:

AppSec Awareness: A Blueprint for Security Culture Change

How does an individual change the application security culture of an organization? By deploying an application security awareness program with engaging content, humor and recognition. See the blueprint for how you can build an application security awareness program based on real life experience. Change the security DNA of everyone in your organization.

Speakers

Christopher Romeo (@edgeroute)

Chris Romeo is the Founder and Principal Consultant at Security Journey. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Secure Development Lifecycle (CSDL), empowering engineers to “build security in” to all products at Cisco. He led the creation of Cisco’s internal, end-to-end application security awareness program launched in 2012, which continues to impact more than 20,000 employees. Romeo has 20 years of experience in security, holding positions across application security, penetration testing, and incident response. Romeo is a sought after conference speaker, with experience speaking at the RSA Conference, ISC2 Security Congress, AppSec USA, and many others. Romeo holds the CISSP and CSSLP certifications.

Detailed Presentation

People-Centric Security: Transform Culture, Reduce Risk, Drive Success

This session links security culture and program performance, providing tools and guidance that will enable attendees to measure, manage and transform their own organizations’ security culture. Cases studies will be reviewed, and attendees will receive access to proven models, frameworks and tools for measurably improving the cultural maturity and behavioral reliability of their security program.

Speaker

Lance Hayden ( @hay_lance ); Masha Sedova ( @modMasha )

Dr. Lance Hayden is a Managing Director at the Berkeley Research Group, an international strategy and consulting firm. Hayden’s security career spans 25 years across the public, private and academic sectors. His interest in human security behaviors and culture began as a HUMINT operations officer with the CIA, and he has held positions at KPMG, FedEx and Cisco. Hayden provides expert advice and guidance on information security strategy, measurement and culture to companies and governments around the globe. He is the author of “People-Centric Security: Transforming Your Enterprise Security Culture” from McGraw-Hill. Hayden received his Ph.D. from the University of Texas, where he teaches courses on security, privacy and identity.

Masha Sedova is the Senior Director of Trust Engagement at Salesforce. She has built a team that drives a secure mindset amongst all employees using user security behavior testing and data analytics paired with elements of gamification and positive psychology. The scope of her work runs the gambit of general awareness such as phishing and reporting activity to secure engineering practices by developers and engineers. She and her team have built security simulations, MOOCs, company-wide competitions and custom lab environments to drive effective learning of vital security behaviors. Her efforts have culminated in a security program that is altering the way Salesforce’s employees, customers, partners and large corporations approach security.

Detailed Presentation

Securing the “Weakest Link”

Security professionals often call people “the weakest link.” We claim that they'll always make mistakes, however hard we try, and throw up our hands. But the simple truth is that we can help people do well at a wide variety of security tasks, and it’s easy to get started. Building on work in usable security and threat modeling, this session will give you actionable, proven ways to secure people.

Speaker

Adam Shostack ( @adamshostack )

Adam Shostack is a technologist, entrepreneur, author and game designer. He’s a member of the BlackHat Review Board, and helped found the CVE and many other things. He’s currently building his fifth startup, focused on improving security effectiveness. Previously, at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the “Elevation of Privilege” game. Shostack is the author of “Threat Modeling: Designing for Security,” and the co-author of “The New School of Information Security.” For more on Shostack, see adam.shostack.org. 

Detailed Presentation

Using Behavioral Psychology and Science of Habit to Change User Behavior

Why is it so hard to make users adopt security best practices? The answer lies in human psychology. In this talk the speaker shall explain the “Habit Cycle” and why habits are beyond the control of the conscious mind. The speaker shall deconstruct how habits are formed and the science behind the process. Why is it impossible to change habits? How can you replace old habits with new ones?

Speaker

Bikash Barai ( @bikashbarai1 )

Co-Founder, Cigital India

Bikash Barai is the Co-founder iViZ (acquired by Cigital) – an IDG Ventures funded company. Barai has done double B.Tech and master’s from Indian Institute of Technology (IIT), Kharagpur in computer science (Hons) as well as architecture. He is passionate about artificial intelligence, cognitive hacking and attack simulation. He is credited for several innovations in the domain of IT Security and has multiple patents in USPTO under his name. Barai has received recognition from organizations like UC Berkeley, Intel, Nasscom, Red Herring, TiE, Fortune 40-under-40 in India, etc. Barai actively pursues painting and magic and has spoken at various forums like the University of California, Berkeley, Nasscom, DSCI, CISO Platform, NUS Singapore, TiE, TEDx IIM, TEDx IIT, etc.

Full Video

Detailed Presentation

(Source: RSA USA 2016-San Francisco)

Train Like You’re Going to Fight—What Kind of Exercise Meets Your Needs?

Cyber-exercises can be used to hone skills, build teams and practice procedures. With several different types of exercises available, which is the right type to achieve your objectives? Which is the right kind for the participants’ skill levels? Cyber-exercise expert Dr. Joe Adams explains the different types of existing exercises, how to create scenarios and how to get results from each event.

Speaker

William Adams ( @meritnetwork )

Dr. Joe Adams is the Vice President for Research and Cyber Security at Merit Network, Inc. He is currently the Director of the Michigan Cyber Range. He retired from the U.S. Army as a Colonel where he taught cybersecurity at the U.S. Military Academy (USMA) as an Associate Professor and was the Chief Information Officer of the National Defense University. Merit Network Inc., a nonprofit corporation owned and governed by Michigan's public universities, operates America’s longest-running regional research and education network. The Michigan Cyber Range is operated by Merit in partnership with the State of Michigan and with the sponsorship of Consumers Energy and DTE Energy. It prepares cybersecurity professionals to detect, prevent and mitigate cyberattacks in a real-world setting.

Detailed Presentation

The Art of Hacking a Human

This session will review security techniques on how to navigate different personalities using traditional hacking techniques. Determine what “operating system” they are running. What patches are in place? What vulnerabilities can you exploit? What configuration issues does this person have? Your results based off the hack will help you work with the different personalities revealed.

Speaker

Zee Abdelnabi ( @infosec_17 )

In-Vehicle Security Engineer, Major Automotive Company
A dedicated security analyst with comprehensive data and telecommunications experience, Zee Abdelnabi is experienced in SIEM, vulnerability management, security testing and compliance, with expertise in data network security analysis and wireless security. Abdelnabi is technically savvy and adept at solving networking, electronics and computer technology problems. She is effective at training technical and non-technical personnel.

Detailed Presentation

(Source: RSA USA 2016-San Francisco)

Proactive Measures to Mitigate Insider Threat

The threat posed by rogue insiders affects every organization worldwide. The difficulties in balancing employees’ legitimate need to access corporate data along with the need to compartmentalize access are often in conflict. This presentation will walk through several real-world insider threat cases and discuss proactive measures that could have greatly mitigated the damage and losses.

Speaker

Andrew Case (@attrc)

Director of Research, Volexity

Andrew Case is an incident response handler and malware analyst. He has conducted numerous large-scale investigations that span enterprises and industries. Case’s previous experience includes penetration tests, source code audits, and binary analysis. Case is the co-developer of Registry Decoder, a NIJ funded forensics application, as well as a developer of the Volatility memory analysis framework. He is a co-author of the highly popular and technical forensics analysis book “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory.” Case has presented at conferences, including RSA, Black Hat, SOURCE, BSides, DFRWS, SecTor and OMFW. In 2013, Case was voted Digital Forensics Investigator of the Year by his peers within the forensics community.

Detailed Presentation

(Source: RSA USA 2016, San Francisco)

NSTAC Report to the President on the Internet of Things

Detailed Presentation: