Schedule - November 16th 2024
NOTICE: All Talks and Events are at The University of North Florida, University Center, located at: 12000 Alumni Drive, Jacksonville, FL 32224
Please check the posted schedule for updates. The schedule is subject to change.
The schedule is also available on HackerTracker.app
Talks
| AL, AI, and Sigma: Automating Threat Hunting With OpenAI |
|
Traditional threat hunting involves taking threat intelligence articles, extracting the necessary details, and searching for malicious activity. More often than not, we find nothing and then forget how we searched for the malicious activity. This is why one of the products of any threat hunt should be a Sigma rule. Reading through article after article and extracting the necessary details to write a Sigma rule can be time-consuming and tedious. But imagine a world where AI can do this for us, freeing up our time for more critical tasks. I remember a quote from a system administrator when I worked at the service desk decades ago: "If you need to type a command more than once, write a script." Let's take a modern twist on that: "If you need to do a task more than once, have AI do it." This presentation will discuss what threat hunting is and is not. One to write Sigma rules. Then, training an OpenAI GPT4 model, write a Sigma rule. Speaker: @Astacilauskas |
| Tales From The Vault |
|
In the face of cybersecurity threats and compromises, companies tend to focus heavily on how they can secure their digital infrastructure. Yet the true challenge often lies not in the complexity of codes, but in the simplicity of human ingenuity. "Tales From the Vault" delves into this intriguing battleground where sometimes the most dangerous weapon is the human touch. This talk presents an in-depth exploration of physical penetration testing—the art of breaching defenses without the need for digital keys. Even the toughest firewall won’t stop someone from walking out of your building with sensitive data. Through this lens, we venture into the heart of social engineering, recon, and bypass techniques. This session presents a series of stories to showcase vulnerabilities in physical security. Attendees will journey through a series of real-life scenarios that challenge preconceived notions of security. From the art of blending in to bypass techniques, this session will reveal how every lock has a key, and sometimes, that key is simply asking someone to open the door for you. This session is more than just a talk, it’s an exploration of the interconnected relationship of physical and digital security Speaker: Jennifer Shannon |
| Developer & Hacker Harmony: The Nuances of Cybersecurity |
|
A discussion about cross-collaboration for software developers & pentesters. Speaker: Roland Heintze |
| Jacksonville Women in Technology Panel Discussion |
|
Insert awesome talk abstract here Moderator: Matthew Parks |
| API Security Fundamentals |
|
Presentation on API security including PCI, Authentication, OWASP, and PenTesting Speaker: Craig Galley |
| Lets Build a Soc Puppet: Standing Up Your Own Security Operations Center at Home |
|
Breaking into the Information Security field can feel daunting, especially for newcomers. Getting hired often requires a mix of education, hands-on experience, and technical know-how. Luckily, many employers today are placing more emphasis on practical skills and knowledge over formal degrees or years of tenure. Thanks to the internet and an abundance of Free and Open Source Software (FOSS), you can start learning from home without breaking the bank. In this talk, we’ll explore core defensive security topics such as incident response, log analysis, and other valuable techniques to strengthen your resume. We'll also walk through how to deploy an Extended Detection and Response (XDR) solution, which you can host yourself—whether on a home server or a cloud-based VPS. This session isn’t a hands-on workshop, but you’re welcome to follow along on your laptop as instructions for the setup will be provided. Please note, we won’t pause for troubleshooting, but feel free to experiment as we go. What You'll Need to Know: What You'll Want to Have: Speaker: Christian McLaughlin |
| CISO Panel Discussion |
|
insert awesome talk abstract here Moderator: Matthew Parks |
| Alice in Generative AI Land |
|
Generative AI is all the rage. As people treat the technology like a magic wand, rushing to implement it into every use case imaginable, they give little thought to how generative AI increases the attack surface. This afterthought can have devastating consequences if not considered, leading to data exposure, manipulation, and compromise. It’s not just employees at the organization she needs to worry about, but development teams and even her very own security team. All of these groups can inadvertently contribute to increased risk. When it comes to addressing these challenges, it doesn’t get much better. Alice finds the advice given to security leaders is often poor, resulting in people throwing out random advice and suggesting frameworks without much knowledge of their controls, implementation, or challenges, leaving her to fend for herself. Follow Alice, the CISO, as she navigates the Generative AI landscape at her organization. Tag along as she discovers new risks and prioritizes her approach, doing her best to stay ahead of Eve. With the right approach, she can side-step bad advice and mitigate risks while still allowing employees to innovate and experiment. Speaker: Nathan Hamiel |
| Passkeys: The Good, the Bad and the Ugly |
|
Passkeys are a new "passwordless" authentication method gaining traction with the help of companies such as Microsoft, Google and Apple. They are based on public key cryptography, making them resistant to phishing and easy for users to use. This presentation delves into the technical details of how Passkeys work, how they might be useful for your organization and projects, and future attack vectors. Speaker: Champ Clark |
| Exploiting Token Based Authentication: Attacking and Defending Identities in the 2020s |
|
Token-based authentication has been out there for over twenty years now. It enabled authenticating to Service Providers (SPs) without sending them usernames and passwords over the network. Token-based authentication is based on trust in an Identity Provider (IdP), which creates tokens to be consumed by SPs. Technically, the trust is implemented using cryptography. The tokens are either signed or encrypted using symmetric or asymmetric cryptography or a combination of them. There are at least two techniques to exploit token-based authentication: stealing tokens (aka token-replay) and forging tokens. MITRE has categorised these attacks as T11134/001 and T1606, respectively. Regardless of the technical implementation of the token-based authentication (Kerberos, SAML, OAuth, etc.), the latter requires getting access to used cryptographic secrets. In this demo-packed session, I will cover both token-based authentication attack techniques. First, you will learn how adversaries conduct token-replay attacks and how to protect against them. Second, you will learn how adversaries are forging tokens to impersonate users, how to detect the exploitation, and how to prevent it. Although the attack techniques are provider-agnostic, I will use Microsoft on-prem and cloud identity platforms for demo Speaker: DrAzureAD |
| Incident Response for the Ovewhelmed, Understaffed and Unprepared |
|
We've all heard it before. Fail to Plan means Plan to Fail. Have a solid plan and execute it. In the world of IR, the more apropos adage is "No battle plan ever survived contact with the enemy". Everyone knows how to work an incident when everything is wrapped up in a tight little bow, the tools are deployed, the data is accessible, and everyone is in agreement on exactly what to do and how. We just follow the plan. That isn't the type of incident I am talking about. This talk is about the incident that happens when you are a one man shop with no tools and no resources and you need to work things out in a hurry. In short, this talk attempts to deal with the human aspects of incident response, and how to be an incident responder, not how to do incident response. I discuss the human aspects of response, and how to cope with the stresses and complexities of incident response in a modern environment where nothing goes according to plan. Speaker: Tony Drake |
| Using Analytics to hack Applicant Tracking Systems (ATS) |
|
Ever wonder why your resume ends up in a black hole when you submit it online? You know what your resume looks like, but do you wonder how a computer sees your resume? Please come out and listen to Brandi teach you how to use Google trends, Google analytics, and word clouds for job postings and your resume. Guaranteed to be a light bulb moment for your career search efforts! Speaker: Brandi Kiehl |
| From Intelligence to Action: CTI-Driven Red Teaming |
|
Attendees of the talk “From Intelligence to Action: CTI-Driven Red Teaming” can expect to gain a comprehensive understanding of how Cyber Threat Intelligence (CTI) can be effectively integrated into red teaming activities. They will learn the basics of CTI, including its components like Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs), and how CTI is gathered, analyzed, and utilized to understand adversary behaviors. The talk will cover methods to incorporate CTI into red team operations to emulate real-world adversaries more accurately, and the role of CTI in planning and executing red team engagements. Attendees will be introduced to frameworks like MITRE ATT&CK, which help in categorizing and leveraging threat intelligence. The actionable takeaways from this talk include learning how to use CTI to craft more realistic and effective red team scenarios, improving the overall quality of security assessments. Attendees will gain insights on how red teams can help blue teams by providing detailed reports on adversary tactics and potential detection gaps. They will also learn techniques for mapping CTI to cyber kill chains or MITRE ATT&CK and using this information for strategic planning and threat modeling. Additionally, the talk will highlight best practices for fostering collaboration between CTI analysts and red team operators to ensure a cohesive approach to cybersecurity. This session aims to bridge the gap between intelligence gathering and actionable security measures, providing attendees with practical knowledge and skills to enhance their organization’s security posture. Speaker: Ralph Hittell |
| Secure by Demand |
|
When companies perform due diligence of their software manufacturers, they often focus on the enterprise security measures of the manufacturers, such as by ensuring the manufacturers meet various compliance standards. Although enterprise security is important, customers also need to focus on how a manufacturer approaches product security. Enterprise security refers to practices to protect a company’s own infrastructure and operations, while product security refers to actions the software manufacturer takes to ensure the products they deliver are secure against attackers. There are many compliance standards that organizations use during procurement that focus on enterprise security; conversely, relatively few focus on product security. This talk seeks to bridge that gap by offering resources organizations can leverage to assess product security maturity and whether a manufacturer follows secure by design principles. Speaker: Kirby Wedekind |
| Cyber Psychology: Harnessing Behavioral Analysis for Security Awareness |
|
How do you combat cybersecurity threats when the biggest threat is sitting right across from you? In today’s digital landscape, the human element is often the weakest link in corporate security. In fact, while research shows that frequent, “quick hit” training is more impactful than annual compliance training, only 7% of organizations fund training on a monthly cadence. This presentation, “Cyber Psychology: Harnessing Behavioral Analysis for Security Awareness,” delves into the critical role of behavioral analysis and psychological research in crafting effective security awareness programs. Behind every computer is a human, and understanding human behavior is key to optimizing our security posture. Explore how frequent, engaging, and consistent training can significantly enhance security awareness, despite the challenge of competing priorities in the workplace. We will also highlight cutting-edge research on adult learning methods that improve information retention. Cybersecurity professionals attending this session will gain valuable insights and factual knowledge to optimize their security awareness programs.These programs aim to reduce internal threat potential by leveraging the human element effectively. Join us to discover how to transform your security training from mundane to impactful, ensuring your organization stays one step ahead of potential threats. Speaker: Rebecca Hughes |
| Internal Domain Name Collision 2.0 |
|
The proliferation of new Top-Level Domains (TLDs) has sparked security concerns primarily around phishing and social engineering attacks. However, the emergence of these new TLDs has broadened the attack surface, making it easier for threat actors to exploit other domain-related vulnerabilities. Our research explored another critical but often overlooked vulnerability: Internal Domain Name Collision. During our research, we examined how legacy systems configured before the TLD boom can become susceptible to these collisions, potentially allowing threat actors to redirect or intercept sensitive internal traffic. This vulnerability can have a ripple effect, impacting even newly installed systems that rely on configurations from those legacy systems (e.g. DHCP, DNS Suffix, etc.). This presentation will showcase our methodology for identifying vulnerable domains and present real-world examples of high-value targets at risk, including a major European city, a US Police Department, and critical infrastructure companies. Speaker: Philippe Caturegli |