Quickstart Guide to MITRE ATT&CK: the Do’s and Don’ts when using the Matrix – Adam Mashinchi


This is our first webcast of the new Wild West Hackin’ Casts series, bringing you the highest-rated talks from the conferences!

Given the increasing awareness and use of the MITRE ATT&CK Matrix as a common language between Red Teams, Blue Teams, and Executives, a growing number of organizations are utilizing the framework in inappropriate ways. This talk will provide the audience with a very fast, yet very practical, overview of ATT&CK; as well as how it is being utilized well, and not-so-well, in the industry. From periodic tables to minesweeper. From CALDERA to Atomic Red Team. We will go over a list of the do’s and don’ts to get the most value from the ATT&CK Matrix.

Adam is SCYTHE’s VP of Product Management where he leads the project management, design, and quality assurance departments. Before SCYTHE, Adam defined and managed the development of enterprise security and privacy solutions with an emphasis on usable encryption at a global scale and led numerous technical integration projects with a variety of partners and services. Adam holds a Master of Science in Applied Computer Science from Southern Oregon University with a focus on computer security and encryption.

Read More

STRIDE Threat Model of a Cloud Application and Associated Cloud Baggage – Bruce Norquist


This presentation is on a generic SAAS application and associated Cloud Stack’s Threat Model. The central theme of this discussion uses VISIO drawings of the SAAS, PAAS, and IAAS and the related STRIDE set of threats.

STRIDE is a model of threats developed by Praerit Garg and Loren Kohnfelder at Microsoft for identifying computer security threats. It provides a mnemonic for security threats in six categories.

The threats categories are:

  • Spoofing of user identity 
  • Tampering 
  • Repudiation 
  • Information disclosure (privacy breach or data leak)
  • Denial of service (D.o.S)
  • Elevation of privilege

Bruce Norquist has been hooked and working security since he touched his first B3 level Compartmentalized Mode Workstation in 1994. He retired from the Army National Guard after 24 years as an Information Operations and Combat Engineer officer at NORAD/USNORTHCOM. His first Cloud Application security assessment was in 2008 and they have never stopped. Among his certifications are the CISSP and CRISC.

Read More

Our Adventure with an Awareness Training Escape Room – Bob Hewitt


Are you as tired of Annual Awareness Training as your users are? It might be time to change up your approach to Security Awareness Training with some gamification. Escape Rooms can be fun and a great opportunity for team building while demonstrating your Information Security Awareness objectives. Participants are faced with a series of scenarios that require actions that reflect your organizations policies, procedures and best practices.

Bob works for a Software as a Service provider that services charitable foundations and financial institutions where he is responsible for program management, compliance, SOC operations, penetration testing, and privacy. He consults several organizations on beginning and managing their information security programs and is a SANS Community Instructor. He is an advocate that defenders must be capable of blue team functions as well as red team to be successful and has earned GCIH, GPEN and GWAPT certifications. He has also achieved other certifications including the CISSP, GSEC, and CIPP/E.

Justin is a Systems Administrator for a Software as a Service provider that services charitable foundations and financial institutions. He is a self-ascribed “nerd” with a sizeable video and board game collection. A nostalgic child of the 90’s and has no interest in growing up any time soon.

Read More

URL Hacking How to Cut the Tracking Cruft – Bronwen Aker


Have you ever read a web page and wondered what all that weirdness in the URL means? It’s not rocket science, but there is madness behind the method of how those URLs are put together, and you can learn how to use it to your advantage. Hidden in plain view are the tracking codes companies like Google, LinkedIn, Amazon, and others use to track where you go online and how you got there. Trimming those codes from your URLs is easy, makes your links friendlier, and prevents would-be online trackers and their marketing masters from keeping tabs on you. Come along as we hack some URLs so you can clean that marketing malware from the links you use and share with others.

Bronwen Aker has played with computers since elementary school when she was introduced to FORTRAN programming using bubble cards. She worked for twenty years in web development, and as a technical trainer, before entering the world of cybersecurity. Today she is a graduate of the 2017 SANS CyberTalent Academy for Women, works part-time for SANS as a Subject Matter Expert and for Black Hills Information Security (BHIS) as a technical editor, all while she finishes her bachelor’s degree in cybersecurity. When not playing with computers, virtual and otherwise, she likes to go on long walks in the mountains with her dogs.

Read More

Anatomy of a Phishing Attack – Frank Vianzon


Per the Verizon Breach Report of 2018, phishing is on the rise. In this talk we will look at a few really good phishing e-mails that I received and break down how to recognize it, how to protect yourself against it and how to perform a basic analysis of what the phishing e-mail is doing using the Burp Proxy Suite.

Frank Vianzon works in Corporate Risk Management during the day but also writes and teaches classes at the local colleges and is a Board Member at OWASP. Frank currently holds three SANS certificates for GPEN, GCWN and GISP.

Read More

Consent Alignment and Cooperation in the Internet Era – Paul Vixie


Much of the spectrum of human action and human custom translates more or less obviously from the real world (“meat space”) into the Internet (“cyber space”). Yet, some pieces of the human puzzle do not have an obvious place in the Internet game board, and this has wrought unconsidered change to human society through its digital nervous system, the Internet. Is this merely the post-Westphalia era, or as many claim, the post-national era? Let’s discuss.

Dr. Paul Vixie is an internet pioneer. Currently, he is the Chairman, CEO and co-founder of award-winning Farsight Security, Inc. Dr. Vixie was inducted into the Internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is the author of open source internet software including BIND 8, and of many internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit internet infrastructure company (ISC, 1994), and the first neutral and commercial internet exchange (PAIX, 1991). In 2018, he cofounded SIE Europe UG, a European data sharing collective to fight cybercrime. Dr. Vixie earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010.

Dr. Vixie is frequently invited to deliver keynotes at technology and business events around the world. He has presented at such events as Copenhagen Cybercrime Conference, FIRST, Palo Alto Networks IGNITE, RSA, Black Hat, DNS-OARC, SANS, Swiss Cyber Storm, and VirusBulletin.

https://farsightsecurity.com

Read More

The Real Deal About AI – Josh Fu


Artificial Intelligence(AI) is impacting our world in previously unimaginable ways and vendors love to say they use it. But how does it really work? If you are looking for the real deal about this industry buzzword, this is the talk for you. We will cover the history of this incredibly innovative technology, what it is and what it is not, the steps required to produce a solution, the subfields that make up AI, how various industries are using it, and at the end of the presentation provide the reference list for you to dive deeper into this next generation field and get started for yourself.

Josh Fu is a security professional at Cylance and was the founder of the west coast chapter of the International Consortium of Cybersecurity Professionals (ICMCP). His ability to turn technical concepts into easy-to-understand plain English has led him to present at conferences around the world focused on security, artificial intelligence, and IoT and for groups such as ISACA, ISC2, MGTA, IANS, and SANS. He is also a published author in ThreatVector, Cyber Defense Magazine, and Information Security magazine.

https://twitter.com/jfusecurity

Read More

What I Learned After a Year as a Cybersecurity Mentor – Heath Adams


Cybersecurity professionals are life-long learners. We put in our 40+ hours a week at work, but it never ends there. The field is constantly changing. Every day, something new comes out. A new exploit. A new patch. New software. A tactic that worked yesterday might no longer work today. Because of this constant state of metamorphosis, a cybersecurity pro is always studying. We are reading news articles. We are catching up on Twitter. We are working on certifications, on a CTF, or whatever it is that keeps our endorphins escalated. We never stop.

Heath Adams is a Senior Penetration Tester. He has a strong background in network administration and information security, including penetration testing, network design and implementation, and network security. Heath currently holds multiple cybersecurity related certifications, including the OSCP, OSWP, and the eWPT. Heath also proudly served as an officer in the Army Reserve. Outside of work, Heath is an online cybersecurity instructor, YouTuber, and Twitch live streamer. When Heath is not at work, he enjoys spending time with his wife, Amber, and their 4 animal “children.”

Read More