Wild West Hackin’ Fest
Deadwood Mountain Grand (DMG) 1906 Deadwood Mountain Drive, DeadwoodWild West Hackin’ Fest is the most happenin infosec conference on any side of the Mississippi!
Register Now!
Loading view.
Ongoing
Agent Mission: Cryptid Hunt at Wild West Hackin’ Fest!
Deadwood Mountain Grand (DMG) 1906 Deadwood Mountain Drive, DeadwoodAgents, we have a case for you. Sightings of multiple infosec cryptids have been reported at Wild West Hackin’ Fest 2023. As
Run with BHIS
Deadwood Mountain Grand (DMG) 1906 Deadwood Mountain Drive, DeadwoodJoin us for a morning run! For all you athletes and people who enjoy running through beautiful places, this event is for you!
Martial Arts Workout w/ Cameron Cartier
DMG: General Session Area 1906 Deadwood Mountain Drive, DeadwoodJoin BHIS Penetration Tester Cameron Cartier for some martial arts practice to get warmed up and ready for the day!
WWHF Hands-on Labs
DMG: Stage 1906 Deadwood Mountain Drive, DeadwoodTo help you hone your hacker skillz, and find the Truth that is Out There, we have a Bluetooth Lab, Keystoke Injection Lab, Doorbell Replay Lab, and so much more!
Conference Registration
Deadwood Mountain Grand (DMG) 1906 Deadwood Mountain Drive, DeadwoodThe Registration Desk is your one-stop for checking in for the conference, getting your swag bag, finding out where things are happening, and so much more!
Announcements with John Strand
DMG: General Session Area 1906 Deadwood Mountain Drive, DeadwoodJohn Strand makes a few opening remarks and announcements to welcome conference attendees and get the conference rolling.
Campfire Talk: 5 Ways to be Successful in a Fortune 5 SOC – Ben Renz and Vidur Ravella
DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, DeadwoodA quick talk covering the experiences of 2 former SOC analysts who started as associates going to senior and managers in the SOC. This talk with be addressing the 5 ways, we found out and trained others, to use to be successful when working in a SOC.
Six Things DevOps Wants from InfoSec – Naomi Buckwalter
DMG: Track 1 1906 Deadwood Mountain Drive, DeadwoodWhy does it seem that DevOps and Security are always at odds with each other? Why does Security have such a bad reputation among developers? In this talk, "Six Things DevOps Wants from InfoSec", you'll learn that developers actually WANT to work with Security - they care about writing secure code! But we as security professionals need to understand that developers don't want another "Big Brother" telling them what to do - they need an active and supportive partner in the delivery process. This talk will showcase six things that every DevOps teams want from their InfoSec teams. Everyone is on the same team, after all. Let's help DevOps accomplish their goal to release the best - and most secure - code possible.
The Truth is Out There: Unveiling Secrets with Open Source Intelligence – Joe Gray
DMG: Track 2 1906 Deadwood Mountain Drive, DeadwoodIn an era where information is becoming the world's most valuable commodity, understanding how to access, analyze, and apply this resource effectively is critical. This talk, "The Truth is Out There: Unveiling Secrets with Open Source Intelligence," will demystify the world of OSINT and explore its role in today's digitally driven society.Much like the iconic television series "The X-Files," the sphere of Open Source Intelligence is filled with intrigue, suspense, and a relentless pursuit of truth. This talk will guide participants through the shadowy digital world, revealing how OSINT techniques enable us to expose hidden information, connect the dots, and discern the truth behind the often bewildering data cloud.
Workshop: Practical Soldering – Rick Wisser
DMG: Track 4 - Back Stage 1906 Deadwood Mountain Drive, DeadwoodAre you interested in learning how to solder? Well you are in luck! This year Rick Wisser from BHIS has put together a soldering workshop where you can get some hands on experience soldering on a working project. Rick has several years of experience related to all types of soldering related to contract manufacturing of printed circuit boards. The goal of the workshop is to get you familiar with soldering and how to avoid common mistakes in solder techniques. Rick will share proper techniques, tips, and pointers that simplifies the manual soldering process.
MetaCTF Capture the Flag
DMG: Stage 1906 Deadwood Mountain Drive, DeadwoodTest your infosec knowledge and hacking skillz in our in-conference capture the flag event!
Trace Labs Capture the Flag
DMG: General Session Area 1906 Deadwood Mountain Drive, DeadwoodJoin the Trace Labs team while they host a 4 hour search party CTF during WWHF! Find key pieces of intelligence to help solve active missing persons cases. This CTF helps Law Enforcement and the Trace Labs team find active missing persons and sketch out a person's online footprint.
Escape Room
DMG: Hotel Lobby - Kids Room DeadwoodTry to escape a paranormal attack if you can! The police quickly left the crime scene and now it is up to you to solve it. As you come onto the scene, something triggers. You are being watched, and if you stay too long, it may be too late. Can you solve it, or will you become the next victim?
Lock Picking Demo with Ed Miro
DMG: Stage 1906 Deadwood Mountain Drive, DeadwoodEd Miro will be facilitating an open lockpicking area including practice locks and picks that will be available for you to play with.
Vendor Booth Hours
DMG: General Session Area 1906 Deadwood Mountain Drive, DeadwoodIn addition to all the workshops and talks, demos, and other events, we also have vendors who have come here to tell you all about their toys, software, and services! Take some time to say hello. We only invite cool people to our conference.
Campfire Talk: I’m OK, You’re OK, We’re OK: Living with AD(H)D in Infosec – Klaus Agnoletti
DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, DeadwoodI’ve been in Infosec for almost 20 years. I also have AD(H)D. This talk is my story; how I kept feeling something was off until diagnosed 3 years ago, what impact ADHD and being diagnosed had on my life and why one should always confront realities and get the best out of it. There is an overrepresentation of mental diagnoses in infosec. This is my attempt to educate, break down taboos and inspire others.
Campfire Talk: Introducing RateMyAI: A Live Demo on Improving ChatGPT Conversations for Red and Blue Team Operations – Peter Halberg
DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, DeadwoodArtificial Intelligence (AI) is taking the world by storm. There seem to be so many new platforms popping up daily. AI platforms for red and blue teams already exist, but are they custom tailored to your organization’s environment? If not, then maybe it’s time to create your own.
Rethinking Penetration Testing – Mike Saunders
DMG: Track 1 1906 Deadwood Mountain Drive, DeadwoodThe current model for traditional penetration testing is broken. The typical scan and exploit model doesn’t reflect how real attackers operate after establishing a foothold. Many organizations aren’t mature enough to need or benefit from a proper red team assessment. Organizations are often unsure how to approach a Purple Team
The Secrets of USAF Debriefing Methodology Will Make You a Better Hacker – Joshua Mason
DMG: Track 2 1906 Deadwood Mountain Drive, DeadwoodBy utilizing the tactics, techniques, and practices developed by Air Force aviators, the security community can better utilize lessons learned through failure and success and improve from engagement to engagement or incident to incident.
Campfire Talk: Zero to Hero: Hacking Your Way to Your First Pentest Gig – Christian Villapando
DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, DeadwoodThis presentation aims to inform folks how to get into penetration testing. The primary target audience is those breaking into the field of cybersecurity or in the area already but would want to shift to pentesting.
Campfire Talk: Burp, Not Just For Browsers – Samantha Peters
DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, DeadwoodMy presentation would show how to proxy traffic through Burp Suite from an iPhone using a Mac OS, from Python, and from Postman. Capturing this traffic can allow for quick analysis that otherwise wouldn't be possible, and enable the use of repeater and intruder for potential exploitation.
Campfire Talk: Modern Web Authentication: Passwords are so 1960’s – Greg Bailey
DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, DeadwoodIn this talk, we will walk through the various modern authentication protocols, specifically OAuth and its cousin, OpenID Connect, including the various code flows (code flow being the most important), how they work, their history of vulnerabilities, and how we can protect them.
Penetration Testing: Communication is the Real Hack – Brandon Scholet
DMG: Track 2 1906 Deadwood Mountain Drive, DeadwoodPenetration testing success relies on effective communication with clients. This talk will address common frustrations and provide strategies for having smooth engagements, as well as insights for clients looking to understand how to get pentests to meet their goals. This will go over strategies to obtain necessary information such as client goals, pre-engagement, managing scope, and minimizing frustrating surprises. This talk will also talk about communicating findings in a way that helps clients understand and appreciate the security risks.
Destroying the Fog of War: Demonstrating Realistic End-to-End Attacks and Detective Controls – Jeff McJunkin
DMG: Track 1 1906 Deadwood Mountain Drive, DeadwoodThis talk reveals the five ways outside attackers gain internal access and outlines defenders' three core objectives: reducing initial access, lowering detection and response time, and slowing down attackers. Through live demonstrations, real-world examples, and even a unique Mario Kart analogy, this talk provides actionable insights into detective controls and slowing down attackers.
Campfire Talk: Why John Wayne Works: Social Engineering in the Wild Wild West – Todd Wedel
DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, DeadwoodIn social engineering engagements, especially physical, the culture of honor values play a significant role if the participants are in or have a background in a culture of honor. This talk will focus primarily on assertiveness and escalation avoidance.
Campfire Talk: So My Credentials have been Leaked…Now What? – Dwayne McDaniel
DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, DeadwoodThis session will look at how to deal with credential leaks from detection through closing the final related ticket the incident generated. We will look at topics such as validation of secrets, scoping impact, assembling the right players, to how to offload tribal knowledge with tools like notebooks and playbooks. We will also look at preventing future leaks with some open source tools and non-intrusive workflow adjustments.
Lunch
DMG: General Session Area 1906 Deadwood Mountain Drive, DeadwoodAt WWHF, we want to make sure you don't faint from lack of vittles while you are busy hacking and learning and having other kinds of fun. Come on down to the Deadwood Mountain Grand and break bread with us!
Workshop: Automating Attacks – Alex Martirosyan
DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, DeadwoodWith the latest advancements of attack and breach simulation tools, many organizations are still playing catchup to know where to begin. Endpoint detection and response (EDR) tools have become heavily relied upon with default configurations. As an industry, we have pushed a lot of the responsibility of managed service providers without fully understanding what we are signing up for. This workshop will help beginners understand what the latest buzzwords mean such as Atomic Testing, Micro Emulation Plans, and Purple Teaming.
Making Magnets for Needles in Noisy Haystacks: Operationalizing ATT&CK with Risk Based Alerting – Haylee Mills
DMG: Track 2 1906 Deadwood Mountain Drive, DeadwoodMITRE ATT&CK helps us identify threats, prioritize data sources, and improve security posture, but how do we actualize those insights for better detection and alerting? We shift to alerts on aggregated behaviors over direct alerts, and make our noisy datasets into valuable treasure troves tagged with ATT&CK metadata. Let's discuss the key features needed to implement this in any security toolset!
Six Ways to Defend Better RN – David Kennedy
DMG: Track 1 1906 Deadwood Mountain Drive, DeadwoodRunning two large sized companies that both focus on breaking into companies as well as defending them has helped put things into perspectives on both successes and failures from a defense perspective. This talk will dive into some of the most common methods attackers go after organizations, but focus on non traditional ways of defending the network against them. We'll be diving into prevention, detection, deception, AI (or lack thereof and marketing fluff), and much more. Let's cut right down to it, and walk away with six things you can do today to better defend and identify attacks earlier in the attack cycle.
Workshop: Intro to Social Engineering – Ed Miro
DMG: Track 4 - Back Stage 1906 Deadwood Mountain Drive, Deadwood“Intro to Social Engineering” is a 2-hour course that will provide students an extensive crash course in the study, practice, and defense of social engineering. The course will include interactive elements/technology designed to make the session fun and engaging. In this course we will clearly define ‘social engineering’, cover the most common attack vectors utilized in this domain, and explore the history & development of social engineering.
Cybersecurity for the “Have-Nots” of the World – Jake Williams
DMG: Track 1 1906 Deadwood Mountain Drive, DeadwoodThe cybersecurity landscape can broadly be broken down into dividing between the “haves” vs the “have-nots.” The security recommendations offered by so many of “just deploy X” fall on deaf ears to the *vast majority* of organizations who fall into the latter category of “have-nots.” Until the security gap for the “have-nots” of the world is closed, we’re doomed to continue failing at security overall (/screams in “software supply chain”).
So you delivered your report, now what? The role of pentesting and continuous validation – Dan DeCloss
DMG: Track 2 1906 Deadwood Mountain Drive, DeadwoodWe all know that delivering the final pentest report isn’t the end of the road. It's really just the beginning — and it should be. Annual pentests are becoming a thing of the past in favor of strategies that involve shorter iterative cycles of testing, remediation, and validation. So where does pentesting fit into a continuous validation paradigm? This talk will overlay the pentesting and continuous validation life cycles to show how pentesters can deliver more value post engagement and set the stage for their organizations or clients to conduct more frequent, more productive pentests.
Workshop: How to triumph at Tech Support – Bill Stearns
DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, DeadwoodThis course focuses on the process of tech support, the core skills needed, and the lessons learned from years of making tech support mistakes. Join instructor Bill Stearns in talking about the role of Support, the Troubleshooting process, and common issues you'll encounter in your career.
The Lost Underground – Ray and Mike Felch
DMG: Track 1 1906 Deadwood Mountain Drive, DeadwoodTake an exhilarating journey back in time to the 80s, 90s, and 00s as this father and son duo reveal what it was like to get started in an untamed security landscape populated by ruthless hackers. Join us for a captivating presentation as we delve into the intriguing world of the lost underground scene, revealing the stories, techniques, and culture that defined this rebellious era.
Immunity, Free Speech, and the (Potential) Death of the Internet: A Section 230 Update – Kelli Tarala
DMG: Track 2 1906 Deadwood Mountain Drive, DeadwoodThere is a potential shift in Internet law with a lively debate surrounding it. Has Big Tech taken over free speech and political discourse? Are algorithms deciding our future? This year, the Supreme Court will be hearing the case Gonzalez v. Google LLC, in which the plaintiff asserts that Google's algorithm allows ISIS recruitment videos to be presented to young, impressionable youths. The Gonzalez's legal team asserts that Google as the publisher of the content is at least partially responsible for their daughter's death in the Islamic State attack in Paris in 2015.
Keynote: Building a Winning Team Culture: Unleashing the Power of Collaboration and Excellence – Heath Adams
DMG: General Session Area 1906 Deadwood Mountain Drive, DeadwoodIn today's fast-paced and competitive world, organizations are increasingly recognizing the importance of building a winning team culture to drive success. In this keynote, we will explore the key elements of fostering a team culture that fuels collaboration, innovation, and excellence. We will delve into the significance of leadership and its role in setting a clear vision, values, and goals that align with the team's purpose. By cultivating an environment of trust, respect, and open communication, we can empower team members to bring their best selves to work and contribute to the collective success.
Awards with John Strand
DMG: General Session Area 1906 Deadwood Mountain Drive, DeadwoodJohn Strand makes a few closing remarks and award announcements to bid farewell to conference attendees and get the conference closed out.