Toolshed

Presenters

 

Klaus Agnoletti – Head of Community at CrowdSec

Klaus Agnoletti has been an infosec professional since 2004. As a long time active member of the infosec community in Copenhagen, Denmark he co-founded BSides København in 2019.

Currently as Head of Community at CrowdSec one of his current roles is to spread the word and inspire an engaging community.
 
Tool Name: CrowdSec
CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban’s philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone’s security.


Kaitlyn DeValk – Security Profesional

Kaitlyn DeValk is an active-duty Coast Guard (CG) officer, currently completing her Masters degree at the University of Maryland in Computer Science. Prior to graduate school, she completed his undergraduate education at the US Coast Guard Academy in 2019. Her professional experience is primarily in vulnerability assessments and penetration testing. Her certifications include GCIH, GPEN, and CISSP.
 
Tool Name: Riverside
Riverside is an open-source network visualization tool from inside the network, showcasing live traffic between internal hosts and external remote hosts in a real-time network graph. While capturing netflow and packet information inside of a database, users can traverse backwards in time to analyze previous network activity for enriched situational awareness and a thorough understanding of their network security posture. This utility supplements existing tooling to provide more insight for use cases such as incident response, analysis and investigation, and identification of true assets used within a network environment.


Andrew Heishman – Security Engineer at Orasure Technologies

Hey, I’m Andrew.

I have 3.5 years of experience in cybersecurity across multiple industries including Medical, Financial, and Manufacturing.

Blue teams should be able to protect themselves from threats no matter what their budget is. Small to medium businesses should have a fair shot when it comes to mitigating the biggest cybersecurity risk; Phishing emails. That is what SWAIN is all about!
 
Tool Name: SWAIN / AtlasSuite
SWAIN seeks to help defenders by automating a specific set of functions within “”Microsoft Purview”” (formerly known as Microsoft Compliance Center)

Despite being originally designed for compliance purposes, the “”Content Search”” functionality within Microsoft Purview provides notable email searching capabilities. With features like wildcarding and domain capturing, you are able to find and crush complex phishing campaigns with a single search.

Using SWAIN, you can create a content search, execute that search, and upon you reviewing the results. Choose whether or not you want to purge those emails found in the search.


Jake Hildreth – Senior Security Consultant at Trimarc

Jake Hildreth is a Senior Security Consultant and member of the Identity Security Team at Trimarc Security, LLC. As a recovering sysadmin with over 20 years of wide-ranging experience in information technology, he configured, administered, or supported almost every technology used by small and medium businesses. His day-to-day work at Trimarc focuses on assessing Active Directory configurations for Fortune 500 companies to help secure their environments. He currently holds the CISSP and Security+ certifications.
 
Tool Name: Locksmith
Locksmith is a tool for identifying and remediating the most common misconfigurations and issues with Active Directory Certificate Services installations.


Forrest Kasler – Manager and Pentester at CLA

Forrest Kasler is a full time Penetration Tester and Social Engineer. As a lifelong nerd and hacker, Forrest loves automating advanced network attacks for his team. He has authored multiple open-source tools for the penetration testing community to address common challenges in day-to-day operations. Key research topics include: NAC bypass, MFA bypass, advanced MitM attack vectors, advanced OSINT, SMTP weaknesses, distributed brute force attacks, offensive data mining, and malware development.
 
Tool Name: DolosJS
DolosJS is a NAC bypass tool that was designed to be cheap to build, easy to deploy, and extremely hard to detect. DolosJS runs on a NanoPi R2S, making it both small and cheap. The DolosJS software autoconfigures the NAC bypass, making it the perfect penetration testing drop box. Operators can simply plug it into the target network and walk away. The project also includes setup scripts to allow the DolosJS device to call home over cellular LTE networks, ensuring that command-and-control (C2) communications never traverse the target network’s perimeter. When remote access over LTE is not required, the project includes setup scripts to establish C2 over Ethernet, WiFi, or Zerotier/VPN.


Ash Noor – Pen Tester at Iron Vine Security / Founder of exeCODEable

I am a Sudanese Pen Tester, Blogger, PyCharmer & Lover of Outer Space.

Code nights and movie nights are my favorite kind of nights.

I live on the internet at www.AshNoor.me
 
Tool Name: KERnano
KERnano is a no-install Python pen testing kit, for Windows & Linux.


Raunak Parmar – Lead penetration tester at Accorian

Raunak Parmar works as a senior security engineer. Web/Cloud security, source code review, scripting, and development are some of his interests. Also, familiar with PHP, NodeJs, Python, Ruby, and Java. He is OSWE certified and the author of Vajra and 365-Stealer.
 
Tool Name: Vajra – Your Weapon To Cloud
Vajra is a UI based tool with multiple techniques for attacking and enumerating in target’s Azure and AWS environment.

The term Vajra refers to the Weapon of God Indra in Indian mythology (God of Thunder & Storms). Its connection to the cloud makes it a perfect name for the tool.

Vajra currently supports Azure and AWS Cloud environments and plans to support GCP cloud environments and some OSINT in the future.


The Techromancer – Senior Operator at Black Lantern Security

TheTechromancer is a penetration tester at Black Lantern Security, where he travels the world, writing nefarious Python tooling and testing it (with permission) against fortune-500 companies. He is a strong advocate for open source software, and open-sources all his tools, even the crappy ones. At home, he enjoys listening to Synthwave (the coolest musical genre of all time), and spends his time creating digital art and reading lots and lots of books. He really loves books.
 
Tool Name: BBOT
BBOT (Bighuge BLS OSINT Tool) is an OSINT framework written in Python. It uses a recursive consumer-event system similar to Spiderfoot, but with several improvements, including a more powerful threading engine and a versatile tagging system that automatically labels events according to whether they’re in scope, resolved/unresolved, wildcard, etc. It can be used both as a Python library and as a CLI tool, and natively supports output to the Neo4J Graph Database.

As one of the main contributors to Spiderfoot, I am a huge believer in its recursive event-driven model, however I feel that while Spiderfoot is a great investigative tool, it ultimately falls short for red-team applications. That is what I set out to fix with BBOT, whose modules and core architecture are geared heavily toward hackers.

BBOT is modular and designed to automate the entire OSINT process, and beyond — from subdomain enumeration (with passive APIs and its powerful massdns module) to port scanning (with its naabu module), and even basic web scanning (with httpx and nuclei).


Matthew Toussain – Founder, Open Security

When he gets the chance, Matthew Toussain loves to take on an offbeat challenge. He’s turned a closet into a server room, a table into a computer, and a ’76 Mustang into an electric car. He’s also built an Alexa-enabled home entertainment system out of a car amp, a Raspberry Pi, a computer power supply unit, sheet metal, and plexiglass. It’s that ingenuity that underscores his work as a certified SANS instructor.

A graduate of the U.S. Air Force Academy with a B.S. in computer science and the SANS Technology Institute with an M.S. in information security engineering, he has served as the senior cyber tactics development lead for the U.S. Air Force (USAF) and worked as a security analyst for Black Hills Information Security. In 2014, he started Open Security, which performs full-spectrum vulnerability risk assessments.

An avid runner who also plays piano, guitar and violin, Matthew lives in Texas with a multitude of Cisco switches. In addition to teaching at SANS, he is an avid supporter of cyber competitions and participates as a red team member or mentor for the Collegiate Cyber Defense Competition (CCDC), the annual NSA-led event Cybersecurity Defense Exercise (CDX), and SANS Institute’s NetWars.
 
Tool Name: Sirius Scan & Nmap Scripting Engine
Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Scan intends to leverage.

The framework is built around four general vulnerability identification concepts: The vulnerability database, network vulnerability scanning, agent-based discovery, and custom assessor analysis. With these powers combined around an easy-to-use interface Sirius hopes to enable industry evolution.

I will also be demonstrating NSE scripting and script integration


 

Organizers

 

Andrew Krug – Artisanal Hay Farmer / Cloud Security Geek

Andrew Krug is a Security Engineer specializing in Cloud Security and Identity and Access Management. Krug also works as a Cloud Security consultant and started the ThreatResponse project a toolkit for Amazon Web Services first responders. Krug has been a speaker at Black Hat USA, DerbyCon, and BSides PDX.


Adam Mashinchi – Principal Product Manager for Managed Detection and Response at Red Canary

Adam Mashinchi is the Principal Product Manager for Managed Detection and Response at Red Canary. Before Red Canary, Adam defined and managed the development of enterprise security and privacy solutions with an emphasis on adversary emulation and usable encryption at a global scale, leading numerous technical integration projects with a variety of partners and services.