DMG: Track 2 – Stage 2, General Session Area

  1. Events
  2. Venues
  3. DMG: Track 2 – Stage 2, General Session Area
1906 Deadwood Mountain Drive
Deadwood, SD 57732 United States Get Directions
(605) 559-0386
https://deadwoodmountaingrand.com/
Events at this venue
Today

Tanya Janca headshot
Event Series Conference

DevSecOps Worst Practices – Tanya Janca

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

Quite often when we read best practices we are told ‘what’ to do, but not the ‘why’. When we are told to ensure there are no false positives in the pipeline, the reason seems obvious, but not every part of DevOps is that intuitive, and not all ‘best practices’ make sense on first blush. Let’s explore tried, tested, and failed methods, and then flip them on their head, so we know not only what to do to avoid them, but also why it is important to do so, with these DevSecOps WORST practices.

MetaCTF
Event Series Conference

MetaCTF Capture the Flag

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

Test your infosec knowledge and hacking skillz in our in-conference capture the flag event!

Jake Hildreth headshot
Event Series Conference

AD and DNS: A Match Made in Heck – Jim Sykora and Jake Hildreth

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

Since the mid-80s, the Domain Name System (DNS) has been instrumental in improving the useability of computer networks and the Internet. In 2000, Microsoft released Active Directory (AD) which combined DNS with a Lightweight Directory Access Protocol (LDAP) database and Kerberos authentication to create a unified directory service platform. Since AD’s release, the fates of AD and DNS have been linked. In fact, you might say they are married. In this talk, we will discuss existing DNS attacks that can be used to compromise AD and the ways to mitigate AD-specific DNS vulnerabilities.

Nestori Syynimaa headshot
Event Series Conference

Hacking Azure AD Identities – Nestori Syynimaa

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

In the cloud era, identity has become a new security perimeter. Over 90 per cent of Fortune 500 organizations use Microsoft’s cloud-based identity and access management system, Azure AD.

James McQuiggan headshot
Event Series Conference

The Terminator Effect: AI’s Role in Fighting Cyber Threats – James McQuiggan

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

To effectively mitigate the risks associated with AI-based cybersecurity systems, it is crucial to implement a range of risk mitigation strategies, such as developing robust training datasets, multi-layered security architectures, industry-standard practices into accountability and transparency, and continuously monitoring and updating AI models. Additionally, organizations must prioritize the development of human-AI collaboration frameworks that enable seamless integration between human and AI-based cybersecurity systems.

Drew Kirkpatrick headshot
Event Series Conference

JS-Tap: Weaponizing JavaScript for Red Teams – Drew Kirkpatrick

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

Red teams have a different set of challenges and opportunities that are often not conducive to developing tailored JavaScript payloads. Custom applications often have unknown functionality and require a generic payload. Red teams also have opportunities to introduce malicious JavaScript beyond XSS vulnerabilities.

A new open source tool (JS-Tap) will be introduced that is designed to allow red teamers to attack applications using generic JavaScript used as either a post exploitation implant or an XSS payload.

Momen Eldawakhly headshot
Event Series Conference

Exfiltrate and Command Network Nodes Like a Ghost! – Momen Eldawakhly

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

Our role as “red teamers” is to try developing techniques that simulate these activities and to improve organisational security by training defensive security teams to check for every single bit (not literally) of data and also anticipate the locations from which attackers may conduct their operations. The technique discussed in this research only shows the basic mindset that can be developed further with each engagement.

Caitlin Cash headshot
Event Series Conference

Demystifying Design: Making Infosec Look Good – Caitlin Cash

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

Fonts are like pants for words. How you dress, how you speak, your non-verbal communication, is all part of what you convey to other people when interacting face to face. In graphics, design is that non-verbal portion of written communication. Here in the information security world, design can help facilitate that knowledge transfer, making content easier to understand, tools more identifiable, and interfaces more accessible.

Joe Gray headshot
Event Series Conference

The Truth is Out There: Unveiling Secrets with Open Source Intelligence – Joe Gray

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

In an era where information is becoming the world's most valuable commodity, understanding how to access, analyze, and apply this resource effectively is critical. This talk, "The Truth is Out There: Unveiling Secrets with Open Source Intelligence," will demystify the world of OSINT and explore its role in today's digitally driven society.Much like the iconic television series "The X-Files," the sphere of Open Source Intelligence is filled with intrigue, suspense, and a relentless pursuit of truth. This talk will guide participants through the shadowy digital world, revealing how OSINT techniques enable us to expose hidden information, connect the dots, and discern the truth behind the often bewildering data cloud.

Brandon Scholet headshot
Event Series Conference

Penetration Testing: Communication is the Real Hack – Brandon Scholet

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

Penetration testing success relies on effective communication with clients. This talk will address common frustrations and provide strategies for having smooth engagements, as well as insights for clients looking to understand how to get pentests to meet their goals. This will go over strategies to obtain necessary information such as client goals, pre-engagement, managing scope, and minimizing frustrating surprises. This talk will also talk about communicating findings in a way that helps clients understand and appreciate the security risks.

Haylee Mills headshot
Event Series Conference

Making Magnets for Needles in Noisy Haystacks: Operationalizing ATT&CK with Risk Based Alerting – Haylee Mills

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

MITRE ATT&CK helps us identify threats, prioritize data sources, and improve security posture, but how do we actualize those insights for better detection and alerting? We shift to alerts on aggregated behaviors over direct alerts, and make our noisy datasets into valuable treasure troves tagged with ATT&CK metadata. Let's discuss the key features needed to implement this in any security toolset!

Wild West Hackin' Fest Conference Event
Event Series Conference

Immunity, Free Speech, and the (Potential) Death of the Internet: A Section 230 Update – Kelli Tarala

DMG: Track 2 - Stage 2, General Session Area 1906 Deadwood Mountain Drive, Deadwood, SD, United States

There is a potential shift in Internet law with a lively debate surrounding it. Has Big Tech taken over free speech and political discourse? Are algorithms deciding our future? This year, the Supreme Court will be hearing the case Gonzalez v. Google LLC, in which the plaintiff asserts that Google's algorithm allows ISIS recruitment videos to be presented to young, impressionable youths. The Gonzalez's legal team asserts that Google as the publisher of the content is at least partially responsible for their daughter's death in the Islamic State attack in Paris in 2015.