Event Series Conference

Workshop: Point and Shoot to Continuous Auditing in the AWS Cloud – Andrew Krug

DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, Deadwood, SD, United States

In 2023 cloud environments are becoming increasingly complex resulting in wide variety of misconfigurations. In this workshop you'll learn how to use point and shoot tools from the open ecosystem for cloud security assessments along with a few pro tips on how to segment and sandbox those. We will also dive into continuous auditing and how to setup long term dashboards for organizations to assess their maturity over time. Attendees will leave with a firm understanding of how to leverage the tools, articulate which method is better based on use case, and assume various roles (safely) in the AWS. Don't miss this session with AntiSiphon instructor Andrew Krug. Attendees should bring a laptop with any modern Linux virtual machine or MacOS.

Event Series Conference

Workshop: Open-Source Intelligence (OSINT)

DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, Deadwood, SD, United States

Developers, penetration testers, managers, system administrators would all benefit from learning how to better detect and consolidate vulnerability and remediation efforts.

Event Series Conference

Workshop: Incident Response for Humans – Nathan Case

DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, Deadwood, SD, United States

Today's DevOps world has several new responsibilities added to the everyday engineer's existence. For example, a developer often has to assist in incident response and threat hunts. Unfortunately, these skills are hard to learn and can come at a cost if they are done on the job while an event is ongoing.

Event Series Conference

Campfire Talk: How to Create Your Own AI Platform – Peter Halberg

DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, Deadwood, SD, United States

Artificial Intelligence (AI) is taking the world by storm. There seem to be so many new platforms popping up daily. AI platforms for red and blue teams already exist, but are they custom tailored to your organization’s environment? If not, then maybe it’s time to create your own.

Event Series Conference

Campfire Talk: Burp, Not Just For Browsers – Samantha Peters

DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, Deadwood, SD, United States

My presentation would show how to proxy traffic through Burp Suite from an iPhone using a Mac OS, from Python, and from Postman. Capturing this traffic can allow for quick analysis that otherwise wouldn't be possible, and enable the use of repeater and intruder for potential exploitation.

Event Series Conference

Campfire Talk: Modern Web Authentication: Passwords are so 1960’s – Greg Bailey

DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, Deadwood, SD, United States

In this talk, we will walk through the various modern authentication protocols, specifically OAuth and its cousin, OpenID Connect, including the various code flows (code flow being the most important), how they work, their history of vulnerabilities, and how we can protect them.

Event Series Conference

Campfire Talk: So My Credentials have been Leaked…Now What? – Dwayne McDaniel

DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, Deadwood, SD, United States

This session will look at how to deal with credential leaks from detection through closing the final related ticket the incident generated. We will look at topics such as validation of secrets, scoping impact, assembling the right players, to how to offload tribal knowledge with tools like notebooks and playbooks. We will also look at preventing future leaks with some open source tools and non-intrusive workflow adjustments.

Event Series Conference

Workshop: Automating Attacks – Alex Martirosyan

DMG: Track 3 - Hotel Lobby Meeting Room 1906 Deadwood Mountain Drive, Deadwood, SD, United States

With the latest advancements of attack and breach simulation tools, many organizations are still playing catchup to know where to begin. Endpoint detection and response (EDR) tools have become heavily relied upon with default configurations. As an industry, we have pushed a lot of the responsibility of managed service providers without fully understanding what we are signing up for. This workshop will help beginners understand what the latest buzzwords mean such as Atomic Testing, Micro Emulation Plans, and Purple Teaming.