- Using DNS Search for Cyberinvestigations w/ Paul Vixie (In Person/Virtual)
Every online interaction begins with a lookup in the Domain Name System (DNS), the backbone of the Internet. As a result, digital footprints are left behind in the DNS. During this hands-on workshop, Dr. Paul Vixie will show you how to search historical passive DNS, from searching simple keywords and substrings as small as several characters to using regular expression and globbing techniques, to more easily—and quickly—uncover previously unknown IP addresses and domain names and map related online infrastructure.
-Farsight DNSDB API Key
-DNSDB Scout Web Edition: https://scout.dnsdb.info/
-dnsdbq install from https://github.com/dnsdb/dnsdbq
-dnsdbflex install from https://github.com/farsightsec/dnsdbflex
Farsight will provide free access to its passive DNS tool, Farsight DNSDB, and its command line (dnsdbq and dnsdbflex) and web (DNSDB Scout) tools for the class as well as for 60-days following the conference so that attendees can use the tool in their own work environments. DNSDB is a historical passive DNS database that contains Internet history data that goes back to 2010. A DNSDB API Key will be sent to registered attendees prior to the workshop.
Basic knowledge of the Domain Name System (DNS) is helpful but not required.
Dr. Vixie previously served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He served on the ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008 and 2009. Vixie was a founding member of ICANN Root Server System Advisory Committee (RSSAC, current) and ICANN Security and Stability Advisory Committee (SSAC, until 2014). He is the author or co-author of a dozen or so RFCs, mostly on DNS and related topics, and of Sendmail: Theory and Practice (Digital Press, 1994). He earned his Ph.D. from Keio University for work related to the Internet Domain Name System (DNS and DNSSEC), and was inducted into the Internet Hall of Fame in 2014.
- Getting Started with Atomic Red Team w/ Darin and Carrie Roberts (Virtual)
Emulate adversaries with the Atomic Red Team library of scripted cyber attacks. These scripted attacks, called atomic tests, will help you better understand the attack techniques defined in the MITRE ATT&CK framework and can be used to build and validate your defenses. Join Carrie and Darin Roberts for a one-hour introduction to Atomic Red Team followed by two hours of access to hands-on labs where you will be able to execute atomic tests.
For the labs, all attendees will be provided with a virtual machine in the cloud, so you’ll just need to be able to make a remote desktop connection to an IP address on the internet.
Carrie Roberts is a web application developer, turned pentester, turned red teamer, turned blue. She loves to learn and give back to the community. She is currently one of the primary Atomic Red Team project maintainers and developers and has developed many of her own open source tools including the Domain Password Audit Tool (DPAT) and Slack Extract. She holds Master’s degrees in both Computer Science and Information Security Engineering. She has earned 12 GIAC certifications including the prestigious “Security Expert” (GSE) certification. She has spoken at numerous security conferences including DerbyCon and Wild West Hackin’ Fest, published many blog posts on topics ranging from social engineering to bypassing anti-virus, and contributed new research on the VBA Stomping maldoc technique.
Darin Roberts is a penetration tester, security analyst, and prolific blogger for Black Hills Information Security. He has completed several GIAC certifications, including GSEC, GCFE, GCIA, and GCIH. He has B.S. degrees in Computer Information Technology and Engineering and a Master’s degree in Teaching. He enjoys teaching and sharing his knowledge with others, especially through his 16-hour course on “Attack Emulation Tools: Atomic Red Team, CALDERA and More …” that he teaches on a regular basis through Wild West Hackin’ Fest Training.
- Advanced Cubicles & Compromises w/ Ean Meyer (In Person/Virtual)
What makes a great tabletop exercise? Many organizations run a tabletop exercise to check a box for compliance standards but don’t maximize the value of the time spent. Often they don’t engage the audience or force them to think enough about the problem to find areas of improvement. Further, they assume their decisions will always work during the exercise. In this workshop, we will not only discuss how to build a tabletop exercise that addresses real risk for an organization but how to make it fun and engaging for teams at all levels of an organization. The workshop will introduce attendees to the Cubicles and Compromises format as well as add new advanced elements. You will create a company with a budget, controls, and limitations then test those controls against a current real-world issue. You’ll roll dice, things won’t go as planned, and you’ll learn to what makes for for a great tabletop exercise you can take back and use at your organization.
Ean Meyer is an Associate Director of Security Assurance for a multi-billion-dollar global resort company. When not working with large enterprises he can be found at Full Sail University teaching the next generation about information security and risk management as a Course Director in the IT and Cybersecurity programs. He is also the President of BSides Orlando and mentoring co-lead for The Diana Initiative.
Ean has spoken at BSides Orlando, BSides Tampa, and InfoSec World. He has been a panelist at ISC2 Congress, Department of Homeland Security – Corporate Security Symposium, and the upcoming Synapse Summit 2021. He also runs workshops such as Advanced Cubicles & Compromises, which is a tabletop incident response workshop for Wild West Hackin’ Fest. In 2019 Ean competed in the Social Engineering Capture The Flag at Defcon 27 where he took 5th place.
Ean holds a CISSP, EC-Council – CEH, and an MS in Cybersecurity and Information Assurance
You can find him at https://www.eanmeyer.com – Twitter @eanmeyer – LinkedIn @eanmeyer
- How to Give Technical Talks w/ Bill Stearns (In Person/Virtual)
So much of your success in a technical field is tied to one question: Can you effectively share information?
You have so many ways to do it–Twitter, blogs, articles, giving tech support online, writing documentation, etc. There’s one more in the corner that we don’t naturally go to: public speaking. That’s a real shame. So many of us avoid that at all costs when it’s a very positive way to teach and share enthusiasm about a topic.
At WWHF Way West, we hope to turn that around so you feel empowered to speak in front of an audience.
This two-hour presentation is full of all the things you need to know to speak comfortably, share enthusiasm, set up effective presentations and labs, and avoid common mistakes.
We’ll cover the mindset you need, the way to relate to your audience, how to handle questions, and how to prepare for common talk problems.
Bill Stearns, your speaker, will have lots of stories from his own speaking career. You’ll get to learn from his mistakes! 🙂
If you’re not yet comfortable speaking in front of a crowd, this talk is written for you!
Bill provides Customer Support, Development, and Training for Active Countermeasures. He has authored numerous articles and tools for client use. Bill was the chief architect of one commercial and two open-source firewalls and is an active contributor to multiple projects in the Linux development effort. His spare time is spent coordinating and feeding a major anti-spam blacklist. Bill’s articles and tools can be found in online journals at http://github.com/activecm/ and http://www.stearns.org.
- How to Sell Security to C-Levels w/ Chris Brenton (In Person/Virtual)
Given that “security” is such a vital component to an organization’s success, why do so many security leaders have trouble getting upper management to properly fund security projects? I find this tends to be a translation issue. You are trying to speak Dothraki to a bunch of Klingons. In this talk, I’ll discuss how to position security within your organization so that it’s perceived as business enablement rather than cost overhead.
Chris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator, Chris has assisted multiple startups, helping them to improve their product security through continuous development, and identifying their product-market fit.
- Intro to Git for Security Professionals w/ Ian Lee (Virtual)
This workshop is to provide an overview and introduction to the version control system Git.
Git has grown tremendously in popularity over the past 15 years since it was released, helped along especially due to code hosting services including GitHub.com, GitLab.com, and Bitbucket.org. These sites are where open-source projects most commonly live. Any time that you hear about a new open-source security tool being released, it is mostly likely to be found on one of these sites.
This workshop will help provide an introduction to security professionals that may have no background in software development, that would like to start using their favorite open-source tool, or even more, to find ways to contribute back.
No development experience is required, and participants will finish the workshop with the tools needed to make their first contribution the same day if they choose to.
Ian Lee is a Computer Engineer and Cyber Assessment Coordinator in the High-Performance Computing (HPC) facility at Lawrence Livermore National Laboratory (LLNL), home to some of the largest supercomputers on the planet, including Sierra, currently the #2 in the world with a performance of 94.6 Pflop/s. At LLNL, Ian has created a role performing cyber assessment, penetration testing, and purple teaming duties for the facility. Ian also has a strong background as a software developer, with a passion for the use and development of open-source software and practices. He leads sustainment and outreach efforts of open-source software produced by the laboratory. His personal mission is to always “leave things better than you found them.”
- Catch me if you can—Seeing the red through the blue w/ Will Hunt and Owen Shearing (Virtual)
This two-hour workshop will help improve both red and blue skillsets through a series of hacks, where you as an attendee will have to identify malicious activities on various targets. During the workshop, the trainer (Red Team) will highlight a series of attacks that have occurred on the hosts in the In.security lab. You (the Blue Team) will then need to use Azure Sentinel to identify the malicious activities and raise the alarm! This will upskill both attackers in understanding the various attack flows that could compromise their cover and defenders in understanding how to detect them. “The best defence is a good offense” applies as much in cyber as it does in sport. You’ll get sneak peeks of the attacks the trainer has carried out before you’re set off to hunt down the evidence….
- Lab access and overview
- Common KQL syntax
- Using Azure Sentinel to find artefacts
- Phishing attacks and IOCs
- Practical scenario
- Catch the phish
- Credential theft
- Practical scenario
- Identifying credential-based attacks and compromised accounts
- Using Out of Band (OOB) channels to exfiltrate data
- Practical scenario
- Identifying suspicious network activity
Who should attend:
- This workshop is suited to a variety of delegates, including:
- Blue/Red team members
- SOC analysts
- Penetration testers
- Security professionals
- IT Support as well as administrative and network personnel
Technical / Hardware / Software Requirements:
- Delegates will need to have access to a system with a web browser
Will (@Stealthsploit) co-founded In.security in 2018. Will’s been in infosec for over a decade and has helped secure many organisations through technical security services and training. Will’s delivered hacking courses globally at several conferences including Black Hat and has spoken at various conferences and events. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer.
Owen (@rebootuser) is a co-founder of In.security, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events as well as Black Hat, Wild West Hackin’ Fest, NolaCon, 44CON and BruCON. He keeps projects at https://github.com/rebootuser.
- DDTTX – Playbook Perfection w/ Amanda Berlin and Jeremy Mio (In Person/Virtual)
DDTTX Playbook Perfection is an introductory playbook workshop. Playbooks are an important part of any information security program. They offer structure and realistic, flexible procedures to assist in almost any situation.
As a group we will review playbooks taken from other situations and cover best practices, do’s and do not’s, structure, and maintenance. We will also cover ways to successfully test playbooks by using different methods that can work in a variety of organizations and situations.
Participants are welcome to bring their own playbooks or example playbooks to the workshop as long as they do not contain any confidential information that may put them or their organization at risk.
Amanda Berlin – (@infosystir) Amanda Berlin is a Lead Incident Detection Engineer for Blumira and the CEO and owner of the nonprofit corporation Mental Health Hackers. She is the author for a Blue Team best practices book called Defensive Security Handbook: Best Practices for Securing Infrastructure with Lee Brotherston through O’Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. She now spends her time creating as many meaningful alerts as possible.
Jeremy Mio – (@cyborg00101) – Jeremy has focused expertise within the evolution of security convergence, the merger of physical and information security, and cyber-warfare. He is an Information Security Officer within local government and Principal within CodeRed LLC. Previously, he worked within Fortune 500 in enterprise information security as well as physical security through training/contracting. Jeremy researches and tests small UAVs [drones] for their use in defense applications in cyber warfare and intelligence, relying on Open Source technology and OSINT.
Some of these folks will run their workshops from the conference venue, while others will deliver their workshops remotely.
Keep an eye on this page for more updates on the workshops at Way West 2021. We hope to add details about a workshop by Amanda Berlin and Jeremy Mio, too.
Please note: We cannot guarantee that all the workshops listed on this page will be available at the conference. But we’re going to try really, really hard to make sure that they’re all there.