If you have any special accessibility needs, please let us know at training@wildwesthackinfest.com before the Hackin’ Cast that you plan to attend and we will do our best to accommodate your needs.
| Title | Date | Start Time | Duration | Register |
|---|---|---|---|---|
| Abusing Microsoft Office for Post-Exploitation | Kyle Avery | 1-Hour
Does your environment utilize the Microsoft Office suite of productivity software? Have you conducted a penetration test on organizations that do? Do you wonder how these applications might be used to an attacker's advantage? Microsoft Office remains one of the most installed software packages in modern corporate environments. While these applications remain a popular initial code execution vector, attackers can also use the Office suite to establish persistence, move laterally, and gather credentials. This presentation will cover multiple uses of Microsoft Office for post-exploitation, including add-ins, templates, DCOM interfaces, and credential harvesting. Each of the publicly available techniques demonstrated will include a discussion on opportunities for detection. If you perform penetration testing in Windows environments or have the daunting task of securing one, come find out what techniques are out there and how they can be detected. | 4/14/2021 | 13:00 EDT | 1 hour | Register |
| Why the Basics are Hard: AWS Cloud Security Fundamentals | Andrew Krug | 1-Hour
Every practitioner that is good at their craft practices fundamentals. If you’ve spent long enough to master anything—from music to baseball to the culinary arts—you know the importance of fundamentals. Fundamentals are not basics but rather tenants that allow you to effortlessly perform your craft. In cloud security, the fundamentals allow us to defend our companies and customer data while making it look easy. The attack surface of cloud compute environments grows by the day. If we subscribe to a set of good fundamentals, we can stay safe in these new environments. Join me, Andrew Krug, for a tour of my top security fundamental practices in the AWS Cloud. Join the WWHF Discord Channel to participate with the presenters and other attendees during the Hackin' Cast: https://discord.gg/wwhf | 4/21/2021 | 13:00 EDT | 1 hour | Register |
| Why a Security Awareness Program Isn't Enough to Secure Your Network | James McQuiggan | 1 Hour
Organizations are impacted by a data breach almost every 14 seconds. It is worth noting how the criminals get into an organization's systems and infrastructure. It comes down to phishing attacks or misconfigured and unpatched systems. Organizations declare that they have a security awareness and training program. However, how many of the employees take it, retain it, or use it? If the program is useful, why do breaches continue to occur? Organizations have training programs. Employees complete it, move on, and most of the time don't really remember it. Thus, the next evolution of security awareness needs to be an influential security culture. If a security culture and mindset are part of every employee in the organization, this can significantly reduce the risk of a data breach through employees. Presenter Bio: James McQuiggan, CISSP, is a 20-year security veteran and Security Awareness Advocate for KnowBe4. James is also a part-time faculty professor at Valencia College in the Engineering, Computer Programming & Technology Division. Within the Central Florida community, he is the President of the Central Florida (ISC)2 (pronounced I-S-C Squared) Chapter and a Trustee Board member with the Center for Cyber Safety and Education. James has worked as a Product & Solution Security Officer, Information Security analyst, and network security engineer. He consulted and supported various corporate divisions on cybersecurity standards, information security awareness and securing product networks. Join the WWHF Discord Community to participate in discussion with the presenter and attendees: https://discord.gg/wwhf | 4/27/2021 | 13:00 EDT | 1 hour | Register |
| How to Hire Cybersecurity/InfoSec Professionals Who Get Things Done | Kip Boyle | 1 Hour
It’s always a challenge to hire reliable team members. I know a significant number of hiring managers who are struggling. I’ve struggled, too. I’ve interviewed too many candidates that couldn't see past the technology. Or were too invested in the “audit-fix” game. Or playing “whack-a-mole” through the ticketing system. Some candidates looked good on paper, but when we talked to them, we found out they were actually paper tigers. So much wasted time! We can do better. In this session I’ll share many practical tips. Presenter Bio: Kip Boyle has been a CISO since 2003. He’s an experienced hiring manager of Cybersecurity/InfoSec professionals, having interviewed hundreds of them over the years and hired dozens for his teams. Join the WWHF Discord Community to participate in discussion with the presenter and attendees: https://discord.gg/wwhf | 5/12/2021 | 13:00 EDT | 1 hour | Register |
| What2Log.com: Making your life a bit easier | Mick Douglas | 1-Hour
Logging is hard. We make it easier. We show you what you should log, how to set it all up, and even give you ideas of why you should log it. Basically, this site is the clearinghouse for all logging stuff we should have had all along. Presenter Bio: Mick is an instructor for SEC 504 and SEC 555. He is the managing partner of InfoSec Innovations and is a member of the IANS Faculty. He loves logging. In his spare time he goes hiking and enjoys photography. Join the WWHF Discord Channel to participate with the presenters and other attendees during the Hackin' Cast: https://discord.gg/wwhf | 5/19/2021 | 13:00 EDT | 1 hour | Register |