Keynote Speakers

Matthew Green

Matthew Green

Matthew D. Green, an associate professor of computer science and member of the Johns Hopkins University Information Security Institute, is a nationally recognized expert on applied cryptography and cryptographic engineering. His research includes techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map-based cryptography. He is one of the creators of the Zerocash protocol, which is used by the Zcash cryptocurrency, and a founder of an encryption startup Zeutro. He is the author of a popular blog, “A Few Thoughts on Cryptographic Engineering.”

Elissa Shevinsky is a CTO known for her work in privacy, security and cryptocurrency. She is currently working with Paragon Tech as a fractional CTO. She was previously CTO and Interim CSO at Cointelegraph, a leading crypto news organization. Shevinsky has led several security and privacy startups, including roles as Head of Product at Brave and CEO at Soho Token Labs. In her free time, she explores wildlife sanctuaries and watches sci-fi reruns.

Elissa Shevinksy

Elissa Shevinsky

Trainings

Training courses are available on a first-come, first-served seat assignment only to current BSidesCharm ticket holders. Information on how to register for a class will be sent via email soon to the account on your ticket.

An Introduction to Fuzzing

Fuzzing is still one of the leading methods for finding vulnerabilities in applications. And it doesn’t have to be hard. This course gives both a high-level overview on the theory of fuzz testing as well as concrete practical exercises. Students will learn how to fuzz real-world applications to uncover actual software vulnerabilities in applications still shipped in 2023.

Sean Deaton (@WhatTheFuzz), Ryan O’Neal

Sean Deaton is an alumnus of the United States Military Academy (B.S. 2017) and Georgia Tech (M.S. 2021), where he studied Computer Science. He is a strong proponent of security in open source software and loves fuzzing.

Ryan O’Neal is a vulnerability researcher employed by the US Army. His research focuses on static analysis, symbolic execution and fuzzing, and he draws upon his experience as a web developer, cloud application developer and devops engineer to create innovative solutions. His passion is discovering and developing new techniques to address difficult questions in program security, and seeing which databases are vulnerable to SQL injection by entering his last name.

 

 

 

Building (and Validating) Detections with Adversary Intelligence

We will demonstrate workflows & use publicly available tools to gather & process intelligence on key current threats (top infostealers), identify potential TTP detection gaps, and close those gaps with new detections & validation tests. We’ll also show how teams can be more proactive by considering defenses for technique implementations beyond just those reported in public intelligence.

Scott Small

Scott Small is a security & intelligence practitioner and expert in cyber threat intelligence & threat modeling, open source research & investigations, and data analysis & automation. He is currently CTI Director at Tidal Cyber. Scott has advised enterprise & public sector security teams across maturity levels on technical & strategic intelligence applications and using technology to identify & mitigate risk. He actively contributes to the professional community & open source security projects.

 

 

 

Defensive PowerShell

This Defensive PowerShell workshop is an immersive, hands-on learning experience. You will use PowerShell Remoting (PowerShell v7) to parse text base and Windows Event logs. You will also query both local and remote registries. You will learn about an additional Windows firewall log and enable and create a custom object.

James Honeycutt

Mr. Honeycutt has served in the military for 26 years. He has spent most of that time working in IT Operations in various positions, from helpdesk to a Microsoft Windows systems administrator. He currently works for the Maryland National Guard Cyber Protection Team (CPT) as a Cyber Operations Technician focusing on incident response, forensics, and being the resident “Windows Expert.” He likes to give back to the community by presenting at local events

 

 

 

Using containers to analyze malware at scale

This workshop will focus on teaching participants how to handle malware and analyze samples using both Windows and Linux containers. The workshop will focus leveraging open-source tools, and techniques to build out a simple analysis queue pipeline to allow students to analyze multiple samples at scale within a controlled environment.

Jose Fernandez

José Fernández (@jfersec) is the President & owner of CompSec Direct. He is an InfoSec researcher with over 20 years of experience in the IT field. Jose specializes in InfoSec research by applying offensive methodologies towards practical defensive measures. Jose’s background in CNO, CND & engineering has allowed him to work in some of the most technically demanding environments throughout his career in both private & public sector. Mr. Fernandez is a Veteran & a Puertorrican Hacker Dude.

 

 

Presentations

AD and DNS: A Match Made in Heck

Active Directory combines DNS functionality (with an LDAP database, Kerberos authentication, and some other stuff) to create a unified directory service platform. As such, the fates of AD and DNS will be forever linked. In fact, you might say they are now married. In this talk you will learn how to keep that marriage happy and healthy!

Jim Sykora, Jake Hildreth

Jim Sykora is a Security Consultant at Trimarc focused on identity security. Jim started his sysadmin path in 3rd grade & did a bunch of gigs before starting to blend operational experience & rampant curiosity with security knowledge.

Jake Hildreth is the Service Lead for the Active Directory Security Assessment (ADSA) at Trimarc & maintainer of the Locksmith AD CS remediation tool. His work at Trimarc focuses on assessing AD for F500 companies. He holds the CISSP and Security+ certs.

 

 

 

Blackbox Containers: Container Security in the Enterprise

Containers are essential in modern software development, but they come with security considerations. This talk will cover container foundations, operational impact, and security considerations throughout their lifecycle. Best practices for securing containerized apps will also be discussed.

Kenny Parsons

Kenny Parsons is a Security Consultant for Set Solutions with over 15 years of experience in IT and Security. His passion for security started with an early interest in hacking and social engineering. Now, Kenny advises clients on complex environments, helping them to secure their infrastructure and microservice/container architectures. He provides clients with proper design, build, and runtime best practices for a rapidly changing container and cloud-first world.Kenny’s expertise has been recognized by industry leaders, and he was recently a guest speaker at DEFCON DC940 in DFW, Texas, and on the “Ready. Set. Secure.” podcast. 

 

 

Complexity for complexity’s sake: The bane of cybersecurity programs

More tools! More frameworks! More security controls! Let’s add all the things and stack them on top of each other! Nope, nope, and nope. This has been ineffective against major attacks like Solarwinds and Log4j. We need to keep security simple, not just for our security teams who are managing a menagerie of security tools, vulnerabilities, and threats, but also for our users.

Nikki Robinson

Dr. Nikki Robinson is a Security Architect with IBM, as well as an Adjunct Professor with Capitol Technology University. She holds a DSc in Cybersecurity and a PhD in Human Factors, specializing research in vulnerability chaining. She is the co-host of the Resilient Cyber Podcast, holds several industry certifications and is also a Fellow with ICIT. With a background in IT operations, she focuses on solving large-scale cybersecurity problems in vulnerability management, and risk analysis.

 

 

Defenders can use ATT&CK! Oh really?

As a defender, what does “I use ATT&CK” really mean? In this talk, we will share how defenders like you can translate the adversary perspective provided by ATT&CK into knowledge on how to detect and protect against cyber threats. We will also explore using ATT&CK to identify defensive gaps, develop analytics, and measure/improve your SOC maturity.

Lex Crumpton

Alexia “Lex” Crumpton is a Lead Cybersecurity Engineer – SOC and Blue team for the MITRE Corporation. Lex is a multi-functional leader whose current work spans across various exciting efforts involving security operations and research, specializing in defensive countermeasures and heuristic behavior analysis. She leads teams that help shape and deliver cyber analytics, mitigations, and detections within MITRE ATT&CK®, the Center for Threat-Informed Defense, and ATT&CK Evaluations.

 

 

Detecting and Triaging Modern Windows Rootkits

Since Windows 10, Microsoft has added many new security features aimed at disrupting kernel level malware. To stay viable, rootkit developers have evolved how they load into the kernel, gain system control, and monitor activity. This talk walks through such techniques observed in the wild and how they are detectable through a combination of memory forensics and event log analysis.

Andrew Case

Andrew Case is the Director of Research at Volexity, and has significant experience in incident response handling and malware analysis. He has conducted numerous large-scale investigations that span enterprises and industries. Case is a core developer of the Volatility memory analysis framework, and a co-author of the highly popular and technical forensics analysis book “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory.”

 

 

Don’t Panic! A Guide to Proactive Security for Small Businesses

This talk will explore the importance of proactive cybersecurity measures for small and medium sized businesses and provide practical strategies and resources. Topics covered will include playbook development, tabletop exercises, threat intelligence, and open-source or low-cost resources.

Ryan St. Germain and Clarissa Bury

Ryan St. Germain and Clarissa Bury work together on CrowdStrike’s Strategic Advisory Services team where they create bespoke tabletop exercises and perform cybersecurity maturity assessments. Prior to becoming consultants, Ryan was the Manager of Security and Infrastructure and Clarissa was the Security Engineer for a small software and services company in the DC area.

 

 

Driving Your Own Vulnerability: How to Navigate the Road of BYOD Attacks

Preventing attacks that use Bring Your Own Vulnerable Drivers pose a unique threat to Windows security, but what makes a driver vulnerable, and how prevalent are vulnerable device drivers?  In addition to answering these questions, this talk provides categories of vulnerabilities that are unique to Windows drivers and provides real world case studies to illustrate the theoretical concepts.

Dana Behling

Dana Behling is a senior threat researcher at VMware Carbon Black. With a background in software development and reverse engineering, she has spent decades dissecting and explaining malware to facilitate practical security outcomes. Her work has been instrumental in safeguarding the systems of some of the world’s largest corporations and government agencies. In her free time, Dana indulges in science fiction and fantasy audio books and gardening.

 

 

Entering the Cybersecurity Field as a 17 Year Old

Entering the cybersecurity field can often be frustrating and challenging. Sit it on this talk to hear about the experiences of a 17-year-old whos currently entering the cybersecurity field. What his suggestions are for others entering the field, possible changes for the field, and what companies can support future cybersecurity professionals.

Sully Vickers

I’ve been involved in IT all of my life and I started in cybersecurity around April 2022. I’ve participated in a large number of CTFs and placed fairly high in them. I’m working as an independent contractor for MetaCTF auditing challenges and creating a privacy policy.

 

 

Hack your brain: How to use IR skills to help with loss

Want to know how to use your incident response skills to help emotionally?

Incident response uses PICERL: (Prepare, Isolate, Contain, Eradicate, Recover, and Lessons learned)- the brain uses stages (Denial, Anger, Bargaining, Depression, and Acceptance).

I’m not a therapist but I have Master’s degrees in Social Work and CyberSecurity.

Marc Muher

10 time Polar Bear Plunger.

 

 

Hunting Mustang Panda: Exploiting PlugX DAT File Encryption with YARA

YARA rules are an industry standard for identifying malware, but what about when the malware is encrypted with a custom encryption algorithm using mixed boolean-arithmetic? Understanding custom encryption algorithms enables analysts to craft YARA rules to target them. This talk walks through understanding Mustang Panda’s custom encryption scheme for hiding PlugX and how to target it using YARA.

Sean Sabo

Sean is a cyber security professional with over 10 years of experience. For the last 5 years, he has been reverse-engineering malware and tracking various APT groups. He enjoys writing YARA rules and has contributed to the YARA code base. He currently works as a Senior Cyber Security Researcher at Recorded Future. Prior to that, he was at ThreatConnect and on the ASERT team at Arbor Networks.

 

 

It’s all Magic(RAT) – A look into recent North Korean nation-state attacks

This presentation will illustrate the entire cyber-kill chain, hands-on-keyboard activity and corresponding MITRE ATT&CK mappings for a series of successful intrusions carried out by the North Korean APT group “Lazarus” against energy companies across the world. We also provide an analysis of MagicRAT and associated, bespoke malware families used by the APT group.

Asheer Malhotra

Asheer Malhotra is a threat researcher specializing in malware analysis, reversing, detection technologies and threat disclosures within Cisco Talos. He has been researching malware threats for about a decade now at FireEye, Intel, McAfee and now at Talos. His key focus is tracking nation state attacks (APTs) across the world. Asheer holds an M.S in Computer Science with a focus on Cyber Security.

 

 

Make Better Risk Decisions to Prevent Future Cyber Attacks

Preventative security controls are more effective in reducing risk than reactive controls. This talk will explore ways to create more visibility and context into your cyber risks so you can preventatively make better decisions about how, when and where to mitigate risks before they’re exploited.

Nathan Wenzler

Nathan has 25 years of experience in the trenches of and as CISO of InfoSec programs for government agencies and private sector firms alike, often building them from scratch. He has served as a management consultant and vCISO for C-suite execs looking to optimize and improve their security programs.

 

 

Measuring Your Zero Trust Maturity (Invited, pending confirmation)

Zero Trust is all the rage in security these days. Where do you begin when trying to move towards a more mature zero trust architecture for your organization? Using the CISA Zero Trust Maturity Model, the Zero Trust team at Centers for Medicare and Medicaid Services customized a framework for our environments to better track progress across various axes. We want to share how we did this with you.

Elizabeth Schweinsberg (Invited, pending confirmation)

Elizabeth Schweinsberg is a Digital Services Expert with the US Digital Service after 9 years in corporate threat detection and incident response with Facebook and Google. She works to keep the internal networks safe from malware, hackers, and the Internet. Ms. Schweinsberg has been in the computer industry for over a decade and in digital forensics since 2005 in both the Government and private sector. When not behind the computer, she can often be found behind a book or sewing machine.

 

 

Protecting Yourself From Supply Chain Attacks – Trust Is Overrated

How can you trust all of the hardware and software you use on a daily basis? Hardware, firmware, and software have a unique (often complex) supply chain. I believe we extend far too much trust to the supply chain and do not verify the integrity of our hardware and software components. Using open-source and free tools learn how to enumerate and validate the integrity of your devices in this talk!

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul is the host of one of the longest-running security podcasts, Paul’s Security Weekly, and enjoys coding in Python, telling everyone he uses Linux as his daily driver, poking at the supply chain, & reading about UEFI.

 

 

Securing React Components

In this talk I will provide a brief overview of secure coding practices for developing web applications with ReactJS by presenting common software vulnerabilities and detailing ways to remediate and prevent insecure code being pushed to production.

Tae’lur Myers Lambert

I am a self-taught front-end developer and budding security enthusiast based out of Jacksonville, Florida. I am passionate about helping people break into tech from non-traditional background and love to share my love for tech through tutorials and social media.

 

 

Security Misconfigurations in the Cloud – “Oh Look, something fluffy!”

Threat modeling the human security risk, or as others might call it, Security Misconfigurations in the cloud and all the fun attack vectors they create. Yep, it’s clobberin time and this is what makes this job fun – helping others to find their own security problems before others do!

Kat Fitzgerald

Based in Chicago and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral Pop Tarts and have the only Pop Tart Sanctuary in the Chicago area.

 

 

Settle the Score: CVSS Fundamentals

How do we, as an intelligence community, understand and distribute the severity of widespread vulnerabilities? On that note, how do we even categorize them? After years of developing a need for a widespread and company ambiguous importance monitoring system, CVE and CVSS was born. Knowing how exactly how to understand and use these systems is fundamental for defending and exploiting.

Beth

 

 

Shakespeare, Bacon, and the NSA

A code-breaking Quaker poet who hunted Nazi spies?  Truth is stranger than fiction, and the life of Elizebeth Smith Friedman is no exception. She broke codes during both World Wars and is credited as a founder of modern cryptology.

In this talk, we’ll follow Elizebeth’s journey, learn the history of cryptography, and apply those lessons to how we should view technology and technologists today.

Brendan O’Leary

Brendan O’Leary is Head of Community at Project Discovery, and spends his time connecting with developers, security engineers, contributing to open source projects, and sharing his thoughts on cutting-edge technologies on conference panels, meetups, in contributed articles and on blogs.

 

 

 

Stop the Leak! Adversarial Thinking in Cybersecurity with PRE-ATT&CK

File and data leakage have been responsible for some of the largest press-worthy cyber security incidents to date, and in recently, appear to be increasing in volume. This talk will propose a more authentic approach to adversarial thinking (informed by MITRE PRE-ATT&CK) designed to inform defensive priorities using the same exact techniques that adversaries are actually employing in the wild.

Nick Ascoli

Nick Ascoli is a cybersecurity researcher and the founder and CEO of Foretrace, an External Attack Surface Management (EASM) solution. Nick has been a guest on the Cyber Wire podcast, and a speaker at GrrCON, Shmoocon, Defcon Skytalks, Blackhat Arsenal, SANS, and B-Sides conferences on SIEM, Recon, and UEBA topics.

 

 

Ten Ways to Frustrate Attackers in 2023

Some misconfigurations and security oversights are so egregious they can allow attackers to compromise a network in hours or minutes, while some controls or architecture decisions just make attackers’ lives miserable. I’ll provide an attacker’s view of what makes a network easy or hard for us to attack, including showing some tools you can use to ID these issues yourself before getting a pentest.

Justin Palk

Justin Palk has more than 16 years of experience in IT and information security, working in the academic, federal civilian government and health research sectors. He has held a variety of roles including sysadmin, developer, auditor, assessment team lead and now pentester. In the middle of his technical career Justin took a seven-year detour into state and local journalism. He regularly competes in CTFs. When not hacking or developing tools, Justin plays TTRPGs, writes cosmic horror, and brews.

 

 

The Action Group Model for Incident Response

Ever feel like you just don’t know what to do when the bad stuff happens? You can’t get the support needed in the middle of an incident? Come chat about an action group model for incident response, a framework which provides coordination, ownership, and flexibility to account for the variable nature of incidents, all while encouraging development of employees at all experience levels.

Shawn Thomas

Director of Forensics and Incident Response at Yahoo

Taylor Johnson

Director of Threat Detection and Response at Yahoo.