Schedule

Fitting it all in

With all the events, speakers, training sessions, and more going on at ISSW, find out when and where it is all happening to maximize your experience.
2018 InfoSec Southwest
Wednesday, April 11, 2018 – Friday, April 13, 2018
Norris Conference Center
Northcross Mall, 2525 W Anderson Ln #365, Austin, Texas 78757

Unless otherwise noted, all events take place at Norris Conference Center, 2525 W Anderson Ln #365, Austin, TX 78757.

Thursday  Friday  Registration Info

  
Wednesday, APRIL 11, 2018

7:00 – 10:00 PM

Badge Pick Up + Registration Open

8:00 – 10:00 PM

Welcome Reception
Norris Conference Center

Thursday, APRIL 12, 2018

9:00 – 10:00 AM

Badge Pick Up + Caffeine Starts

10:00 – 10:40 AM

Damon J Small | What do you want to be when you grow up?
Many industries have well-defined points of entry and well-understood education and training requirements. Information Security is not one of those industries. Successful infosec pros often have wildly diverse backgrounds so it is difficult to know which is the “correct” way to enter this field. As our industry has evolved and matured, what do organizations now look for in a candidate? What combination of skills, experience, and education will get you in your “dream job?” SPOILER – there are many predictors of success, and organizations have different priorities, so there is no single answer.

11:00 – 11:40 AM

Brent Cook | Mettlesploit, a batteries-included, lightweight exploitation toolkit
Mettlesploit is a new exploitation toolkit developed from doing OSCP trainings. It combines payloads, consoles, database, C2, and exploits into a single portable binary that can be easily deployed on practically any OS without installation.

12:00 – 2:00 PM

Turbo Talks
Alamo Drafthouse Village, 2700 W Anderson Ln, Austin, TX 78757

During our two-hour lunch breaks on both days of the conference, InfoSec Southwest holds a completely open forum for lightning and turbo-talks that is not constrained by a speaker selection process, mirroring our wildly successful local AHA! hacker meeting format. This forum is open to anyone attending the conference to attend and/or to speak on any topic they wish in a first-come, first-speak order. As such, we invite everyone to attend and participate. Those who come and speak during the open forum will receive a complimentary drink ticket.

The Alamo Drafthouse is an Austin movie-going staple experience, and we’ve taken over one of the theaters at their Village location for our open forum lunches. The Alamo will have their full kitchen and bar open so we hope you’ll consider spending some or all of your lunch break with us at the Alamo.

2:00 – 5:00 PM

Hacker Stock Photos Photo Booth Open

2:30 – 3:10 PM

James “Iv0ryW0lf” Boyd | The SIEMpsons
SIEMs are instrumental in most large organizations. Most cyber defenders are at the mercy of the vendor to create parsers or connectors to work with the SIEM. What if there was another way and you had the knowledge to at least try? This talk will cover creating your own solutions to get data needed as well as exploring traditional and non-traditional data sources.

3:30 – 4:10 PM

WanderingGlitch | Exploring the Safari: Just-In-Time Exploitation
The Apple Safari web browser contains a JavaScript engine with a rather simple name — JavaScriptCore. However, the engine itself is anything but simple. One common feature within JavaScript interpreters is to have a just-in-time (JIT) engine to increase performance of the executed JavaScript, and JavaScriptCore is no exception. JavaScriptCore takes an interesting approach to this need for speed by supporting multiple tiers of optimization levels; even allowing for switching between them within a single function depending on collected statistics. As with other JIT engines, the optimization strategies employed by Safari’s JIT engine have also resulted in a number of vulnerabilities. The architecture of JavaScriptCore’s JIT engine is to have different tiers based on the number of executions. Thanks to recursion, it is even possible to have a call stack where the same function is represented by the different layers. The downside to applying typical compiler optimizations in order to JIT compile custom user-supplied code is that basic assumptions can be broken. WanderingGlitch will cover the low-level internals of JavaScriptCore, and how the immense complexity can be exploited. He will also details specific JIT vulnerabilities and how Apple chose to patch them. If JavaScript is the assembly language of the web, then the JavaScript engine is the processor. The net result is an exponential increase in the potential for untoward interactions between features of the engine’s code base. Understanding how JavaScriptCore and its JIT engine function reveals the true risk, and a better understanding of the internal aid in finding new bugs and helping secure it.

 

3:30 – 4:10 PM | Cypress Ballroom

Meghan McGrath | An Auditor and a Security Admin Walk Into a Bar…A Security Humor User Session
This interactive session welcomes security professionals of every kind to stop by and share a favorite joke, story, poem, comic, or other funny media about the infosec experience. Come add your favorite one-liner to our board, read what others have posted, or swap tales from the trenches. Meghan McGrath is a security researcher for IBM, currently focused on the intersections of security, crypto, audit, and occupational humor. She’ll share some of the stories she’s heard so far, and will be available to talk about how this approach has informed her team’s design and development process. Stop by for a quick laugh or stay for the whole discussion. What’s so funny about infosec? If you already know, bring your best material. If not, join us for this fun, lively session and find out.


4:30 – 5:10 PM

Summer Lee and Benjamin Rollin | Getting Physical (TBD)
The mantra of any good red teamer is, “hope for the best, but plan for the worst.” In this talk, we will cover tactics and approaches that can be leveraged to achieve client goals and successfully provide value even when going in cold. Various stories will be used to provide examples of merging social engineering with physical and logical access during physical red team assessments to ultimately achieve success. This talk will follow a network pentest theme to help bridge the gap between logical and physical pentesters and also provide examples of how these two types of skills can complement each other, especially in more physically locked down environments. Summer and Benjamin will start off with covering the planning process for three different scenarios: brute force, insider attack, and planned attack. Next, They will review “needed” vs. “would be nice to have” tools (for achieving both physical and logical access as well as persistence) and the prep work once a methodology has been agreed upon with the client. They will then go into tips on what a red teamer should know and do while conducting the assessment such as identifying cameras, sweeping the office before sitting at a computer, and preparing hiding areas for nighttime patrols. The talk will also cover more in-depth tactics such as tips for achieving logical access as well as what to focus on once you obtain domain administrator or other high-level privileges within the network. Finally, they will cover worst-case-scenarios and tips for moving forward with an assessment when nearly all hope of reaching the final objective is lost.

5:30 – 6:10 PM

Ron Schlecht | Porn’s Cataskeuastic Effect on Degenerate Hackers
Platform accessibility, programming frameworks, hardware sprawl, and yes….the porn industry are driving how quickly virtual reality is being brought in to several aspects of our lives. Interfaces for integrated technology controls are increasing, and driving the defense of our infrastructures and offensively attacking it are actually ahead of that. Creating an easy and intuitive environment to disrupt the way that the world collaborates and works, but at the same time…opening it up for attack. Red team, blue team, and scripty activities with virtual reality and the next frontier of work tools.

9:00 PM – 1:00 AM

PROJECT MAYHEM
9:3-PM Check in
10PM- 1AM Game on
Buffalo Billiards Rec Room, 201 E 6th St, Austin, TX, 78701

Project Mayhem is a combined scavenger hunt, bar crawl and skills challenge taking place Saturday night in the heart of downtown Austin’s nightlife. This is not to be missed.

Friday, APRIL 13, 2018

9:00 – 10:00 AM

Badge Pick Up + Caffeine Starts

10:00 AM – 12:00 PM

Hacker Stock Photos Photo Booth Open

10:00 – 10:40 AM

Brian Contos | Grandmothers, Gangsters, Guerrillas and Governments
Brian will explore threat actors including insiders, cybercriminals, hacktivists and nation-states. He will dissect how these actors operate and analyze their techniques to better understand what makes each group successful. This presentation will translate the “who, how and why” of cyberattacks. He will identify multiple “old school” and modern-day threat vectors and organize attacks by motives like financial and political. Each threat actor type will be explored in detail with real-life use cases and personal accountants based on my work in security in over 50 countries and 6 continents for the last 20 years. Threat actors are motivated by financial, political and personal reasons. They act alone or in concert with others. Regardless, we hear all too often about attacks risking lives, destroying assets, threatening national security, and damaging businesses. He will explore profiles of each threat actor type to better understand the risks that each pose. By better understanding our enemies, our security can be more effective.

11:00 – 11:40 AM

Megan Roddie | Strengthen Your SecOps Team by Leveraging NeuroDiversity
High productivity, extreme attention to detail, logical/calculated, passionate, and hyper-focused. These are all characteristics considered valuable in the information security industry. However, a certain group of people who exceed expectations in these skill sets are constantly overlooked for job positions. That group of people is the High Functioning Autistic (HFA) community. Individuals in the high functioning autistic community are often overlooked for job positions due to their social disabilities which makes them perform poorly in an interview and in their interactions with other people. However, if you look past their awkward behavior and social struggles, you will find these individuals are perfectly suited for roles in the information security industry.

12:00 – 2:00 PM

Turbo Talks
Alamo Drafthouse Village, 2700 W Anderson Ln, Austin, TX 78757

During our two-hour lunch breaks on both days of the conference, InfoSec Southwest holds a completely open forum for lightning and turbo-talks that is not constrained by a speaker selection process, mirroring our wildly successful local AHA! hacker meeting format. This forum is open to anyone attending the conference to attend and/or to speak on any topic they wish in a first-come, first-speak order. As such, we invite everyone to attend and participate. Those who come and speak during the open forum will receive a complimentary drink ticket.

The Alamo Drafthouse is an Austin movie-going staple experience, and we’ve taken over one of the theaters at their Village location for our open forum lunches. The Alamo will have their full kitchen and bar open so we hope you’ll consider spending some or all of your lunch break with us at the Alamo.

2:30 – 3:10 PM

Todd Carr @frozenfoxx | Mind Games: Exploring Mental Health Through Games
Mental health is a serious topic in our community. Many people in the tech industry as a whole and specifically within the security community suffer from mental issues, but unfortunately for all of the awareness efforts it can still be very difficult to properly express what experiencing mental illness is like in a safe manner. Games are an excellent if unconventional tool to bridge this gap and gain a better understanding of what a sufferer experiences with a range of conditions. This talk discusses three mental conditions: depression, ADHD, and PTSD. The games chosen each illustrate gameplay, narrative, and symbolism consistent with the conditions they are associated with.

3:30 – 4:10 PM

Leah Figueroa | Someone is Lying to You on the Internet – Using Analytics to Find Bot Submissions in the FCC Net Neutrality Submissions
The FCC is trying to ram through anti-net neutrality legislation and are using the submissions from their call for comments. There were more than 22 million comments submitted in approximately three months dealing with net neutrality, many supporting an anti-net neutrality stance, but something is rotten in the state of the US. Other researchers have posited that there are bots and false submissions, but they used tools not commonly available to everyone. In this case, using open source ingesters developed in house and freely available on GitHub, we pulled in all of the comments and used analytics to see if this were really the true story. When looking at the raw total number of comments, the majority fall into the anti-neutrality camp. However, after refining comments to include only those submitted via the FCC website (as opposed to those which were submitted via the FCC provided API for bulk submissions) the extreme opposite is true. People who submitted comments directly to the FCC website are overwhelmingly in support of net neutrality regulations. Leah will take everyone on the journey to this conclusion.

4:30 – 5:10 PM

Garett Montgomery | Target-based Security Model: Mapping Network Attacks to Security Controls
Garett will present a categorization of network-based attacks for the purpose of mapping to appropriate security controls. Using a layered security-zone model allows easy visualization of how/where various security controls can be applied to protect against network-based attacks at different layers. Categorizing network-based attacks according to the targeted zone then allows for direct mapping of security controls to the types of attacks they can be used to prevent.

5:30 – 6:10 PM

Riana Pfefferkorn | Side-Channel Cryptanalysis and the Fourth Amendment
Encryption shields private information from malicious eavesdroppers. After years of slow adoption, encryption is finally becoming widespread in consumer- oriented electronic devices and communications services. Consumer-oriented encryption software is now more user-friendly, and much of it turns on encryption by default. However, encryption also poses an impediment to law enforcement’s ability to gather electronic evidence. Law enforcement calls this the “going dark” problem. U.S. law enforcement agencies have responded through both legal and technological means to encryption’s perceived threat to their capabilities. One means of doing so is through a “side-channel attack.” Our electronic devices are always radiating something—electromagnetic emissions, heat, and so forth. Those emissions reveal information, called “side channel information,” about the device. The physical implementation of a cryptosystem leaks electromagnetic emissions from which academic researchers have shown it is possible to extract the system’s secret encryption keys. Side-channel cryptanalysis is not a known law enforcement tactic at present, but that may change in time.

6:30 – 7:00 PM

Closing Ceremonies & Raffle