Date and time of each talk will be determined within next week.
Winning the Game of Active Directory
Speaker's Name: Brandon Colley
Abstract of Presentation: The Game Of Active Directory (GOAD) is a prebuilt vulnerable Active Directory (AD) environment primarily created for pentesters. Touting over 30 methods of attack, GOAD offers multiple paths to full AD takeover. But is that really how you win the game? Regardless of color, as security professions our goal should be to better secure environments. This talk walks through AD attack strategies, exploiting misconfigurations that ultimately pwn AD. Mitigations for these attacks are discussed and implemented, showcasing how they stop common attacks. Implementing these protections in your environment is truly how you win the Game Of Active Directory.
Length of Presentation: 60 minutes
Speaker's Bio: Brandon Colley has over fifteen years of experience administering and securing Active Directory and Windows environments. He has published multiple articles and enjoyed speaking at BsidesKC, Hackers Teaching Hackers, and PancakesCon. He co-hosts a weekly podcast, interviewing infosec professionals and has appeared on multiple broadcasts, including the Phillip Wylie Show. Brandon delivers material in a humorous, yet effective manner with a focus on content built for a Blue Team through a Red lens.
Category: Demo
MoWireless MoProblems: Modular Wireless Survey Systems and the Data Analytics That Love Them
Speaker 1's Name: Geoff Horvath
Speaker 2's Name: Winson Tam
Abstract of Presentation: Often there are times to collect #allTheWireless, but with that comes some planning, we've created a modular survey system and developed an Elastic-based analytic platform named PacketGlass to visualize and explore the terabytes of information collected over multiple surveys. Our system collects all data types supported by Kismet plus raw PCAP data, ingests the data, and displays tens of millions of devices in an easy to query and display manner. Using different parsing techniques, We plan to show how to build one of these survey platforms and discuss the methodology used to transform Elastic into a robust analytical platform.
Length of Presentation: 30 minutes
Speaker 1's Bio: Geoff Horvath is the founder of Alsatian Consulting, LLC. He has 13 years experience in the US Army as an intelligence officer specializing in signals intelligence. After leaving the military in 2021, he began researching and providing digital security assessments and recommendations. He currently advises private individuals, companies, and others in matters of privacy, security, and technology. He also once got kicked out of NSA Headquarters while looking for the gift shop.
Speaker 2's Bio: Winson Tam is a cybersecurity expert with over eight years of experience across government and private sectors. His work encompasses attacking, defending, and designing secure systems, notably for the US government, and a significant consulting career within the financial and industrial spaces. Tam's contributions in these areas have consistently resulted in tangible value and high customer satisfaction.
Category: Tool
Diamond-Tipped Spears, 99% Success Rate Techniques You Need to Worry About
Speaker's Name: Will Kay
Abstract of Presentation: Left unopened. A security team's goal for employees receiving phishing emails. Most people with half a brain can pick a phish these days. But not from me. In this talk we walk through crafting a spear phishing email that targets ALWAYS open. If you run security awareness, and you're ignoring this method, you're not doing your job. How do we defeat such a perfect attack? How simple is it to execute? What are its limitations? Who is most vulnerable? A quick talk that exposes several of the sharpest spears we face in the security awareness realm.
Length of Presentation: 30 minutes
Speaker's Bio: Will works for a security firm in Australia as a security consultant and web-based penetration tester. 10+ Years of experience in this field has afforded him great knowledge and results based data on human based targeting, primarily in support of social engineering and spearphishing mitigations. This is Will's 3rd time at Defcon and 2nd time presenting his work in support of security awareness in the workplace and broader society.
Category: Demo
Decoding Galah, an LLM Powered Web Honeypot
Speaker's Name: Adel Karimi
Abstract of Presentation: Honeypots are invaluable tools for monitoring internet-wide scans and understanding attackers' techniques. Traditional low-interaction web honeypots use manual methods to emulate various applications or vulnerabilities. Introducing Galah, an LLM-powered web honeypot that mimics diverse applications with a single prompt. This honeypot dynamically crafts relevant HTTP responses, including headers and body content, to various HTTP requests, effectively simulating multiple web applications. In this talk, I will share lessons learned from building and deploying Galah and address two key questions: How do different large language models perform in generating HTTP messages? Does delivering authentic-looking HTTP responses increase attackers' engagement with the honeypot?
Length of Presentation: 30 minutes
Speaker's Bio: Adel Karimi is a senior security engineer, detection at Niantic. Before joining Niantic, he served as a lead security engineer at Google and Salesforce, specializing in detecting and responding to "badness." Beyond his day job, Adel, a longtime member of the Honeynet Project, dedicates his expertise to developing open-source projects such as Galah, reflecting his keen interests in honeypots, network fingerprinting, and the broader spectrum of threat detection.
Category: Tool
Signature-Based Detection Using Network Timing
Speaker's Name: Josh Pyorre
Abstract of Presentation: Malware traffic is commonly identified using signatures based off its code, strings, and associated network infrastructure. However, it's also possible to build signatures from the timing between network transactions. This presentation will explore using network captures of known malicious network activity to find similar behavior in random traffic. The talk is technical as it involves processing packets with Python and a some data science, but will be presented in a way that anyone should be able to understand and enjoy.
Speaker's Bio: Josh Pyorre is a Security Researcher with Cisco Talos. He's been in security since 2000 with NASA, Mandiant, and other organizations. Josh has presented at many conferences, such as DEFCON, B-Sides, Derbycon, DeepSec, Qubit, and others. His professional interests involve network, computer and data security with a goal of maintaining and improving the security of as many systems and networks as possible. He's writes dark electronic music under the name Die Vortex.
Length of Presentation: 60 minutes
Category: Tool
Using AI Computer Vision in Your OSINT Data Analysis
Speaker's Name: Mike Raggo
Abstract of Presentation: OSINT is a great mechanism for the collection of data, but what do you do with all of it once it's collected? It can take significant time with the human eye to analyze each image or video. Furthermore, you may miss important artifacts in the foreground or background. Computer vision can churn through the plethora of data to pull out the relevant evidence at lightning speed. For the last 5 years we've been exploring the use of Azure and AWS for computer vision to rapidly process large sets of image and video data acquisitions for forensic evidence.Through the use of AI we have analyzed thousands of images and videos to perform object detection, facial recognition, OCR, voice to text analysis, and more. In this session we'll explore the use of cloud platforms to exponentially increase your analysis of uncovering key artifacts to your case using demos and real world examples. We then apply chronolocation analysis to allow an investigator to paint a true-life narrative, for example an individual with a weapon at a location at a particular time. We'll provide live demos of common scenarios to reveal benefits to processing your data collections in a rapid, efficient, comprehensive, and accurate manner. We'll then wrap-up the presentation with additional AI computer vision recommendations and resources.
Length of Presentation: 60 minutes
Speaker's Bio: Michael T. Raggo has over 30 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Book. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, SANS. He was also awarded the Pentagon's Certificate of Appreciation.
Category: Demo
Introduction to IPv6
Speaker's Name: Denis Smajlović
Abstract of Presentation: Most of the Internet today is running on a legacy version of the Internet Protocol: IPv4. Despite of this, the number of engineers, especially in security, who know how to use IPv6 is relatively low. In this talk we take you through why today's Internet does not live up to its original vision, take you back to the past to show you what the IPv4 Internet used to look like, and, through this, reveal the secrets that will allow you finally understand IPv6.
Length of Presentation: 30 minutes
Speaker's Bio: With a background in security consulting, having worked for some of the largest financial institutions in Scandinavia, and biggest tech companies in the Bay Area, Denis started Nova to provide web application, network penetration testing, and bug bounty triage services at a scale that enables a greater focus on the specific needs of each individual client.
Category: Demo
Exposing Coordinated Attacks Hiding in the Sheer Noise of False Positives and Lone Incidents: A Data Science Correlation and Contextualization Journey of Logs, Events, and Alerts
Speakers' Names: Ezz Tahoun, Lynn Hamida
Abstract of Presentation: In the complex landscape of modern cybersecurity, identifying coordinated attacks within massive volumes of security data is a formidable challenge. Security professionals often grapple with distinguishing these attacks from numerous false positives and isolated incidents. This talk will illuminate how data science can be harnessed to transform tons of heterogeneous events, logs, and alerts into a bunch of clusters, a few kill chains, and fewer actionable insights, with open-source models, and security knowledge encoding. Join us on a journey to enhance security operations efficacy and efficiency! No data science expertise is required!
Length of Presentation: 60 minutes
Speaker 1's Bio: Ezz is a cyber-security-data-scientist, who won awards from Yale, Princeton, Northwestern, Canada's Communications-Security-Establishment, Microsoft, Trustwave, PIA, etc. He led cyberdatascience projects for OrangeCyber-Defense, Forescout-Technologies, Royal-Bank-of-Canada, Governments, and Huawei-Technologies. He published 20-papers and 15-open-source-projects in cyberdatascience. When he was 19-years-old he started his CS-PhD in UWaterloo, where he became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH, and was an adjunct-professor of cyber-defense.
Speaker 2's Bio: Lynn Hamida (CISSP, GCIH) is an expert researcher and consultant in operational risk and big data analytics with deep experience & credentials in the fields of business risk, cyber risk, temporal event knowledge graphs, graph ontologies, risk modeling, operational threat modeling, graph analytics, process digitization, business process mining, business analysis. She finished her post-graduate studies in CyberSecurity at Univ of Toronto and Univ of Ottawa, and worked on multiple research cyberdatascience projects with Univ of Windsor, WASP, Cypienta and others.
Category: Demo
The Curious Case of Alice and Bob: What You Can (And Cannot!) Do as Digital Investigators
Speaker's Name: Catherine Ullman
Abstract of Presentation: The game is afoot! The curious case of Alice and Bob will explore beyond the surface of technical know-how. Attendees will navigate the intricate labyrinth of digital investigation, learning not just 'where' to seek digital clues - perhaps hidden in the registry - but crucially, 'why' these details matter and 'how' they fit into the larger puzzle of our investigation. Join me on a narrative adventure illuminating the practical use of tools in a real-world scenario. For both seasoned and aspiring digital sleuths, this talk aims to sharpen investigative skills, setting or recalibrating your expectations of what digital forensics can realistically achieve.
Length of Presentation: 60 minutes
Speaker's Bio: Dr. Catherine J. Ullman is the Principle Technology Architect, Security at the University at Buffalo. She contributed to O'Reilly's 97 Things Every Information Professional Should Know, the author of Wiley's The Active Defender, and has presented at many infosec/hacker conferences. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking to make the world a more secure place.
Category: Other
Accepted Packet Hacking Village / Creator Stage Talks at DEF CON 32
Date and time of each talk will be determined within next week.