Moderator

Amelie Koran (@webjedi)

Senior Fellow, Atlantic Council

Panelists

Laila ElGohary
Former Deputy CTO at Biden for President

Michael Kaiser (@CyberNews4you)
CEO of Defending Digital Campaigns 

Chip Stewart
CISO, State of Maryland

Mike Sager
Chief Technology Officer and Chief Information Security Officer
EMILY’s List | The Nation’s Largest Resource for Women in Politics
 

While the main talk rooms are setup, please take the time to visit our sponsors and explore the villages and workshops.

For most organizations, posting brochures, contract templates, whitepapers, and various forms of marketing collateral online is a standard practice. And for most threat actors, this can surreptitiously provide a wealth of information about the organization they are targeting.

In this talk, we will examine why cyber criminals benefit from the public sharing of organizational documents, how they make use of the metadata contained in the documents, how misconfigurations and lack of user awareness can lead to data leaks, and propose practical / open source methodologies organizations can employ to protect themselves.

CyberChef is known as the “cyber Swiss army knife” because of the myriad operations you can perform with this most excellent tool. Developed by GCHQ, this open-source web application can encode and decode, encrypt and decrypt, compress and decompress, analyze files and images, and so much more. Every professional should have CyberChef in their toolbox and in this talk I will cover some of the operations I frequently use in my role as a security researcher.

Check out the available options within the hotel or take a quick walk next door to the mall food court.

Active Directory is great.
Public Key Infrastructure is great.
So you’d think Microsoft’s AD-integrated PKI – AD Certificate Services – would be great too. And configured correctly, it is!

But in practice, Microsoft’s “easy” approach to PKI often creates security issues in typical deployments. Luckily, you can eliminate the most common & most dangerous misconfigurations with a few easy checks.

The Security Operations Center, everyone has one, but is it really more than a checkbox or a place to go where dreams die? This talk will discuss some of the core issues that SOC’s face today as well as suggestions and ideas to get this pivotal role and department back on mission by trusting and empowering analysts to find badness.

The American Library Association defines ‘Information Literacy’ as, “a set of abilities requiring individuals to ‘recognize when information is needed and have the ability to locate, evaluate, and use effectively the needed information.” Correct and accurate information is crucial to Information Security, whether it be for Threat Intelligence gathering or monitoring an incident response. Learn tips and strategies from a former librarian on how to ascertain the validity of information before using it, or worse, passing along what may be disinformation. You will come away with this session with a better sense of data gathering and organization, in addition to being a more literate consumer of information.

Ransomware, and malware as a whole, does not exist in a vacuum; it is often developed to accomplish a goal, whether to further an espionage campaign or for monetary gain. Ransomware, in particular, is a fast-moving landscape driven by an intricate web of operators, tools and mystery. BlackMatter ransomware emerged in July 2021 as the successor to DarkSide ransomware, only to be shut down a few short months later…or was it? Besides amassing a large portfolio of victims, the BlackMatter operators released several versions of the ransomware. Recorded Future was the first to openly publish technical details on BlackMatter, as well as interview the ransomware operators themselves. In this session, we will take you through our discovery of the BlackMatter ransomware group and its evolution through the shutdown as well as provide a technical deep dive on the Windows, PowerShell and Linux ransomware itself. We will also address how this evolution trend shows up in the larger ransomware operator landscape, especially among sophisticated actors.

In April 2016, Microsoft shocked the PC world when it announced the Windows Subsystem for Linux (WSL). WSL is a supplemental feature that runs a Linux image in a near-native environment on Windows, allowing for terminal functionality without the over-head of a virtual machine. While this new functionality was welcomed by developers, it also introduced a new attack surface threat actors can – and do – target. Black Lotus Labs recently identified several malicious files that were compiled in the Linux binary format ELF which utilized native windows APIs. Over the past several months, Black Lotus Labs has identified numerous agents – i.e. lightweight scripts that load more robust agents into memory – keyloggers, and in some cases fully functional remote access trojans. The novelty of using an ELF loader designed for the WSL environment gave the technique a detection rate nearly, or in some cases a, zero for sample found on Virustotal. This talk will briefly introduce WSL, then focus on the samples Black Lotus Labs observed abusing this feature in the wild.

Join us after talks have concluded for light snacks and beverages in the Warfields room. Meet new friends and reconnect with old ones!

Check out the available options within the hotel or take a quick walk next door to the mall food court.

Join us for an after-hours chill-out in the Warfields room for a night of arcade games and friends. A cash bar will be open.