Keynote Presenters

Matt Blaze (@mattblaze)
Matt Blaze headshot

Matt Blaze is an expert in computer and network security and one of the world’s leading cryptographers. Blaze holds a Ph.D. and M.A. in computer science from Princeton and an M.S. from Columbia. He earned his bachelor of science summa cum laude from City University of New York.

He conducted research in cryptology and security at AT&T Bell Laboratories/AT&T research from September 1992 to December 2003 — with an emphasis on systems and architectural aspects of security and trust in large-scale computing and communication systems.

Liam Randall (@hectaman)

Liam Randall is Sr. Director of Software Engineering at Capital One. He joined Capital One through the acquisition of Critical Stack, where he was CEO and founder. He founded Critical Stack to containerize security infrastructure. He has focused on end-user training, application development and advanced NSM at large scale. A frequent speaker at security conferences you can usually find him training users on the Bro Platform at workshops, conferences or online.


A Code Pirate's Cutlass: Recovering Software Architecture from Embedded Binaries
Reversing large binaries is hard - but what if we could automatically recover the software architecture before we got started?  This talk discusses two algorithms to recover object file boundaries from a linked binary. It shows some useful applications, including automated module-to-module call graphs (extracting software architecture), and automated section naming based on common strings.

Presenter: evm (@evm_sec)
evm has been staring at code for over a decade.  A recovering Windows internals guy, he now spends most of his time with embedded systems. At APL he helped start an RE working group, and a hacker magazine.  He enjoys teaching the young'uns how to snatch the error code from the trap frame.

Anatomy & Evolution of a Fast Flux Malware Campaign
What's at the end of the end of the threat hunting rainbow? Is it a pot of gold, or a bucket of tin? In this presentation Hexa will take the audience across the rainbow bridge on a journey to discover the genesis of a fast-flux malware campaign, and show us how it evolved over 10 months. This tech talk is for novices, mid-level SOC operators, and old-hat security researchers.

Presenter: Emily Crose (@hexadecim8)
Emily Crose has spent a decade as a security professional and researcher in the areas of threat hunting, threat intelligence and machine learning. She has worked in government and private industry defending networks and end users. She currently works for Dragos Inc. building continuous monitoring & threat hunting programs for OT business networks.

Automated Adversary Emulation
CALDERA is an open-source application designed to automate adversary emulation. With CALDERA, blue teams can create adversary profiles based on ATT&CK, unleashing them on their networks to test their vulnerability to specific techniques. Learn how to use and configure CALDERA to run a variety of tests, ranging from small scoped and heavily scripted, to AI-driven fully automated operations. 

Presenter: David Hunt
David Hunt is a Principal Cyber Security Engineer at MITRE, where he works on automated adversary emulation. He is currently leading development of the open-source CALDERA platform, along with contributing to other projects in MITRE's internal research and development portfolio. Prior to MITRE, David led engineering for FireEye's threat intelligence division from 2016 to 2018. There, he orchestrated the storage and assimilation of APT behavioral data at scale, improving analysts' access to sensitive information. In addition to a decade in systems and software engineering, David has 5 years of experience in red team environments for both large companies and security start-ups. This time in the field has given David valuable insight into how adversaries operate in the wild. He has a passion for combining these experiences to solve real-world problems in creative ways.

BloodHound From Red to Blue
BloodHound (by SpecterOps) was originally built for Pentesters to easily identify highly complex attack paths but it can also be used to improve the overall security posture of your Active Directory. We will start with a short introduction to graph databases and how the different parts of Bloodhound work.  We will then discuss some useful tips on using the GUI to visualize various attack paths then we will venturing into the world of custom Cypher Queries. Using this new knowledge, we will set off on a path of destruction, targeting the attack paths in our environment and visualizing the effects of our planned remediations on these attack paths.

Presenter: Mathieu Saulnier (@ScoubiMtl)
Mathieu Saulnier is a “Security Enthusiast” © @h3xstream. He has held numerous positions as a consultant within several of Quebec’s largest institutions. For the last 7 years he has been focused on putting in place a few SOC and has specialized in detection (Blue Team), content creation and mentorship. He currently holds the title of « Senior Security Architect » and acts as “Adversary Detection Team Lead” and “Threat Hunting Team Lead” in one of Canada’s largest carrier. In the last decade, he has taken two separate sabbaticals to travel Africa and Asia.

Choosing your own adventure: Hacking the cybersecurity profession
We have all given lip service to developing the future cybersecurity workforce - but how many of us practice what we preach and develop others and ourselves?  You don't have to hack the planet - just your career.

I will take you on a journey what matters to take control of your adventure in the cybersecurity profession - for newbies to pros alike.  We will visit where the intent for the cybersecurity workforce started, where it has morphed, and planning your next advance.

Brian Andrzejewski
Brian is a senior cybersecurity, DevSecOps advocate, and speaker with 20+ years of professional experience in information security, compliance & risk management, DFIR, IT Operations, and system development & administration with the Department of Defense, Homeland Security, healthcare, commercial, and academic sectors.  He has spoken at BSidesCharm, OPM, OWASP AppSec USA, Docker Federal, National Academy of Sciences, and several other Federal conferences.

Prior to rejoining the private sector, he was a Fed with US Customs and Immigration Services (USCIS) as their lead "purple team", cloud, and appsec, InfoSec Engineer and was awarded the 2016 DHS Security Engineer of the Year by the DHS CISO.  He was a prior DoD SME representative for U.S. cybersecurity workforce development programs, developed, ran, and judged several cybersecurity competitions, and operationalized machine-speed cyber threat information sharing between the five U.S. National Cyber Centers. He remains passionate about cybersecurity workforce development and gamification for hands-on information security education.

Cleaning the Apple Orchard - Using Venator to Detect macOS Compromise
Various solutions exist to detect malicious activity on macOS. However, they are not intended for enterprise use or involve installation of an agent. This session will introduce and demonstrate how to detect malicious macOS activity using the tool Venator. Venator is a python based macOS tool designed to provide defenders with the data to proactively identify malicious macOS activity at scale.

Presenter: Richie Cyrus (@rrcyrus)
Richie Cyrus is a Senior Consultant at SpecterOps where he specializes in detection of advanced adversaries with a focus in MacOS and Linux environments. Richie has a background in incident response, forensics and security operations spanning across the Fortune 100 and the public sector. He currently maintains a DFIR focused blog at https://medium.com/securityneversleeps.

COM Under The Radar: Circumventing Application Control Solutions
Application Control is the practice of restricting unauthorized code execution. Application Whitelisting (AWL) is the most popular approach, which permits code execution from trusted applications based on managed policies and rules. This talk will highlight several ways to bypass AWL policies using the Component Object Model (COM) and provide recommendations to defend against such techniques.

Presenter: Jimmy Bayne
Jimmy Bayne is a Security Assessor and Researcher at By Light.  Prior to joining By Light, Jimmy has worked as a Penetration Tester, Red Team Operator, Security Analyst, and System Administrator in the public and private sectors​.

Comparing Malicious Files
A critical step one must take during the malware analysis process is to attempt to determine the malware family a sample may belong to. Even if one cannot link a file to a family, one must at least try to find files that are similar and extrapolate information about the sample from comparison with these similar files. This talk reviews a variety of methods for comparing files from simple to complex.

Presenter: Robert Simmons (@MalwareUtkonos)
Robert Simmons is an independent malware researcher. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others. Robert also is a maintainer of plyara, a YARA rule parser written in pure python.
Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.

Defense in Depth Against DDoS Diminishes Dollars Destroyed
Denial of Service attacks get less attention than “conventional” cyber-attacks but can cause a much greater impact to an organization than an intrusion. This talk will describe denial of service attacks and defensive techniques as well as strategies for building an environment that will be resilient to DDoS attacks even when individual defenses fail.

Presenter: Daniel Gordon (@validhorizon)
Daniel Gordon, CISSP, CEH, GCIA, GCTI, GCFA is a cyber threat intelligence analyst contracted to the Department of Defense Cyber Crime Center (DC3). He holds a BA in political science from St Mary's College of Maryland, an MS in modeling and simulation from the University of Central Florida, and a graduate certificate in modeling and simulation of behavioral cybersecurity from the University of Central Florida.

Embrace the Red: Enhancing detection capabilities with adversary simulation
Executing adversary simulations in properly monitored environments allows defenders to test and enhance their detection capabilities. Unfortunately, red & purple team engagements cannot be executed too often. This talk will describe the benefits of blue team led simulations by dissecting common red team techniques, show how they can be detected and release a new tool to simulate them.

Presenter: Mauricio Velazco (@mvelazco)
Mauricio Velazco (@mvelazco) is a Peruvian, Infosec professional who started his career as a penetration tester and jumped to the blue team 7 years ago. He currently leads the Threat Management team at a financial services organization where he focuses on threat detection/hunting and adversary simulation. Mauricio has presented and hosted workshops at conferences like Defcon, Derbycon, BSides and the SANS Threat Hunting Summit.

Exploring Community Volunteering Through a Career Development Lens
Volunteering in the cyber security community provides a venue for learning new technical and non-technical skills, while offering personal fulfillment and opportunities for career advancement. This presentation examines volunteering through a career development lens, allowing individuals to make the most of their volunteer efforts and furthermore helping companies enhance their talent acquisition.

Presenters: Kathleen Smith (@YesItsKathleenand Doug Munro (@RecruitCyberDC)
Kathleen Smith, CMO, ClearedJobs.Net/CyberSecJobs.Com, both veteran owned companies, she spearheads the community-building, and communications outreach initiatives catering to the both organizations' many audiences including security cleared job seekers, cybersecurity candidates and military personnel. Kathleen has presented at several security conferences on recruiting and job search within the cyber security world to include BSidesLV, BSidesTampa, BSidesDE, FedCyber. Kathleen volunteers in the cybersecurity community; she is the Director, HireGround, BSidesLV's 2 day career track. Kathleen is well respected within the recruiting community, is the co-founder and current President of recruitDC, the largest community of recruiters in the Washington DC area.

Doug Munro, Director of Talent Acquisition for MAG Aerospace. Previously, the Director of Talent Acquisition for Coalfire which is a pure-play cyber security services firm. Doug has been in information security recruiting in for 15 or more years. His community involvement, includes being a volunteer at BSides DC and career counseling at Northern Virginia Community College. He has also presented at BSidesLV, CyberSecureGov, and recruitDC.

Getting Started with Threat Hunting in your Databases
Would you be able to detect malicious activity from within your databases? Your database contains is a gold mine for your most valuable information. Learn how to use information collected from enterprise database audits to expand your current threat hunting program. We will discuss the most common information to monitor and how to aggregate the information into a SIEM.

Kat Edrington (@
Kat Edrington is a database administrator for a Silver Spring based company where she manages both SQL Server and Oracle databases. Kat has 8 years’ experience with system and database administration and has a passion for data security.  She holds degrees from the UMUC and the University of Maryland School of Pharmacy along with multiple industry certifications. 

How to Start a Cyber War: Lessons from Brussels
A sanitized peek behind the diplomatic curtain, revealing challenges, decisions & tools at their disposal. The Vanguard cyber warfare exercises in Brussels involving EU & NATO member states. Nation-states leveraging software, hardware and human vulnerabilities into digital warfare, with devastating consequences. Embassy threats, leaked Intel agency tools, hacking back & mass casualties.

Presenter: Chris Kubecka (@SecEvangelism)
Chris Kubecka is the founder and CEO of HypaSec. Previously, establishing and leading the network and security operations, UK/EU GDPR Privacy Group, joint international intelligence team and Information Protection Group for Aramco Overseas covering EMEA (outside KSA) and South America, part of Saudi Aramco. USAF veteran of multiple humanitarian and combat missions as air crew with degrees in information technology and computer science. Based in northern Europe, is a member of the Cyber Senate, Artificial Intelligence, subject matter expert panelist and advisor for the European Council of Foreign Relations regarding post Brexit digital security and cyber warfare. An advisor and subject matter expert to several governments and industries on cyber security and incident response for cyber warfare, and recognized expertise in financial, oil and gas, water and nuclear industry digital security.

Hunting for Threats in Industrial Environments and Other Scary Places
Threat hunting in Industrial Control Systems is a proactive tactic that can be employed by network defenders to gain familiarity with network terrain and to seek out malicious behavior, presence of vulnerabilities, or otherwise unknown activity. Unique constraints in operational technology environments present significantly different challenges than more standard computing environments. 

This presentation provides the audience with an inside look into challenges that ICS threat hunters face.

Presenter: Nick Tsamis and Marc Seitz (@SubtleThreat)
Nick Tsamis works as a Principal Threat Analyst within Dragos' Threat Operations Center where he focuses on hunting malicious activities on the world's critical infrastructure. He brings real world experience hunting on production systems to continuously improve threat hunt execution. Nick is passionate about automating complex workflows to increase analytic efficiency and relevance.

Marc Seitz works as a Threat Analyst within Dragos' Threat Operations Center where he coordinates industrial control system cyber test lab functions and performs threat hunting services in ICS networks. Marc is a specialist in designing and implementing innovative simulated industrial environments for the purpose of providing a safe and realistic training and attack simulation experience.

I’ll Complete My Threat Model Later Mom!: Infosec in Middle School
Through education, students can become more aware of the security threats around them and potentially become inspired to pursue a career in security. In this talk, I will briefly explain about CS and security initiatives taking place right here in Maryland. I will share my lesson resources and comment on how the industry can help with these initiatives. 

Presenter: Ashley Benitez Smith (@mrs_a_smithFCPS)
Ashley Benitez Smith is in her seventh year of teaching middle school in Maryland. She has been teaching Career and Technology Education classes for five years and likes her job most days. Ashley wishes to bring security into STEM curricula to inspire the next generation of security professionals. She also wants to educate students about security to prepare them for an ever changing digital landscape. Ashley has attended a few security conferences and has helped with events at Defcon.

It's Malware Time - A Bar Crawl from Skunked Homebrew to Rotten Apples
Last year, we discovered a homebrewing website serving malware via fake Adobe Flash updates. I soon found that it was using methods of anti-analysis, and the malicious payloads were all targeting macOS platforms. This talk will introduce the techniques employed by this site and look deeper into a few of the malware samples discovered, discussing commonalities with recent macOS malware.

Presenter: Erika Noerenberg (@gutterchurl)
Erika Noerenberg is a Senior Threat Researcher with Carbon Black’s Threat Analysis Unit, with over 15 years of experience in the security industry specializing in digital forensics, malware analysis, and software development. Previously, she worked as a malware analyst at LogRhythm Labs and as a forensic analyst and reverse engineer for the Defense Cyber Crime Center (DC3), performing system and malware examinations in support of intrusions investigations for the Department of Defense and FBI. 

J-J-J-JEA Power
PowerShell JEA allows us Systems Administrators to empower our fellow admins, developers,and security personal to accomplish what they need to on our systems. Give them just enough administrative permissions to accomplish their duties without interrupting your day or night. This talk shows how to assign roles and give the appropriate permissions to those roles.

Presenter: James Honeycutt (@Jay_Honeycutt)
James currently works as a Cyber Operation Technician for the Maryland National Guard. His main function is to work with local defenders to make their networks more secure. James has served in the Military for 21 years. He has served in various positions with in a Windows environment, with his last assignment being a Systems Administrator for a small organization. He also had additional duties of being the alternate Information Assurance Manager and Network Administrator. James enjoys scripting and PowerShell so much that he became the admin that created the automation tools for the Sysadmin team. He is also a SANs Mentor for SEC505; Securing Windows and Automating with PowerShell.
 James has a bachelor's degree in Management in Information Systems and is currently in the process of completing his MBA with an emphasis in Information Technology Management. He is a graduate of the Army's 255-S school and hold the CISSP, 7 SANs Certifications (GSNA, GPEN, GCIA, GCWN, GCIH, GCFA, GSEC) , C|EH and VMWare VCP5-DCV.
James enjoys giving back to the community by volunteering at schools and presenting the ISC2 Safe and Secure Online presentation to school aged children.

More Tales From the Crypt...Analyst
The speaker was a member of NSA’s first Red Team, known as “the Pit”. Learn about the formation of the team, engagement methodologies, and how we learned to navigate the politics, bureaucracy, and reticence of NSA. Hear war stories from the early days of vulnerability & threat assessment at NSA and see how this industry and the practice of penetration testing has evolved over the past 25 years. 

Presenter: Jeffrey Man (@MrJeffMan)
Respected Information Security expert, advisor, evangelist, co-host on Paul's Security Weekly, and currently serving in a Consulting/Advisory role for Online Business Systems. Over 37 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises and was part of the first penetration testing "red team" at NSA. For the past twenty years, has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best known companies.

On The Line: What Phishing Really Impacts
A short, but informative walk through of what happens when one falls for a phishing attack. This is not theory, but what I've seen in the real world. Sometimes it is simple credential theft; other times sophisticated, targeted attacks to steal a paycheck or money. We will discuss how to do IR in a professional and personal capacity that requires technical skill, but also human compassion.

Presenter: Steven Becker (@CowbellSteve)
Steven Becker started his current role as Information Systems Security Manager for Berkeley College towards the end of 2016. He has spent his career moving from IT support, to sysadmin, network admin, and the focusing heavily on security. Previously Steven worked primarily for various financial services. He has accumulated many technical and security certifications along the way, and has also been working with CompTIA as a Subject Matter Expert to help better shape the future of security professionals since 2017.

Reasonable Rapid Recognition and Response to Rogues
The need to detect rogue devices on a network is part of the first control listed in the CIS Top 20 Critical Security Controls. This session will discuss different methods to find rogues, options for response, and demonstrate a tool for monitoring and sending alerts.

Presenter: Craig Bowser (@reswob10)
Craig Bowser is an Infosec professional with 18 years of experience in the field. He is a SEC555 Mentor for SANS.  He has worked as a Information Security Manager, Security Engineer, Security Analyst and Information System Security Officer in DoD, DOJ and Dept of Energy areas. He has some letters that mean something to HR departments. He is a Christian, Father, Husband, Geek, Scout Leader who enjoys woodworking, sci-fi fantasy, home networking, tinkering with electronics, reading, and hiking. And he has a to do list that is longer the time to do slots that are open.

Resale Wars: The Red and Blue of Buying Rare Luxury Goods
Previously operating in the shadows, the industry of botting limited sneakers and clothing has recently exploded in visibility. This talk will cover the history and progression of both private and commercial bots, as well as modern approaches by bot authors and users, as well as precautions (both effective and absurd) taken by manufacturers, boutiques, and ecommerce platforms.

Presenter: noodle
noodle is an unemployed 20-something that spends their time buying shoes and clothes, and writing software to do so faster and better than even the fastest humans. In their spare time, they like to make clothing, reverse engineer networked applications, and practice statistics.

Technical Leadership: It’s Not All Ones and Zeros
Every successful team in information security relies on its leaders. From experts who mentor colleagues to enablers who advocate for the team, leadership is easy to recognize but often daunting to pursue. This talk covers approaches to leadership for technical teams, challenges in leading these teams, and resources for those interested in pursuing leadership roles. 

Tim Schulz
Tim Schulz is a Senior Cyber Adversarial Engineer at The MITRE Corporation. He spends most of his days promoting red and blue team collaboration to help sponsors improve their security. Tim contributes to MITRE's Caldera project, participates in ATT&CK evaluations, and facilitates red team engagements. Prior to his MITRE career, Tim worked as a cybersecurity researcher at Sandia National Labs and in a digital forensics lab creating training content for law enforcement.

What did the SIEM Say?
The SIEM, everyone has one, but does anyone really know how to get to most from them? There are many SIEMs out there and they can be used for many different purposes but at the core it's likely the most high maintenance security tool you have in your environment However, .with a little TLC you would be amazed the value you can get as long as long as you know what you are after.

Come join these speakers as they talk about common use cases, tips, tricks, and ways to get the most out of your SIEM including maintenance and tuning, what you should be ingesting, and common practices to better your visibility and posture.

Presenters: Shawn Thomas (@understudy77) and JR Presmy (@jayrprez)
Shawn spent many years of his career as an analyst, incident responder, and SIEM user across most major SIEM platforms on the market. Recently he finds himself running SOCs to empower analysts to better find evil.
 JR has 15 years of experience in Infosec with the last half of his career as a cyber security architect. He enjoys turning massive piles of data into actionable information.\

Yes, Bash Can Get Uglier: Using Bashfuscator to Generate Complex, Layered Bash Obfuscation
Bash is used extensively across Linux, Unix, and now Windows systems, making it the perfect language to do post-exploitation in, if you don’t get caught. In this talk, I will explore Bash obfuscation techniques in depth, and release a modular Bash obfuscation framework that makes generating complex and layered payloads easy so you can evade detection and make incident response much more difficult.

Presenter: Andrew LeFevre (@capnspacehook)
Andrew LeFevre is a student at Liberty University currently pursuing a Bachelor’s degree in Computer Science. He has a passion for developing offensive tradecraft for Windows and occasionally Linux systems.

You Moved to Office 365, Now What?
Microsoft's Office 365 boasts 90% of the Fortune 500 leveraging the simplified email and collaboration services. The benefits of the cloud are numerous, but is it secure or just "good enough"? 
This session explores how the Microsoft cloud is attacked, Microsoft Cloud (Office 365 & Azure AD) key security controls, how to mitigate common threats, and protect users and data.

Presenter: Sean Metcalf (@PyroTek3)
Sean Metcalf is founder and principal consultant at Trimarc (www.TrimarcSecurity.com) a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a Microsoft MVP, and has presented on Active Directory attack and defense at Black Hat, BSides, DEF CON, DerbyCon, Microsoft BlueHat, Shakacon and Walmart Sp4rkCon security conferences. He currently provides security consulting services to customers and regularly posts interesting Active Directory security information on his blog, ADSecurity.org.

You’re Not as Safe as You Think: Clearing Up Common Security Misconceptions
The technology industry is full of commonly-held beliefs that, if followed, should make systems and users safe; however, this isn't always the case. For example: "A strong password will secure your account" is not true if the server is compromised and your data is stolen. In this presentation, we'll discuss how some "best practices" don't actually help security and what really does.

Presenter: Joshua Meyer
Joshua Meyer has had a passion for technology since an early age. Growing up in a small town in Maryland, Josh spent a lot of his time learning about different computing concepts. Josh graduated from University of Maryland, Baltimore County with a bachelor's degree in computer science and likes to remark that he studied how to write code, but spends his days breaking software. Josh is a Security Analyst at Independent Security Evaluators, a firm of security specialists that provide a wide range of services including custom security assessments and software development.


Training Events

Attack and Defend with Powershell
This session will introduce the audience to Powershell, showcasing its attractiveness to sysadmins, defenders, and attackers alike. We’ll perform different attacks using popular frameworks, as well as using unique attack scripts. From a defender perspective, we’ll understand how such attacks work, learn the artifacts that they leave behind, and review some of the holes that allow them to take place.

As an introductory class, no previous Powershell experience is necessary.  Students are expected to have an understanding of Windows and network protocols, as well as common attacks.

We'll use AWS for some of the exercises.  if you don't have an AWS account then we'll create one for you during the class (Amazon requires a credit card to create a free AWS account.  However, we'll stay well within AWS' Free Tier limit).

- There won't be a dedicated VM. 
- Students are required to bring their own laptop running Windows 10, or a VM that has one installed, or Windows 7 with PowerShell 5 installed.
- Administrator access and WiFi connectivity are required for some of the exercises.
- Powershell scripts will be available to download throughout the class.

Trainers: Aelon Porat (@whereIsBiggles)
Aelon Porat is an information security manager at Cision and a contributor at Vali.training. He has extensive experience attacking and defending corporate environments. Aelon likes to jump inside networks and out of planes, and in his spare time, he enjoys demoing, speaking, and providing training at different events and conferences. Follow him @whereIsBiggles.

Basic Memory Corruption: Introduction to Stack-based Exploitation
This is a course on basic stack-based exploitation. We’ll begin with a review of how memory management works within an IA32 architecture, before diving headfirst into classic attacks such as buffer overflows, format string exploits, and DTOR/GOT overwrites. We’ll also learn how to write shellcode and bypass non-executable stacks using return-to-libc attacks.

VirtualBox or VMWare
Laptop with:
    8GB of memory
    25GB of free disk space
    1 USB drive

Trainers: Gabriel Ryan (@s0lst1c3)
Gabriel Ryan is an offensive security R&D and red teamer. He is the author of EAPHammer, a toolkit for performing targeted rogue access point attacks against enterprise wireless networks. Gabriel has presented at DEF CON, DerbyCon, Hackfest, and several Security BSides conferences on topics ranging from infrastructure security to access control protocols and red team tradecraft. His professional interests include wireless security, systems internals, low-level programming, and infrastructure automation. 

How to create How To’s
Do you read infosec blogs, watch infosec webcasts, attend live streams of people doing infosec things, and have a desire to make your own content too? Are you concerned you're not good enough or have enough skills? Want to learn how to get started so that you can teach others and at the same time show your own skills? Yes! Sweet, come to this training workshop on how to create your own infosec content.

- Students would only need a laptop, with speakers and a microphone, and a willingness to get a GoToMeeting account or something similar.

Trainers: Jason Blanchard (@BanjoCrashland)
Jason Blanchard has been creating content for over 20 years. He's made videos for the US Army, short films, commercial photo shoots, blogs, webcasts, podcast, vlogs, and much more. He taught content creation at Full Sail University for film students for 9 years as an instructor. He does stand up comedy, so he's funny, while being educational. Currently he "works in marketing" as the Content Director of Black Hills Information Security. 

No IOUs with IOT
Mass Attack Campaign with Hands-on Webcam Exercise will teach participants about the IOT threat landscape (what have we seen) and common oversights made in the development, configuration, and deployment of IoT devices. And, while IOT may not be interesting itself as an end target, it’s easy to build an automated campaign at scale which can access operational systems and sensitive data.

Trainers: Bryson Bort (@brysonbort)
Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, Bryson was a tank commander and led a tactical communications platoon. He served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain.
Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master's Degree in Telecommunications Management from the University of Maryland, a Master's in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.

2019 Traffic Analysis Workshop
This is an all-day workshop that focuses on infection traffic for hosts running Microsoft Windows. It begins with setting up Wireshark and identifying hosts in network traffic. Participants review malware infections and learn tips to identify indicators of malicious activity. The training ends with an evaluation where participants review a pcap with malicious traffic then draft an incident report.

- A laptop with some sort of connectivity to the Internet.
- Wireshark installed (the most recent version as possible).
- A basic knowledge of network traffic.

Trainers: Brad Duncan
Based in Texas, Brad is a currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. He specializes in network traffic analysis and tracking malware distribution campaigns using malicious spam (malspam). Brad is also a handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at isc.sans.edu. He routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net, where he has provided traffic analysis exercises and over 1,600 malware and pcap samples to a growing community of information security professionals.

Want to Play a Game? An Intro to Cyber Competitions
Interested in cyber competitions but don’t know where to start? Training will feature a challenge questions in addition to a virtualized environment that will be used to explore techniques associated with recon, scanning/enum, and exploitation. Also featured will be forensic challenges, hash-cracking, binary analysis, cryptography, and other relevant topics. 

Students only need a laptop, although we do recommend having Kali Linux 
or similar installed as a virtual machine.
The competition range consists of 
an online challenge engine and a variety of virtual devices that can be 
accessed remotely.

Trainers: Marcelle Lee (@marcelle_fsg) and Tyrone Wilson (@TyWilson21)
Marcelle Lee is a threat researcher with WhiteOps, an adjunct professor in digital forensics and network security, and she also provides security consulting and training services through her company, Fractal Security Group, LLC.  She specializes in network traffic analysis, malware analysis, phishing, and threat hunting. She is involved with many industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu, the NIST Cyber Competitions Working Group, and the Cybersecurity Association of Maryland Advisory Board.  She also both builds and participates in cyber competitions, and shares her work through her Github site, https://marcellelee.github.io/. 
Marcelle has earned the CISSP, CSX-P, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|EH, CCNA, PenTest+, Security+, Network+, and ACE industry certifications.  She holds four degrees, including a master’s degree in cybersecurity. She has received the Chesapeake Regional Tech Council Women in Tech (WIT) Award and the Volunteer of the Year award from the Women’s Society of Cyberjutsu. Marcelle frequently presents at conferences and training events, and is an active volunteer in the cybersecurity community. 
Social Media:

An information security professional with 20+ years of experience in information technology. Wilson also has extensive knowledge in computer network defense, vulnerability assessments, cyber threat analysis, and incident response. Currently, Wilson is the Founder and President of Cover6 Solutions, LLC; which teaches companies and professionals various aspects of information security, penetration testing, and IPv6. Additionally, Tyrone is the organizer of a 6,000+ person meetup group called The D.C. Cyber Security Professionals Founded in 2012, the D.C. Cyber Security Professionals Group’s dedication to providing networking opportunities, informative discussions and educational sessions on all things cyber, has allowed the group to grow strong while providing a real benefit to the cyber community. As an active speaker and trainer, Wilson also specializes in Intro to Cyber, Pentester Prep, and SOC Analyst Prep workshops which teaches active network defense skills while providing a path to a successful information security career.