Speakers | SAINTCON 2019

Content Lineup

View Schedule

SHOW ALL KEYNOTES PRESENTATIONS TRAININGS COMMUNITY TALKS LEADERSHIP TRACK Collapse All


By: Rachel Tobac  

At DEF CON 27 a journalist asked Rachel Tobac to take over as many accounts as she could -- live. By the end of the day, Rachel had wreaked havoc on 10+ accounts, siphoned thousands of dollars worth of points into accounts she controlled, disrupted his travel plans, and was even ready to shut his lights off. Rachel did all of this without ever once contacting the journalist. Learn the playbook Rachel used to social engineer her way into her target's accounts in one day, and what you can do to stop attackers in their tracks.

Please view the Schedule for more information

By: Russ Rogers  SpeedRussr

When computers were created, resources were limited. We didn't have the processing power or memory available to make data intuitive to the human brain. Instead, we trained ourselves to read output as best we could. 40-50 years later and we're stuck in a rut, doing the same thing; even though the volume of information we have available to us is astronomically more abundant. The security problem of today will not be solved by using data analysis mechanisms of 50 years ago. To take full advantage of the data we have access to we need to change our approach to software development and draw on lessons during the study of the human mind. Instead of thinking of data like 50 year old computer nerds, we need to start analyzing data like an 8 year old at a gaming console.

Please view the Schedule for more information

By: Sherri Davidoff  alien

For the first time in history, FBI files from the first data breach notification will be released to the public. These never-before-seen records reveal dramatic details of "The Case of the Purloined Password," a breach of a major timesharing company (NCSS) that occurred in 1980. Armed with insider knowledge, former NCSS employees hacked into the company's central system, as well as multiple customer networks, stealing the company's entire database of 14,000 customer passwords-- and possibly much, much more. Watch the hacking unfold play-by-play as author Sherri Davidoff reveals the saga that she uncovered during the four years she spent researching her new book, "Data Breaches." You'll be surprised to find that the mistakes made nearly forty years ago are repeated, over and over, in data breaches today. Join us and learn from history!

Please view the Schedule for more information

By: Michael Whiteley & Mike Weaver  compukidmike & bashninja

All about the badge. How it was made, what it does, maybe some challenge hints...

Please view the Schedule for more information

By: Troy Jessup  Jup1t3r

We will discuss the importance of having a security framework to plan, implement, and measure security progress within an organization. We will specifically discuss the fundamentals of the CIS Critical Security Controls framework as a recommended light-weight framework to start with, where to focus, and how to be successful in starting to implement a framework.

Please view the Schedule for more information

By: Sean Jackson  74rku5

A SOC II attestation is needed for companies offer SaaS. It's a third party that says you take care of your infrastructure, your data, your availability, privacy, and that all your ducks are in a row. It's a daunting process, and in all my experiences, the big question is "what is covered?" and "what do we need to do to be ready?" This talk is to pull back the curtain for all the companies that think they might need to have one, and for those that see the audit coming up on the calendar and want to get a head start.

Please view the Schedule for more information

By: Keenan Fessler  K33n

The presentation goes over the evolution of safe combination locks, and how to manipulate them into revealing the combination

Please view the Schedule for more information

By: James Pope  Pope

I have been running security conferences since I was voluntold 5 years ago and have been looking for a way to abuse my trusted position to get out of it ever since. Get the most security conscience hacker in front of 1,000+ people with a technical issue and quickly they will concede their security morals to "just make it work"

Please view the Schedule for more information

By: Chase Palmer  RaideR6672

Trusting someone else with your data and your customer's data can be a scary thing. When looking at potential vendors to help out with your work, whether it is open source or off-the-shelf, there are certain things that should be taken into consideration to make sure that your data and your customer's data stays safe. Come learn some tips and tricks for conducting a vendor security review the right way.

Please view the Schedule for more information

By: MicK Gomm  @7YR43L

Since the advent of Agile development and cloud computing, application security and tooling has become increasingly complex. In this talk we'll discuss emerging trends in AppSec, including DevSecOps and how to reach that next level of mature that fosters agile velocity through automation.

Please view the Schedule for more information

By: Shaun Price  Klipper

We will be going over building your own home lab utilizing low-cost but high-value hardware. (Think along the lines of re-purposing headless network appliances that have gone out of warranty / support and can no longer serve their intended function ((Riverbed for example...most are low power 8 core Xeons that make fantastic hypervisors)) This includes everything from hypervisor platforms (Compute..most CPU for your buck....CPU's often overlooked), storage (Local, DAS trays, you name it), networking (Open platform software routers, cheap enterprise gear that falls through the cracks), racking and mounting (Yup, we can rack-mount on the cheap) and even some cheap cabling / optical options to go up to 10Gb and beyond. We'll identify the potential uses for the Homelab, as well as the pitfalls that we've run into along the way (noise, power usage, wife acceptance factor, etc.) The advantages of a Homelab are obvious, but sometimes it takes a little help knowing on how and where to get started. We'll get you dumpster diving / and thinking outside the box in no time.

Please view the Schedule for more information

By: Aelon Porat  

This live demo will reenact an infiltration to an organization's network. We will follow the attacker's footsteps to learn how they gain access to a desktop and the internal environment, then discuss how each part of the attack could have been detected and/or prevented. We begin by taking control of a user's desktop using one of a few common techniques and connecting it to a command-and-control center for the rest of the attack. Next, we steal passwords and documents, copy screen and email content, install a keylogger, record sound and stream webcam, control the mouse and keyboard, modify anti-malware settings, execute programs, reshape network traffic, and create a hidden, persistent data exfiltration channel. Time allows, we'll perform network reconnaissance and take over other computers, bypassing MFA and network segregation restrictions. This interactive demonstration will be rendered in a simulated, but fully operational, corporate setting. Our objective is to carefully examine and understand the attack procedures step-by-step, and then detail several defensive strategies against them.

Please view the Schedule for more information

By: Troy Jessup  Jup1t3r

We will discuss the evolution of wireless security options, the pros/cons of each and the challenges of each progression. We will also discuss better IoT/Guest wireless options.

Please view the Schedule for more information

By: Andrew Brandt  Spike

The world of information security spends much of its time focused on looking forward, trying to tackle the bleeding edge of malicious code and obfuscation, which is as it should be. Lost in the rapid pace of technological adaptation in the malware arms race is a sense of history: the origins of malware and its earliest days. How did malware get its start, and what lessons can today's defenders learn about the origins of malicious code, back from the days when analysts first coined the term "virus" as a binary analogue to biological illness? To learn more about malware's origins, we obtained samples of some of the oldest extant malicious code and devised ways of putting that malware onto the retro storage media required by the computers that were the earliest malware victims. With the assistance of the Media Archaeology Lab, an educational museum of retro computing based at the University of Colorado at Boulder, the author executed those samples on real, physical retrocomputing devices like the Apple II, the Commodore 64, an IBM PC 5150, and early Apple Lisa and 68k Macintosh computers running Mac OS System 7. Running malware on ancient computer systems is no different from using modern virtual or physical testbeds for detonation: you need to do it safely, in a "detonation chamber" of sorts, so the author and other volunteers also had to devise methods of safely moving the infected code from device to device or storage medium to storage medium, without spreading the infection to hard drives or other floppy disks or cassette tapes, or potentially damaging irreplaceable software or hardware. Finally, we analysed these malware samples using both modern reverse engineering tools, and the rudimentary analysis utilities that would have been available in the era (roughly 40 years ago, on average) in which the computers used in the study were still contemporary devices, to see what we could learn about this ancient malicious code, and whether it bears any resemblance to modern malware. The author believes the malicious code of the present day bears a more-than-passing resemblance to the malware of prior eras. If studying dinosaur bones contributes to science's understanding of evolutionary processes and biology, the study of retromalware surely can contribute to our modern understanding of sophisticated threats, and may help plan countermeasures against future ones.

Please view the Schedule for more information

By: Dallin Warne  

There's no question the prevalent adoption of SSL/TLS changes how organizations do network security monitoring (NSM). It raises some questions about how relevant NSM is such as: -What value does network security monitoring bring in an age where so much traffic is encrypted? -Can organizations still find intrusions and breaches by monitoring encrypted traffic? -What strategies are organizations employing to gain security insights into such traffic? In addition to answering these questions, we consider other purposes of network monitoring such as how it supports cybersecurity frameworks and strengthens an organization's security posture especially in environments with decentralized or shadow IT. Finally, we highlight the power of decryption. General principles are discussed supported by practical and technical examples found in Palo Alto firewalls and Zeek.

Please view the Schedule for more information

By: Kevin Crook and Blake Moss  

Generally, the effectiveness of any security operations center is largely determined by the level of efficiency demonstrated when analyzing, responding to, and remediating threats across its stewardship. However, with limited personnel, resources, and time, even inefficiently accomplishing these tasks can be daunting. Due to the asynchronous nature of cybersecurity threats, manual monitoring and even polling-based functionalities are quickly becoming ineffective to counter the increased sophistication of bad actors. The emergence of event-driven microservices in IT represent a growing desire for organizations to increase efficiency, awareness, and organization throughout the enterprise. These same benefits are especially applied to security, an inherently event-driven environment. Converting to an event-driven/microservice architecture however, can quickly become a chaotic mess of interdependent services. Especially in large enterprises where uniformity is not always guaranteed and hybrid infrastructures exist, a flexible design is needed to maintain consistency, in addition to providing the benefits of a microservice architecture. In order to facilitate and coordinate security functionality across three distinct institutions/IT environments, the Church Educational System (CES) Security Operations Center at Brigham Young University decided to adopt an event-driven microservice architecture. In this presentation we will describe the challenges, benefits, and applications of this architecture. Specifically, we will detail our evolution toward event-driven security, the requirements necessary for us to effectively transition, and how we are currently using this architecture to enable security functionality throughout the enterprise.

Please view the Schedule for more information

By: Kaydan L  Pips

RFID-based access control is everywhere in your life. It's at your work, its in your apartment building, it lets you into hotels. Come and learn how it all works, how it is implemented in the real world (often incorrectly), how it can be exploited, and how these problems can be mitigated. This is a beginner level talk; everyone can learn something from it!

Please view the Schedule for more information

By: Daniel Zappala  

The Secure Socket API: How to Make Secure Sockets with as little as one line of code SSL/TLS libraries are notoriously hard for developers to use, leaving system administrators at the mercy of buggy and vulnerable applications. We demonstrate a new API we have developed, which modifies the standard POSIX socket API to vastly simplify how a developer interacts with TLS, while also giving administrators the ability to control applications and tailor TLS configuration to their needs. We first assess OpenSSL and its uses in open source software, recommending how this functionality should be accommodated within the POSIX API. We then demonstrate the Secure Socket API (SSA), a minimalist TLS API built using existing network functions and show how it can be employed by existing network applications by modifications requiring as little as one line of code. We next describe our SSA implementation that leverages network system calls to provide privilege separation and support for other programming languages. We end with a discussion of the benefits and limitations of the SSA and our accompanying implementation, describing the status of our implementation and ongoing efforts to improve it.

Please view the Schedule for more information

By: Adam Fishre  8gauge

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

Please view the Schedule for more information

By: Erich Ficker  burnd0wn

Locksport is cute but if you're not into pin and tumbler science why bother with it? We'll talk through the most common ways to bypass physical security controls WITHOUT bothering with picks and tension wrenches. We'll look at a set of tooling that can be used to bypass many physical controls, how to use them and for most a demo.

Please view the Schedule for more information

By: Robert Kerby  beardedwanderer

The dark web is often portrayed as a scary, mysterious "place" where drugs, illegal goods and hackers selling identities run rampant. The reality is that the dark web is simply technology. The dark web is neither good or bad. Like all technology, the dark web is what we make of it. This is a call to action for the security community to embrace the dark web and make the dark web a place that everyone can utilize and find value in.

Please view the Schedule for more information

By: Ryan Burnett  j4v3l1n

This presentation will focus on current countermeasures that a blue-team can/should leverage against motivated attackers and pen testers. Participants will leave with the knowledge of how to make attackers and red-teams cry tears of frustration when they stumble upon your network with the ultimate goal of making them take their ball and go home. `Let's make blue-teams great again`

Please view the Schedule for more information

By: Jake Bernardes  

Much has been said about GDPR in the past two years & I am sure much will be said about CCPA in the coming two years. Wide reaching international implementations to solving both issues have led me across the globe, on one assignment meaning getting home only 12 hours before my wife went in to labour with our second child! I will talk about the truth & reality of a changing privacy landscape (hidden beneath the legal terminology and complex regulations) and, inside a series of hopefully humorous anecdotes about my professional & family life, give some concrete advice on what to believe, what do act on & what to actually do!

Please view the Schedule for more information

By: Mike Weaver  bashNinja

Maybe you've been to SAINTCON before and have a box of dusty electronic badges or maybe this is your first time and are wondering what to do with these 'electronic badges' after the conference? We'll go over the last few years of SAINTCON badges and different projects that you can do to make them useful again. This will be a very 'demo' style presentation. Sit close if you'd like the opportunity to ask questions.

Please view the Schedule for more information

By: Steve Ball  hamster

Making a minibadge is not as hard as it looks. In this presentation, I'll walk you through the steps from artwork, to using KiCad to design the board, to tips for ordering.

Please view the Schedule for more information

By: Matt Lorimer  zodiak

Come learn why you should play games to get ahead in your career and life. This session will talk about participating in the SAINTCON Hacker's Challenge game, CTFs, wargames, pros vs joes, and other types of skills based games. Suggestions will be provided on where to find games, who to play with, benefits of playing, and ways that you can give back to the community through these games.

Please view the Schedule for more information

By: Matt Lorimer  zodiak

Come peek behind the curtain into this year's SAINTCON labs. This session will cover the hardware and software running the labs, some of the challenges faced, automation tools used, environment building, and ways I hope to continue to grow the SAINTCON labs.

Please view the Schedule for more information

By: Andrew Brandt  Spike

In spring, 2019, Sophos detected a widespread ransomware attack using a malware that calls itself MegaCortex. The ransomware was spread around victims' networks using compromised Domain Admin credentials on domain controller computers to distribute it as if it were a software patch, using WMI. Subsequent analysis into both the attack and the malware itself showed the attack killchain was orchestrated using complex (and somewhat redundant) Windows batch files. The malware also featured a number of anti-analysis features, including a password string that was unique to the sample, and a hardcoded "active" time that analysts discovered: samples would not run in sandboxes unless the system date was changed to a three-hour window starting at around the same time the original attack began. But the MegaCortex phenomenon actually raised more questions than answers. There are significant similarities between the code style and behavior of other malware families in the MegaCortex samples we initially examined. There were also odd connections and false flag ties to completely unrelated malware families that sent researchers down a number of dead end rabbit holes. None of the questions of why the malware had these unique characteristics have been answered, and the low key nature of MegaCortex may mean we'll never understand its creators' motives.

Please view the Schedule for more information

By: Chris Mather  Whitecapper

The rules of passwords have changed, but are you keeping up? Find out about new NIST Digital Identity Guidelines as well as recommendations from the 2019 OWASP Application Security Verification Standard 4.0. Now, depending on who you are, the rules may be different. Which horseman are you? Which horseman are you dealing with? I'll address those frequently asked questions; how long should my password be and what's the minimum length my website should require. Find out why my 3-character password is stronger than your 17-character password. I'll dive into the statistics of a 25 GPU password cracking machine and several modern hashing algorithms. See how much of a difference your algorithm makes as well as the rules you use for your passwords. There’s also a mystery horseman you should be aware of that's sewing lots of dissension. And pay attention, there might even be something to help with your Hackers Challenge.

Please view the Schedule for more information

By: Bryce Kunz  TweekFawkes

Cloud services are frequently misconfigured due to their rapid adoption and engineers not fully understanding the security ramifications of different configurations, which can frequently enable red teams to gain, expand, and persist access within Google Cloud Platform (GCP) environments. In this talk we will dive into how GCP services are commonly breached (e.g. SSRF vulnerabilities, discovering insecure cloud storage), and then show how attackers are expanding access within Docker & Kubernetes (K8s) environments (e.g. CVEs, insecure daemons). Finally we will demonstrate some unique techniques for persisting access within GCP environments for prolonged periods of time!

Please view the Schedule for more information

By: George Bekmezian  offroad99

Are you using DNS for content filtering or for identifying and mitigating risks and attacks in your network today? How are recent DNS changes affecting your environment and what does the future hold? What about changes in TLS 1.3 and encrypted SNI?

Please view the Schedule for more information

By: Daniel Dayley  Cronocide

Correctly implemented, a Security Information and Event Manager (SIEM) is one of the best tools a blue team has in defending a network. This presentation covers introductory topics about SIEMs including what they are, why you need one, and the considerations that one must take in building one. We will discuss the types of events that a SIEM can detect We will discuss the core technologies involved and demonstrate the setup of a SIEM with ElasticSearch, Logstash, Kibana, RabbitMQ, ElastAlert, and Zeek.

Please view the Schedule for more information

By: Jeremy Cox  supertechguy

Impostor syndrome in INFOSEC is more common that you think, yes you can break through

Please view the Schedule for more information

By: Clint Russell  

The world of video surveillance has remained largely unchanged since shifting from analog to IP based cameras. In this presentation, we will explore how video surveillance has evolved over time, and how new solutions are leveraging cloud computing, artificial intelligence and machine learning to make the jobs of security professionals easier.

Please view the Schedule for more information

By: Kimber Duke  

As environments become more complex and robust, how do threat hunters stay on their toes to remain quick and effective? The scientific method allows a threat hunter to develop a flow to their working process that ensures they remain on target while deepening their knowledge of the environment they're working in. This presentation will give an overview of how to adapt the scientific method to a threat hunting position on an IT security defense team, while providing a methodology for more effective detection of malicious actors.

Please view the Schedule for more information

By: Ryan Otteson  

A year ago Ryuk came onto the scene, an adopted version of the Hermes ransomware. Attribution for the group running the scheme remains unknown, some think North Korea, others Russia. What's for sure is that the group is leveraging long-dwelling Trickbot infections to cripple organizations of all sizes and making millions of dollars a week. In this presentation we talk about how they leverage a Trickbot foothold to shut down an entire organizations network in 2-5 days.

Please view the Schedule for more information

By: Jonathan Smith  rev

Building a long range RFID reader capable of stealing badge information from several feet away, using a reader and a Raspberry Pi. I will also go in depth in RFID and the Wiegand protocol. I will also be publishing the code and any other information.

Please view the Schedule for more information

By: Victor Steven Morales  zero_virus

We will be covering the types, strategies, benefits and implementation of security frameworks. Giving you a starting point in increasing your security posture. Making more difficult for script kiddies to enter your network. Find out if you are leaving the door wide open for an hackers to come in. Its not a matter if you are going to get hack but when.

Please view the Schedule for more information

By: Chris Larsen  

For the last few years, Fake News has become a buzzword, used in so many contexts that it's lost any precise meaning. Researchers in this area prefer to talk about Disinformation (or Propaganda, if nation states are involved). Having spent much of the last year working in these areas, I'll present my findings, along with recommendations, and fun examples.

Please view the Schedule for more information

By: Spencer Heywood  

Docker is a versatile and powerful tool. Learn how to use Docker in conjunction with your shell to improve your Red Team workflows and also learn how to strengthen your security posture by running applications in containers.

Please view the Schedule for more information

By: Hanna Bennett  

This presentation will provide an overview of the Utah Department of Public Safety (DPS), Statewide Information & Analysis Center (SIAC) and the SIAC Cyber Program.

Please view the Schedule for more information

By: Karl Sickendick  Rosie

The NSA recently open-sourced the Ghidra software reverse engineering tool. While it's unlikely to steal IDA-heads, Binjas, or those 5 people who remember Radare2's command line, it is a mature RE tool with a huge feature set. It's also easily extensible through Java, Python, and a command line batch mode. This talk will introduce Ghidra briefly, then demonstrate/release an open-source Ghidra intermediate language emulation capability, and finally describe the basics of extending Ghidra via Python scripting.

Please view the Schedule for more information

By: Sean McHenry  

1.Strategy vs Tactics 1a. What is Strategy 1b. What are Tactics 1c. The relationship 2. Strategy in cyber security 2a. Framework 2b. Define Policy 2c. Establish Controls 2d. Establish Metrics 3. Cyber Risk Management vs. "Corporate" Risk Management 3a. What is the relationship 3b. The relationship of Cyber Risk Management and Cyber Strategy 4. Tactics for driving strategy and managing risk 5. Conclusion

Please view the Schedule for more information

By: Mike Spicer  d4rkm4tter

Over the last 3 years Mike has learned a lot about how to effectively capture and process WiFi data. This talk will discuss the improvements and frustrations that lead to the creation of the WiFiKraken as well as data that has been captured. Difficulties in data analysis will be discussed and solutions and methodologies will be presented including Mike's tool PCAPinator that addresses the issue of dealing with very large PCAP files. Interesting examples of data captured at some of the largest hacker conferences in the world will be discussed including things like credential, leaked APIs and DNS.

Please view the Schedule for more information

By: Kenton McDaniel  J344yBl4nks

An overview of Living off the land by using a phishing scenario against a Windows PC, a MacOS PC, and a Linux PC. A look into the mindset behind living off the land and why it is becoming more prolific.

Please view the Schedule for more information

By: Corey Batiuk  Skapunker

What do you do when you're tired of spinning up a Kali instance that's not customized to your liking, or you want a system that's built for more long-term use, not just a one off pentest? Security consultants, especially pentesters, use a lot of specific tools and have many different requirements. With a standard Ubuntu or Fedora install it can take a lot of time to install all those tools manually and setup configurations. Images can become outdated quickly, or you may have varying hardware and disk sizes you need to be able to get installs done on. It gets a lot more difficult if you want the process to be repeatable. Fortunately, there are tools and scripts to help with this process. In this talk I will be going over the tools, scripts, virtual environments, containers, and other methods I've found that help to streamline the process to go from a reliable and standard Linux distribution to having all the tools you need installed and working, including tools from Git repositories, as well as all your customizations.

Please view the Schedule for more information

By: Stefanie Tidwell  

This presentation will cover commonly-used serverless technologies, benefits, drawbacks, security concerns and how to deploy FaaS solutions responsibly. The talk will include a number of live demonstrations of the OWASP Serverless Goat (an intentionally vulnerable serverless application) and how insecure serverless architectures can be exploited to gain access to your code, your data, and your financial resources.

Please view the Schedule for more information

By: Waylon Grange  Professor Plum

YARA is a free and open source pattern matching tool for hunting threats, malware, or other specific patterns in files. It is used by a large majority of security vendors and is baked into many security products. This course takes the beginner from writing their first YARA rule to hunting and categorizing target malware families. We'll discuss what makes a weak signature vs what makes a great signature that can find new threat variants even before your security products do. We'll also show where you can already start using YARA rules, including open source and commercial products that have YARA builtin. If you're new to YARA and want to step up your threat hunting this course is for you!

Please view the Schedule for more information

By: Sam Bowne  

Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits including buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions. After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data. Previous experience with C and assembly language is helpful but not required. Participants will need a laptop with VMware, or a credit card and a few dollars to rent cloud servers.

Please view the Schedule for more information

By: Sam Bowne  

Practice red and blue team skills in this fun, CTF-style workshop. Attendees will configure free Linux servers in the Google cloud to detect intrusions using Suricata, log files, and Splunk, and attack them with a Linux cloud server using Metasploit, Ruby, and Python scripts. They will also use Splunk to analyze ransomware and brute-force attacks and perform attribution, using archived event data from a realistic multi-server Windows corporate domain. All workshop materials are freely available on the Web, and will remain available after the workshop. All required software and cloud resources are free to use.

Please view the Schedule for more information

By: Jim Shakespear  jshakespear

Training Part 1: Students will participate in a dedicated Active Directory network to penetrate the domain. During this session, students will use red team tools like Mimikatz and Bloodhound, techniques such as Kerberoast and DCSync, and go through the steps of a penetration assessment. All tools will be run through a Windows VM. To wrap up the assessment, students will help report on issues found in the environment that can be addressed in part 2. Students will need a basic background in Windows and network infrastructure as well as some command-line experience (both cmd and PowerShell). Please bring a laptop with a hypervisor installed and capable of running a Windows 10 VM. It is preferred if you have a base Windows VM already installed that can be joined to the Active Directory environment during the training. Please visit https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise to download an evaluation copy of Windows 10, if needed.

Please view the Schedule for more information

By: Jim Shakespear  jshakespear

Training Part 2: Students will participate in a dedicated Active Directory network that has undergone a recent penetration assessment. Based on the results of the assessment, students will implement improvements to the Active Directory domain and test if their actions improve their domain security. Most improvements will be deployed using Group Policy. Some additional tools for assessing/improving security of the domain will include PingCastle and Sysmon. Part of the training will include organizing a separation of privileged accounts and enforcing those accounts as well as setting up a Windows Event Forwarding server and creating alerts for domain events to review. Students will use the Windows 10 VM from part 1 of the training to test our remediation actions. For additional students not attending part 1, most information covered can be easily observed.

Please view the Schedule for more information

By: Aelon Porat  

Learn AWS security design principles and explore its intrusion prevention and detection capabilities in this hands-on training. We'll work from a vulnerable AWS configuration and simulate various attacks on our infrastructure. We'll review and close the holes that allowed these attacks to take place and see how we can identify similar attempts in the future. This workshop assumes hands-on AWS experience (S3, RDS, EC2, etc.) but requires no prior knowledge about its security features. Please complete this short prerequisite list before attending: tiny.cc/aws-intro-security-saintc

Please view the Schedule for more information

By: Aelon Porat  

Join us for a highly interactive AWS workshop. Set up an organization and create a highly-available network in a Virtual Private Cloud (VPC) along with subnets and EC2 servers. Establish access rules and gateways, and expand your network to take advantage of serverless services such as database and storage. Leverage elasticity features to scale the infrastructure up and down, and automatically fail-over as we deliberately overload and kill parts of it. Learn about cost management and create billing alerts to limit unexpected charges. To comply with security requirements, we'll enable various AWS preventative and detective controls. This workshop is recommended for those with no prior AWS experience. A familiarity with basic network concepts is highly recommended. Please complete this short prerequisite list before attending: tiny.cc/aws-intro-saintcon

Please view the Schedule for more information

By: Clint Sorensen  sorefoot

In the heat of a crisis, every keystroke counts and indecision could cost your organization millions of dollars. Threat Hunting Workshop to develop your skills and test your abilities. At the end of the workshop you will be armed with knowledge and hands-on experience in hunting down threats and defending networks against advanced adversaries.

Please view the Schedule for more information

By: Michael Fischer  Fisch

A lab based introduction to Python. Roughly 50/50 lab to lecture ratio. Might be able to structure in a 1-2 hour workshops to allow people to jump in where they are interested.

Please view the Schedule for more information

By: Michael Fischer  Fisch

A lab based introduction to Python. Roughly 50/50 lab to lecture ratio. Might be able to structure in a 1-2 hour workshops to allow people to jump in where they are interested.

Please view the Schedule for more information

By: Kevin Lustic  

Nobody appreciates a good server anymore! Today's developers are increasingly likely to take advantage of the services offered by the myriad public cloud vendors. And it's no wonder; they can focus on their code rather than maintaining and scaling the environment it runs on. While these modern conveniences make offloading risk easy, though, it can be easy to forget that you're still writing code, and responsible for application security! Join me on a quest to understand the OWASP Top Ten list as it applies to serverless (FaaS) environments. Attendees can expect to: - Learn the OWASP Top Ten concepts - Understand those vulnerabilities within the context of AWS Lambda - Learn ways to prevent such vulnerabilities

Please view the Schedule for more information

By: Matt Lorimer  zodiak

Come learn the basics of red teaming and get a jump on the SAINTCON labs. After getting everyone connected into the SAINTCON lab environment, and a basic overview of pen testing and some of the necessary tools, we will dive into the labs. After some enumeration we will pwn a fully patched Windows 10 device to get an initial foothold into one of the environment. This is a great chance to get a solid base and an understanding of how to be successful in SAINTCON labs, CTFs, war games, and more.

Please view the Schedule for more information

By: Seth Law and Justin Larson  

More and more applications these days rely heavily on using web services to deliver content to users. Breaking modern web applications requires an understanding of how these services work. In this course we will review exploits, vulnerabilities, tools and techniques that can be used to break these services. This course provides students with knowledge of these common vulnerabilities while using open source tools and professional techniques used to perform web application penetration tests. Students will be introduced to open source tools including Burp Suite, SQLmap and others, when they should be used, and taught to use these tools to complement a tester's expertise. Most importantly, this course will teach students how to use this knowledge to perform tests on web services. Vulnerabilities: SQLi, Broken Access Control, IDOR, Data Exposure, Resource Exhaustion, Data Enumeration

Please view the Schedule for more information

By: Kyle Feuz  kfeuz

Have you heard your friends or colleagues talk about "sniffing" network traffic? Do you want to know if that new "smart"-X device is actually just a way for companies to "steal" more of your private information. Find out what is really happening on your networks with this introduction to Wireshark, one of the most popular tools used in industry for network analysis. No prior knowledge is necessary. We will start with a brief introduction to Wireshark, its capabilities and uses. Next, we will discuss where and how to monitor your network with Wireshark and what factors affect those decisions. At this point we are now ready to start applying capture filters, display filters, and custom colorization rules to highlight the information we are interested in seeing. We will focus on understanding several popular network protocols including ARP, IP, ICMP, TCP, UDP, HTTP and others. We will also take a look at recently disclosed vulnerability such as the DNS rebinding attacks targeting Roku, Google Home and other devices. The entire workshop will be very hands on with many different sample captures to work from as we identify both normal and abnormal traffic. We will not be doing any live captures.

Please view the Schedule for more information

By: SJ  sj

Revisiting https://github.com/icareaboutprivacy/privacy_alive_and_kicking with new content.

Please view the Schedule for more information

By: Rachel Tobac, SocialProof Security  

SocialProof Security has developed a vishing (phone attack) and social engineering training for infosec, red teams, and social engineering enthusiasts. We are white hat social engineering hackers, and this session is designed to enhance social engineering and phone attack skill sets for those who participate. This training is fast-paced, interactive, and gamified. By the end of this training, attendees will be able to prepare, execute, and measure their own vishing attacks.

Please view the Schedule for more information

By: Andrew Hall  RuShan

Teaching soldering to all abilities focusing on the the basics for beginners with a project to learn on.

Please view the Schedule for more information

By: Michael Julander  @Sodium_Hydrogen

Learn more about the communication protocol used by the Saintcon badge to talk to the minibadges and how to listen to the communication and send your own commands using the bus pirate.

Please view the Schedule for more information

By: Josh Galvez  zevlag

Amiibo? Infinity Figurines? Skylanders Figurines? Dimensions Figurines? They all use RFID/NFC, in this community talk I will cover the basics of their communications protocols and methods.

Please view the Schedule for more information

By: Dave C.  kampf

This is a guide built from experience travelling to Beijing, China during 2018 and 2019. It's a nuts-and-bolts tutorial about some best practices for preparation, information sanity, security, and sanitation. Some tips involve SIM cards, while others recommend getting cash well in advance of departure. Account and identity protection are also encouraged as much as possible, where possible, and when necessary. Device setup, recommendations for use, usage, and media exporting.

Please view the Schedule for more information

By: Sean Jackson  74rku5

Password cracking is something that Hollywood uses all the time, and makes look easy. Well...it's not really that hard. You're using a computer to do the work. Hashcat is the tool of choice when you have to do some tough cracking. There are steps to take to work through your lists, and yeah, it takes time. Unless they're using something silly, but no one does that anymore, right?

Please view the Schedule for more information

By: Jonathon Degn  

We use our phones every day, but few people know how their phone does something as simple as sending a text message.The GSM module is responsible for a cell phones core functionality, such as calling and texting. The phone communicates with this module through AT commands. In this lightning talk, I will use a hobby GSM module to demonstrate how to construct and send AT commands to call and text, as well as perform other interesting commands such as revising sent text messages.

Please view the Schedule for more information

By: Doug Copeland  c00p3r

ast prototyping an implantable computer from off the shelf parts, there are two phases to this project phase 1 is making a fast prototype from off the shelf parts, and implanting it into a host, this is meant to be a proof of concept for the implantable computer which is able to sniff wifi, bluetooth, and nfc from within the human body... allow the hacker to remote into the computer/host and gather information from a possible distributed array of people involved in the test. phase 2 is to take what is learned and create a custom pcb with all that has been learned from the original design and to create a smaller more compact form factor for the design... currently me and my team are in 5th official revision of phase 1 of this project... unofficially more like the 20th revision. The purpose of the talk is to do more then get up and say i built this thing and it does this, but instead to have a conversation about the process of fast prototyping and to encourage others that may or may not have an idea to try building something themselves, and create their own DIY evolution!

Please view the Schedule for more information

By: Cory Stokes  

Educational Technology leaders need to protect their networks and information security, analyze their current status, and validate what they are doing well. CoSN provides tools and resources that provide insight into how risk can be further reduced in ways that help technology leaders contribute to their schools' primary goals of teaching and learning. We will take a look at and discuss in detail these tools and resources that CoSN provides to us.

Please view the Schedule for more information

By: Jerry Smith  gotmee

This session will help develop and write an organizational information security policy. The session will provide tools for risk analysis, policy development, and resources to develop policies around information security, acceptable use, and other areas of concern that most large educational organizations are faced within today's complex regulatory environment.

Please view the Schedule for more information

By: Kevin Womack and Gavin Anderson  Sheeprock

discuss phishing, what? And why? Training implemented, Then have case study)

Please view the Schedule for more information

By: Scot McCombs  

Panel Discussion topics include User education / phishing / CEO fraud / gift card fraud, successful strategies in end-user data security awareness training.

Please view the Schedule for more information

By: Bryan Peterson  cicle

Identity & Access Management: The importance and advantages of automatically provisioning users when they come to the institution & especially deprovisioning users in a timely fashion when they leave the institution, big picture thoughts.

Please view the Schedule for more information

By: Jeremy Cox  supertechguy

TBD

Please view the Schedule for more information

By: Carol Lear  

In this presentation, presenters/school law attorneys will discuss local and national examples and cases about students hacking into school databases of various kinds. Presenters will outline how to determine if there is a "breach" of student data, how schools should respond and react, and possible legal and school consequences for students responsible. Time permitting, presenters will also provide an update on court cases about other student misuses of technology that affect school climate, safety and student wellbeing.

Please view the Schedule for more information

By: Heidi Alder  

In this informal discussion, presenters/school law attorneys will discuss and answer questions on local and national examples and cases about students hacking and other technology misuses.

Please view the Schedule for more information

By: Shaun Stapley  cha0swir3

There's still some fear of using the cloud, primarily surrounding data privacy & proper data security.

Please view the Schedule for more information

By: David Sallay  

This session will review updates to policies and procedures that LEAs need to know about student privacy and data security requirements

Please view the Schedule for more information

By: Alan Gibbons  

In this session we are holding a combined UWAG and eduroam user group meeting. We will discuss important security topics relating to WiFi and eduroam in schools and other educational organizations.

Please view the Schedule for more information

By: Jason Eyre  aurathos

UETN embarked on a study of LTE as a future offering in Utah. The Pilot Project is currently a work in progress and new developments are happening every month. This presentation will show the progress made by the committee and where we are expected to end up this year and next.

Please view the Schedule for more information

By: Troy Jessup  Jup1t3r

We will discuss the Top 10 or so findings we often see in penetration tests of institutions, and the best methods to avoid having these issues plague your networks.

Please view the Schedule for more information

By: S J  sj

A discussion of gauging where your organizational security is today as well as a simplified discussion of implementing CSC 20 Controls in your organization.

Please view the Schedule for more information

By: S J  sj

Leaders often have to lead in difficult circumstances. Security incidents are always difficult circumstances. This presentation will discuss how to prepare for and properly lead your organization in handling security incidents.

Please view the Schedule for more information

By: Corey Roach  

Historically, in higher-education, "academic freedom" has often been a phrase used as a trump card to avoid implementing data security. In this presentation, I make the case that data security is not the antithesis of collaboration and innovation, but rather an integral part in providing educators, scientists, and researchers an environment where learning and discovery can flourish.

Please view the Schedule for more information

By: Nate Henne  N8

This will be a review of services offered by UETN and USHE in regards to security assessments and penetration tests.

Please view the Schedule for more information

By: Jeremy Cox  supertechguy

TBD

Please view the Schedule for more information

By: Matt Lorimer  zodiak

"Hello. I'm Bob Ross, and I'd like to welcome you to the first joy of hacking series. If this is your first time with us, I hope you grab a few exploits and some vulnerabilities and come along and hack with us. If you've been with us before, first of all, I'd like to thank you for inviting me back again." There will be resources for, and I'd like everyone to play along on their own devices as a hands-on activity to show you just how easy (and fun) it is to exploit modern computer systems. The purpose is to give you a greater understanding of some of the threats faced by your organizations and give you a glimpse into the attacking side of cyber security. We will be leveraging various tools to compromise patched windows systems. * Session not actually taught by Bob Ross

Please view the Schedule for more information

By: Jeff Egly  

Following the SAINTCON keynote presentations SAINTCON attendees have the opportunity to participate in a keynote panel discussion and Q & A offered through the SAINTCON Leadership Track. The keynote panel discussion and attendee Q&A is facilitated by Jeff Egly, an Associate Director with UETN.

Please view the Schedule for more information

By: Jon Stutz  

The insurance industry's view on Social Engineering. What it is, what losses look like, and how to avoid it.

Please view the Schedule for more information

By: Mark Petersen  

A view on Cyber Insurance Claims Trends. Why do these losses happen and tips on how to limit and avoid them. Information for public schools on obtaining cyber insurance.

Please view the Schedule for more information