Full Agenda
| Time | Description |
|---|---|
8am | Opening Remarks with John Hubbard & Dave Hoelzer |
8:15am – 8:45 am | AI and Machine Learning For the Win! Dave Hoelzer, Author of SEC595 We’ve all fooled around with Bard and ChatGPT. As cool as it is to get them to write phishing emails or trivial malware, they aren’t especially useful for threat hunting or defense. In this 20 minute talk and demonstration, David Hoelzer will walk you through a real world example of leveraging machine learning/AI for threat hunting without paying for expensive subscriptions, API fees, or other tools. Want to see what cutting edge threat hunting looks like and how a managed security provider is leveraging artificial intelligence to accelerate their monitoring operations? Don’t miss this talk! |
8:45am – 9:15am | Cracking the Code: The Role of Programming in Information Security Mark Baggett, Author of SEC573 In this presentation, we'll explore an unpatched vulnerability within Windows, one that attackers can likely exploit to bypass your defenses. Through the lens of this attack, we'll address a significant question: "Are programming skills a requisite for excelling in the field of information security?" Recent research indicates that approximately 20% of entry-level positions in information security demand proficiency in programming. Yet, the ongoing debate in online forums highlights the uncertainty surrounding the necessity of coding skills. Join me as we navigate through this discussion, examining the intricate relationship between coding expertise and achieving success in the realm of information security. |
9:15am – 9:45am | Simplifying SSH Key Management: Leveraging ssh_config for Security and Efficiency Charlie Goldner, Author of SEC406 Burdened by the hassle of managing numerous SSH keys? Discover how ssh_config not only simplifies your key management but also enhances your SSH security posture. Join us to uncover strategies for efficient SSH key organization and learn critical tips for securing your SSH configurations. Perfect for anyone looking to streamline their SSH practices without compromising on security. |
9:45am – 10:15am | A QUICK decode Andy Laman, SEC503 Instructor QUIC is a new transport layer protocol that is being adopted across the internet. Application protocols like HTTP/3, SMB, and DNS are using QUIC today. Security product support for QUIC is currently weak and may leave gaps in our defense. Thankfully, Wireshark now has great support for QUIC. In this talk, we'll use Wireshark to decode QUIC traffic, look at some of the usual fields, and even see how to carve files and data from QUIC traffic. |
10:15am – 10:30am | Break |
10:30am – 11am | Python Applications are a Pain Mark Baggett, Author of SEC673 As the number of Python apps security professionals continues to grow, the demand for portable and distributable Python applications is paramount. This talk introduces a streamlined method for creating self-contained Python packages, enabling seamless deployment without the need for extensive module installations. Attendees will learn how to package their Python projects efficiently, facilitating easier distribution and ensuring compatibility across various environments. By embracing this approach, security professionals can enhance their workflow, bolstering productivity and flexibility while maintaining stringent security measures. |
11am – 11:30am | Leveraging DeTT&CT for Tactical Awareness Gene McGowan, Author of SEC555 Detecting the adversary in our environments is one of the most important things that we are responsible for as Blue Team Defenders. How do you know if you’re collecting the right data points to achieve this goal? How do you measure progress? Enter DeTT&CT, the Detect Tactics, Techniques & Combat Threats framework! Designed to empower blue teams, DeTT&CT harnesses the power of MITRE ATT&CK framework to evaluate data log source quality, visibility coverage, detection efficacy, and threat actor behaviors. Learn how to leverage DeTT&CT to map detection coverage against threat actor behaviors, and identify areas for improvement in detection and visibility. By the end of the session, you will be equipped with the knowledge to leverage DeTT&CT to improve your Tactical Awareness of your environment. |
11:30am – 12:20pm | Using OSINT and AI to Tackle Disinformation and Analyze Information Nico Dekens, Author of SEC587 In this talk Nico Dekens will show various ways on how AI and LLMs can be used within OSINT investigations.Nico will show how to unravel redacted documents, create daily briefs and extract data from text files fast and efficiently.This talk will also show how you can detect (bot) accounts or posts that are generated by ChatGPT that potentially spread disinformation and hate speech. |
12:20pm – 12:45pm | Break |
12:45pm – 1:15 pm | AI-Powered BladeRunners: The Role of AI in Implementing Zero Trust Ismael Valenzuela, Author of SEC530 & Greg Scheidel, SEC530 Instructor Embark on a cybernetic journey with Ismael Valenzuela and Greg Scheidel, as they draw inspiration from the iconic Blade Runner universe featured in SANS Security 530, to explore the role of Generative AI, Machine Learning (ML), and Natural Language Processing (NLP), in establishing a robust Zero Trust architecture. In this webinar, you will use a Blade Runner’s favorite lifecycle, the DARIOM model—Discover, Assess, Re-Design, Implement, Operate, and Monitor—as a lens to examine how current AI technologies can be employed to enhance each phase. From the relentless pursuit of rogue replicants through threat modeling, to continuous adaptive risk assessment, this session will provide a unique perspective on how these technologies can be integrated into a comprehensive Zero Trust strategy, ensuring an adaptable and resilient defense mechanism against evolving cyber threats. |
1:15pm – 1:45pm | From Cyber Lemons to Lemonade: A Refreshing Take on Exposed Data Matt Edmondson, Author of SEC497 It’s unfortunate that so many organizations are getting their data exposed, but that’s the world we live in. In this talk, we’ll discuss real-world examples where breach data, data stealer logs etc., have been used by public and private sector organizations to help answer questions and improve their security posture. Legal and ethical issues will be covered, as well as how to find and use the data for those with a keen sense of adventure. |
1:45pm – 2:15 pm | Who Knew Grandpa was a Supply Chain Security Expert? Tony Turner, Author of SEC547 In this presentation, we delve into the wisdom of age-old sayings through the lens of supply chain security, guided by the unexpected expertise of my grandfather. We will explore eight popular adages, revealing their hidden relevance to contemporary challenges in supply chain risk management. Each saying serves as a springboard into broader discussions on supply chain security principles, such as due diligence, transparency, the value of provenance, and the significance of maintaining quality and integrity throughout the supply chain. These personal tales not only illustrate the practical applications of each saying in the supply chain context but also celebrate the wisdom that can be found in the most unexpected places. Attendees will leave with a unique perspective on supply chain security, equipped with practical insights and inspired by the timeless wisdom that transcends generations. This presentation provides a glimpse into the topics of SEC547, Defending Product Supply Chains, and connects the dots between traditional wisdom and modern-day supply chain security challenges, all through the memorable stories of a lovable grandpa who was, perhaps surprisingly, a supply chain security expert. |
2:15pm – 2:45pm | Defining and Defending the GenAI Supply Chain Seth Misenar, Author of SEC511 With increasing enterprise and end user adoption of Generative AI and LLM applications, the need to consider the scope and implications to cybersecurity become paramount. In this talk, SANS Fellow, Seth Misenar, will highlight salient aspects of GenAI/LLM security enabling enterprises to better understand the evolving threat landscape posed by this transformative technology. |
2:45pm – 3:00pm | Break |
3pm – 3:30 pm | Relentless Defense - Rules for Security Operations That Keep Attackers Off Your Network John Hubbard, Author of SEC450 In the world of cybersecurity, attackers never sleep. But what if your security operations team could stay one step ahead? In this presentation, we'll dive into the essential strategies and processes for building a cyber defense posture that's a nightmare for attackers. From accurate detection to threat hunting, incident response to automation, learn how to build an agile and effective SOC that can keep pace with today's rapidly moving cyber threats. |
3:30pm – 4pm | Detecting Command and Control Frameworks via Sysmon and Windows Event Logging Eric Conrad, Author of SEC511 Prevention eventually fails. Bypassing tools such as Windows Defender Antivirus may be challenging, but it can be done. What then? What's left? Command and control (C2) frameworks such as Cobalt Strike, Sliver, and Metasploit typically leave telltale signs of their presence. This talk will largely be demo-based, showing how to analyze Windows event logs (including Sysmon logs) to hunt for traces left behind by modern C2 frameworks. |
4pm – 4:30pm | Common Security Pitfalls: Don’t Worry - You’re Not Alone Bryan Simon & Nick Mitropoulos In today's world, privacy and security take center stage in most industries and there's a constant effort from many companies to advance their security practices. Despite that, we still see mistakes occurring that we would want to avoid. Rather than always trying to secure advanced systems with complicated solutions, sometimes the basics of security are all you need. Join us to discuss common security pitfalls and how they can be overcome: 1. Choosing a password can be simpler than you think. So why do we tend to overcomplicate it? 2. What risks are involved when you try to sell your old laptop or hard drive on eBay? 3. When did you last take a backup? Could you be your own worst enemy? 4. Your vendor promised to provide you with new, fancy monitoring tools at a dirt-cheap price, and now you're inundated with alerts. What should you do? |
4:30pm – 5pm | Unlocking Cyber Security: From Zero to Hero in the Digital Age Rich Greene In an era where digital threats loom larger than ever, stepping into the world of cyber security can seem like venturing into a labyrinth of complexities. "Unlocking Cyber Security: From Zero to Hero in the Digital Age" is your guided expedition into this critical field, designed to transform cyber security novices into informed, empowered digital citizens and professionals. This talk strips away the intimidation factor of technical jargon, presenting the essentials of cyber security through relatable stories, real-world analogies, and actionable advice. Whether you're looking to safeguard your personal data, make a confident career shift into cyber security, or lead your company away from the headlines of the next big breach, this presentation lays the foundation for a secure digital future. Join us to demystify the digital threats of our time and discover how you can become a hero in the battle for cyber safety. |
5pm | Closing Remarks with John Hubbard & Dave Hoelzer |
