Full Agenda
| Time | Description | |
|---|---|---|
8:15am – 8:45 am | Dave Hoelzer | MAVIS: Machine Assisted Vulnerability Identification System Code review has become what log review was a few years ago; everyone knows they should do it, everyone says they are doing something, but everybody knows they aren't doing enough. In this talk David will cover the highlights of MAVIS, a new open source project that can be used to supplement or even guide code review of internal projects. MAVIS is an ML/AI based tool that can be hooked into your CI pipeline to flag code commits that deserve "special attention." |
8:45am – 9:15 am | Mark Baggett | Automating Log Analysis In this presentation, we're going to explore the amazing benefits of automating log file analysis using Python. First, we'll show you how Python makes it easy to handle your log files with simple file operations. Then, we'll dive into the power of regular expressions to search through your logs and find important patterns. Finally, we'll introduce some cool analysis techniques to extract useful data and insights from your logs. By the end of this session, you'll see how automating log analysis can save you time, help you catch issues faster, and make your life a whole lot easier. Get ready to transform how you handle log files with the power of Python! |
9:15am – 9:45am | Seth Misenar | Guardrails for Innovation: Navigating Security Standards in Generative AI and LLMs As generative AI and large language models (LLM) gain momentum, solid security standards are more critical than ever. In this talk, SANS Faculty Fellow and SEC511 author Seth Misenar will dive into the key frameworks and models shaping the security landscape for AI: the EU AI Act, NIST AI Risk Management Framework (AI RMF), OWASP Top 10 for LLM, and MITRE ATLAS. Seth will show how these frameworks act as essential guardrails, guiding us through the risks while fostering innovation. Whether you're building, deploying, or managing AI systems, you'll leave with actionable insights to better secure your AI initiatives and stay ahead in this rapidly evolving field. |
9:45am – 10:15am | Charlie Goldner | Mastering the Journal As Linux systems become increasingly complex, security professionals struggle to effectively manage and analyze log data. The Systemd Journal offers a robust and centralized logging solution but often remains underutilized. This talk will equip you with the practical knowledge to harness the full potential of journald for enhanced security. We will dive into configuration best practices, including securing log data, managing access controls, and implementing optimal retention policies. Learn how to efficiently ship logs to external systems for redundancy and analysis. Finally, we will explore techniques to detect and mitigate log tampering attempts. By the end of this session, you will have the skills to confidently protect your systems through effective log management. |
10:15am – 10:30am | Break | |
10:30am – 11:00am | Sean Thomas | Social Engineering - Understanding your Risk Profile Today's unfortunate reality is that every organization is under threat from social engineering attacks. The humans in our organization can be even more of an initial target than our systems, with social engineering being the primary attack vector. Understanding the various threats, and the risks they pose, is vital to being able to increase our people's awareness of them so they can better defend themselves. This presentation will explore methods for assessing the real and potential social engineering threats posed to your specific organization, as well as ways to apply that knowledge to increase your people's awareness of and resistance to those risks. |
11:00am – 11:30am | Nico Dekens | Vicarious Trauma & OSINT In the world of OSINT, vicarious trauma is a silent threat, creeping in as we expose ourselves to disturbing content daily. This isn't just an occupational hazard--it's a mental health crisis that demands our attention. By recognizing the signs and prioritizing mental well-being, we can safeguard not only our effectiveness but also our humanity. Acknowledging the impact isn't a weakness; it's essential for sustaining our crucial work. Let's bring this conversation to the forefront of our OSINT practices. |
11:30am – 12:00pm | Mark Baggett | The Python Security Pickle In this presentation, we're diving into the world of Python and its tool called pickle, which helps save and load data easily. First, we'll explore how pickle makes it simple to store information and share it between different parts of a program. But here's the exciting (and a bit scary) part: pickle has a big security flaw because it can run any code when loading data, which can be dangerous. We'll show some eye-opening examples of how hackers can use this flaw to run harmful code on your computer. By seeing these real-life demos, you'll understand the risks and tricks hackers use. At the end, we'll share some cool tips and tricks to keep your programs safe, making sure you use the best tools and practices to avoid these sneaky threats. Get ready for a thrilling journey into the world of Python security! |
12:00pm – 12:30pm | Break | |
12:30pm – 1:00pm | Tony Turner | The SBOM Makeover Software Bill of Materials (SBOM) are increasingly being used in software supply chain security to provide transparency and support vulnerability identification and remediation. But SBOMs are only as good as the data they contain, and not all tools provide beautiful results. In this presentation we will highlight the attributes of high quality SBOMs, what makes them beautiful (useful) and how tools are supporting these use cases or failing to deliver value. We will explore how you can evaluate SBOM quality yourself to understand the maturity of your suppliers' process or to evaluate the capabilities of SBOM tools you are considering acquiring. Lastly, we will look at how you can enrich your own SBOMs, including use cases your tools might not even support. This will be a technical foray into the topic of SBOM quality and enrichment suitable for cybersecurity, product and software architects and engineers tasked with producing or analyzing SBOMs, as well as the managers who oversee this work. We hope you are ready for a SBOM Makeover! |
1:00pm – 1:30pm | Nick Mitropoulos | Next Gen SOC The increasing complexity and sophistication of cyber threats demands a fundamental shift in how SOCs operate. This talk explores the evolution of SOCs from traditional reactive models to proactive, intelligence-driven operations. We will discuss the integration of cutting-edge technologies such as AI, ML, and SOAR, which are transforming SOCs into more agile and effective defenders against advanced threats. Insight will be provided into modern SOC architectures, the importance of threat intelligence, and how to foster collaboration between human analysts and automated systems. The session will also cover strategies for building a resilient and scalable SOC that can adapt to the ever-changing threat landscape, ensuring robust cybersecurity defense for organizations in the digital age. |
1:30pm – 2:00pm | Tim Garcia | Stand out from the crowd! Using powershell to automate your daily tasks A common question I get asked is how can I differentiate myself from my colleagues when competing for entry level positions. The answer is improving your scripting skills. This not only can help you stand out for potential employers but is a skills multiplier in your current role. Powershell is Microsoft's scripting environment that is now available in Linux and Mac. It provides a powerful platform to automate your workflows and free you up to focus on the analysis of information. This talk will highlight some of the ways we use Powershell in SEC401 to lay a strong foundation to build upon to help you differentiate yourself as you move forward in your career. |
2:00pm – 2:30pm | Jeff Lomas | Edge Out Your Next BEC Adversary: Investigation and Prevention Strategies Using OSINT In this presentation, Jeff will explore the latest trends in Business Email Compromises (BEC) and demonstrate how Open Source Intelligence (OSINT) can enhance response and help prevent many of these incidents. Adversaries are now employing a range of tactics to infiltrate your network and steal your money using cyber techniques and traditional attacks. This talk will identify the current BEC tactics being used while highlighting the role of OSINT in identifying vulnerabilities. Attendees will gain practical insights into implementing OSINT strategies for the prevention and response caused by the most persistent threat actors in this space. |
2:30pm – 2:45pm | Break | |
2:45pm – 3:15 pm | Ismael Valenzuela & Andy Smith | Hybrid Fortresses: How A Defensible Security Architecture Raises the Bar Against Modern Attacks As we navigate 2024, we have witnessed a surge in complex ransomware campaigns, cloud infrastructure breaches, and sophisticated supply chain attacks, each pushing the boundaries of what constitutes a secure architecture. In this talk, Ismael Valenzuela and Andy Smith, will delve into the key security patterns and anti-patterns that have emerged in response to these threats. We will explore how hybrid security architectures-combining optimized on-premises defenses with advanced cloud-based solutions-can provide a more resilient and adaptable security posture. |
3:15pm – 3:45pm | John Hubbard | APT Takedown: The 2024 Blueprint for Cyber Victory 2024 cyber news has been filled with stories of highly complex compromises that involve living off the land, network infrastructure compromise, and complex cloud-native breach techniques. What are defenders to do? Do we have any chance at detecting and stopping in these attacks? Of course we do! It won't be easy, but this is YOUR turf, and you have the advantage...if you know how to use it. With a strong understanding of defense fundamentals, attack methods, the right data sources, and some grit, your cyber defense team can go head to head with APTs and come out on top! |
3:45pm – 4:15pm | Andy Laman | Encrypted DNS Developments Over the last couple of years, there have been several new standards for natively encrypting DNS traffic. DoT, DoH, DoQ - What are these new acronyms, what is the difference, and why should you care? Let's answer these questions and, well, also look at some packets. |
