Wild West Hackin' Fest - Deadwood 2024

JWTs are an incredibly flexible tool that make life easier for developers because they are standardized, widely supported, and include important security features by default. However, like any powerful tool, JWTs can be dangerous when used incorrectly, or for unintended purposes. In this talk, I aim to shine a light on common JWT misuse and abuse. I'll start by briefly describing JWTs and common use cases for them. I'll then present real world scenarios of misuse and abuse from applications that I've tested as a consultant, and written as an engineer. As I present each scenario, I'll demonstrate the various features and failures live, and discuss how the specific implementation of JWTs can be hardened. The end result will be an enlightening and entertaining presentation of information and experience that will provide the viewer with a practical knowledge of how, and how not, to use JWTs.

In society, evolving artificial intelligence leverages cutting-edge technology to create synthetic text, audio, and video clips at a concerning rate. These emerging innovations pose significant threats to organizations' cybersecurity protocols and defenses. This presentation examines the multifaceted nature of deepfakes, offering insights into their creation and detection, what organizations need to do to educate their users, and the technology available to protect against these latest strains of social engineering attacks.

Endpoint Detection and Response (EDR) agents typically comprise multiple sensory components that collect information from various telemetry sources the operating system provides. Many public blogs and conference talks have covered Windows telemetry sources, such as kernel callbacks and ETW, but only some mention macOS and Linux equivalents.

Developers using macOS often have privileged cloud accounts or access to intellectual property such as source code. Linux servers may host customer-facing interfaces or applications that access sensitive databases. Defenders must have confidence in their tools for these systems, and attackers must understand how to evade them.

This talk will detail telemetry sources available to EDR on macOS and Linux and compare them to Windows equivalents. The sources commonly used to monitor process creation, shared library loading, networking, and file activity will be described based on the presenter's observations while reverse engineering popular EDR agents.

Ever wondered how a red team targets DevOps automation and CI/CD environments? Join us as we provide unique insight into a real-world attack path that ended in a complete compromise of an organizations cloud resources and third-party platforms. In this presentation, we will uncover some red team tradecraft that highlights the difficulty of securing build servers, deployment processes, and source-code repositories. We will look at what was done right, what was done wrong, and how understanding your target environment can lead to bringing down the house of cards without ever stepping onto the internal network. This is a high-paced technical talk that includes initial access, lateral movement, privilege escalation, evasion, and persistence of a CI/CD deployment in the cloud.

This presentation focuses on the offensive tools that defenders should running, to identify high-impact security issues on their network. Explore the proactive advantages of offensive security tools that can be quickly and easily be run by defenders to better protect and defend their network. Attendees will learn how offensive security tools enable defenders to stay ahead of potential adversaries, enhancing network resilience and safeguarding against breaches effectively.

Lurking means to wait or move in a secret way so that you cannot be seen. On a red team or assumed breach operation, our success hinges on how our implants communicate with us. The way these communications happen - how fast, how often, and how much data is exchanged - is key to realistically mimicking cyber attackers. In this talk, I'll break down the essentials of choosing a Command and Control (C2) channel and share some clever tactics and commonly used services that help us stay under the radar and gain the upper hand in our target's environment. Get ready for a behind-the-scenes look at the stealthy side of cybersecurity.

Meterpreter session 1 opened! ... "Wait, you're using Metasploit? Pfft, why didn't you write your own custom implant-loader-beacon-shellcode-dropper-payload, you n00b!?! Skill issue, RTFM and git gud." Ah, to tool or not to tool, that is... a question. Whether you're rocking some l33t Arch Linux RICE to write your own custom kernel and C2 framework, or you're hacking with someone else's PowerShell script: join John Hammond for a slap in the face presentation on why your righteous tooling doesn't matter. We'll dig into the good, the bad, and the ugly -- vim or nano? Python or Rust? Who cares... but let's ask why it is up for debate in the first place. Filled to the brim with imposter syndrome, breaking down the gates from gatekeepers, this session is a comedy farce that you've got to `git checkout`. Ya stinkin' script kiddie.