Wild West Hackin' Fest - Deadwood 2024

This presentation titled "Tackling the AI Spin Cycle: A Briefing on AI Governance, Laws, and Tools" will introduce the conference attendee to the complex landscape of artificial intelligence (AI) governance and regulation. As AI technologies continue to evolve rapidly, it has become increasingly important to establish robust frameworks to ensure ethical and responsible deployment.
Everything is Piling Up! We will explore the mess of AI governance, including legal, ethical, and technical considerations. We will navigate through the spin cycle of existing laws and regulations governing AI, highlighting both their strengths and limitations in addressing the unique challenges posed by AI applications.
We'll sort the delicates from the heavy duty by looking at emerging tools and methodologies designed to facilitate effective AI governance, including transparency mechanisms, accountability frameworks, and ethical AI guidelines.
By providing insights into the current state of AI governance and offering practical guidance on navigating this evolving landscape, this presentation aims to sort through the mess and give the conference attendee of feeling comfortable in their own clothes by understanding AI governance better.

This presentation offers an exploration into the origins, innovations, and implications of hacking in the gaming industry. In a virtual world where pixels and code meet human creativity, video games have taken off in popularity within the last 70 years. Beginning with a look at the rudimentary hacks of early classics, we will explore how the earliest video game hacks shaped the future of gaming and cybersecurity. From memory manipulation and code injection using tools like GameShark and Cheat Engine, to the creative exploitation of glitches and zero day discoveries such as Log4Shell, video games have always been a target for manipulation aimed at gaining an unfair advantage. There have been notable video game hacks that have impacted security as a whole, and these could continue to get more severe as more complex technology emerges with the rise of virtual reality. This journey will walk through the evolution and predictions for what video game and virtual reality hacking could mean for the future of security. By examining the intersection of video gaming and security, this can offer insights that are relevant to practitioners, researchers, and gamers alike.

The security community often criticizes MSPs, claiming they offer lax security, don't take security seriously, and generally implement weak practices. Some presentations even use "fake" MSP breaches as their foundation.
But what if we actually tested this ourselves?
Join Matt Lee and Jason Slagle as they delve into the data and lessons learned from attempts to breach MSPs. We'll review findings from our efforts to assess and breach a sample of 60 MSPs that volunteered for this study.
Will we succeed? Will we be blocked? What commonalities and weaknesses will we uncover? Join us to discover what we learned.

In today’s relentless cybersecurity battlefield, technical teams often find themselves lost in translation when conveying complex risks and vulnerabilities to senior executives and board members. Breaking through this communication barrier is essential for securing the support and funding necessary to drive pivotal cybersecurity initiatives.

This presentation will delve into a real-world cybersecurity incident involving a masked application attack on an SMB environment. Using an anonymized incident narrative, we'll walk through the response process from the perspective of a small to medium-sized business team. The presentation will highlight the importance of early detection, the challenges of identifying sophisticated threats, and the critical role of proper incident response procedures.

We'll examine the attack timeline, from the initial malware download disguised as legitimate software to the attacker's lateral movement and attempts at data exfiltration. Key focus areas will include the significance of user awareness, the value of multi-layered security controls, and the effectiveness of SIEM and endpoint detection solutions in identifying suspicious activities.

The presentation will also cover practical lessons learned, including the importance of least privilege principles, robust password policies, and regular security testing. We'll discuss how SMBs can improve their security posture by implementing these lessons and leveraging available tools and best practices.
By analyzing this incident, attendees will gain valuable insights into real-world attack techniques, effective response strategies, and proactive measures to enhance their organization's cybersecurity resilience. The session will conclude with actionable takeaways for SMBs to better prepare for and respond to similar threats in their own environments.

Several real-world case studies will be presented in which analysis of network-based evidence was sufficiently done with nothing more sophisticated than 'strings'.