Wild West Hackin' Fest - Deadwood 2024

This presentation titled "Tackling the AI Spin Cycle: A Briefing on AI Governance, Laws, and Tools" will introduce the conference attendee to the complex landscape of artificial intelligence (AI) governance and regulation. As AI technologies continue to evolve rapidly, it has become increasingly important to establish robust frameworks to ensure ethical and responsible deployment.
Everything is Piling Up! We will explore the mess of AI governance, including legal, ethical, and technical considerations. We will navigate through the spin cycle of existing laws and regulations governing AI, highlighting both their strengths and limitations in addressing the unique challenges posed by AI applications.
We'll sort the delicates from the heavy duty by looking at emerging tools and methodologies designed to facilitate effective AI governance, including transparency mechanisms, accountability frameworks, and ethical AI guidelines.
By providing insights into the current state of AI governance and offering practical guidance on navigating this evolving landscape, this presentation aims to sort through the mess and give the conference attendee of feeling comfortable in their own clothes by understanding AI governance better.

This presentation offers an exploration into the origins, innovations, and implications of hacking in the gaming industry. In a virtual world where pixels and code meet human creativity, video games have taken off in popularity within the last 70 years. Beginning with a look at the rudimentary hacks of early classics, we will explore how the earliest video game hacks shaped the future of gaming and cybersecurity. From memory manipulation and code injection using tools like GameShark and Cheat Engine, to the creative exploitation of glitches and zero day discoveries such as Log4Shell, video games have always been a target for manipulation aimed at gaining an unfair advantage. There have been notable video game hacks that have impacted security as a whole, and these could continue to get more severe as more complex technology emerges with the rise of virtual reality. This journey will walk through the evolution and predictions for what video game and virtual reality hacking could mean for the future of security. By examining the intersection of video gaming and security, this can offer insights that are relevant to practitioners, researchers, and gamers alike.

The security community often criticizes MSPs, claiming they offer lax security, don't take security seriously, and generally implement weak practices. Some presentations even use "fake" MSP breaches as their foundation.
But what if we actually tested this ourselves?
Join Matt Lee and Jason Slagle as they delve into the data and lessons learned from attempts to breach MSPs. We'll review findings from our efforts to assess and breach a sample of 60 MSPs that volunteered for this study.
Will we succeed? Will we be blocked? What commonalities and weaknesses will we uncover? Join us to discover what we learned.

In today’s relentless cybersecurity battlefield, technical teams often find themselves lost in translation when conveying complex risks and vulnerabilities to senior executives and board members. Breaking through this communication barrier is essential for securing the support and funding necessary to drive pivotal cybersecurity initiatives.

This presentation will delve into a real-world cybersecurity incident involving a masked application attack on an SMB environment. Using an anonymized incident narrative, we'll walk through the response process from the perspective of a small to medium-sized business team. The presentation will highlight the importance of early detection, the challenges of identifying sophisticated threats, and the critical role of proper incident response procedures.

We'll examine the attack timeline, from the initial malware download disguised as legitimate software to the attacker's lateral movement and attempts at data exfiltration. Key focus areas will include the significance of user awareness, the value of multi-layered security controls, and the effectiveness of SIEM and endpoint detection solutions in identifying suspicious activities.

The presentation will also cover practical lessons learned, including the importance of least privilege principles, robust password policies, and regular security testing. We'll discuss how SMBs can improve their security posture by implementing these lessons and leveraging available tools and best practices.
By analyzing this incident, attendees will gain valuable insights into real-world attack techniques, effective response strategies, and proactive measures to enhance their organization's cybersecurity resilience. The session will conclude with actionable takeaways for SMBs to better prepare for and respond to similar threats in their own environments.

Several real-world case studies will be presented in which analysis of network-based evidence was sufficiently done with nothing more sophisticated than 'strings'.

After this talk, you will never see images the same way again. This enlightening session explores the dynamic realm of GeoINT (Geospatial Intelligence), a captivating subset of OSINT (Open Source Intelligence) that unlocks a wealth of hidden insights within images and videos. From identifying objects, landscapes, and aircrafts to interpreting symbols, shadows, and reflections, we'll go deep into the art of imagery analysis. Learn how to decode the language of trees, signs, text and logos, and uncover the strategic implications behind seemingly mundane details. This talk promises to give you a taste of some next level skills that you can easily learn as I take you through multiple demos.

Alethe takes audiences on a riveting journey into the realm of red teaming through captivating narratives and insightful analysis. Delving into real-life experiences, the keynote unveils the complexities and nuances of red team engagements, showcasing both the spectacular failures, and successful heists that provide invaluable lessons for enhancing organizational security. From epic missteps to meticulously planned operations, attendees will gain a deeper understanding of the pivotal role red teaming plays in fortifying defenses against emerging threats. Through engaging storytelling and practical insights, this presentation offers a compelling exploration of red teaming's transformative impact on shaping the security landscape of tomorrow.

From building payloads, testing evasions, and practicing offensive techniques, a must-have for every seasoned tester is a lab environment. Join Travis as he demonstrates various methods for deploying dynamic AD lab environments for attack simulation with ease.

Let's explore the darker side of AI! In this talk, we'll dissect various attack vectors such as prompt injection, malicious input designed to manipulate AI output; data extraction, which aim to siphon off sensitive information embedded within AI models; and evasion attacks, a nebulous category that includes techniques to deceive AI systems into incorrect processing or ignoring malicious content altogether.

99% of US businesses have 20 users or fewer. In this talk we will discuss how to engage and protect the small businesses that form the backbone of our communities. We'll cover how to convey the risks small business insecurity poses to larger businesses downstream from them in the supply chain and some techniques you can bring to your favorite small business.

In cybersecurity, the wisdom has often been likened to the defense strategies of medieval castles: every attack repelled. This talk, "One Arrow, One Breach," challenges this notion, presenting a shift in approaching cybersecurity. Led by Kevin Johnson, this presentation delves into the antiquated belief that all attacks must be stopped to ensure security. Drawing parallels with medieval defense, Kevin argues for a strategic approach, emphasizing the importance of identifying and stopping the most critical threats rather than dispersing our resources across all points of attack.Using real-world examples from his penetration testing experience, Kevin will demonstrate how this focused approach leads to more efficient use of resources and improved risk management. Attendees will gain insights into prioritizing threats and rethink their overall approach to cybersecurity.