Wild West Hackin' Fest - Deadwood 2024

The perpetual race to safeguard and secure our infrastructures have given birth to robust defensive mechanisms, such as antiviruses (AV), Endpoint Detection and Response (EDRs), and Extended detection and response (XDR) just to name a few. Over the years the detection methodologies employed by them have evolved. From the very basic string and hash matching techniques, defensive mechanisms have enhanced their capabilities by employing machine learning, in memory scanning and other sophisticated techniques. From the perspective of a maldev, developing a malware is considerably easier as compared to evading it.
In this talk we will discuss various techniques employed by maldevs to circumvent detection measure implemented by modern day AVs and EDRs. This talk will solely focus on the Windows ecosystem. We will discuss the nitty gritties of the Windows OS, followed by various detection techniques implemented by AVs and EDRs. After understanding the detection methods we will shift our focus on various techniques that can be implemented to bypass aforementioned detection techniques. Some techniques included are Unhooking, BlockDLL, Repatching, API Hashing, ETW and AMSI patching etc.
In order to better understand the concepts discussed, we present real life PoCs. These PoCs will showcase the discussed evasion techniques on a popular red teaming tool (Juicy Potato). Furthermore these PoCs will showcase the exact detection methods and how we were able to bypass them to gain access.

As a “person of a certain age, with certain experiences”, I can attest that life is fraught with uncertainty. Society is increasingly dependent on undependable technology. (This is, after all, why we all have jobs.) Whether from extreme weather, hostile events, squirrels with poor judgment, or from the random chaos of normal life, disruptions seem increasingly frequent. Incidents are also likely to be more complex, with more chaotic effects. Without electricity for power, communications can be disrupted. Without water, medical care becomes virtually impossible very quickly. The potential effects have gone beyond inconvenient to existential.

Adding fear to uncertainty, China has announced its intention to annex Taiwan by 2027. US cybersecurity leadership has testified that a Chinese hacking group known as Volt Typhoon has been conducting campaigns to pre-position malware in US water infrastructure. The goal of these campaigns is to create a credible threat (disruption of the water supply, with predictable consequences) to the US in support of its annexation of Taiwan.

As civic-minded members of the cybersecurity community, how can we respond to these threats in ways that will avoid encouraging doubt and will inspire confidence in the communities and neighborhoods in which we live? I hope that you will leave this talk better informed, and inspired to do at least one thing in your neighborhood and community that will influence others to do the same

One area of increasing concern is the use of AI to create deep fakes in order to manipulate the public’s opinion on topics. In this talk, we will learn how AI is used to create deep fakes. We will also discuss current strategies that attendees can use to spot deep fakes and describe existing research and tools used for deep fake detection. After the talk, attendees will have a better understanding of deep fake technology and be armed with some techniques they can use to protect themselves.

Does this describe you?

You have years of technical work experience under your belt. You’ve held many different roles and have worked successfully with other teams and departments. You’re great at what you do.

But you also have a spark in you – the one that lights up when you're mentoring new team members or brainstorming solutions with your peers. You have no problem dealing with difficult people and situations. You love a good challenge that requires multiple teams to solve, and people genuinely like working with you.

And you’ve been thinking lately: Should I make the move over to leadership?

Leadership means more responsibility, potentially less hands-on technical work, and maybe even some office politics. But it also means having a bigger voice, the chance to build a team and mentor others, and more opportunities for your career. Staying in your current role means mastering your craft, having more autonomy, and avoiding some of the headaches of management, but it might also mean hitting a ceiling in terms of influence or earning potential.
So, which path is right for YOU? It all boils down to what gets you fired up, what kind of impact you want to make, and where you'll be happiest.
In this talk, you’ll hear all about the good, the bad, and the ugly about being in cybersecurity leadership. You’ll learn about what it takes to succeed as a leader on technical teams. You’ll also learn about some tried-and-true ways of breaking into management roles. Whether you're itching for a change or just curious about your options, this talk will give you the information you need so you can choose your own path.

Let’s talk about the elephant in the room—or rather, the AI in the network. It's causing more drama than the 2017 Tay bot on Twitter. Sorry, not sorry, I meant “X”. From GenAI hoodwinking finance firms out of $25 million, to the shocking revelation that 77% of companies found their AI sitting in the corner with a dunce cap, marked "breached" in the past year. This conversation isn’t about whether ChatGPT is a security issue; it’s the fact that securing AI holes are big enough to drive a bus through. Sideways. This talk is more than just a chance to poke fun at our collective cybersecurity misfortunes; it’s a call to action. Because if we can’t laugh at our impending digital doom, what can we do? (Hint: Fix it. We can actually fix it.)