Schedule

Mon-Thurs May 16-19 – Training

Fri-Sun May 20-22 Conference

 

Day 1
20 May 2016
Day 2
21 May 2016
Day 3
22 May 2016

Analyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools

DNS is the engine that makes the Internet work, converting recognizable names into IP addresses behind the scenes. Without DNS, the Internet as we know it would not exist. DNS...
Read More
Jim Nitterauer

Snake Charming: Fun With Compiled Python

This presentation will explore the current state of Python source code obfuscation and introduce some new techniques for obfuscation at the bytecode level. We will examine existing solutions for obfuscating...
Read More
Gabe K

Monitoring & Analysis 101: N00b to Ninja in 60 Minutes

Knowing how to perform basic monitoring and analysis can go a long way in helping infosec analysts do some foundation analysis to either crush the mundane or recognize when its...
Read More
Grecs

Art of Espionage

A continuation of the series that we have been doing for close to 10 years now. The freshly updated (as in this week) slide deck will present ole’ school basics,...
Read More
Ryan Jones
Luke McOmie

Check Yo Self Before You Wreck Yo Self: The New Wave Of Account Checkers And Underground Rewards Fraud

There’s a new wave of account checker gangs and a coinciding explosion in the underground market for goods involving hacked rewards accounts. Let’s dive into how these new account checker...
Read More
Benjamin Brown

Introducing the OWASP API Security Project

An ever-increasing number of applications have released public and private APIs, enabling awesome programmatic features to be released internally and to the world. Unfortunately, the ubiquity of APIs is a...
Read More
Leif Dreizler
David Shaw

It’s Just a Flesh Wound!

As more and more companies are breached via the web, security professionals continue to focus their attention on the critical and high severity vulnerabilities. While this approach would seem to...
Read More
Brett Gravois

Breaking Barriers: Adversarial Thinking for Defenders

Another day. Another breach. Do you stop to think when will it be your organization that makes the front page? What are you doing to protect against it? Do you...
Read More
Stacey Banks

Why can’t Police catch Cyber Criminals?

Estimated annual losses range from 445 Billion to 1 Trillion dollars a year from to cyber crime and cyber criminals,more than 1% of the GDP. In 2014, 17.6 million Americans...
Read More
Chip Thornsburg

Owning MS Outlook with PowerShell

Most companies, businesses, and organizations rely on Microsoft Outlook for managing email. This talk explores how Outlook can be leveraged for the benefit of red teams and penetration testers using...
Read More
Andrew Cole

Happy Hour with the BrownCoat Brass Band

Free drinks, good music, great people…

Keynote

David Kennedy

Calling Captain Ahab: Using Open Tools to Profile Whaling Campaigns

Its 5pm on a Friday, everyone is ready to go home for the weekend. An urgent email comes in from the CEO, requesting an immediate fund transfer of hundreds of...
Read More
Matt Bromiley

Haking the Next Generation

Kids are wired to learn. They are learning while they are playing so why not give them an environment where they can play while they are learning. A group of...
Read More
David Schwartzberg
12:00 - 13:00

INTERMISSION & LUNCH BREAK

Hacking Web Apps (v2)

Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, We’ll go over...
Read More
Tim Roberts
Brent White

Talk Roulette

Join us for Talk Roulette, sign up at the registration desk in advance and watch as people pull random topics out of a hat and then present on that topic...
Read More

Untrusted Onions: Is Tor Broken?

Tor is used by dissidents, journalists, whistleblowers, and shadier characters to access the Internet anonymously. Cases where people engaging in activity frowned upon by their government have been caught despite...
Read More

Nose Breathing 101: A Guide to Infosec Interviewing

The Information Security sector is a special place filled with special snowflakes. For a special snowflake, interviewing for a job can sometimes be a daunting or awkward task. There is...
Read More
Wartortell

I Promise I’m Legit: Winning with Words

Social engineering is quickly becoming more prevalent in the infosec industry. Users are becoming more educated about social engineering attempts, but they still fall victim to attacks. Why? Well, like...
Read More
Cyni Winegard

Evolving Your Office’s Security Culture by Selective Breeding of Ideas and Practices

Every work place has its own security culture defined by the values, traditions, beliefs, interactions, behaviors, and attitudes of the group. Many companies have appropriately stated security policies and standards...
Read More
Nancy Snoke

Going from Capture the Flag to Hacking the Enterprise. Making the switch from “a hobby and a passion” to a lifelong career.

As the hiring manager of a penetration testing company, I see a lot of resumes and speak with a lot of good people wanting to make the switch to Cyber...
Read More
Joseph Pierini

You Pass Butter: Next Level Security Monitoring Through Proactivity

Detecting advanced threats to your organization before you file that breach report requires innovative thinking, in-depth environmental knowledge and the implementation of proactive monitoring capabilities. Let’s have a discussion on...
Read More
cry0
s0ups

Now You See Me, Now You Don’t – Hiding from the Internet

Your first impression is your only impression. However, your first impression may already have been made. Many people leave behind bread crumbs of their personal life on social media, within...
Read More
Aamir Lakhani

Hackers are from Mars, CxO’s are from Jupiter

I spent nearly 20 years as a hacker, pen tester, and techie. By the end, I lead a large team of amazing hackers, been to management training and thought I...
Read More
Rob Havelt

Saturday Night Party!

Free drinks, music, awesomeness… with DualCore and special guests!!

Don’t be stupid with GitHub

You might be surprised (you shouldn’t be) that people are being stupid on the internet. The particular stupidity I will be talking about is the use of GitHub. People upload...
Read More
metacortex

Create Scalable and Secure Mobile Apps that Work Offline

With the advent of the digital transformation in today’s always-connected world, users expect to have a mobile experience that is immediate, pervasive, and aware. In this way, it is crucial...
Read More
William Hoang

DDoS: Barbarians at the Gate(way)

Attackers are always trying their best to breach your network to steal the secret sauce hidden inside. This session will delve into the attacker’s tool set and focus on the...
Read More
Dave Lewis

Hunting high-value targets in corporate networks

So you got into a network, but now what? You might be swimming in a corporate environment full of thousands of systems and users. If you’re in a goal-oriented penetration...
Read More
Patrick Fussell
Josh Stone