Loading…
This event has ended. Visit the official site or create your own event on Sched.
Mine for the best information security knowledge in the Black Hills of South Dakota!

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, October 24
 

3:00pm MDT

Retro Gaming Room
Want to get your hands on some old school games or comics?  WWHF will have a Retro Gaming Room set up filled with vintage games and comic books to re-live your childhood. Bring Your Own Fun Dip!
 
About: Heroes & Villains and Rushmore Coin were established in 2017 to boost a growing market both retro gaming, comic collecting, the investment in precious metals, and numismatics.  Our goal is to provide exceptional customer service and fair prices across all facets of our business.   

Wednesday October 24, 2018 3:00pm - 6:00pm MDT
1st Floor - Room 7

3:00pm MDT

Conference Registration Open
Wednesday October 24, 2018 3:00pm - 8:00pm MDT
Main Space

4:00pm MDT

Open Source Intelligence 101: Introduction to "MINING" Information to Create Customized Attacks
Speakers
AW

April Wright

April C. Wright is a hacker, writer, teacher, and community leader with over 25 years of breaking, making, fixing, and defending global critical communications and connections. She is an international speaker and trainer, educating others about personal privacy and information security... Read More →


Wednesday October 24, 2018 4:00pm - 4:50pm MDT
Track 1

4:00pm MDT

Red Teaming in the EDR age
Speakers
WB

William Burgess

Will Burgess is a security consultant with experience across both defensive and offensive cyber security. Will previously worked as a Threat Hunter within MWR's Countercept Division and specialised in detecting advanced malware across enterprises. As part of his role, Will researched... Read More →


Wednesday October 24, 2018 4:00pm - 4:50pm MDT
Track 2

4:00pm MDT

Escape Room
Wednesday October 24, 2018 4:00pm - 6:30pm MDT
3rd Floor

4:00pm MDT

Old Timey Photos - by Handlebar Photo Company
https://www.handlebarphoto.com/


Wednesday October 24, 2018 4:00pm - 8:00pm MDT
Main Space

5:00pm MDT

Intro to ELD Security
Speakers
avatar for Brian Fehrman

Brian Fehrman

Black Hills Information Security
Brian has been interested in security from the time his family obtained their first computer. He found a passion for programming by learning to code, from there he learned to apply this knowledge to interacting with the physical world through signal processing, robotics, computer... Read More →
avatar for David Fletcher

David Fletcher

Black Hills Information Security
David has extensive experience in a wide array of IT disciplines having worked in the industry for 25 years. His experience includes enterprise system administration, application and database development, network defense, and cyber research and development. He is a graduate of the... Read More →


Wednesday October 24, 2018 5:00pm - 5:50pm MDT
Track 1

5:00pm MDT

See Sharper
There has been an increase in .NET and specifically C# payloads to carry out adversary objectives.  There are many reasons for this.
This talk will describe the architecture  of the .NET CLR, how attackers are gaining execution via built in tools, and what defenders can do to increase their visibility and detection capabilities. We will provide examples from the fieldand actual intrusion attempts that leverage these techniques.

Speakers
avatar for Zac Brown

Zac Brown

Red Canary
Zac Brown is a Principal Software Engineer at Red Canary focused on Blue Team Detection & Engineering. Prior to working at Red Canary, he worked for Microsoft on the Windows team and later the Office 365 Security Team. Zac likes long walks on the beach, operating systems internals... Read More →
avatar for Joe Moles

Joe Moles

Red Canary
Joe leads a team of security analysts to help organizations defend their endpoints against threats. An IR and digital forensics specialist, Joe Moles has more than a decade of experience running security operations and e-discovery. Prior to joining Red Canary, Joe built and led security... Read More →


Wednesday October 24, 2018 5:00pm - 5:50pm MDT
Track 2

5:00pm MDT

Hands-On Hardware Hacking Labs
Returning for another year with more additions! Do you have what it takes to attempt the hardware hacks that we have in store for you during the hardware hacking challenge??? With our hardware hacking labs, you will get to try techniques utilized to hack “Internet of Things” devices. Labs will be set up to help identify potential ports of interest on printed circuit boards (PCB), learn how to connect and enumerate those ports, find interesting information within the integrated circuits (can you say passwords), and dump the firmware with tools already set up to help gather information from the device(s). We have taken the trials, tribulations, and frustrations of having to de-solder integrated circuits from the PCB, tear apart the casings to expose the secrets, fumble through soldering headers into the board and those really tiny resistors (ughh). With these labs, you have the opportunity to play with tools like the jtagulator, Shikra and Bus Pirate. If you are not familiar with those tools you will be after we get done with you. So, come get your hands dirty and enjoy the company of fellow hacktivists during the second annual Wild West Hackin’ Fest in Legendary Deadwood, South Dakota!!!!

Wednesday October 24, 2018 5:00pm - 8:00pm MDT
Main Space

6:00pm MDT

Welcome Party
Once you get registered come check out the labs and sponsors before our party! We’ll have a cash bar, snacks, hacker trivia and slide roulette.

Wednesday October 24, 2018 6:00pm - 8:00pm MDT
Main Space
 
Thursday, October 25
 

7:30am MDT

Conference Registration Open
Thursday October 25, 2018 7:30am - 6:00pm MDT
Main Space

8:00am MDT

Workshop - Offensive WMI Session 1 (Registration Required)
Offensive WMI Workshop (Session 1)WMI has recently been publicized for its offensive use cases. Attackers, and now red teams, are discovering how powerful WMI can be when used beyond its original intent. Even with the recent surge in WMI use, not everyone knows how to interact with it. This workshop intends to showcase how you can leverage WMI on assessments to do nearly anything you would want to do in a post-exploitation scenario. Want to read files, perform a directory listing, detect active user accounts, run commands (and receive their output), download/upload files, and do all of the above (plus more) remotely?
 
The goal for this workshop will be to enable students to walk away with an understanding of how WMI, a service installed and enabled by default since Windows 2000, is utilized by attackers, demystify interacting with the service locally and remotely, and give students the ability to leverage WMI in the same manner as attackers.
 
Bio: Christopher Truncer (@ChrisTruncer) is a co-founder and red team lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing tools, WMImplant, EyeWitness, and other open-source software. Chris began developing tools that are not only designed for the offensive community, but can enhance the defensive community’s ability to defend their network as well. 
This workshop is provided at no extra cost (Wild West Hackin’ Fest ticket is required), but is limited in participants. Be the first to know when registration opens by signing up for our emails!

Speakers
CT

Chris Truncer

FortyNorth Security
Christopher Truncer (@ChrisTruncer) is a co-founder and red team lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing tools, WMImplant, EyeWitness, and other... Read More →


Thursday October 25, 2018 8:00am - 9:45am MDT
Conference Room

8:00am MDT

Hands-On Hardware Hacking Labs
Returning for another year with more additions! Do you have what it takes to attempt the hardware hacks that we have in store for you during the hardware hacking challenge??? With our hardware hacking labs, you will get to try techniques utilized to hack “Internet of Things” devices. Labs will be set up to help identify potential ports of interest on printed circuit boards (PCB), learn how to connect and enumerate those ports, find interesting information within the integrated circuits (can you say passwords), and dump the firmware with tools already set up to help gather information from the device(s). We have taken the trials, tribulations, and frustrations of having to de-solder integrated circuits from the PCB, tear apart the casings to expose the secrets, fumble through soldering headers into the board and those really tiny resistors (ughh). With these labs, you have the opportunity to play with tools like the jtagulator, Shikra and Bus Pirate. If you are not familiar with those tools you will be after we get done with you. So, come get your hands dirty and enjoy the company of fellow hacktivists during the second annual Wild West Hackin’ Fest in Legendary Deadwood, South Dakota!!!!

Thursday October 25, 2018 8:00am - 8:30pm MDT
Main Space

8:00am MDT

Escape Room
Thursday October 25, 2018 8:00am - 8:30pm MDT
3rd Floor

8:30am MDT

Welcome to WWHF
Speakers
avatar for John Strand

John Strand

Black Hills Information Security
John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20... Read More →


Thursday October 25, 2018 8:30am - 8:45am MDT
Track 1

9:00am MDT

Keynote - The Top Ten Reasons It’s GREAT To Be a Pen Tester… And How You Can Help Fix that PROBLEM
Speakers
avatar for Ed Skoudis

Ed Skoudis

Counter Hack
Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line... Read More →


Thursday October 25, 2018 9:00am - 9:50am MDT
Track 1

10:00am MDT

AMSI: This is not the NextGen Detection and Prevention you are looking for
With all of the talk of telemetry, big data analytics, machine learning, and artificial intelligence, it should be getting harder for attackers to build customized tools in order to gain code execution on impacted systems. The truth is, we’re still living in the era of signature-based detection with little hope for the future that any of these technologies will get any better or mature to help automate responses towards attacks. This talk will dive into the AntiMalware Scan Interface (AMSI) as well as other alternatives in the “NextGen” series of preventative measures and show how trivial it is to write code that doesn’t get snagged.  The security market is focusing on open source data collection sources and security researchers as the main method to write signatures to detect attacks, much like what we saw in the 90s with traditional anti-virus tech. Not much has changed, let’s dive into the reality in security and how little these protective measures really do in the grand scheme of things. We’ll also be covering solid practices in defending against attacks, and what we should be focusing on.

Speakers
avatar for David Kennedy

David Kennedy

Trusted Sec
David Kennedy is the founder of TrustedSec, Binary Defense Systems, and DerbyCon.  TrustedSec and Binary Defense are focused on the betterment of the security industry from an offense and a defensive perspective.  David also serves as a board of director for the ISC2 organization... Read More →


Thursday October 25, 2018 10:00am - 10:50am MDT
Track 1

10:00am MDT

Take a Break
One thing that defines a lot of people in our industry is a constant thirst for knowledge and a fear of being disconnected and missing something, however, being online and connected 24/7 is not good for our health and sometimes we need to switch off and take a break.


Speakers
avatar for Robin Wood

Robin Wood

Hacker, coder, climber. Co-founder of UK conference SteelCon, freelance tester, author of many tools. Always trying to learn new things.


Thursday October 25, 2018 10:00am - 10:50am MDT
Track 2

10:00am MDT

Workshop - Offensive WMI Session 2 (Registration Required)
Offensive WMI Workshop (Session 2)WMI has recently been publicized for its offensive use cases. Attackers, and now red teams, are discovering how powerful WMI can be when used beyond its original intent. Even with the recent surge in WMI use, not everyone knows how to interact with it. This workshop intends to showcase how you can leverage WMI on assessments to do nearly anything you would want to do in a post-exploitation scenario. Want to read files, perform a directory listing, detect active user accounts, run commands (and receive their output), download/upload files, and do all of the above (plus more) remotely?
 
The goal for this workshop will be to enable students to walk away with an understanding of how WMI, a service installed and enabled by default since Windows 2000, is utilized by attackers, demystify interacting with the service locally and remotely, and give students the ability to leverage WMI in the same manner as attackers.
 
Bio: Christopher Truncer (@ChrisTruncer) is a co-founder and red team lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing tools, WMImplant, EyeWitness, and other open-source software. Chris began developing tools that are not only designed for the offensive community, but can enhance the defensive community’s ability to defend their network as well. 
This workshop is provided at no extra cost (Wild West Hackin’ Fest ticket is required), but is limited in participants. Be the first to know when registration opens by signing up for our emails! 

Speakers
CT

Chris Truncer

FortyNorth Security
Christopher Truncer (@ChrisTruncer) is a co-founder and red team lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing tools, WMImplant, EyeWitness, and other... Read More →


Thursday October 25, 2018 10:00am - 12:00pm MDT
Conference Room

10:00am MDT

Retro Gaming Room
Want to get your hands on some old school games or comics?  WWHF will have a Retro Gaming Room set up filled with vintage games and comic books to re-live your childhood. Bring Your Own Fun Dip!
 
About: Heroes & Villains and Rushmore Coin were established in 2017 to boost a growing market both retro gaming, comic collecting, the investment in precious metals, and numismatics.  Our goal is to provide exceptional customer service and fair prices across all facets of our business.   

Thursday October 25, 2018 10:00am - 6:00pm MDT
1st Floor - Room 7

11:00am MDT

Extracting Data from Slack: Hackers Will, You Should!
Is your Slack workspace full of sensitive data? Wouldn't you like to know the details? As an experienced red-teamer, the answer to these two questions are 'yes' and 'oh baby yes'. I will be releasing and demonstrating a PowerShell script that will extract all documents and files that an authorized user has access to.  It can also extract all user profiles. As an attacker, I can use the profiles to extract user names, email addresses, phone numbers and job titles to enhance my ability to Phish an organization or password spray login portals. I can also perfrom *offline* searches for sensitive data of all messages and files. Blue team, what will I find? Run this tool yourself to understand the impact of a breach. Can you detect this tool in use by reviewing the Slack Audit logs? Come to this presentation to find out!

Speakers
avatar for Tony Habeger

Tony Habeger

Walmart
Tony is an Incident Response Specialist with a passion for incident response and threat hunting. Tony has owned a business focused in HIPAA compliant networking, programming and customer service. He then went on to grow his career working in medical information systems, automation... Read More →
avatar for Carrie Roberts

Carrie Roberts

Sr Red Team Engineer, Walmart


Thursday October 25, 2018 11:00am - 11:50am MDT
Track 2

11:00am MDT

Hacking Dumberly
Speakers
avatar for Derek Banks

Derek Banks

Security Analyst, Black Hills Information Security
Derek has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the aerospace, defense, banking, manufacturing, and software development... Read More →
avatar for Tim Medin

Tim Medin

Red Siege
Tim Medin is the founder and Principal Consultant at Red Siege, a company focused to adversary emulation and penetration testing. Tim is also the SANS MSISE Program Director and a course author. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies. He gained information secu... Read More →


Thursday October 25, 2018 11:00am - 11:50am MDT
Track 1

12:30pm MDT

Workshop - Kali Linux Dojo (Registration Required)
Join Johhny Long for this special opportunity to strengthen your Kali skills and knowledge in a hands-on environment.
 
Bio: Johnny Long spent his career as a professional hacker. He is the author of numerous security books including No-Tech Hacking and Google Hacking for Penetration Testers and a contributor to Kali Linux Revealed. He is the founder of Hackers for Charity and currently works with the Offensive Security team. 
This workshop is provided at no extra cost (Wild West Hackin’ Fest  ticket is required), but is limited in participants. Be the first to know when registration opens by signing up for our emails! 

Speakers
avatar for Johnny Long

Johnny Long

Hackers for Charity
Johnny Long spent his career as a professional hacker. He is the author of numerous security books including No-Tech Hacking and Google Hacking for Penetration Testers. Johnny spent seven years living in Uganda, East Africa, where he focused on his work with Hackers for Charity (HFC... Read More →


Thursday October 25, 2018 12:30pm - 2:30pm MDT
Conference Room

1:00pm MDT

Android App Penetration Testing 101
Speakers
avatar for Derek Banks

Derek Banks

Security Analyst, Black Hills Information Security
Derek has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the aerospace, defense, banking, manufacturing, and software development... Read More →
avatar for Joff Thyer

Joff Thyer

Black Hills Information Security
Joff has over 20 years of experience in the IT industry as an enterprise network architect, network security defender, information security consultant, software developer and penetration tester. He has extensive experience covering intrusion prevention/detection systems, infrastructure... Read More →


Thursday October 25, 2018 1:00pm - 1:50pm MDT
Track 2

1:00pm MDT

Integrated Security Testing: Finding security vulnerabilities using your existing test framework
Speakers
MR

Morgan Roman

DocuSign
Morgan Roman works on the application security team at DocuSign. He started his career writing integration tests for web applications and APIs as a software development engineer in test. He is passionate about finding ways to automate security testing and make it part of the deployment... Read More →


Thursday October 25, 2018 1:00pm - 1:50pm MDT
Track 1

2:00pm MDT

Hack for Show, Report for Dough
"I'll hire a mediocre hacker who can *write* over an amazing exploit developer who can't."
The fun part of pentesting is the hacking. But the part that makes it a viable career is the report. You can develop the most amazing exploit for the most surprising vulnerability, but if you can't document it clearly for the people who need to fix it, then you're just having fun. Which is fine! But if you want to make a career out of it, your reports need to be as clear and useful as your hacks are awesome.

This talk shows simple techniques you can use to make your reports clear, useful, and brief. You'll see some before-and-after examples of a bad report made good, with clear explanations of what makes the difference. Those things will be useful no matter what tools you use to create reports. Then, if we have time, we'll look at some Microsoft Word hacks that will save you time and improve consistency.

Speakers
avatar for BB King

BB King

Black Hills Information Security
Brian’s IT career started with telephone technical support, transitioned to supporting software dev toolkits, and eventually to leading a team focused on testing internal applications during corporate mergers. In 2008, he moved to information security, where he developed application... Read More →


Thursday October 25, 2018 2:00pm - 2:50pm MDT
Track 1

2:00pm MDT

Using PowerUpSQL and goddi for Active Directory Information Gathering
Information gathering is an essential first step in penetration tests and red team engagements against an Active Directory (AD) environment. Tools like PowerView have been very popular in the past, but this talk will explore some alternative options. During this presentation, I’ll provide an overview of AD information gathering techniques that leverage functionality in PowerShell, Go, and SQL Server.  These alternatives offer flexibility that can help you avoid detection on Windows endpoints during penetration tests and red team engagements.
 
Additionally, examples of both PowerUpSQL and goddi will be shared to help you automate those unorthodox AD enumeration methods. This talk aims to familiarize pen testers, red teamers, and blue teamers with basic AD information gathering concepts and how they can be leveraged manually or through tools like PowerUpSQL and goddi.

Speakers
avatar for Thomas Elling

Thomas Elling

NetSPI
Thomas has a BS in computer science from Columbia University with a focus on software development and security. He has experience as an undergraduate researcher at the CU Network Security Lab. At NetSPI, Thomas primarily focuses on web application and network penetration testing... Read More →


Thursday October 25, 2018 2:00pm - 2:50pm MDT
Track 2

3:00pm MDT

Abusing misconfigurations for privilege escalation
Often you don't land in a penetration test with full admin rights. How can you fix that? In most networks it's easier than you might think. In this session, Jake will discuss and demonstrate various privilege escalation techniques that are possible primarily due to misconfigurations. Practically every network has one or more misconfigurations that let you easily escalate from random joe to total pro. We'll examine some common issues present in both Windows and Linux to you can level up for your next penetration test.

Speakers
avatar for Jake Williams

Jake Williams

When a complex cyber attack put a private equity investment of more than $700 million on hold, the stakes couldn't have been higher. But that's exactly the kind of challenge that motivates Jake Williams, a computer science and information security expert, U.S. Army veteran, certified... Read More →


Thursday October 25, 2018 3:00pm - 3:50pm MDT
Track 2

3:00pm MDT

Aggressive Autonomous Actions - Operating with Automation
Speakers
HL

Harley LeBeau

Mandiant
Harley LeBeau (@r3dQu1nn) is a security consultant at Mandiant where he has conducted red team engagements against multiple different fortune 500 companies. At Mandiant, Harley has written various Aggressor scripts for Cobalt Strike that help aide with automation for these engagements... Read More →
CT

Chris Truncer

FortyNorth Security
Christopher Truncer (@ChrisTruncer) is a co-founder and red team lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing tools, WMImplant, EyeWitness, and other... Read More →


Thursday October 25, 2018 3:00pm - 3:50pm MDT
Track 1

3:00pm MDT

Workshop - C# Hackathon (Registration Required)
The .NET framework is built in to every modern version of Windows. It is an amazing attack surface to explore. This will be a hands on workshop led by Joe Moles & Zac Brown. We will explore .NET / C# techniques for circumventing security controls.  Lots of time for questions and writing your own code.  This will be useful for both offense and defense. If you have never used C# or are an expert, this will be a fun way to learn and explore. We will cover Program Structure and Compilation, Shellcode Execution, Process Hollowing, PE Loaders and bypassing security controls.
 


Speakers
avatar for Zac Brown

Zac Brown

Red Canary
Zac Brown is a Principal Software Engineer at Red Canary focused on Blue Team Detection & Engineering. Prior to working at Red Canary, he worked for Microsoft on the Windows team and later the Office 365 Security Team. Zac likes long walks on the beach, operating systems internals... Read More →
avatar for Joe Moles

Joe Moles

Red Canary
Joe leads a team of security analysts to help organizations defend their endpoints against threats. An IR and digital forensics specialist, Joe Moles has more than a decade of experience running security operations and e-discovery. Prior to joining Red Canary, Joe built and led security... Read More →


Thursday October 25, 2018 3:00pm - 5:00pm MDT
Conference Room

4:00pm MDT

Automating creating disposible & secure Infrastructure for Red Teams
Speakers
avatar for Marcello Salvati

Marcello Salvati

Marcello Salvati (@byt3bl33d3r) is a consultant/red teamer/researcher by day and by night a tool developer who discovered a novel technique to turn tea, sushi and dank memes into somewhat functioning code. He is the author of CrackMapExec, DeathStar, MITMf and Gcat and has presented... Read More →


Thursday October 25, 2018 4:00pm - 4:50pm MDT
Track 1

4:00pm MDT

Passive dns -- how to run a collector, how to use the data
Speakers
avatar for Paul Vixie

Paul Vixie

Farsight Security
Dr. Paul Vixie used to be a programmer (cron, bind, rtty, ncap, dnscap) and has contributed to many dns-related RFC documents (1876, 1996, 2136, and so on). he founded and ran several companies (PAIX, MAPS, MIBH, ISC, Farsight) and was a technical executive at others (Abovenet/MFN... Read More →


Thursday October 25, 2018 4:00pm - 4:50pm MDT
Track 2

5:00pm MDT

Command and Conquer: Red Alert - C2 Tradecraft and Design Concepts
Speakers
avatar for Lee Kagan

Lee Kagan

RedBlack Security
Lee Kagan is an offensive security professional with nearly a decade in InfoSec. Penetration tester, red teamer and currently lead for RedBlack Security’s “Rogue Team” specializing in threat and adversary simulations. Lee is also the co-creator of C3X (Canadian Collegiate Cyber... Read More →


Thursday October 25, 2018 5:00pm - 5:50pm MDT
Track 1

5:00pm MDT

From SAHM to Info Sec Pro
Speakers
AW

Annah Waggoner

Annah Waggoner is currently a Security Analyst in Effingham, Illinois.  She won the NetWars tournament at SANS Rocky Mountain 2017 and attended the NetWars Tournament of Champions in December of 2017.  She qualified for and  attended the United States Cyber Camp in 2015 and 2016... Read More →


Thursday October 25, 2018 5:00pm - 5:50pm MDT
Track 2

6:00pm MDT

A Lock Picking Gun Fight Tournament
Jonathan Ham and Deviant Ollam introduce the basic structure of the most common physical locks, and a demonstration of the most common tools and techniques used to defeat them. Then, after some practice time with all necessary tools provided, a tournament will be held.
 
Several different models of Nerf(tm) Guns will be provided for gunslingers to choose from, each disabled with a commercial trigger lock. For each round of the tournament a duel will commence, players start back-to-back, then pace away towards a table with a small lock challenge. The cowboy or cowgirl able to most quickly unlock the challenge, load it Nerf Gun, and shoot his or her opponent “dead”, wins the round.
 
The last lockpicker/gunslinger standing will be awarded a very cool prize!

Speakers
avatar for Jonathan Ham

Jonathan Ham

jham corp
Jonathan is an independent consultant who specializes in large-scale enterprise security issues, from policy and procedure, through team selection and training, to implementing scalable prevention, detection, and response technologies and techniques. With a keen understanding of ROI... Read More →
avatar for Deviant Ollam

Deviant Ollam

The CORE Group
While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the Kingdom... Read More →


Thursday October 25, 2018 6:00pm - 7:00pm MDT
Main Space
 
Friday, October 26
 

6:30am MDT

9:00am MDT

Applying Automated Offensive Assessments
Speakers
AA

Andy Applebaum

MITRE
Andy Applebaum is a Lead Cyber Security Engineer at MITRE where he works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. Andy has contributed to MITRE’s ATT&CK framework and... Read More →
HF

Henry Foster

MITRE
Henry Foster is a Senior Cyber Security Engineer at MITRE where he works on applied cyber operations research projects focused on the MITRE ATT&CK framework and endpoint detection and response capabilities. These projects include ATT&CK, the CALDERA adversary emulation system, and... Read More →


Friday October 26, 2018 9:00am - 9:50am MDT
Track 2

9:00am MDT

What to expect when you are expecting...a penetration test.
Speakers
avatar for Suzanne Periera

Suzanne Periera

Director of Operations, InGuardians
Suzanne is the Director of Operations with InGuardians, but she is also a Project Manager extraordinaire holding her hard earned PMP certification. Suzanne’s experience includes over 10 years in Information Security, in that time working from the ground up through the ranks at InGuardians... Read More →
avatar for Larry Pesce

Larry Pesce

Senior Managing Consultant & Director of Research, InGuardians
Larry Pesce graduated with a Bachelor of Computer Information Systems in 2006, and has worked professionally as Senior Managing Security Analyst with InGuardians since 2013 and as the Director of Research since 2015. His history with hardware hacking began with the family TV when... Read More →


Friday October 26, 2018 9:00am - 9:50am MDT
Track 1

9:00am MDT

Campfire Stories - 15 minutes each
9:20am - Dakota Nelson & Derek Banks - You Can Run, But That’s Why You Can’t Hide: Analyzing Fitness App Data
9:40am - Justin Williams - PowerShell and Sysmon for Blue Team
10:00am - Jordan Drysdale & Kent Ickler - Somewhere Beyond the C....Level
10:20am - John Grigg - TradeCraft for N00bs - a refresher for everyone else!
10:40am - Emily Austin & Michael Haynes - The Ultimate Feedback Loop: Using data and pentesting to build a better security program
11:00am - Daniel Lowrie - Where’s my safe place? Building a lab to learn pen testing.
11:20am - Mike Saunders - Web App 101: Getting the lay of the land
11:40am - Jeff Man - What Are We Doing Here?
1:00pm - Ryan Wisniewski - From 0day to HeroDay - Surviving an Attack and Creating a Security Organization
1:20pm - Leo Loobeek - Protect Your Payloads With KeyServer
1:40pm - Ted Demopoulos - Infosec Rock Star: How to Accelerate Your Career Because Geek Will Only Get You So Far
2:00pm - Jordan Axtman - Network Security and Why We're Bad at It





Speakers
JA

Jordan Axtman

FRSecure
Jordan is a Network Security Analyst for FRSecure who holds a Security+ certification and is an active board member for North Dakota Infragard. He has been blue teaming for 8 years and red teaming for 3 years professionally. In his spare time, he built a home computer security lab... Read More →
avatar for Derek Banks

Derek Banks

Security Analyst, Black Hills Information Security
Derek has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the aerospace, defense, banking, manufacturing, and software development... Read More →
avatar for Ted Demopoulos

Ted Demopoulos

Ted Demopoulos’ professional background includes over 30 years of experience in Information Security and Business, including 25 years as an independent consultant. Ted helped start a successful information security company, was the CTO at a "textbook failure" of a software startup... Read More →
avatar for Jordan Drysdale

Jordan Drysdale

Black Hills Information Security
Jordan is one of Black Hills’ security analysts. He hails from the land of enterprise networking tech support, where stress was high and the challenges were strong. Most days, Jordan enjoys wireless research and malware sample packet data served with coffee.
JG

John Grigg

John Grigg has years of diverse experience within the Navy, the Intelligence Community, and in the corporate cyber security world with focuses on building and developing cyber defense systems, SIEM/IDS/IPS engineering, malware analysis, and cyber operations.
avatar for Kent Ickler

Kent Ickler

Black Hills Information Security
Kent is a business school Masters graduate with a focus on Network Infrastructure Design and Management. He has experience in Higher Education Management, Finance, and SMB.  His hobbies include woodworking, frisbee golf, and medieval architecture.
LL

Leo Loobeek

Protiviti
Leo Loobeek is a senior consultant with Protiviti performing offensive security operations ranging from textbook penetration tests to stealth and red team operations. With the majority in the offensive security space researching post-exploitation techniques, Leo finds his niche in... Read More →
DL

Daniel Lowrie

ITProTV
Daniel LowrieITProTV Edutainer - SecurityDaniel worked as a systems and network admin before moving into teaching. He was drawn to ITProTV because he himself is a visual learner and that’s key to ITProTV’s content. He holds certifications in A+, Network+, Linux+, CEH, and MCSA... Read More →
JM

Jeff Man

Respected Information Security expert, advisor, evangelist, and co-host on Paul’s Security Weekly. Over 35 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic... Read More →
DN

Dakota Nelson

BHIS
Dakota started attending information security conferences while still in high school, and has been hooked ever since. Trained as a software developer, he is particularly interested in developing novel tooling and automation to make red teams more effective. He enjoys creating and... Read More →
avatar for Mike Saunders

Mike Saunders

Red Siege
Mike's love of IT started in the third grade when he discovered he could view the code of BASIC programs on an Apple ][e.  He has held many IT and IT security positions, including developer, network and system administrator, security architect and security incident handler.  Currently... Read More →
JW

Justin Williams

Justin Williams is an Information Security professional focused on defense strategies with his current organization. During his career, he has worked in systems and server administration, .NET development, database management, and help desk operations. He spends his free time learning... Read More →
avatar for Ryan Wisniewski

Ryan Wisniewski

Ryan has helped multiple companies stabilize their infrastructure operations and launch security programs to ensure the systems stay running as expected.  He cut his teeth on the mainframe helping write the operating system and hold multiple patents with IBM.  He has recently helped... Read More →


Friday October 26, 2018 9:00am - 3:00pm MDT
Conference Room

9:00am MDT

Escape Room
Friday October 26, 2018 9:00am - 6:00pm MDT
3rd Floor

9:00am MDT

Hands-On Hardware Hacking Labs
Returning for another year with more additions! Do you have what it takes to attempt the hardware hacks that we have in store for you during the hardware hacking challenge??? With our hardware hacking labs, you will get to try techniques utilized to hack “Internet of Things” devices. Labs will be set up to help identify potential ports of interest on printed circuit boards (PCB), learn how to connect and enumerate those ports, find interesting information within the integrated circuits (can you say passwords), and dump the firmware with tools already set up to help gather information from the device(s). We have taken the trials, tribulations, and frustrations of having to de-solder integrated circuits from the PCB, tear apart the casings to expose the secrets, fumble through soldering headers into the board and those really tiny resistors (ughh). With these labs, you have the opportunity to play with tools like the jtagulator, Shikra and Bus Pirate. If you are not familiar with those tools you will be after we get done with you. So, come get your hands dirty and enjoy the company of fellow hacktivists during the second annual Wild West Hackin’ Fest in Legendary Deadwood, South Dakota!!!!

Friday October 26, 2018 9:00am - 7:00pm MDT
Main Space

10:00am MDT

All Your Cloud Are Belong To Us – Hunting Compromise in Azure
Speakers
NW

Nate Warfield

 Nate Warfield is a Senior Security Program Manager for the Microsoft Security Response Center. He spent nearly 20 years designing, building and troubleshooting enterprise & carrier-grade networks for Fortune 500 companies while simultaneously moonlighting as a Grey Hat. He learned... Read More →


Friday October 26, 2018 10:00am - 10:50am MDT
Track 2

10:00am MDT

Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft features
Speakers
avatar for Beau Bullock

Beau Bullock

Black Hills Information Security
Beau Bullock (dafthack) is a Penetration Tester at Black Hills Information Security where he performs various security assessments for organizations. Beau is a host of Tradecraft Security Weekly, Hacker Dialogues, and the CoinSec Podcast. He has spoken at industry events including... Read More →
avatar for Mike Felch

Mike Felch

Black Hills Information Security
Michael began his career in 1997 as a Linux Administrator which eventually led to numerous offensive security roles, software development and hardware/software security research. Michael is also a lead forensics instructor for TeelTech, an Officer for OWASP Orlando (Chief Breaker... Read More →


Friday October 26, 2018 10:00am - 10:50am MDT
Track 1

10:00am MDT

Retro Gaming Room
Friday October 26, 2018 10:00am - 5:00pm MDT
1st Floor - Room 7

11:00am MDT

Building a Small and Flexible Wireless Exfiltration Box with SDR
Speakers
PC

Paul Clark

Factoria Labs
Paul Clark is owner and chief engineer at Factoria Labs, an organization dedicated to the propagation of Software Defined Radio (SDR). He has experience ranging from chip design to firmware development to RF reverse engineering. He’s co-author of the Field Expedient SDR series... Read More →


Friday October 26, 2018 11:00am - 11:50am MDT
Track 2

11:00am MDT

Seriously, I Really Can Still See You
Speakers
avatar for Jonathan Ham

Jonathan Ham

jham corp
Jonathan is an independent consultant who specializes in large-scale enterprise security issues, from policy and procedure, through team selection and training, to implementing scalable prevention, detection, and response technologies and techniques. With a keen understanding of ROI... Read More →


Friday October 26, 2018 11:00am - 11:50am MDT
Track 1

12:15pm MDT

Carbon Black: Predictive Security Cloud
Carbon Black will be presenting a quick overview of the Predictive Security Cloud:

-        We will explore how Carbon Black’s PSC can stop attacks in a multitude of ways, from using basic file signatures to behavioral analytics.

-        See the unfiltered data collection of Carbon Black firsthand, and what makes Carbon Black unique when it comes to endpoint detection and response (EDR)

-        Machine learning is not enough – witness how Carbon Black uses Event Stream Processing (ESP) to stop attacks based on indicators of compromise (IOC’S), and how using ESP gives Carbon Black the ability to granularly customize prevention so that you can harden critical infrastructure, and you never have to sacrifice prevention for flexibility.


Friday October 26, 2018 12:15pm - 12:45pm MDT
Track 1

1:00pm MDT

Copying Keys from Photos, Molds, and More
Most folk are aware that it's not a good idea to hand a stranger your keys... some very security-conscious folk are even wary of letting potential attackers SEE your keys.  The risks of casting, molding, teleduplication, and quick decoding are real and such caution is merited.  However, how many of you have ever actually /performed/ an attack like this yourself?  Have you ever witnessed it live and in person?

During this talk, Deviant will cover the basics of key decoding and then perform a series of attacks live on stage (even assisted by audience volunteers, if they are brave enough) and all who attend will see how such attacks work, step-by-step.

Speakers
avatar for Deviant Ollam

Deviant Ollam

The CORE Group
While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the Kingdom... Read More →


Friday October 26, 2018 1:00pm - 1:50pm MDT
Track 1

1:00pm MDT

How I Challenged Myself to Learn Python and How You Can Too
Speakers
avatar for Omar Sharieff

Omar Sharieff

G2, Inc
Omar is a 20 year professional in the Information Security field and currently works in Cybersecurity for G2, Inc in the DC area.linkedin.com/in/omar-sharieff/


Friday October 26, 2018 1:00pm - 1:50pm MDT
Track 2

2:00pm MDT

Lexicon
Speakers
JM

John McCumber

(ISC)2
John McCumber is the Director of Cybersecurity Advocacy, North America, for (ISC)2.  In this newly established role, John represents (ISC)2’s 125,000+ members as their spokesperson for the profession of cybersecurity.  His duties require him to work with legislators on Capitol... Read More →


Friday October 26, 2018 2:00pm - 2:50pm MDT
Track 1

2:00pm MDT

OSCP, how easy to BoF, CTFs, more
Speakers
avatar for Tarah Wheeler

Tarah Wheeler

Born in a log cabin on the prairie to a ___ and an itinerant ___, Tarah Wheeler had a humble upbringing of fighting the status quo, sticking it to the man, and shooting prairie dogs because they’re good eatin’.  An emeritus member of the Order of the Orange Badge, Tarah has founded... Read More →


Friday October 26, 2018 2:00pm - 2:50pm MDT
Track 2

2:30pm MDT

The Tool Shed
Speakers
avatar for Marcello Salvati

Marcello Salvati

Marcello Salvati (@byt3bl33d3r) is a consultant/red teamer/researcher by day and by night a tool developer who discovered a novel technique to turn tea, sushi and dank memes into somewhat functioning code. He is the author of CrackMapExec, DeathStar, MITMf and Gcat and has presented... Read More →


Friday October 26, 2018 2:30pm - 4:30pm MDT
Conference Room

3:00pm MDT

Pacu: Attack and Post-Exploitation in AWS
Speakers
SG

Spencer Gietzen

Rhino Security Labs
With a background in software development, Spencer Gietzen is a penetration tester with Rhino Security Labs.  His primary focus as a penetration tester is security relating to Amazon Web Services post exploitation and configuration, where he has found success in discovering vulnerabilities... Read More →


Friday October 26, 2018 3:00pm - 3:50pm MDT
Track 1

3:00pm MDT

Prismatica | The Pentest Sidekick
Speakers
avatar for Matt Toussain

Matt Toussain

Black Hills Information Security
Matt is a teacher, writer, and hacker. He served as the Senior Cyber Tactics Development Lead for the U.S. Air Force. He is a guest instructor at UTSA and the SANS Institute as well as the author of SEC460. Matt is an avid supporter of cyber competitions including CCDC, Netwars, and... Read More →


Friday October 26, 2018 3:00pm - 3:50pm MDT
Track 2

4:00pm MDT

Hillbilly Storytime: Pentest Fails
Speakers
avatar for Adam Compton

Adam Compton

Trusted Sec
Adam Compton has been a programmer, researcher, professional pentester, father, husband, and farmer. Adam has over 18 years of programming, network security, incident response, security assessment, and penetration testing experience. Throughout Adam's career, he has worked for both... Read More →


Friday October 26, 2018 4:00pm - 4:50pm MDT
Track 2

4:00pm MDT

What Could It Hurt: How Framework and Library Dependence is Weakening our Development
When we look at the progress things like the OWASP Top 10 and other reports show we may begin to think the the fight to secure our systems and applications is well on its way to victory.  As we discuss topics like the latest and greatest technology stack and how it implements solutions for our security woes, are we sure we understand what we are being protected from and how it is doing that?

In this presentation, Kevin Johnson of Secure Ideas will discuss how security works, why we do the things we do and where platforms and libraries can be both good and bad.  This will be done through a series of real world examples directly from his testing and assessment of modern applications and the SDLC.

Attendees will be able to understand where it is important to understand fundamental security and technology topics and how to safely lean on the shoulders of others to improve everything.

Speakers
avatar for Kevin Johnson

Kevin Johnson

Secure Ideas
Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions... Read More →


Friday October 26, 2018 4:00pm - 4:50pm MDT
Track 1

4:45pm MDT

Chuckwagon Dinner
A special treat! A steak dinner cooked on an open fire. An alternative vegetarian meal will be available. This is included in the price of your ticket. Spouse dinner tickets are available as an add-on when purchasing your ticket.

Friday October 26, 2018 4:45pm - 7:00pm MDT
Main Space

5:00pm MDT

Closing Session
Speakers
avatar for John Strand

John Strand

Black Hills Information Security
John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20... Read More →


Friday October 26, 2018 5:00pm - 5:30pm MDT
Track 1
 

Twitter Feed