Schedule

Friday
2019-11-15
_Main Hall_
Villages Room 212
Track #3 Rm 210-211
Track #2 Room 213-214
Track #1 Room 215
N00b Room 216
CTF Room 217
Saturday
2019-11-16
_Main Hall_
Villages Room 212
Track #3 Rm 210-211
Track #2 Room 213-214
Track #1 Room 215
N00b Room 216
CTF Room 217
Sunday
2019-11-17
_Main Hall_
Track #1 Room 215
N00b Room 216
CTF Room 217
_Main Hall_
Villages Room 212
Track #3 Rm 210-211
Track #2 Room 213-214
Track #1 Room 215
N00b Room 216
CTF Room 217
_Main Hall_
Villages Room 212
Track #3 Rm 210-211
Track #2 Room 213-214
Track #1 Room 215
N00b Room 216
CTF Room 217
_Main Hall_
Track #1 Room 215
N00b Room 216
CTF Room 217
Registration Opens image
08:00
Registration Opens
For an expedited check-in please bring registration confirmation email that contains the barcode, we can scan either a print out or your phone screen.
SecureWV / Hack3rCon Welcome image
09:0009:50
SecureWV / Hack3rCon Welcome
SecureWV / Hack3rCon Welcome image
Benny Karnes
Sr. Security Engineer at Live Nation Entertainment
Friday Keynote 1 image
10:0010:50
Friday Keynote 1
Friday Keynote 1 image
Josh Spence
State of WV, Chief Technology Officer
Friday Keynote 2 image
11:0011:50
Friday Keynote 2
Friday Keynote 2 image
Robert Krug
Senior Security Solution Architect
LUNCH – On Your Own image
12:0012:50
LUNCH – On Your Own
Concessions available from 11am to 2PM
“Threat hunting is more than good, it’s Grr…”great! Proactive threat hunting with open source tools including Grr. image
13:0013:50
“Threat hunting is more than good, it’s Grr…”great! Proactive threat hunting with open source tools including Grr.
How can we best respond to a potential security incident? By assuming the breach has already occurred. This talk is aimed at information technology and security professionals; with an added bonus for avoiding Grr hunts, if you happen to be doing offensive work. Listeners will be given a brief introduction to Grr and its setup and how tailored hunts can be performed, taking into consideration the threat landscape as it applies to your organization. In addition to performing effective hunts, time will also be spent on how a Grr based hunt may be subverted, providing an insight into possible offensive tactics or behaviors to be aware of when hunting evil.
“Threat hunting is more than good, it’s Grr…”great! Proactive threat hunting with open source tools including Grr. image
Christopher Atha
Resume Workshop image
13:0013:50
Resume Workshop
Resume Workshop image
Ruth Klinestiver
Account Manager at TEKsystems
Women In Tech – Panel image
13:0001:50
Women In Tech – Panel
Amanda Berlin, Emily Wall, Jimi DeBord, Stacy Cossin, Esther Yim, Lucy Kerner.
Python Class image
13:0014:50
Python Class
Dr Esawi
University of Charleston
Villages Open: image
13:0017:50
Villages Open:
  • Lock Pick
  • Hardware Hacking
Capture The Flag image
13:0017:50
Capture The Flag
User Session Recording image
14:0014:50
User Session Recording
The Session Recording project is an effort to design and implement an Open-Source solution for recording user sessions on Linux systems. Many companies need to have their systems used, or even managed by people they don’t entirely trust: contractors, outsourced support, peripheral IT staff, etc. It helps to know what these users or operators were doing on your systems, or even what they’re doing right now, so you can not only prevent repeated issues, but also stop an incident about to happen. Government, medical and certain other organizations can be required by law to collect recordings of user sessions. Financial organizations require tight tracking of what’s happening on their systems. Support desks also appreciate a way to look back at what exactly led to an issue, so they don’t need to talk through a user’s recollection of events. In this talk, Justin will present the concepts, implementation, and future plans for the RHEL/Fedora Session Recording project including: System-level recording component tlog WebUI Front end component cockpit-session recording Available features and functionality to administrators and security teams Demo of Recording and Playback Integration with other Red Hat projects: SSSD, Linux System Roles, Insights Links: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/recording_sessions/index https://github.com/Scribery/tlog https://github.com/Scribery/cockpit-session-recording
User Session Recording image
Justin Stephenson
Innocent Lives Foundation image
14:0014:50
Innocent Lives Foundation
Introduction to the Organization and Nature of the Crisis
Innocent Lives Foundation image
Shane McCombs
N00b CTF 101 image
14:0014:50
N00b CTF 101
N00b CTF 101 image
Benny Karnes
Sr. Security Engineer at Live Nation Entertainment
Resume Workshop image
15:0015:50
Resume Workshop
Resume Workshop image
Ruth Klinestiver
Account Manager at TEKsystems
Containerization for the Hybrid Cloud image
15:0015:50
Containerization for the Hybrid Cloud
The Cloud has drastically changed the computing landscape, but it comes with trade-offs both in design and security. While some sensitive workloads still need to be run on-premise, other applications can take advantage of the public infrastructure. This mix of public and private hardware and the need to keep information in sync between them has led to the hybrid cloud. In this talk, we will explore containers as a design solution for mixed workloads and security measures you can take to protect your data.
Containerization for the Hybrid Cloud image
Adam Vincent
Bash Scripting image
15:0017:50
Bash Scripting
Bash Scripting image
Lee Baird
Social Engineering in Non-Linear Warfare image
15:0015:50
Social Engineering in Non-Linear Warfare
This presentation explores the use of hacking, leaking, and trolling by Russia to influence the 2016 United States Presidential Elections. By using proxy hackers and Russian malware to break into the email of the Democratic National Committee and then giving that email to Wikileaks to publish on the Internet, the Russian government attempted to swing the election in the favor of their preferred candidate. The source of the malware used in the DNC hack was determined to be of Russian in nature and has been used on the battlefield in Ukraine, giving the Russians a strategic edge and resulting in heavy loses. Information Warfare and Cyber Warfare of this type is also known as Non-Linear Warfare. Such tactics will continue to be adapted by more adversaries in the future since it has been proven to be successful in both the manipulation of events and effective on the battlefield with very little investment in time or material.
Social Engineering in Non-Linear Warfare image
Bill Gardner
N00b CTF 101 image
16:0016:50
N00b CTF 101
N00b CTF 101 image
Benny Karnes
Sr. Security Engineer at Live Nation Entertainment
CISA Resources Available for Building Cyber Resilience image
16:0016:50
CISA Resources Available for Building Cyber Resilience
The cyber threat landscape is growing more complex and ever-evolving. When it comes to cyber attacks, it’s no longer a matter of if- or even when, but how frequent and whether operations will be impacted. Incorporating resilience practices can mitigate the impacts of cyber attacks and help to ensure operations can be maintained when disruptions occur. The Cybersecurity and Infrastructure Security Agency (CISA) is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating with industry to help protect and secure against the threats of tomorrow. This talk will provide a discussion on what it means to become operationally resilient to cyber attacks and the many no-cost cybersecurity product and services CISA can provide to state and local governments and private sector critical infrastructure in an effort to build a more resilience and cyber secure nation.
CISA Resources Available for Building Cyber Resilience image
Benjamin Gilbert
Hiring, getting hired, and career management for information security: Workforce Development Using the NICE Framework image
16:0016:50
Hiring, getting hired, and career management for information security: Workforce Development Using the NICE Framework
I want to live in a world with easy information security job placement. I want recognition that cybersecurity professionals influence the industry hiring and it’s in need of course-correct. The NIST SP800-181 NICE framework does NOT mention certifications, does not have the concept of SR. vs JR. vs. VP vs. CISSP, and does not require any years of experience. Yet, it lays out ways to better define [the] skills gaps, how to best fit people into InfoSec roles, and what you need to do change careers and land those roles. I want a NICE InfoSec workforce; let’s look at that together.
Hiring, getting hired, and career management for information security: Workforce Development Using the NICE Framework image
David Cybuck
Targeted Attacks: How to Recognize from a Defender’s POV image
17:0017:50
Targeted Attacks: How to Recognize from a Defender’s POV
Organizations have ethical and legal compliance obligations to secure information, as client demands around vendor risk management are becoming increasingly stringent. A new category of solutions called “managed detection and response” (MDR) is emerging to meet this need. This session shares best practices to understand how organizations can improve their information security posture through monitoring, meet client compliance and security requirements, and control the time and budget to get the job done with MDR solutions.
Targeted Attacks: How to Recognize from a Defender’s POV image
John Davies
Senior Presales Systems Engineer
Russia’s Campaign to Influence U.S. Elections image
17:0017:50
Russia’s Campaign to Influence U.S. Elections

Strategic, Operational, Tactical

Disinformation vs. Misinformation

1. Strategic
  • Who?
  • What?
  • Why?
2. Operational
  • How?
  • The new “Great Game”
  • Power of Social Media, Advanced Technologies
3. Tactical
  • Disinformation
  • Competing Rallies
  • Inciting Tension
  • Discourage Voters
  • Oppression of Voters
4. Reaction
  • Protect, Detect, Correct
Russia’s Campaign to Influence U.S. Elections image
Mac Warner
West Virginia Secretary of State
DINNER – On Your Own image
18:0018:50
DINNER – On Your Own
Capture The Flag image
19:0020:50
Capture The Flag
Registration Opens image
08:00
Registration Opens
For an expedited check-in please bring registration confirmation email that contains the barcode, we can scan either a print out or your phone screen.
Security D&D (Defense & Detection) Workshop image
09:0011:50
Security D&D (Defense & Detection) Workshop
Who says tabletop exercises can’t be fun? In this workshop, we will cover hands-on attacks, defenses, and detection, from beginning to end, D&D style. Oh, no!! You’ve rolled a 1, critical failure, and you’ve found out all of your backups are corrupt! You’ve rolled an 8, looks like the attacker didn’t get Domain Admin because you have properly separated your admin accounts, good job! A handful of the attacks we will run through include: gathering OSINT on our target, iterating through AD, capturing password hashes, and more. We will use these attacks to craft better defenses and mitigation while looking into what logs will be generated. At the end of this class, you will walk away with an incident response playbook that you can use as a template to create more in the future. Requirements: A laptop with a Kali VM.
Security D&D (Defense & Detection) Workshop image
Amanda Berlin
Sr. Security Architect at Blumira
Jeremy Mio
Villages Open: image
09:0017:50
Villages Open:
  • Lock Pick
  • Hardware Hacking
Cybersecurity Maturity Model – The Compliance Standard You’ve Always Wanted image
09:0009:50
Cybersecurity Maturity Model – The Compliance Standard You’ve Always Wanted
The industry has long struggled with the idea of compliance. Some issues with traditional compliance include whether it has value in providing real security, the appropriate sizing of security to organizational size, and how to demonstrate the strength of your security practices without some standard of measurement. The Cybersecurity Maturity Model seeks to address some of the traditional issues with compliance frameworks by providing a sliding scale of security measurement. This talk will talk about the potential benefits of CMMC to organizations seeking to address compliance needs who are not currently legally required to do so. Additionally, for those organizations required to adhere to CMMC (any agency doing business with the Federal government), the talk will provide guidelines for implementation and beginning the road to CMMC compliance. Finally, the talk will discuss the economic and strategic hurdles to businesses and regions who fail to prepare and plan for the upcoming requirements.
Cybersecurity Maturity Model – The Compliance Standard You’ve Always Wanted image
Lucas Truax
Security Engineer/Programmer | GRID | Team Leader | SANS Advisory Board
Capture The Flag image
09:0011:50
Capture The Flag
N00b CTF 101 image
09:0009:50
N00b CTF 101
N00b CTF 101 image
Benny Karnes
Sr. Security Engineer at Live Nation Entertainment
Red Hat – Hands-On Lab: image
09:0010:50
Red Hat – Hands-On Lab:
Linux Security Technologies & Creating customized security-policy content to automate security compliance. Lab participants must bring a laptop to the event with a SSH client and Web Browser (Firefox with plugins disabled recommended)
Red Hat – Hands-On Lab: image
Lucy Kerner
Security Global Technical Evangelist and Strategist at Red Hat
Red Hat – Hands-On Lab: image
Roy Williams
Linux Guy at Red Hat, RH
Closed for Business: Taking Down Darknet Markets image
10:0010:50
Closed for Business: Taking Down Darknet Markets
Closed for Business: Taking Down Darknet Markets image
John Shier
Senior Security Advisor at Sophos
Resume Workshop image
10:0011:50
Resume Workshop
Resume Workshop image
Ruth Klinestiver
Account Manager at TEKsystems
Election Officials as IT Managers image
11:0011:50
Election Officials as IT Managers
  • Elections eco-system overview
  • Connected and non-connected systems
  • Safeguards and vulnerabilities
  • Elections as Critical Infrastructure
  • Elections Infrastructure – ISAC
  • State, County, and Third Party roles and systems
  • Federal partnerships and resources
  • Cyber resiliency, baselines, system hardening initiatives
  • Tabletop exercises
  • Incident Reporting Protocols
  • WV State Fusion Center
  • WV National Guard
  • WVOT SOC
Election Officials as IT Managers image
David Tackett
Chief Information Officer at West Virginia Secretary of State
What We Do In The Shadows: “Going Dark” With Consumer Electronics image
11:0011:50
What We Do In The Shadows: “Going Dark” With Consumer Electronics
Every day we give more and more of ourselves to big companies like Google, Facebook, Apple, Amazon, Samsung, and many others. Every day more and more IoT devices enter our homes with cameras and microphones. And every day it is made easier for us to spy on one another with under the guise of parental controls. Can any of us reclaim our privacy? Yes, but it will not be handed back; it is something that we have to take. Use Tor, Use Signal is no longer enough and by implementing some of these tools and techniques in your daily life; you too can take back your privacy.
What We Do In The Shadows: “Going Dark” With Consumer Electronics image
Timothy Kusajtys
LUNCH – On Your Own image
12:0012:50
LUNCH – On Your Own
Concessions available from 11am to 2PM
Block chain and Crypto Currency image
13:0013:50
Block chain and Crypto Currency
Matthew Gonzalez
University of Charleston
N00b CTF 101 image
13:0013:50
N00b CTF 101
N00b CTF 101 image
Benny Karnes
Sr. Security Engineer at Live Nation Entertainment
Capture The Flag image
13:0017:50
Capture The Flag
Security D&D (Defense & Detection) Workshop image
13:0017:50
Security D&D (Defense & Detection) Workshop
Who says tabletop exercises can’t be fun? In this workshop, we will cover hands-on attacks, defenses, and detection, from beginning to end, D&D style. Oh, no!! You’ve rolled a 1, critical failure, and you’ve found out all of your backups are corrupt! You’ve rolled an 8, looks like the attacker didn’t get Domain Admin because you have properly separated your admin accounts, good job! A handful of the attacks we will run through include: gathering OSINT on our target, iterating through AD, capturing password hashes, and more. We will use these attacks to craft better defenses and mitigation while looking into what logs will be generated. At the end of this class, you will walk away with an incident response playbook that you can use as a template to create more in the future. Requirements: A laptop with a Kali VM.
Security D&D (Defense & Detection) Workshop image
Amanda Berlin
Sr. Security Architect at Blumira
Jeremy Mio
It’s Never DNS…. It Was DNS: How Adversaries Are Abusing Network Blind Spots image
13:0013:50
It’s Never DNS…. It Was DNS: How Adversaries Are Abusing Network Blind Spots
While DNS is one of the most commonly used network protocols in most corporate networks, many organizations don’t give it the same level of scrutiny as other network protocols present in their environments. Attackers have recognized this and have begun increasingly abusing DNS to establish command and control channels, exfiltrate sensitive information and bypass many of the common security controls in place to protect corporate networks. DNS has become increasingly attractive to both red teams and malicious attackers alike as a way to easily subvert otherwise solid security architectures. These techniques are no longer reserved for nation states and are now being actively leveraged by organized crimeware groups as well. This presentation will provide several technical breakdowns of real-world attacks that have been seen leveraging DNS for a variety of purposes such as DNSMessenger, DNSpionage, and more. We will also cover examples of the types of payloads being seen in the wild, how to hunt for these types of threats, and how organizations can equip themselves to better defend against these sorts of attacks.
It’s Never DNS…. It Was DNS: How Adversaries Are Abusing Network Blind Spots image
Edmund Brumaghin
Threat Researcher with Cisco Talos
It’s Never DNS…. It Was DNS: How Adversaries Are Abusing Network Blind Spots image
Earl Carter
Threat Researcher for Cisco Talos Security Intelligence and Research Group.
Tunnels: There and Back Again image
14:0017:50
Tunnels: There and Back Again
This class is a gentle introduction into traversing firewalls, NAT, and other network boundaries in reliable and safe ways.  We’ll explore the extreme versatility of SSH from port forwarding to SOCKS5 proxies, the widely deployed OpenVPN (both server and client), and new kid on the block Wireguard.  We’ll wrap up with an introduction to Zerotier and discuss automation opportunities.
Tunnels: There and Back Again image
Holden Fenner
Site Reliability Engineer