Hunting Evil Hashes and Processes using PowerShell will cove r how to identify file hash IOCs using PowerShell\, and how to automate thi s effort as well as identifying malicious processes on a host. Using PS Rem oting\, Blake will present an automation framework to find the hashes on yo ur Domain at scale\, with options to report\, remove\, or collect for Hunti ng or IR. Sample Code and Framework will shared on Github. Blake also has a fun hands on example for folks to follow along with during the talk and pr actice with afterwards.
DIY build and paint custom wood shelving was an idea that came to Blake when doing a house remodel project during quaran tine. Blake used a go-pro to film the process from sanding and cutting bare wood stock\, laying out the shelves on the wall before install\, assemblin g and installing the shelves\, and prepping and painting the shelves for a professional looking finish.
LAST-MODIFIED:20210320T201329Z LOCATION:https://www.pancakescon.org/track1 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 1 - Hunting Evil File Hashes and Processes using PowerShell A utomation & DIY How to Build and Paint Custom Wood Shelving (Blake Regan) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T161500Z DTEND:20210321T170000Z DTSTAMP:20210320T202631Z UID:7qi7pp3ifgjmca7vd9q3g5clro@google.com CREATED:20210320T160657Z DESCRIPTION:First part is on how a home lab can help folks progress their c areers and build confidence and knowledge. Talk will also share resources o n how to do it. Second part is on disconnecting from IT and enjoying life. My method is hobby farming with miniature horses\, miniature donkeys\, mini ature cows\, goats\, geese\, chickens\, rabbits\, and more. I’ll share cute pictures and talk about rural life and how it fits my life in IT. LAST-MODIFIED:20210320T160657Z LOCATION:https://www.pancakescon.org/track2 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 2 - Building a Home Lab and Hobby Farm (Justin Henderson) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T170000Z DTEND:20210321T174500Z DTSTAMP:20210320T202631Z UID:0gjs75055j6dq0kqhlikv718hv@google.com CREATED:20210320T160835Z DESCRIPTION:Transportation and food. Two things that everyone needs. Living in America leaves much to be desired in terms of public transportation\, s o we’ve become reliant on cars. We’ve also become accustomed to convenience and expect our cars to tell us where to go\, adjust our speed\, and even d rive for us. In the same vein\, we’ve become accustomed to convenient food. Drive-through\, delivery\, call head ordering\, and everything in between to make things easier for us. The downside of all this convenience is that it costs money to make things easier. As a pentester\, you have an inherent curiosity to poke and prod to see what makes things tick. What can you do to cars and food that’s cheap and (relatively) easy? LAST-MODIFIED:20210320T160835Z LOCATION:https://www.pancakescon.org/track1 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 1 - Hacking Cars and Crops on a Budget (Griffin Payne) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T170000Z DTEND:20210321T174500Z DTSTAMP:20210320T202631Z UID:61l9uj7rgrhib9hbpakclk1s8p@google.com CREATED:20210320T160933Z DESCRIPTION:<[ Reverse Engineering Unknown Protocols ]>\nThis talk is a cra sh course in analyzing unknown protocols (network or otherwise) with resour ces and tools you can play with right away. The goal will be to familiarize you with protocol concepts and help you develop an eye for identifying the important bits.\n \n<[ ASCII Art For Beginners ]>\nThis talk will introduc e the fundamentals of ASCII art and how to get started creating your own. W e will discuss tools\, techniques\, and design philosophy that will help yo u turn any text document into a work of art. LAST-MODIFIED:20210320T190827Z LOCATION:https://www.pancakescon.org/track2 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 2 - Reverse Engineering Unknown Protocols // ASCII Art For Be ginners (netspooky) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T174500Z DTEND:20210321T183000Z DTSTAMP:20210320T202631Z UID:7fjirec16q1msf71h223hrkpre@google.com CREATED:20210320T161407Z DESCRIPTION:Taking security and the kitchen to the next level! I’ll do an o verview of detection engineering with logging\, analysis\, and creating the threat. In the kitchen\, we’ll make the world’s greatest grilled cheese wh ich includes an intro to tempura. LAST-MODIFIED:20210320T161407Z LOCATION:https://www.pancakescon.org/track1 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 1 - Cybersecurity au Vin (Bryson Bort) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T174500Z DTEND:20210321T183000Z DTSTAMP:20210320T202631Z UID:5e3q6ccdg2pd82gphkrka368sq@google.com CREATED:20210320T161455Z DESCRIPTION:This talk will focus on the methodology used for conducting pen etration testing engagements (based on the PTES standard) followed by an in troduction to rock and ice climbing. LAST-MODIFIED:20210320T161455Z LOCATION:https://www.pancakescon.org/track2 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 2 - Because it’s there: Hacking and Climbing (Julien Richard) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T183000Z DTEND:20210321T191500Z DTSTAMP:20210320T202631Z UID:3eu8fu327q0cba0nfhgd2hj12p@google.com CREATED:20210320T162958Z DESCRIPTION:CET is the most exciting feature to be added to Intel processor s in a long time\, and after long years of trying to fight exploits using a rbitrary code execution vulnerabilities\, CET could lead to a new era of ex ploit mitigations and force attackers to rethink and redesign their techniq ues. In this talk I’ll explain what CET is\, why it is such a game-changer\ , how it is currently implemented on Windows and how developers and defende rs should use it to make their products safer and protect against attackers .\n\nIn the second part of the talk we’ll talk about baking and why it’s th e best nerdy hobby there is (as a lot of people learned during the sourdoug h phase of the pandemic). I’ll focus on basic butter cookies and show how t hey can be easy\, simple\, versatile and mathematical all at the same time. I’ll explain the math and science behind this simple pastry and show that with a bit of scientific knowledge you don’t even need a recipe to make ama zingly delicious and sugary pastries! LAST-MODIFIED:20210320T190927Z LOCATION:https://www.pancakescon.org/track1 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 1 - Intel CET and how to stop being scared of French baking ( Yarden Shafir) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T183000Z DTEND:20210321T191500Z DTSTAMP:20210320T202631Z UID:2c6p8j7aicrggkpaqleqi18gvg@google.com CREATED:20210320T163118Z DESCRIPTION:Cognitive security is the third layer of security beyond cyber and physical security. I’ll talk about how to secure against digital harms including disinformation\, how to do disinformation risk analysis\, run cou ntermeasures and mitigations\, and how to connect it with other information security work. I also happen to live in a mediaeval hunting forest with it s own (separate from the rest of the country) laws\, courts and processes. I’ll talk about the rights to roam your pigs on the acorns and pick up any wood you can carry (spoiler: it’s possible to carry a whole tree home)\, ab out living with ponies and cattle roaming freely in the neighbourhood\, and old forest management techniques like hedgelaying\, and coppicing\, with e xamples of what to do and not do from our woodlands\, and what it’s like to round a corner and find yourself in the middle of a stag rut. For bonuses will throw in learnings from setting up a country’s disinformation defences \, and what it’s like to live with 21 very stupid peace doves. LAST-MODIFIED:20210320T163118Z LOCATION:https://www.pancakescon.org/track2 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 2 - Cognitive Security and Living in a Medieval Forest System (bodaceacat) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T191500Z DTEND:20210321T200000Z DTSTAMP:20210320T202631Z UID:4cn2s8j6qcbmj2s1hvnoitnfo8@google.com CREATED:20210320T163328Z DESCRIPTION:I am a knitter\, I knit a lot\, I half the average age of my lo cal knitting circle\, but it is my passion. One of my favourite things to k nit are socks\, they are portable\, only need 1 needle\, you can use amazin gly soft yarn\, and You can zone out while you make them. Socks are perfect for meditative knitting! More than that\, socks you make yourself\, they a re lucky\, how do I know? Well I’m a bug bounty hunter\, I knit and I hack companies for money\, and the first time I found a bug? It happened when I was wearing hand knit socks and as I knit another pair.\n\nTo become a bug bounty hunter you need a few things\, one is a knowledge of how the web wor ks\, second you need to learn how the tools of the trade work and how to us e them\, next you need an idea of some of the more common vulnerabilities y ou can find and how to exploit them\, some methods to practice\, and finall y some lucky socks. In this talk I’ll go over the basics of how to get into bug bounty hunting\, what to look for and how to get started. Then I’ll te ach you how to knit your very own pair of socks\, guaranteeing you bugs! LAST-MODIFIED:20210320T190937Z LOCATION:https://www.pancakescon.org/track1 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 1 - Lucky Socks for Bug Bounties (Katie Paxton-Fear) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T191500Z DTEND:20210321T200000Z DTSTAMP:20210320T202631Z UID:790c1r8gg36i01a139sorjatoh@google.com CREATED:20210320T163438Z DESCRIPTION:See the full lifecycle of a phishing attack\, from researching the target\, setting up the phishing server\, mail server and social engine ering your way into the organization. Drawing cartoons with likeness is ver y challenging but very satisfying. LAST-MODIFIED:20210320T163438Z LOCATION:https://www.pancakescon.org/track2 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 2 - Phishing with Caricatures (Mishaal Khan) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T200000Z DTEND:20210321T204500Z DTSTAMP:20210320T202631Z UID:3amqt1abau419590j0i5si79ji@google.com CREATED:20210320T190103Z DESCRIPTION:Humans are collectors by nature. For whatever reason\, we feel the need to seek out and collect objects that would otherwise have no valu e. Some collect baseball cards\, others spend hours searching through coin s for specific old mints\, other people seek out rare stamps…\nI collect tw o things: breached credentials and bourbon. LAST-MODIFIED:20210320T190103Z LOCATION:https://www.pancakescon.org/track1 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 1 - Rare Collectables: Breached Credentials and Bourbon (Nick B) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T200000Z DTEND:20210321T204500Z DTSTAMP:20210320T202631Z UID:07i1u9j00sshvks46i8palc91o@google.com CREATED:20210320T190748Z DESCRIPTION:Part 1: In October 2017 I accepted a job at Equifax (1 month af ter their breach announcement). Soon thereafter it would be voted “the most hated company in the country”. So why did I do it? Simple. I wanted to wor k in Security ever since graduating college\, but never had the chance to m ake it a career. Joining a company in the middle of such an intense crisis provided a great opportunity to finally make the switch! I’ll discuss how t his approach can be a great path into Security. I’ve been able to take on r oles from AppSec engineer to DevSecOps\, Security Platforms Automater to Pe n Tester. Learning a LOT in the process. Orgs on the wrong end of a breach NEED Security. We can help! So run towards the fire! \n \nPart 2: On July 1 1th\, 2016 my 29 year old wife of two years suffered an Ischemic Stroke to the right portion of the Pons. I’ll use this time to…\n– Share my wife’s st ory and recovery\n– Build awareness of stroke in younger people\n– Teach th e B.E. F.A.S.T. stroke identification method. LAST-MODIFIED:20210320T190748Z LOCATION:https://www.pancakescon.org/track2 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 2 - Run Towards The Fire: Forging a Career from Crisis & Stro ke Awareness (Chris Traynor) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T204500Z DTEND:20210321T213000Z DTSTAMP:20210320T202631Z UID:4a2bo0hmss1q4p65icc04mfub5@google.com CREATED:20210320T191043Z DESCRIPTION:Part 1: Clear Threat Intelligence Communications\nThis section of the talk will describe tips for having clear and concise threat intellig ence communications\, including the different types of communication medium s (reports\, presentations\, etc)\, taking audience into consideration\, an d avoiding jargon. I am a threat intelligence analyst but started my career as a technical writer and want to use my experience to help other analysts .\n \nPart 2: Watercolor Painting\nThis section will describe the most basi c aspects of watercolor painting\, including supplies needed\, wet on dry a nd wet on wet techniques\, and combining watercolor with ink for more detai ls. I started watercolor painting during lockdown so I’m by no means an exp ert\, and will be sharing this as a relative newbie for other newbies as I feel it has become a very nice lockdown hobby. LAST-MODIFIED:20210320T191043Z LOCATION:https://www.pancakescon.org/track1 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 1 - Avoiding Murky Waters: Clear Threat Intelligence Communic ations and Watercolor Painting (Emily Hacker) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T204500Z DTEND:20210321T213000Z DTSTAMP:20210320T202631Z UID:7mcn3vlcsbp74t1200tmkkeef3@google.com CREATED:20210320T191135Z DESCRIPTION:GNU/Linux Tools for Blue Team:\nLearn how to use command line t ools and a free/cheap Linux server to do dozens of Blue Team tasks\, includ ing DFIR actions (reading fingerprinting file type\, getting hashes)\, acqu iring data (downloading threat feeds\, doing whois lookups\, making API cal ls)\, and manipulating the data you collect. Even the most experienced Linu x users should learn a new trick or two!\n \nModel Rocketry:\nLearn how man y adults who loved model rocketry in their scout or schoolkid days are retu rning to the hobby and supersizing their creations. You will learn how some technological advancements (like composite motors and parachute releases) can help you make bigger rockets and land them safely in a small field. LAST-MODIFIED:20210320T191135Z LOCATION:https://www.pancakescon.org/track2 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 2 - GNU/Linux Tools for Blue Team and Big-Kid Rockets (Ben Go erz) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T213000Z DTEND:20210321T221500Z DTSTAMP:20210320T202631Z UID:4bnom3r6vp6q381ljke2bb843m@google.com CREATED:20210320T191311Z DESCRIPTION:In this talk we’re going to deep dive in linux containers\, how they are implemented\, and what does they look like from a system point of view. The goal is to explain bit by bit all the different concepts and mec hanisms used to create a container\, syscalls\, cgroups\, namespaces\, …\nA dditional resources will be provided for curious participants wanting to ex periment and create containerized processes manually without docker.\n \nI discovered black and white film photography by dusting off my dad’s camera. It ended up being a cheap and fascinating way to get into photography. We’ ll cover the basics of b&w photography\, why it is so rewarding and what yo u need to get started taking photos and revealing them in your bathroom. LAST-MODIFIED:20210320T191311Z LOCATION:https://www.pancakescon.org/track1 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 1 - Containers Are Built on a Castle of Lies – B&W Analogue P hotography in Your Bathroom (hugo_shaka) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T213000Z DTEND:20210321T221500Z DTSTAMP:20210320T202631Z UID:2j2uim3i5vbho55emcu3en0ai8@google.com CREATED:20210320T191405Z DESCRIPTION:I will speak to the psychological analyst aspect of insider thr eat detection and how to use human behavior to tune alert events (MICE/RASC AL/STRIDE). The human factor of insider threat detection is the difference between DFIR and DFIT.\n \nSmall batch coffee: how to make a prime serving of espresso or americano with a 21st century french press. LAST-MODIFIED:20210320T191405Z LOCATION:https://www.pancakescon.org/track2 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 2 - It’s not Magic! Insider Threat Detection and the Perfect Cup of Coffee (Will Baggett) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T221500Z DTEND:20210321T230000Z DTSTAMP:20210320T202631Z UID:7ec3jhaoindtlluc8fd5qik9qv@google.com CREATED:20210320T191516Z DESCRIPTION:Vulnerability scanning is an automated process wherein a set of assets (potentially to be discovered by the same process) is mapped agains t a database of known vulnerabilities to produce a (hopefully prioritized) list of problems we might want to fix. We will look at common techniques\, tools\, typical outputs\, limitations\, and what else makes a good vuln man agement program.\n\nTrauma is a soul’s reaction to distressing events overw helming the person’s ability to integrate the emotions involved that *can* have long-term negative effects. Different psychological schools of thought have different concepts of what happens in a trauma and therefore differen t ideas what might help cope. We will have a look at the Gestalt therapy mo del of trauma and growth. LAST-MODIFIED:20210320T191516Z LOCATION:https://www.pancakescon.org/track1 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 1 - Vulnerability Analysis: Intro To Vulnerability Scanning a nd Trauma Therapy (David Fuhr) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T221500Z DTEND:20210321T230000Z DTSTAMP:20210320T202631Z UID:1p35jf9c2khc7si34ljs4u98gi@google.com CREATED:20210320T191753Z DESCRIPTION:Have you ever opened up your “Pictures” folder on your computer and noticed that your photos always show up as tiny previews of the full s ize images? Then\, have you gone into your “Downloads” folder and noticed t he files are displayed a list of files instead of little pictures? Because your computer remembers this information for you\, it can be recovered. Thi s recovery and reconstruction of previous activity on a device is what digi tal forensic (DFIR) examiners do for a job. Hear an introduction about iden tifying DFIR data followed by…\n\nDo you have access to a gym? Inspired by #DFIRFit #RedTeamFit #BlueTeamFit? Hear a story about how one cybersecurity professional learned to love the barbell and powerlifting enough to medal and win international championships. Whether you’re wondering how lifting w eights can help you improve your focus at the keyboard or just wondering wh at the sport of powerlifting is\, you’ll come away inspired to #GitFit LAST-MODIFIED:20210320T202609Z LOCATION:https://www.pancakescon.org/track2 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 2 - DFIR Data and World Championship Powerlifting (Lodrina Ch erne) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T230000Z DTEND:20210321T234500Z DTSTAMP:20210320T202631Z UID:6r13kcgs9le7jek3rlrntp02sr@google.com CREATED:20210320T191853Z DESCRIPTION:Machine Learning is a hot topic\, but can it actually increase your attack surface? We’ll discuss attacks against machine learning systems and the systems that serve machine learning models with an eye toward how to protect yourself and your environment.\n \nIn the second half of the tal k\, we’ll discuss another misunderstood topic: fabric choices. Although the author has more experience dressing men\, we’ll keep the topic as gender n eutral as possible and discuss fabrics in shirting and trousers – something we may want to keep in mind when we leave the t-shirts and sweatpants worl d but still want comfort! LAST-MODIFIED:20210320T191853Z LOCATION:https://www.pancakescon.org/track1 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 1 - Machine Learning Vulnerabilities and Fabric Choices (Eric k Galinkin) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T230000Z DTEND:20210321T234500Z DTSTAMP:20210320T202631Z UID:19u3medrtj8s1s63k5ngqghs60@google.com CREATED:20210320T191957Z DESCRIPTION:One of the best ways to discover malware hiding in your environ ment is to find the repeating network connections as it checks in to its C2 . I’ll show you how to do that with Sysmon logs or Defender for Endpoint. A fter all that analysis work\, you’ll probably be a hungry threat hunter. Wh at better way to celebrate a job well done than with fresh pizza made from scratch? I’ll share the recipe and techniques that my family used to make p izza dough and sauce every Friday! LAST-MODIFIED:20210320T191957Z LOCATION:https://www.pancakescon.org/track2 SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Track 2 - Hunting Malware Beacons and Making Pizza from Scratch (Ra ndy Pargman) TRANSP:OPAQUE END:VEVENT BEGIN:VEVENT DTSTART:20210321T234500Z DTEND:20210322T000000Z DTSTAMP:20210320T202631Z UID:670da4codm35n5f4usgavgq17c@google.com CREATED:20210320T192109Z DESCRIPTION:https://www.pancak escon.org/track1 LAST-MODIFIED:20210320T202625Z LOCATION: SEQUENCE:0 STATUS:CONFIRMED SUMMARY:CLOSING REMARKS / AWARDS (Lesley Carhart) TRANSP:OPAQUE END:VEVENT END:VCALENDAR