BSides Bloomington 2024

Trace Labs Director Tom Hocker will be onsite giving a 4 hour  People OSINT workshop. Tom has volunteered with Trace Labs since 2019  and is currently a Senior Security Engineer on Kroger’s Threat  Operations team. This isn’t your typical workshop and will cover a wide  range of topics. Tom will be covering:  

• Introduction to OSINT: What it is and what it isn’t
• Ethical considerations in OSINT: How to investigate responsibly
• Getting Started: How to structure an investigation
• OPSEC in OSINT: Protecting yourself and others during an investigation. Did someone say Sock Puppets?!
• Techniques: Specific techniques you will use during a People focused investigation
• Case Studies: Going over real world investigations to demonstrate useful techniques as well as lessons learned

Add to Calendar

Vulnerability Management remains a challenging discipline for many organizations, primarily due to its inherent complexity. As technology evolves at an accelerating pace, new products and services are continuously introduced while legacy systems persist, often proving difficult to upgrade. Each day brings new vulnerabilities across these diverse technologies. In response, the industry has developed tools such as vulnerability scanners, CMDBs, CVEs, policies, patch schedules, and detailed vulnerability reports. However, IT professionals are inundated with a relentless stream of reports and tasks, exacerbating the complexity. This presentation addresses these challenges head-on, providing practical methods to streamline and simplify vulnerability management. By adopting these strategies, you can enhance the effectiveness and efficiency of your organization’s vulnerability management efforts, transforming a daunting task into a manageable, even rewarding, process. Join us to learn how to embrace the craze and turn complexity into clarity.

Add to Calendar

Our global team of DFIR professionals have been continuously tracking and responding to Akira ransomware incidents. This talk will explain how we see Akira threat actors penetrating corporate networks, the tools that are used once inside, and their tactics for performing data exfiltration. The end of the presentation will offer attack mitigation insights and information on preventive controls.

Add to Calendar

This talk explores the parallels between Electronic Warfare and cybersecurity, leveraging battlefield tactics to combat cyber threats. Whether you're a seasoned professional or new to the field, this presentation provides invaluable insights for staying ahead of evolving threats. Join us as we decode the complexities of modern cybersecurity and equip you with the tools and strategies needed to cut through the noise on the digital battlefield.

Add to Calendar

Following the NIST Risk Management Framework, we create a simple Incident Response Plan with elements for technical, leadership and legal critters. Our single goal is to create easily identifiable plans that you can take back to your organization and develop into a fully developed plan.

Add to Calendar

This talk will help you lead your own Incident Response Plan Tabletop Exercise for your friends. Think of it like Dungeons & Dragons with ransomware. The goal at the end will be to help you think of creative and engaging ways to lead your management, technical and legal teams through a mock exercise to assess their readiness.

Add to Calendar

In this talk, we will explore the critical importance of securing language models in today's AI-driven landscape. Attendees will learn about the potential risks and vulnerabilities associated with these powerful tools, as well as practical strategies and best practices for mitigating those risks and ensuring the secure deployment and management of language models in various applications.

Add to Calendar

In this talk you will hear about Tom’s journey from Computer Science dropout to grocery store manager to leading the leading the Threat Intelligence and Hunting teams for a fortune 25 company.

Add to Calendar

In 2022, Octavio Gianatiempo and Octavio Galland presented a talk at DEFCON - Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS. This talk is about Realtek’s SDK vulnerability, highlighting the poor state of firmware vulnerability in consumer products. The vulnerability claims to have effected at least 31 products across 19 different vendors. I revisited the idea of attacking SDKs, describing the process of applying the research on a similar but different product using the patched SDK. The research results in find a new 0day critical zero-click RCE vulnerability that can be exploited by a remote attacker, which is used as a case study for this talk. This talk documents the process of approaching a IoT device from a research perspective, understanding the boot loading process and extracting the firmware, and setting up the environment for analysis and exploit development. A detail analysis of the bug is then introduced. For educational purposes, a detail walkthrough on the construction of the exploit is included. (i.e. How ROP gadgets are found to fit the specific constraints of the system.) This research reaffirms the findings of the previous DEFCON presentation, highlighting the persistent and critical vulnerabilities within the IoT firmware space. Despite the potential impact of the previous CVE, the response from vendors has been limited. Only two vendors have actively responded to the patches—either by acknowledging the existence of the bug and implementing a fix, or by verifying that the vulnerability does not impact their products. This talk highlight the ongoing challenges in IoT security and the need for continuous research. These vulnerabilities indicate a huge area for security research and improvement. By documenting the research process, from initial exploration to exploit construction, this presentation aims to contribute to the broader understanding of IoT security. This talk also hope to serves as a starting point for researchers that seeks to look into IoT devices. Ultimately, this work emphasizes the critical need for better security practices within the IoT industry and highlights the role of researchers in uncovering and addressing these vulnerabilities.

Add to Calendar

• Network intrusion detection
• Network security monitoring
• Network detection capabilities

• Hands-on workshops
• Followed by a Capture the Flag

Add to Calendar

In the ever-expanding realm of cloud computing, understanding the vulnerabilities of widely used services is crucial for effective penetration testing. This talk will focus on finding and exploiting vulnerabilities in Microsoft Azure and Azure Active Directory (AD), now called Entra ID. We will start by understanding the architecture of Azure and Azure AD, providing a foundation for understanding where security issues come into play. From there, we will delve into common vulnerabilities and misconfigurations and discuss how to identify and exploit them. The core of this talk will be a series of real-world demonstrations of these vulnerabilities being exploited. These hands-on examples will provide attendees with a clear understanding of the potential risks and the power of Azure. This talk is intended for penetration testers, security professionals, and anyone interested in the darker side of cloud security. No knowledge of Azure or AD is required to attend this talk. Join me as we unmask the cloud and dive into the world of Azure penetration testing.

Add to Calendar

• Network intrusion detection
• Network security monitoring
• Network detection capabilities

• Hands-on workshops
• Followed by a Capture the Flag

Add to Calendar

Intelligence has always been an integral part of everyone's lives. It is quite the same when it comes to threat intelligence and cyber operations. We will distill this down to key aspects of intelligence used in cyber, how it should be segmented and then discuss the application of strategic, operational, and tactical uses. Let's take the 5 phases of Intelligence - Planning, Collection, Processing, Analysis, Dissemination. We will compare and contrast a manual process of adversary attribution analysis vs with the latest in Generative AI and applying it to the latest threats seen.

Add to Calendar

This presentation delves into the vulnerabilities and threats prevalent in clinical environments, focusing on the medical laboratory. It highlights common risks such as tailgating attacks, shoulder-surfing, and social engineering, all of which pose significant dangers to the security of healthcare data. Attendees will explore the flow of patient health information throughout the hospital system and understand how these threats can compromise sensitive data handling, emphasizing the importance of robust security measures in safeguarding patient information.

Add to Calendar

Explore the intersection between TableTop Role Playing games and Incident response. Additionally, this talk will focus on preparation over execution. 

Add to Calendar