It's the 8th CircleCityCon and we're here to bring you a #HappyLittleCon. We're sorry for predicting the Apocalypse last year, but we had to confirm our powers of prediction after CircleCityCon 6.0 Space Force!

Now that we have confirmation of our powers, we're putting them to good use and ushering in happiness, learning, and love. We believe anyone can hack. We want you to exeperience the Joy of Hacking through our many programs.

Add to Calendar

• Circle City Con Staff

  Happy Little Trees

  Circle City Con

Sponsors

Starting with an interview of our opening keynote Ray [REDACTED]

Add to Calendar

Upward Management is a skill that is learned. How you present your information to the executive team or your management chain can have a drastic effect on your success. This talk is geared to people who are new to management or have aspirations to go into management. The topics covered will be: Risk: Cyber risk is just another aspect of business risk. KPI's: Measuring and defining success specifically for Cyber Domain. Budgets: Basic overview of how they work and answers you need to have ready. Attendees will learn, a crash course, in cyber management 101. They will be able to articulate what constitutes a budget, how to align to corporate budget practices. How to tell stories through problem, solution, measurement, and success/failure. Finally how to best position themselves to management or upper management.

Add to Calendar

SSH tunneling is an extremely useful skill. It will help you get around firewalls, route traffic through a jump box, or access a web service provider from a foreign a IP address and you don't know how to use Tor. In this training we will go over forward, reverse and socks tunnels. Not only will the class cover single hop scenarios, but we will chain through multiple hops. This training is hands-on, so please bring a computer.

Add to Calendar

Two people who have been MSP SOC analysts for a few years giving insight on what they’ve experienced, learn, and grown from their experience. They will share three stories that these people consider important will be mentioned (with certain details being vague on purpose).

Add to Calendar

Did you notice a shift in your mental health and/or your colleagues? Burnout was at an all time last year due to the surreal 2020. As we approach 2021, we recognize how critical mental health plays when accomplishing goals and productivity output. This talk dives into the factors that lead to burnout among security professionals, the clear line between burnout and failure to retain cybersecurity talent, and how to invest in your team to make sure your team is able to thrive during stressful times.

Add to Calendar

Come for a chat with the Board of CircleCityCon. DrBearSec, Grap3Ap3, SteveD3, Alyssa Miller, and 0DDJ0BB will discuss CircleCityCon from its very inception, reminisce about favorite con moments, and talk about the future of the conference.

Add to Calendar

Phishing is a persistent nuisance at best and potentially catastrophic at worst. While technology isn’t able to prevent all of it 100% of the time, DMARC is an important layer of defense that helps to dramatically minimize the amount of phishing emails that get to inboxes. DMARC is also good for keeping domains off of email blacklists, which is added value for protecting brands and reputations. DMARC is complex, though, and has a lot of parts. So join us! We'll help you understand DMARC, its independent components, and friendly, step-by-step instructions for how you can bring this technology to more people who need it in a consistent and predictable way.

Add to Calendar

Even if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. We build tools that perform port scanning, brute-force attacks, crack password hashes, and XOR encryption. Python is among the top three programming languages in the world, for good reason: it's the easiest language to use for general purposes. This workshop is structured as a CTF, so each participant can proceed at their own pace. The techniques will be briefly demonstrated, and we will provide tips and help as needed to make sure everyone is able to solve at least some of the challenges. Participants need only a computer and a Web browser.

Add to Calendar

Threat Modeling is a great way to discover and remediate threats in your system before they are even created. It is commonly performed by security professionals, but threat modeling can be done by anyone. This hands-on workshop will cover the threat modeling workflow, common classes of vulnerabilities and hands on examples that will have you discover threats in different system.

Add to Calendar

Do you know exactly what's going on in your enterprise? If not, you can -- by deploying Security Onion, a free and open platform for threat hunting, enterprise security monitoring, and log management. With Security Onion, security professionals can leverage industry-standard tools to gather critical host telemetry, network traffic, and other data to paint a complete picture of the goings-on of their computer networks. In this presentation we'll cover what exactly Security Onion is, and how the platform can be leveraged to assist network defenders in better understanding their environment and detecting adversary actions within it.

Add to Calendar

Cloud means more services to monitor, a wider attack surface, and more tools, leading to blindspots. In fact, lack of visibility in a cloud environment is what contributed to the infamous Capital One AWS breach in 2019.

You’ll learn practical tips you can apply to your cloud security strategy to combat rising threats including:

• What log sources are most important to monitor to identify indicators of attacker techniques early and respond quickly to contain a breach

• Why misconfigurations occur, how they can lead to data breaches, and what you should do to detect them

• How cloud monitoring differs from monitoring on-premises environments like Microsoft Active Directory

• How to get the most value out of a SIEM so you can detect and prevent cloud threats  

Add to Calendar

• 

  Nato Riley

  Integrations Engineer

  Blumira

Sponsors

Do you want to create a course to drop some knowledge? Have you ever wanted to teach in a manner that might be considered “professional”? This talk will go into the trials and tribulations of creating something from nothing, to educate amazing people to do amazing things in InfoSec (or other fields), and all of the things you didn’t know you needed to know.

Add to Calendar

Threat modeling is an extremely valuable tool in the secure software development pipeline. Some studies suggest it has greater impact on security posture than other more widely practiced security activities. There are many different frameworks, models, and methodologies that have been developed in an attempt to make threat modeling easier. Yet, despite these efforts, popular approaches to threat modeling are often still considered too cumbersome, structured, or time consuming to fit into modern development cycles.
In 2020, a group of 15 security professional released the Threat Modeling Manifesto to formalize decades of combined experience into a declared vision of what threat modeling truly is and what makes it important. Learn from one of these authors about how to break with the complex models and return to the values and principles of what threat modeling should be. Discover how this often-over-looked activity can actually make development pipelines more efficient while improving overall security of software. Get real practical examples of how you can use the manifesto as a guide to define or tailor a methodology that fits your needs and avoid common pitfalls that often derail this critical activity.

Add to Calendar

Software defined networking proceeds from the assumption that networking devices are nothing more or less than programmable computers that happen to be tasked with a specific purpose. The logical extensions of this different way of thinking offer enormous benefits to the network operator if properly applied. Centralized configuration and management are obvious benefits, but far from the only ones. The SDN controller’s unique position in the networking stack gives it unparalleled visibility into activity on a network which can be utilized to monitor networks and react to events as they are occurring. Coprocessing can make these reactions appear to be a seamless part of normal network functioning. This talk will give a brief overview of software defined networking through the lens of the Faucet SDN controller followed by a deep dive into the Coprocessing technique and how it can be used to facilitate novel defensive and monitoring workflows.

Add to Calendar

Have you ever seen security researchers share amazing details about threat actor TTPs and infrastructure, and wondered how they got that information? Have you ever tried to build a home lab, but found you were priced out of buying enough computers or hosting enough virtual machines to make much of a realistic environment? Have you wished that you could share the cost of a really cool lab with others and inspire each other to try new and cool research projects? This training will not only show you how to build a distributed lab that you can share with your friends, but we’ll actually set one up together that can live on after the class is done, as long as people want to keep supporting it. On this lab, red teamers can test their exploitation skills in a real AD, blue teamers can develop new detections and test out threat hunting hypotheses, and both teams can learn from each other as they improve attacks and defenses. Important prerequisite: to participate in this class, you must have at least one computer, physical or virtual, with a valid Windows 10 Pro (or Windows 7 Pro) license that you can join to a domain and dedicate to a lab environment where active attacks take place. You may also have a Linux machine or VM with Metasploit free installed if you want to do the attacking (optional). You must also create a free account with Microsoft that you can use to log into portal.azure.com. There are no costs to go through the training, but if you want to continue using the lab long-term, you’ll be asked to contribute to a common pool of funds to pay for the costs to operate the servers and infrastructure (should be about $5-$10 a month per person). What you will learn: Wireguard VPN configuration, Joining an AD domain and creating fake resources, Setting up and configuring Sysmon, Shipping logs to Azure Sentinel, Threat Hunting with KQL queries, Writing custom alerts, Integrating alerts into Microsoft Teams, Building network detections with Suricata, Attack basics with Metasploit & PowerShell Empire, Basics of Threat Hunting

Add to Calendar

During the training we will apply the purple teaming approach to conduct an intelligence-based adversary simulation, focusing on technical aspects of it - from an intel report and malware analysis, through developing and conducting TTP-based emulation to remediating gaps by hardening configuration and fine-tuning monitoring alerts.

Add to Calendar

People performing contentiously and consistently is a lofty goal. Risk management gives us the process to follow. Controls frameworks gives us the standards to set and meet. Yet it is people who ultimately decide our security posture. In this presentation, we look at the psychology and behavior science of individuals making risk decisions and leaders affecting culture change. Attendees will leave with insights and pragmatic tactics for improving the human element in risk and compliance.

Add to Calendar

Do your projects discuss secure coding through all phases of the SDLC? Are your developers SUPER Secure? Do they have all the tools that they need to be SUPER? This talk will go over the Secure Coding Standards, Best Practices, and Checklists that your projects could use to help make your code and Team more secure. We will be discussing the use of Secure Coding in Agile team processes. Training and certifications that are available for secure coding will also be discussed.

Add to Calendar

The COVID-19 outbreak made 2020 an unprecedented year, bringing with it a slew of cybersecurity concerns. With the increase of COVID-19 cases crippling healthcare providers across the globe, tracking and containing the outbreak became a top priority. Countries scrambled to develop contact tracing applications and rushed their development, prioritizing application functionality over security. Driven by skepticism that rushed applications truly possess robust security controls, we were motivated to expose weaknesses present in contact tracing applications. Our talk will discuss the testing conducted on contact-tracing applications, including our discoveries. Then, we will run through the implications of rushed development, including its causes and effects. Finally, we will conclude with solutions that could mitigate and prevent security risks associated with accelerated application development.

Add to Calendar

As teams race to shore up application security issues in their enterprise, a web application firewall (WAF) can be an indispensable tool in the hands of a good engineer. A WAF can perform virtual patching, prevent vulnerabilities in your internally developed applications, slow down attackers, and prevent basic reconnaissance. Unfortunately, someone has to install them. Even more unfortunately, that someone was me. I will share how I built the system using the AWS WAF in Terraform along with some basics of what a WAF does, what some of the pitfalls are, how to troubleshoot your WAF during the rollout, and how to figure out if you’ve made a horrible mistake. This presentation is appropriate for attendees who have no experience with web application security or WAFs, attendees wishing to gain a better understanding of web application vulnerabilities, and those interested in the AWS WAF and WAF management.

Add to Calendar

Analyze packet captures to identify protocols, recover passwords and files, identify malicious traffic, and more. No previous experience with Wireshark is required.

Add to Calendar

SSH tunneling is an extremely useful skill. It will help you get around firewalls, route traffic through a jump box, or access a web service provider from a foreign a IP address and you don't know how to use Tor. In this training we will go over forward, reverse and socks tunnels. Not only will the class cover single hop scenarios, but we will chain through multiple hops. This training is hands-on, so please bring a computer.

Add to Calendar

Enabling better communications between geeks and management. As humans we have had 60,000 years to perfect communication, but those of us working in IT, regardless of which side (Blue or Red Team), still struggle with this challenge. We have done our best over the centuries to yell "FIRE!" in a manner befitting our surroundings, yet today we seem utterly incapable of providing that very basic communication capability inside organizations. This talk will endeavor to explain HOW we can yell "FIRE!" and other necessary things across the enterprise in a language both leadership, managers and end-users understand.

Add to Calendar

The events of 2020 and 2021 demonstrated the pervasiveness of structural racism, sexism, and anti-LGBTQ+ activity in the United States. This extends to Infosec. BIPOC and LGBTQ+ team members face significantly more issues in reporting in issues and having them addressed. This presentation will cover how Infosec teams can structure communications, incident response, and training to make a significant difference in engaging all customers.

Add to Calendar

We have a chat with Serena Marie (shenetworks on TikTok).

Add to Calendar

Threat Modeling is a great way to discover and remediate threats in your system before they are even created. It is commonly performed by security professionals, but threat modeling can be done by anyone. This hands-on workshop will cover the threat modeling workflow, common classes of vulnerabilities and hands on examples that will have you discover threats in different system.

Add to Calendar

Cyberattacks on critical infrastructure, like those on the Oldsmar water facility or the TRISIS/TRITON petrochem plant, are increasing in frequency. Attackers are actively exploiting the cultural divide between the engineers who design these facilities and the cybersecurity people who protect them. I set out to learn more about this by bringing our engineering and cybersecurity students together in a new shared-use Critical Infrastructure Laboratory at Rose-Hulman.

Add to Calendar

Now more than ever, there is a tool for pretty much any IT problem out there. Tools are great and solid investments, but there is more to the story. Lean and Six Sigma are methodologies that have saved companies billions of dollars through intentional root cause analysis and strategic process improvement. Inefficiencies cross all industries and cybersecurity is no exception. It’s time to talk process improvement methods and their importance before just throwing a stack of security tools at a problem.

Add to Calendar

Sponsors

At the end of season 5 of Silicon Valley, Gavin Belson called for internet companies to embrace #TETHICS. While he demands other companies to pledge support seemed honorable on the surface, the underlying calls to action were revealed to be quite weak. Embracing a strong Data Privacy framework can: A) increase the reputation of your organization B) increase efficacy of day-to-day operations C) reduce legal / regulatory risk associated with storing, processing, transmitting sensitive data. Join us as we discuss how the NIST Data Privacy Framework can be implemented in your organization.

Add to Calendar

Malicious tooling development is a problem which every serious red/purple team eventually encounters. To simulate real threats you need to bo beyond available open-source tools. To properly challenge the defenders you need to develop malware implants that won’t be easily detected by antivirus scan or analysed and understood by a glance at the source code or disassembly. During the workshop we will review both automated and manual defensive capabilities against malicious software. Then we will develop a malicious C2 implant / loader in C++ for Windows while combating the defences. After implementing each offensive technique we will take a look at the resulting binary from the defender's/analyst's perspective.

Add to Calendar

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff :) Attendants will be provided with training portal access to practice some attack vectors, including multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS. This includes: Lifetime access to a training VM, vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises. This workshop is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps: An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers, security issues in government-mandated apps with considerable media coverage such as Smart Sheriff, apps that report human right abuse where a security flaw could get somebody killed in the real world, and more. The workshop offers a thorough review of interesting security anti-patterns and how they could be abused, this is very valuable information for those intending to defend or find vulnerabilities in mobile apps. This workshop is for those who are intending to broaden their knowledge of mobile security with actionable information derived from real-world penetration testing of mobile apps. Please come caffeinated, the audience will be challenged to spot vulnerabilities at any moment :)

Add to Calendar

Web Shells have prominently featured in many of the major breaches in recent history. They serve as critical tools for the post-exploitation phases of many attacks, from pivoting and persistence to C&C and exfiltration. This training starts with the basics of web threat hunting, teaches what Web Shells are, and then provides hands-on instruction on some techniques to detect them. This is primarily aimed at defensive staff, though offensive security practitioners will learn what to try to evade. The course is modular by hour, so attend as much or as little as you need based on your existing knowledge. The content is also included in written form in the lab VM (and/or YouTube), so feel free to download it and work through it after the conference.

Add to Calendar

Explore the structure of Windows executable files and the operating system itself, to better understand programs, services, malware, and defenses. Projects include: cheating at games, building malicious DLL libraries, stealing passwords from the API, building a keylogger, and debugging a driver. Tools used include FLARE-VM, pestudio, API Monitor, Visual Studio, OllyDbg, IDA Pro, Ghidra, and WinDbg. No previous experience with programming is required.

Add to Calendar

Security strategy is marshaling people and resources toward a single goal. This session will cover three security programs built on resiliency: the financial services firm that made the case for business continuity and risk management, the software company where DevOps and SecOps made the case for resiliency, and the manufacturing firm that built a case for data resiliency. Learn to make the business case.

Add to Calendar

Hackers have been mislabeled and treated as criminals due to socially constructed beliefs that have been pushed out by the public. In return, we face prosecution when doing our job and trying to keep the world safe from attackers. Current legislation has destroyed many lives of hackers who did not exploit and stayed within scope. In return, 1 out of 4 hackers don't submit vulnerabilities due to the ongoing fear of prosecution. This talk dives into the socially constructed beliefs that the world has towards hackers and how increasing public awareness is needed to change their mindset to update out-of-date legislation.

Add to Calendar

Static analysis (SA) is one of the few techniques that provides a low-level examination of source code. When SA is combined with DevOps automation and traditional pentesting, it can offer valuable insights that help with implementation and remediation efforts. Ineffective use, however, overwhelms development teams with false positives and causes dysfunctional communications with security teams. This talk goes over several toolkits for static analysis based on language and tech stack. After that, we will talk about how to use automation to create workflows for developers and application security engineers. We will conclude with cultural transformations needed to make effective use of these tools and techniques.

Add to Calendar

Join Novafacing for a wrapup discussion of this years CTF.

Add to Calendar

In order to effect change, increase their budget, and hire more folks, a security team needs to increase their perceived value to an organization. That means explaining to executives what you do (in terms they’ll understand), end users why you’re here to help them (not out to get them) and developers how you can partner to deliver better products. Reports of vulnerabilities, risks, and threats are only useful if they are widely read, understood, and acted upon. Whether that happens is largely a reflection of how well their message is delivered. I’ll cover how to craft a story, develop a style, and understand your audience, in order to deliver effective reports. Attendees will leave with a process to write (and evaluate) clear, concise, and actionable reports for a wide range of stakeholders.

Add to Calendar

Description goes here

Add to Calendar

• Circle City Con Staff

  Happy Little Trees

  Circle City Con

Sponsors