Events will take place during conference on November 19th, 2022 BUY TICKETS

Incident Response Techniques Workshop by Sam Bowne - Nov 19th 2PM - 6pm PST

How Big Data analytics can mitigate Web3's risk landscape by Jasmin Brunson - Nov 19th 1PM -2PM PST

NoQRTR CTF - Nov 19th 11am - 6pm PST 

Lockpicking Village - 11am - 6pm PST 

Incident Response Techniques Workshop by Sam Bowne - Nov 19th 2PM - 6pm PST. BUY TICKETS

Abstract: We will cover the whole incident response process, from threat intelligence to network and log monitoring, malware analysis, automated hunts and eradication.  Tools will include Mitre ATT&CK,
Splunk, Zeek, Velociraptor, Wireshark, Scapy, Sysmon, IDA Pro, WinDbg, and Ghidra.


Class structure: A live CTF scoreboard is running so participants can compete to solve challenges. The instructor will briefly explain the principles and demonstrate the attacks, but workshop participants will
spend most of their time performing hands-on projects. Complete instructions guide participants through beginning projects, and a series of challenges of escalating difficulty are presented to
encourage each participant to progress to their appropriate level of accomplishment. This way, novices can gain awareness of the tools, techniques, and results of each activity, and more advanced
participants can delve deeply into the details. Our goal is to make sure each participant learns useful, new things in their area of interest. We will have several instructors available to tutor
participants one-on-one as needed. We will cover these topics:

We will begin with a high-level view of attacks: Groups, Tactics and Techniques in the ATT&CK matrix, and attribution. We will use Caldera to simulate all the stages of an attack and test defenses.

Network Security Monitoring

We will cover centralized security monitoring in detail, using Splunk and Suricata to find and analyze attacks. We will use a pre-installed Splunk server with archived attack data to
find and analyze attacks including vulnerability scans, brute force attacks, ransomware, Web site defacement.

Then we will analyze network traffic with Wireshark, Virus Total, and Packet Total to find suspicious traffic, reconstruct the attacker's actions, and recover downloaded files. We will generate attack traffic
with Scapy and monitor traffic with simple Python scripts. We will practice using Zeek, the powerful network security monitor formerly called Bro. We'll practice writing simple code to customize
Zeek, using it to analyze captured traffic, and then install it on a cloud server and use it to detect live attacks.

Defending Windows
We will use many techniques to defend Windows systems, including detecting ransomware with Sysmon and Splunk, RAM analysis, detecting known malware with yara, and prefetch forensics.
We will use Velociraptor extensively for threat hunting on Windows systems, finding malware and persistence mechanisms, scanning for indicators of compromise, and capturing traffic remotely.

Analyzing Malware
We'll use many techniques to analyze the behavior of malware to find indicators of compromise and understand the harm it does. We'll use simple static analysis with strings, PE file analysis tools, and
packers. Then we'll perform dynamic analysis with debuggers, disassembly with IDA Pro, and decompiling with Ghidra.We will explore the structure of Windows executables in detail,
including using assembly code, exploring the import table, performing DLL injection and DLL proxying, and examining Windows API calls in userland and the kernel in detail.

We will examine the MBR and a simple bootkit.

Prior Knowledge and Equipment Requirements
Previous experience with C and assembly language is helpful but not required. Participants will need a laptop with a Web browser and two monitors. We will provide cloud servers for participants who don't
want to run the machines locally.

Supporting documents (Youtube, White papers, blogs, etc)

Author's biography

Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, Black Hat USA, HOPE,
BSidesSF, BSidesLV, RSA, and many other conferences and colleges. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies, on topics including
Incident Response and Secure Coding.

Formal education: B.S. and Ph.D. in Physics
Industry credentials:

Infosec: CISSP, Certified Ethical Hacker, Security+, Defcon Black Badge, Splunk Core Certified User Networking: Network+, Certified Fiber Optic Technician, HE IPv6 Sage,
CCENT, IPv6 Forum Silver & Gold, Juniper JN0-101, Wireshark WCNA Microsoft: MCP, MCDST, MCTS: Vista


Workshop - How Big Data analytics can mitigate Web3's risk landscape by Jasmin Brunson

The emphasis on the emergence of Big Data techniques such as linear regression, supervised learning, and artificial neural network applications within blockchain technology have been growing lately.

Transformers such as bi-LSTM, LSTM, GRU, and DenseNet have shown positive maturation in cryptocurrency price prediction experiments. Specifically, in this talk, we will explore more in-depth Big Data applications, beyond tracking cryptocurrency prices. 

From 2020-21, $12 billion dollars was lost in attacks affecting decentralized finance protocols, and over $1.5 billion dollars has been lost in general cryptocurrency attacks this year to date; the industry is in dire need of data-driven solutions to stop this carnage. We will explore the possibility of Big Data analytics mitigating the invigorating wonderland of hacks, exploits, and scams, otherwise categorized as "de-adversarial attacks", on Web3 products with decentralized frameworks.

I hold an A.S. in Computer Science and a B.S. in Information Science. I've worked as a data scientist for NASA and Maxar Technologies. So far I've participated in hackathons for my projects in Web3 security.


NOQRTRCTF - Saturday November 19th - 11am - 6pm PST

A hacking competition based on real life scenarios including state sponsor, APT tools, where players are faced with realistic scenarios and with the possibility of performing real target exploitation. BUY TICKETS


Lock picking Village - Saturday November 19th - 11am - 6pm PST

Come join and learn the art of picking locks and physical security.