James Lloyd, CISSP, CEH, GPEN, GWAPT, Principal Information Security Analyst, BNYMellon

I have built and rebuilt many hacking lab setups throughout my career.  This talk will describe the best way to set up vulnerable systems and any caveats in certain builds.  I will discuss the benefits and negatives of using true Virtual Machines or Docker images.  The discussion will have a strong focus on web applications testing.  I will also share my experience in building injects for cyber exercise and how to  build/test those injects in a home lab while being mindful of the legal ramifications.

I have been working in Information Security for over 15 years.  I started working as a contractor for the Department of Defense and moved into a security administrator role.  I then joined the DISA Red Team/Penetration testing team where I was involved in countless application/network appliance and full network penetration tests.  I also coordinated the DISA cyber exercise from the Cyber Range in Quantico VA.  I then moved on to work for a startup in CA where I coordinated the DevSecOps movement at the company.  I automated security testing in the development process and helped security become a part of qa testing for the main application.  I am currently a Penetration Tester for BNYM.  I specialize in web application pen testing and full site application/infrastructure testing.

Presentation Video

Rae Baker, SRA Student, Penn State Cyber Security Analyst Intern, IACI

Rae will introduce Open Source Intelligence (OSINT) and discuss who uses it and why.  Then she will demo some basic OSINT situations to illustrate how to find information. Finally, she will discuss how to protect your own information from being found.

Rae Baker is a third-semester student at Pennsylvania State University studying Information Systems Technology with a focus on Cybersecurity. Rae specializes in Open Source Intelligence and currently works as a Cyber Security Analyst Intern with IACI at NASA-Kennedy Space Center. Rae is also the current President of the Penn State World Campus Technology club and is very active in organizing speaking engagements, networking, planning events, and presenting education to the club on current vulnerabilities and foreign and domestic threats. In addition, she is an Open Source Intelligence volunteer with Operation Safe Escape, which is a 501c3 non-profit comprised of security professionals tasked with keeping domestic violence victims hidden from their abusers.

Presentation Video

Stephen Schneiter, Program Manager, CompTIA

Just because you secure your network, it does not mean the network is secure. It is increasing more important that security teams test the security of the network. Join us as we look at the true power of the Red side!  In this session we will discuss the various issues today’s security teams face protecting data. We will discuss how cyber threats are changing and the different tactics that are used to access a network. Security teams have an abundance of frameworks to use in order to implement sound security practices and help counter the hacker lifecycle. The problem is that while checking off our security check boxes it is possible to overlook a viable security threat. Providing examples of security and breach practices we will show the importance of implement Red team tactics in pen testing the security on our network once the security practices are in place. We will highlight several tools security practitioners may choose to implement for Red and Blue team strategies and show how some may interchangeable. We will discuss how the security team is able to analyze the data from the pen test report and adjust the security implementation. It is possible to meet all of our security check boxes and actually have a secure network.

A lifetime technology enthusiast with a passion for helping others succeed, Stephen Schneiter has built his career at the crossroads of IT and education. After years of learning the tricks of the trade as a network administrator and security specialist, Schneiter pivoted into roles focused on guiding and developing IT instructors and emerging IT professionals. As the product manager for CompTIA Security+ and leader of the CompTIA Instructor Network, Schneiter leverages his extensive IT education background to help instructors from around the world create successful IT training programs. Schneiter holds bachelor’s and master’s degrees from the University of Tennessee and is CompTIA Security+ certified.

Presentation Video

Sean Smith, Senior Software Engineer

For large organizations, it can be hard to understand, let alone minimize your digital footprint. Whether it be mergers and acquisitions, spun up cloud environments, or any other assets forgotten/not properly decommissioned over the years, it can be a challenge to put together a comprehensive and accurate inventory. This talk will go over a number of publicly available datasets that one can use to view what everyone else on the internet can find out about your digital footprint and passively monitor for changes.

Sean is a security enthusiast, particularly focused on recon and drawing relationships between organizations from public data sets.

Presentation Video

Join us while we take an in-depth look at several real life case studies of penetration tests done against companies and dissect them to determine what could have been done at each stage to prevent the attacks from being successful.

Danny Mardis holds over a decade of experience within the cybersecurity industry. As a cybersecurity consultant, and owner of The Ironbear Group, Danny has built a career on his ability to attack any obstacle and provide an actionable solution. Danny’s work experience spans multiple vital industries and has contributed to his expertise and unique skillset. In addition to his cybersecurity work, Danny spends his time participating in the Games Done Quick Video Game Speedrun Charity Events to raise money for Cancer research.

In this presentation Nathalie will be deliberating the effect of machine learning technologies on cyber defense tools. She will begin the presentation comparing traditional cyber defense tools to machine learning tools, discussing how cyber security professionals can evaluate these tools and evaluating the role that machine learning tools will play in the future of cyber defense. Nathalie will present the good, the bad and the ugly about incorporating machine learning tools into an environment and will provide some insight about tuning various machine learning security tools. The presentation will conclude with a discussion about whether switching to a machine learning toolset is in the best interest of the cyber security field and how to best combat the ever-evolving cyber criminals utilizing machine learning tools.

Nathalie started her technical career in the U.S. Army as an Assistant System Administrator for the III Corps Office of the Staff Judge Advocate. Nathalie has taken on various technical roles over the past 9 years, including Technical Support, System Administration, Linux System Administration and now Security Administration.  Nathalie joined the Appalachia Technologies team as a Systems Engineer in 2018 and is currently a SOC Engineer.

Nathalie has an Associates of Specialized Technology degree from YTI Career Institute in Computer Technology and Internet Security and she is also CompTIA A+ certified as well as Cisco CCENT certified.

Justin Klein Keane, MCIT, Senior Manager, SOC, Security Risk Advisors

Ransomware is a particularly pernicious form of attack that’s becoming increasingly common. Ransomware affects organizations of all size and security maturity. Successfully weathering a ransomware attack is daunting, but not impossible. Preparing for ransomware is a vital exercise for any organization. Developing and exercising a response plan for outbreaks is also a critical component of recovering from attacks. This talk will briefly examine ransomware, cover preparation activities, and outline an action plan for response. The presentation will guide participants through a number of effective strategies for dealing with a ransomware outbreak that have been developed from practical experience. Justin Klein Keane leads the Cyber Security Operations Center for Security Risk Advisors and has participated in a number of ransomware response efforts for several clients across different verticals.

Trained as a software developer with a focus on application security, Justin holds a Masters degree from the University of Pennsylvania in Computers and Information Technology.  Justin can program in a dozen different languages and is fluent in all major operating systems.  Justin’s career has maintained a constant focus on software, development, and emerging technologies including cloud, DevOps, IoT, and embedded devices.

Justin has worked as a security engineer and architect, helping to bootstrap and scale security operations teams.  Justin focuses on the intersection of software and security practice, applying principles from Agile, Scrum, and automation, to the practice of information security.  Justin focuses on the problems of security at scale, including building effective security teams utilizing computer science and engineering to maximize effectiveness, provide consistency, and improve quality.

Prior to working for Security Risk Advisors Justin worked in health care and higher education as well as participating in a number of Open Source projects and initiative.  Justin has also worked as a trainer and adjunct professor.  Justin is a frequent presenter at regional and international security conferences.

Organizations are investing a significant amount of financial resources to strengthen their security posture to prevent cyber-attacks. Continuous monitoring and security operations is a proactive approach to enhance the capabilities of organizations to detect cyber threats. An efficient SOC leverages;  

• Processes that help standardize investigation methods, communications and collaboration;
• Technology that fosters collaboration while maintaining operational security; and
• People who require specialized skills and training that will be front line in dealing with a barrage of security data.

In this session, Deloitte’s cyber security specialist will discuss the people, process and technology ‘lessons learnt’ while operating a security operations center.

Stanley Hanke is a manager within Deloitte & Touche LLP’s Cyber Risk practice in the Fusion Managed Services division. Stanley holds several degrees in electrical engineering including a B.S. from Georgia Institute of Technology and a M.S. from University of South Florida. While at USF, he worked as a research assistant with the iWINLAB where he was helping to solve communications and security challenges with medical IOT devices by using FPGA systems to model and emulate hardware devices used to assist with in-vitro surgery. At Deloitte he has spent the past five years working within the Fusion MSSP offering, initially as a threat analyst, then as shift lead, and most recently solving security engineering problems for an array of private and public sector clients. Stanley holds several GIAC certifications, including GCIH, GCIA, GCFA and GNFA. He is also involved with the SANS Institute as a Mentor instructor.

Social Engineering is a weapon capable of delivering any number of payloads. We must learn how to wield it to change the culture of our organizations. We know how to patch computers, but patching users requires an educational approach. At this session, a new curricular paradigm will be presented modeled on the work of Carol Dweck and her work on “Growth Mindset.” This session is meant to be a conversation and conversation-starter. Participants will walk away with plenty of practical next-steps to educate and empower their coworkers.

Matt began teaching people how to securely use technology in 1999 as a weekly volunteer tutor at the library. Since then, he has led educational technology transformations in private schools, taught Coding in the Classroom, and developed multiple workshops, curriculums, and trainings for Security Awareness initiatives as a teacher, trainer, and consultant. Matt is a full-stack information security management professional and an ITIL Practitioner.

There are many security tools and techniques that can be used to ensure a secure application, each having its own costs and benefits.  As we look at application security through the lens of the business, how can we secure our applications in a cost-effective manner with as little of friction as possible?  How can security personnel and developers not just co-exist, but partner to achieve a common goal?  Controls implemented throughout the software development life cycle (SDLC) must be strategically assessed and implemented to account for a wide array of business and security objectives.

Nathan Starner is a Pennsylvania native, growing up on an apple orchard in South Central PA.  His love for IT took him away from the apple farm and into the server farm early in his career.  Today, Nate manages the application security governance team for Highmark Health, focusing on building secure apps and medical devices.

Abner Vargas is an IT Manager at HMHS with over 12 years of experience in the field. His area of focus is centered around Security, Performance/Load, and Parallel Testing. He is part of HU’s Pioneer graduating class of 2008 and ISEM masters degree graduate.

With constant technological innovation, it’s more difficult than ever to keep up with a rapidly evolving landscape of web technologies and the threats that come with them. The ability to deploy applications keeps improving in both scale and speed while security considerations are often overlooked in favor of meeting business demands quickly. While organizations have started to consider integrating security in the development lifecycle, it is imperative to adopt a ‘secure by design’ principle. It enables continuous identification and remediation of findings from early stages of development to post production monitoring and maintenance. In this session, Deloitte’s Cyber Vigilant Services specialist will discuss how organizations can improve the application security posture by tightly integrating security processes early on.

Rushabh Shah is manager in Deloitte’s Cyber Risk practice with seven years of cyber security experience in managing and delivering cyber threat, vulnerability & risk management enagagements for large public sector organizations. Rushabh has implemented process automation and integrated security processes within the existing application development process to enable a secure software developemnt lifecycle (SSDLC).

Rushabh has been involved in vulnerability management and penetration testing, developing and implementing security policies and controls, network security, regualtory risk assessments, social engineering assessments, and security awareness trainings. Rushabh holds a B.E. in Information Technology from Mumbai University and M.S. in Information Systems from Pace University, NY.

In this session we uncover the workings of the ping utility.  How exactly does it work?  We will dig into ICMP and create our own custom ping utility in Python and — out of respect for those techs going before us — in Perl.  We’ll watch the ICMP echo  traffic using Wireshark as our magical microscope.

Professor Frantz began writing computer software in 1974, as a teenager. Within a year, he was challenging a computer’s security at a local university. Gradually, he built a consulting business developing for and supporting dozens of business clients.

After completing college, he coded his way to working on Wall Street for some of the largest global investment banks in several countries. While in industry, he managed several, broader information-technology teams and development projects. His work experience spans computers from micros to mainframes, jobs from support to development, to management, and includes programming using scores of languages. He started developing for the Internet in 1992.

Dr. Frantz reoriented his professional career from industry to academics beginning in 2001 and has published numerous journal articles and book chapters since. Presently, he is Co-chief Editor of the journal Computational and Mathematical Organization Theory (CMOT). Over the past decade, he has taught technology- and business-related courses in universities in Europe and Asia, as well as the USA.

Dr. Frantz’s passionate desire is to mentor those students who oppose being slave to the technology and instead seek to become a master over that technology….nerds, geeks, or normal people, alike.

Both theory and hands on demos will be used throughout the presentation to provide real world examples of:

• Reconnaissance – What can adversary’s find out through both passive and active information gathering techniques.
• Weaponization – A hands on overview of the tools & techniques used to create weaponized payloads.
• Delivery – An overview of popular social engineering and phishing frameworks
• Exploitation – Attendees will follow along as we complete the diskless exploitation of a victim machine
• Installation – Overview of techniques used to install malware and bypass egress controls for C2 communication
• Command & Control – Popular C2 frameworks will be discussed and demonstrated
• Exfiltration – An overview of steganography and a demo of a DLP bypassing data exfil technique.

With 10+ years’ experience in Information Technology, Charles has held positions in the field such as Red Team Analyst, Security Systems Specialist, and Red Team Penetration Tester. Charles is a Certified Ethical Hacker, a Certified Information Systems Security Professional, and has extensive experience in offensive security techniques and defensive strategies. Charles is currently a professor at Drexel researching & teaching cyber and information security. His research has explored topics such as digital forensics, red team penetration testing, deep learning, IoT, and software defined radio. His graduate research thesis demonstrated the effects physical security systems can play in penetration testing and security assessments.

In this fast-paced interactive presentation/workshop Brandon will reveal everything a defender might want to know about Penetration Testing and then some. This presentation will start with an introduction to what really is a hacker? What is a penetration test? Why is it important for Blue Team members to understand these skillsets? What is a hacking methodology and why is it important? Then we will dive into various technical demo’s involving various tools including Metasploit, Burp Suite, Bloodhound, CrackMapExec, HashCat, and more! Participants will be able to follow along with many of the demos via your own virtual machines. We will conclude with additional attack vectors, and how blue teamers can use this knowledge to make their organization safer by hacking yourself first.

Brandon joined Appalachia in 2018 as a Cyber Security Practice Lead.  With prior experience in both private and public-sector IT consulting, Brandon has served in various roles in cyber security over the past 11 years specializing in ethical hacking, cyber security strategy, regulatory compliance, and cyber defense.

Brandon has taught cyber security classes for a world leading Cyber Security Bootcamp based out of Chicago and is active in the local Cyber Security community currently chairing the PAHackers Cyber Security group that meets monthly to discuss various issues facing the industry and holding various cyber security related workshops and events. Brandon has most recently presented at the Harrisburg University of Science and Technology 2018 Cybersecurity Summit, and the Security BSides Delaware and BSides Long island conferences.

Brandon has a Master’s degree in Cyber Security and Information Assurance from Western Governor’s University and a Bachelor’s of science from Central Penn College in Information Technology along with numerous security related certifications such as EC-Council’s Certified Ethical Hacker (CEH) and Certified Hacking Forensics Investigator (CHFI) certifications.

In this fast-paced interactive presentation/workshop Brandon will reveal everything a defender might want to know about Penetration Testing and then some. This presentation will start with an introduction to what really is a hacker? What is a penetration test? Why is it important for Blue Team members to understand these skillsets? What is a hacking methodology and why is it important? Then we will dive into various technical demo’s involving various tools including Metasploit, Burp Suite, Bloodhound, CrackMapExec, HashCat, and more! Participants will be able to follow along with many of the demos via your own virtual machines. We will conclude with additional attack vectors, and how blue teamers can use this knowledge to make their organization safer by hacking yourself first.

Brandon joined Appalachia in 2018 as a Cyber Security Practice Lead.  With prior experience in both private and public-sector IT consulting, Brandon has served in various roles in cyber security over the past 11 years specializing in ethical hacking, cyber security strategy, regulatory compliance, and cyber defense.

Brandon has taught cyber security classes for a world leading Cyber Security Bootcamp based out of Chicago and is active in the local Cyber Security community currently chairing the PAHackers Cyber Security group that meets monthly to discuss various issues facing the industry and holding various cyber security related workshops and events. Brandon has most recently presented at the Harrisburg University of Science and Technology 2018 Cybersecurity Summit, and the Security BSides Delaware and BSides Long island conferences.

Brandon has a Master’s degree in Cyber Security and Information Assurance from Western Governor’s University and a Bachelor’s of science from Central Penn College in Information Technology along with numerous security related certifications such as EC-Council’s Certified Ethical Hacker (CEH) and Certified Hacking Forensics Investigator (CHFI) certifications.