SANS Online Training Special: Get an iPad Mini, Chromebook Flip, or $250 Off until 10/30! 

Pen Test HackFest 2019

Bethesda, MD | Mon, Nov 18 - Mon, Nov 25, 2019
Event starts in 26 Days

Pen Test HackFest Summit Agenda

November 18-19 | Bethesda, MD (DC Metro area)

Summit Attendees

Confirmed talks include:

Monday, November 18
9:00-9:15 am
Welcome & Opening Remarks
9:15-10:00 am

Raphael Mudge (@armitagehacker), Principal, Strategic Cyber LLC

10:05-10:40 am

Trials and Tribulations of Modern Malware Control

Jonathan Echavarria (@Und3rf10w), Offensive Security Engineer – Red Team, Facebook

Modern malware utilizes a myriad of methods to transport control information between the operator and the malware itself. This talk will cover a review of the landscape of modern malware control mechanisms, the use of redirections and exfiltration methods, identify key points of detection and fingerprinting of various methods, and discuss options for implementing your own control mechanisms.

10:40-11:10 am

Networking Break

11:15-11:50 am

What Every Pen Tester Needs to Know About ICS

Lesley Carhart (@hacks4pancakes), Principal Threat Analyst - Threat Operations Center, Dragos, Inc.

11:55 am - 12:30 pm

How to Train Your Dragon: Ghidra Basics

Jaime Geiger (@jgeigerm), Computer Attitude Counselor, GRIMM

What is Ghidra? Where is it going? How can it help you with your job? How is it impacting the reverse-engineering community and disassembler market? This presentation will answer these questions and more in 35 minutes or less!

12:30-1:30 pm Lunch
1:35-2:10 pm

Crazy Windows Privilege Escalation Tricks That Your Blue Team Hates

Jake Williams (@malwarejake), President, Rendition Infosec

In most enterprise environments, it’s increasingly uncommon to find users logged in with local admin privileges. But escalating to at least a local admin is critical for a number of operations. In this talk, we’ll demonstrate a number of tricks to elevate to local admin on Windows machines. We won’t be talking about unpatched vulnerabilities – Nessus can find that for you. Instead, we’ll focus on tricks that rely on misconfigurations commonly found in enterprise.

2:15-2:50 pm

Maniacal Keyboard

Kevin Tyers, @waronshrugs, Head of Infrastructure, iCTF, SANS Instructor

This talk will cover Human Interface Device (HID) attacks, focusing on keyboards. Fusing information security knowledge and mechanical keyboard enthusiasm, we will cover HID attack basics, devices, and defenses. The final portion of the presentation will cover building your own keyboard with a variety of HID attacks prebuilt and ready to deploy during an engagement.

2:50-3:15 pm Networking Break
3:20-3:55 pm

Break it ‘Til You Make it: How Explosions, Fires, and Talking Dolls Level Up Your Offensive Skills

4:00-6:00 pm

SANS Pen Test Hardware Hacking Village: Intro to Soldering

Tuesday, November 19
9:00-9:45 am

Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)

Sean Metcalf (@PyroTek3), Trimarc

Mark Morowczynski (@markmorow), Principal Program Manager, Microsoft

The allure of the "Cloud" is indisputable. Organizations are moving into the cloud at a rapid pace. Even companies that have said no to the Cloud in the past have started migrating services and resources. The Cloud is a new paradigm and the rapid update pace makes it difficult to keep up, especially when it comes to security. This presentation focuses on the Microsoft Cloud (Office 365 & Azure AD) and explores the most common attacks against the Cloud and describes effective defenses and mitigation. While the content is focused on the Microsoft Cloud, some of the attack and defense topics are applicable to other cloud providers and are noted where applicable.

9:50-10:25 am

Covert Channels & Command and Control Innovation

Rilke Petrosky Ulloa, (@xenomuta), Red Team Leader and Security Researcher, F2TC Cyber Security

Defensive technologies and innovation out-weights those of its offensive counterpart, increasingly draining red teamers out of options in every exercise, as the blue team achieves a higher maturity level by implement better and more tool-centric controls. Remaining stealth is becoming more of a challenge, forcing the red team to become innovative as one would expect from real threat actors. Broaden your perspective by attending this talk where we will present creative and unexpected techniques and procedures for practical red teaming that adapts to scenario-specific cases. In this talk we will cover the following topics that will help you better emulate an advanced adversary:

  • Shift into the mindset of sophisticated adversary.
  • Get inspired into unexplored options that hide in plain sight.
  • Thwart next-generation Antivirus and AI/ML-based EDRs solutions.
  • Learn inspiring and unexpected (ab)uses of already existing resources.
  • Dwell behind enemy lines undetected by achieving objectives while blending your operation with expected user behavior.
10:25-10:55 am Networking Break
11:00-11:35 am

Using Mobile Malware Tactics During Penetration Tests

Jeroen Beckers, NVISO

Techniques used by penetration testers are often used by malware and vice versa, either to get initial access to the target system, pivot inside the network or escalate privileges. Mobile devices also have their share of malware, but the techniques they use are rarely applied in actual penetration tests. In this talk, I will show you different kinds of Android malware, explain how they abuse the Android ecosystem and examine if these techniques can be used during penetration tests.

11:40-12:15 pm

Introduction to Modern Heap Exploitation for Penetration Testers

Huáscar Tejeda (@htejeda), Co-Founder and CEO, F2TC Cyber Security

Operating systems have considerably hardened stack memory corruption vectors to a point that finding stack vulnerabilities in modern software packages is very unlikely. Take your penetration testing engagements to the next level by harnessing the often unexplored advantages of heap exploitation. In this talk you will learn the following game-changing skills that will help you identify otherwise obscure attack vectors:

  • Understand high-level Linux dynamic memory allocation concepts.
  • Develop the intuition to identify exploitation opportunities in the way developers manage dynamic memory.
  • Pro-tips for setting a debugging/research lab.
  • Save time by evading rabbit-holes and complexities of studying heap exploitation.
  • Overview of different heap exploitation techniques.
  • Walkthrough real-life (ab)use cases.
12:15-1:15 pm Lunch
1:20-1:55 pm

The C2 Matrix: Comparing C2 Frameworks

Jorge Orchilles (@jorgeorchilles), Certified Instructor, SANS Institute

Come with me on a quest to compare and contrast C2 frameworks for Red Teaming and Threat-Led Penetration Testing. With so many options available, which one is the best choice for your current situation? I will present a C2 Comparison Matrix that will help you choose.

2:00-2:35 pm
Talk to be announced
2:35-3:00 pm Networking Break
3:05-3:40 pm

Discovering Vulnerabilities Using IDA Scripting

Stephen Sims, (@Steph3nSims), Fellow, The SANS Institute

In this talk, we will walk through several examples of scripting with Interactive Disassembler (IDA) to discover vulnerabilities. We most often think of discovering bugs through the process of fuzzing, but understanding the inner workings of a bug class can enable you to find new bugs through static analysis and scripting. Similarly, this is also a benefit to performing binary diffing. If you determine how a type of vulnerability is patched at the assembly level, you can use that knowledge to identify the same vulnerability at other locations within the code.

3:45-4:20 pm

Pen Testing ICS and Other Highly Restricted Environments

Don C. Weber (@cutaway), Principal Consultant, Founder, Cutaway Security, LLC, Instructor, SANS Institute

“Congratulations, you have been selected to conduct a penetration test of our industrial control system (ICS) environment. Please remember, you cannot scan anything, you cannot install anything, and you cannot break anything. Your point of contact, who will watch every move you make, will be...”

This is not a joke. More and more companies are requesting penetration tests of their ICS assets. But how can you conduct testing with these restrictions and provide actionable information to secure the customer's environments? This presentation will discuss how to scope and conduct this type of assessment. Attendees will walk away with the skills needed to safely evaluate critical networks and assets and make the customer's team comfortable about the assessment.

5:00-9:00 pm

HackFest Hits the Road

As always, we’ll whisk you away to an off-site destination for networking, a custom Counterhack Challenge, and, OF COURSE, JoMama’s cookies. Details are on a need-to-know-basis. Transportation and dinner will be provided
6:30-930 pm

Core NetWars

Prefer to skip the field trip and hunker down for CTF-style action instead? You’re in luck.

Core NetWars Tournament 6 is a computer and network security challenge designed to test a participant's experience and skills in a safe environment. It is accessible to a broad level of player skill ranges and is split into separate levels so that advanced players may quickly move through earlier levels to the level of their expertise.

Laptop Requirements: A laptop capable of running a VMware virtual machine, with a USB port and connecting to an Ethernet network is required.