Explore the worlds best online cybersecurity training with OnDemand - view a Demo Today!

Rocky Mountain HackFest - CyberCast

Online, Virtual Event | Mon, Jun 1 - Mon, Jun 8, 2020

In response to the escalation of the COVID-19 outbreak, we've made the difficult decision to convert our SANS Rocky Mountain HackFest Summit & Training event into a virtual conference at this time.

Our Summit will be a two-day virtual conference.

The courses below will take place online, using virtual software to stream live instructors to all registered students during the scheduled classroom hours. This alternate training format will allow us to deliver the cybersecurity training you expect while keeping you, our staff, and our instructors as safe as possible.

Your registration for a CyberCast Cloud Security Training course includes: courseware shipped to you, live streaming instruction by a SANS instructor, four months of online access to course recordings, SME support, and course labs.

Rocky Mountain HackFest Summit Featured Talks

Using Capture-the-Flag Challenges to Massively Level-Up Your Cybersecurity Career…Plus a Bonus Sneak Peek View of the 2020 Holiday Hack Challenge

Ed Skoudis @edskoudis, Fellow, SANS Institute

Capture-the-Flag (CtF) events are a dynamic, fun, and challenging vehicle for developing hands-on skills. Yet, few people take full advantage of all the great career-boosting results they can get from participating in a CtF. In this keynote talk, Ed Skoudis will share specific strategies and tactics for leveraging CtFs to help you systematically take your career to the next level — building your skills, making yourself more valuable to your organization, andlanding that job assignment you’ve always longed for. Additionally, Ed will release the H2 Matrix, a new tool to help you identify and maximize all that you can gain from the CtFs that are best for you. Finally, Ed will provide an exclusive, behind-the-scenes sneak peek of the free SANS Holiday Hack Challenge, sharing unique insights and lessons learned this annual event that is the most popular CtF in the world.

Title and description to come

Lesley Carhart @hacks4pancakes, Principal Threat Analyst, Dragos

Pentest/Social Engineering Recon Using GitHub: An Analysis of All GitHub Users

Micah Hoffman @WebBreacher, SANS Institute

Within the world of penetration testing, social engineering, and open-source intelligence, many people focus solely on what data they can retrieve from a web browser when doing recon of targets. Others know the power and potential of using Application Programming Interfaces (APIs) to harvest huge amounts of data from platforms at incredible speeds. In 2019, for example, Micah Hoffman used thousands of API requests to github.com using the official GitHub API to retrieve over 38 million user profiles from their systems. This presentation will give you the opportunity to join Micah using a critical recon/OSINT eye to examine the user accounts, email addresses, biographies, user-supplied URLs, and other interesting bits that people put in their GitHub profiles. Then we’ll look at how we can use these data for better penetration testing and targeting.

Windows 10 Kernel Mitigations and Exploitation

Stephen Sims @Steph3nSims, Fellow, SANS Institute

In this talk we will take a quick dive into Windows 10 Kernel internals and Kernel exploit mitigations. Microsoft has done an incredible job reducing the attack surface of the Windows operating system and applying effective mitigations to prevent exploitation, with some of the latest mitigations focusing on control-flow enforcement technology. Exploitation is still possible under the right conditions;
however, generalized techniques are mostly mitigated. We will finish the presentation looking at some remaining exploit opportunities.

How You Can Use Your Offensive Skills to Help the Air Force

Lillian Warner, Captain, U.S. Air Force; Security Engineer, Cloud Products, KesselRun

Have you ever wondered how you could use your skills to help the military, but don’t know how? Do you think you can’t contribute because you are not a citizen, you lack of a degree, or you used recreational drugs in college? We have good news: There are still opportunities available to you! If you are a penetration tester, you can participate in HackthePentagon, HacktheAirForce and (soon-to-be-announced) HackKesselRun. If you are a small business owner with an innovative product, you can apply for Small Business Innovation Research funds through an upgraded AFWERX program process and get paid to partner with an Air Force unit to see if your product works for them. Academic teams can follow a similar path and use Small Business Technology Transfer funds to do business with the Air Force. Anyone with great ideas (experts, industry,academics) can solve AFWERX challenges or apply to attend one of the Air Force Cyberworx program’s in-person problem-solving events.For both opportunities, the Air Force lays out the challenges faced and asks for help leveraging new technology and best practices to solve those challenges. If you are a U.S. citizen and a developer, you can be hired as a government civilian employee at one of the Air Force’s software factories across the country, including KesselRun, Kobayashi Maru, PlatformOne, SkiCamp, Sonikube, and SpaceCamp.

Quickstart Guide to MITRE ATT&CK -The Do’s and Don’ts when using the Matrix

Adam Mashinchi, VP of Product Management, SCYTHE

Given the increasing awareness and use of the MITRE ATT&CK Matrix as a common language between Red Teams, Blue Teams,and executives, a growing number of organizations are utilizing the framework in inappropriate ways. This talk will provide the audience with a very fast yet very practical overview of ATT&CK, as well as how it is being utilized well and not so well in the industry. From periodic tables to minesweeper, and from CALDERA to Atomic Red Team, we will go over a list of the do’s and don’ts to get the most value from the ATT&CK matrix.

Automated Detection of SoftwareVulnerabilities Using Deep Learning

Nidhi Rastogi, Research Scientist, Rensselaer Polytechnic Institute

The automated detection of software vulnerabilities is a significant security research problem. However, existing solutions are subject to the level of expertise of people who manually define features and who often miss many vulnerabilities, incurring high false-negative rates. This presentation showcases the design and implementation of deep-learning-based vulnerability detection systems to relieve human experts from the tedious and subjective task of manually defining features, thus producing more effective vulnerability detection systems. The vulnerabilities that are detected are buffer errors and resource management errors in software. The technique used to detect vulnerabilities involves the use of code gadgets [1],which represent software programs and then transforms them into vectors. A code gadget is the number of lines of code that are semantically related to each other. The technique serves to help identify vulnerabilities in different software products. During this presentation, attendees will learn how deep-learning methods are more than just an improvement over traditional vulnerability detection systems. They will also understand end-to-end implementation and be able to replicate it at their workplace.

Anatomy of a Gopher: BinaryAnalysis of Go Binaries

Alex Useche, Senior Application Security Consultant, nVisium

Go is everywhere these days (because Go is awesome). It is now common to find Go binaries embedded in the Internet of Things,Edge computing devices, and web assembly applications. However,there are some important differences between C and Go binaries that penetration testers should be aware of when conducting binary analysis and reverse engineering of Go applications. In this talk, we will highlight those differences, identify what makes Go binaries unique, and recommend approaches to reverse Go applications with tools like Radare2 and Binary Ninja. These approaches will help penetration testers, as well as anyone interested in reverse engineering Go binaries, conduct a faster and more effective analysis of Go applications. You’ll learn ways to identify protections added by the Go compiler, how Go compiles loops, Goroutines, conditional statements, and other common functions, what makes the analysis of Go binaries different than C binaries, what to look for when obtaining Go binaries during penetration tests, and how to identify ways that Go binaries can and should be protected.

Notify Me When This Agenda Goes Live

To get a taste of the type of dynamic presentations and speakers you’ll see at Rocky Mountain HackFest Summit 2020, check out these talks from previous HackFest Summits:

The Top Ten Reasons It’s GREAT to Be a Pen Tester...and How You Can Fix that Problem - Ed Skoudis

Hatfields and McCoys: The Dev/Sec Relationship - Rachelle Saunders

Signal Safari: Investigating RF Controls with RTL-SDR - Katie Knowles

Introduction to Reverse Engineering for Penetration Testers - Stephen Sims

Privesc Playground - Jake Williams