RVAsec

Qasim Ijaz

• Video: RVAsec 2023: Qasim Ijaz – Feature or a Vulnerability? Tale of an Active Directory Pentest
• Slides: https://rvasec.com/slides/2023/Ijaz_Qasim-Feature-or-Vulnerability_rvasec_12.pdf
• Twitter: @hashtaginfosec

This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).

About Qasim – Qasim “”Q”” Ijaz is a Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the “”dry”” business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.

Andrew Skatoff

• Video: RVAsec 2023: Andrew Skatoff – Maturing your Threat Hunting Operations
• Slides: https://rvasec.com/slides/2023/Skatoff_Andrew-Maturing-Hunt-Ops.pdf
• Twitter: @dfir_tnt

This talk will present a roadmap for designing a mature threat hunting service. A maturity model will be shared, along with prerequisites and incremental steps along the way.

Having built the Threat Hunting service at the Federal Reserve, I will share our journey, recommend approaches and resources, and provide a path for listeners to follow to do the same.

About Andrew – Andrew has been securing and protecting critical infrastructure networks since 2002.

Raised by a Topgun Marine fighter pilot and a middle school special education teacher, Andrew was always driven to find meaningful work, solve interesting problems and help others do the same in an effort to make the world a better and safer place.

His love for computers started in college and after spending several years providing tech support in the energy and financial sectors, he achieved his MCSE certification. This led to his first information security job supporting a migration to active directory. Andrew then went on to champion, design and implement an automated compliance and vulnerability management program.

Andrew has been developing and leading incident response, malware analysis, threat hunting and digital forensics services for the past 18 years in critical infrastructure financial organizations.

He currently holds GREM, GCFA, GDAT, GNFA and CISSP certifications and serves as an Cybersecurity Senior Manager at a large financial organization.

Dwayne McDaniel

• Video: RVAsec 2023: Dwayne McDaniel – Who Goes There? Actively Detecting Intruders With Cyber Deception Tools
• Slides: https://rvasec.com/slides/2023/McDaniel_Dwayne-Who_Goes_There_Actively_Detecting_Intruders_With_Cyber_Deception_Tools.pdf
• Twitter: @mcdwayne

Ever wish you could set traps for intruders in your environment? While you can’t rig explosions or rolling boulders when someone attacks your servers, you can set up false credentials that trigger alarms you can act against. That is the whole idea behind honeytokens!

Come to this session to learn how honeytokens work

About Dwayne – Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.

Andrea Matwyshyn

• Video: RVAsec 2023: Andrea Matwyshyn – Cybernation: The FUD, Facts, and Future of Software Liability and Security
• Slides:
• Twitter: @amatwyshyn

When the 2023 National Cybersecurity Strategy called for “shifting liability to promote secure development practices,” the response from the security (and legal) community often overstated the novelty of the proposal. We have already been living with (various forms of) software liability for confidentiality, integrity, and availability failures for over two decades. This talk clarifies the legal landscape of both what already exists and the likely paths for the future. Cautioning against various security dystopias including Hannah Arendt’s “cybernation,” this talk offers suggestions on buildouts to existing threat modeling frameworks to explicitly consider factors used by courts and regulators to determine liability. These buildouts can better align the security team and in-house counsel in a joint defensive enterprise. But, two scaling issues will remain: the need for a technology regulator of last resort (a “TRoLR”) and a security community-driven model of professionalism.

About Andrea – Dr. Andrea Matwyshyn is a full professor in the law school and engineering school at Penn State, the Associate Dean of Innovation at Penn State Law, and the founding faculty director of both the Penn State PILOT Lab (Policy Innovation Lab of Tomorrow), an interdisciplinary technology policy lab, and the Manglona Lab for Gender and Economic Equity, a technology equity lab and clinic.

She has also worked in both the private and public sector, most recently in 2023 as a Senior Special Advisor on Information Security and Data Privacy to the U.S. Consumer Financial Protection Bureau’s Office of Enforcement and a Senior Special Advisor on Law, Technology, and the Digital Economy to the U.S. Federal Trade Commission’s Bureau of Consumer Protection. Her first hackercon talk was at BlackHat USA in 2003, and she has previously served as a specialty reviewer on the DEF CON CFP Review team.

Luke McOmie

• Video: RVAsec 2023: Luke McOmie – “”A programmatic approach to enterprise security”” OR “”How to not waste your security budget on sh!7 that doesn’t matter!””
• Slides: https://rvasec.com/slides/2023/McOmie_Luke-Programmatic_Approach_to_Enterprise_Security.pdf
• Twitter: @lmcomie

This fast paced, poking fun at ourselves presentation, tells a story through examples of how a majority of companies are fixated on old industry “”worst practices””. As we wander though the twisted road of things that we do THAT WE SHOULDN’T, the audenice will likely find themselves thinking differently about how the approach enterprise security programs, have a chance to laugh at how human we all are, and walk away with a new perspective.

About Luke – Mr. McOmie started in offensive security in 1994 and is a trusted advisor, security leader and mentor. With a career focus in offensive security and a strong technical background, he is recognized for his excellence in developing and executing enterprise security strategies and leading technical and tactical programs. He has founded and contributed to several industry leading organizations over his career including start ups, fortune 100 enterprises, and federal agencies. As an extrovert, he passionately supports the information security community, is a featured speaker at various conferences, a published author, and an industry liaison for many businesses and organizations.

Specialties: Security Leadership & Program Development, Security Service Practice & Team Direction, Red Teaming, Ethical Hacking, Penetration Testing, Social Engineering, Physical Security, Assessments, Incident Response, Compliance. By leveraging these talents and his experience, Mr. McOmie guides companies and executive leaders to understand the importance of, communicating the need for, and addressing the challenges that it takes to create and maintain a strong security posture.

Scott Small

• Video: RVAsec 2023: Scott Small – Adversary TTP Evolution & the Value of TTP Intelligence
• Slides: https://rvasec.com/slides/2023/Small_Scott-Adversary_TTP_Evolution.pdf
• Twitter: @IntelScott

Awareness of the benefits of behavior-focused defense is growing, and more intelligence around adversary tactics, techniques, and procedures (“”TTPs””) is available now than ever. However, as major adversaries increasingly modify their TTPs, teams struggle to track and manage the rising volume of TTP intel. We’ll review recent examples of adversary TTP evolution, including ransomware and commodity loader case studies, a summary of the TTP intelligence landscape, and guidance on effective intelligence collection, processing, and application for defenders.

About Scott – Scott Small is a security & intelligence practitioner and expert in cyber threat intelligence & threat modeling, open source research & investigations, and data analysis & automation. He currently serves as Director of Cyber Threat Intelligence at Tidal Cyber. Scott has advised enterprise and public sector security teams across maturity levels on technical and strategic applications of intelligence and on using technology to help identify and mitigate organizational risk. Throughout his career, he has briefed and trained large and small audiences and has presented original content at major security conferences, including DEFCON, FIRSTCON, MITRE ATT&CKcon, & BSides, and ISAC & other industry events.

Scott is an active member of the professional security & intelligence communities and a proponent of open-source information for upskilling and strengthening our collective security. In addition to contributing to community projects, he has published independent projects that aggregate and streamline publicly accessible security resources, as well as his own original tools & resources.

Dan Han

• Video: RVAsec 2023: Dan Han – Beyond the pandemic: How the pandemic shaped organizations and their security architecture
• Slides: https://rvasec.com/slides/2023/Han_Dan-Beyond_The_Pandemic.pdf
• Twitter: @sensubeans

How did the pandemic affect your organization and how it operates? Does you current security model still work with your organization? This talk explores how an organization transformed its security architecture throughout and after the pandemic.

About Dan – Dan is the Chief Information Security Officer for VCU. He has over 20 years of experience working in IT and information security.

Amelia Szczuchniak

• Video: RVAsec 2023: Amelia Szczuchniak – Why You Can’t Call the Police
• Slides: https://rvasec.com/slides/2023/Szczuchniak_Amelia-Why_You_Cant_Call_The_Police.pdf

Let me tell you a story about what it’s like as a lawfirm’s investigator to try to get justice for someone after they’ve been robbed online. The problem starts with finding the perpetrator. We will walk through the process of investigating crypto hot wallets and NFTs while we collect electronic evidence with proper chain of custody to prove a theft occurred. Then I’ll show you how we need to dox and hack our way through the web of forums and social networks to uncover an anonymous suspect. Again, keeping proper, court-admissable evidence. I’ll introduce you to the AI tools and automation we built to capture and search huge volumes of discussions and videos the moment they appear in many of the popular social networks and forums. Finally, I’ll end the tale with who we found and how we sent the police to their home to get justice. But it’s not a happy ending.

About Amelia – Amelia is a security analyst working for ISECOM. From the beginning of her path in the cybersecurity industry, she’s been working with and learning from acknowledged professionals. This gave her a strong foundation and a set of skills that she intends to greatly expand. On a daily basis, she works with electronic evidence, collecting and analyzing it while maintaining the chain of custody. She conducts cyber investigations. She is also a cybersecurity trainer for the military and the Hacker Highschool project.

Kate Collins

• Video: RVAsec 2023: Kate Collins – This is the Way: A New Leadership Creed for Info-Sec professionals
• Slides: https://rvasec.com/slides/2023/Collins_Kate-This_is_the_Way.pdf

With fun and powerful examples from Disney’s The Mandalorian, InfoSec professionals will explore the new and different leadership skills required after the immense changes in the past few years. Global events including the pandemic, inflation, supply chain problems, digital transformation, and political turmoil, have caused new pressures, new threats, and changes moving faster than an N1-starfighter in hyperspace!

Explore the latest research and trends in leadership, discuss the impacts on the InfoSec industry, and refresh your leadership creed. People leaders, technical experts and InfoSec professionals at all levels will be challenged to assess their current leadership strengths and discover new ways to stretch and develop skills to meet the intense demands in Cyber leadership today and beyond. This is the Way!

About Kate – Kate Collins has over 28 years of leadership experience from front-line supervisor to CHRO, is a PCC executive coach, HR consultant, and leadership development expert. For the last 10 years, Kate has served as a leadership coach to Cyber, IT, Healthcare, Government, Academic, Insurance, Retail, and Finance professionals and has created custom leadership development programs for clients including a cyber-specific program Guidepoint Security. Other coaching client organizations include: Snowflake Inc., Guidepoint Security, DoD, Navy Federal Credit Union, Inova Health, Children’s National Hospital, StubHub, UFCW, and eOffices, Inc.
Additionally, Kate partners with a neuroscientist to support Healthcare and Cyber organizations in recovering from and preventing burnout. Kate travels nationally, and lives in Richmond, Virginia with her husband (a Cyber-professional), daughter, and 4 (yes, 4) dogs.

Colin Estep

• Video: RVAsec 2023: Colin Estep – Insiders packing their bags with your data
• Slides: https://rvasec.com/slides/2023/Estep_Colin-Insider-Threats_rvasec_12.pdf
• Twitter: @colinestep

What if your organization could discover which of your employees are exfiltrating data prior to leaving? We analyzed the behavior of more than 3 million users, and will present the insights found for employees preparing to leave, the nature and quantity of the data they target, and the services they use.

About Colin – Colin Estep is currently a threat researcher at Netskope focused on developing user and entity behavior analytics for cloud environments. Colin was previously the CSO at Sift Security (acquired by Netskope), where he helped create a product to do breach detection for IaaS environments. He was a senior engineer on the security teams at Netflix and Apple before joining Sift.
Prior to Apple, he was an FBI Agent specializing in Cyber crime. As an Agent, he spent a fair amount of time coordinating with other countries to locate and arrest malware authors and botnet operators.

Kevin Massey

• Video: RVAsec 2023: Kevin Massey – Heap Exploitation from First Principles
• Slides: https://rvasec.com/slides/2023/Massey_Kevin-Heap_Exploitation_From_First_Principles.pdf
• Twitter: @Scratchadams118

In this talk I will discuss the process of building a userland heap allocator, identify the inherent vulnerabilities that exist in heap allocation, and demonstrate methods to exploit these vulnerabilities.

About Kevin – I am a security analyst who does independent security research. I focus on vulnerabilities, binary exploitation, and network protocols.

Jason Wonn

• Video: RVAsec 2023: Jason Wonn – Corporate Dungeon Master: How to Lead Cyber Games at Work
• Slides: https://rvasec.com/slides/2023/Wonn_Jason-Corporate_Dungeon_Master_Lead_Cyber_Games_at_Work.pdf
• Twitter: @wonnmeister

Military organizations have long known the value of “training as you fight”, but commercial entities only realized its importance in the last few years. Consequently, the Cyber Action Officer role recently became a priority for the average company. Are you a security-geek like Jason Wonn who loves role-playing games (RPGs) and want the opportunity to lead a party through incident response to the most prevalent cyber threats? In this original talk, discover how to lead games (table-top exercises) at work as a “Corporate Dungeon Master” (Cyber Action Officer), narrating the story (facilitation), controlling the monsters (cyber threats), and creating an adventure that will have your players leveling-up (process improvement).

About Jason – Jason Wonn is a results-focused information security leader with 30+ years of combined national intelligence, information assurance, and cyber threat intelligence expertise throughout the civilian and military sectors. Jason is a “Richmonder” but works for Navy Federal Credit Union in Vienna, VA. He currently serves as a Cyber Action Officer, delivering table-top exercises and serving as a trusted incident response advisor to leadership during cyber crises. Prior to this position, Jason led the development of a cyber threat intelligence capability at both Navy Federal and The Walt Disney Company. He also served in various threat intelligence roles as a government contractor with MITRE, Lockheed Martin, and CGI Federal in support of the FBI and 1st IO Command, US Army. He holds a B.S. in Computer Science from Tarleton State University in Texas, and the CISSP and PMP industry certifications.

Mark Arnold

• Video: RVAsec 2023: Mark Arnold – TOP 5 CISO FINDINGS OF 2022
• Slides: https://rvasec.com/slides/2023/Arnold_Mark-Top_5_VCISO_Findings.pptx
• Twitter: @otusebhat

Throughout 2022, the Lares® Advisory Services team has tracked emerging trends while assisting organizations of various sizes and maturity with Virtual CISO, IT/OT Risk Assessments, Offensive Assessments, and Security Program Management engagements. TOP 5 CISO Findings (most frequently observed not necessarily the most severe) resulted from our tracking. This presentation unveils the findings, discussing them in the context of current and emerging threats. I also incorporate an MIT Sloan cybersecurity use case and the Verizon DBIR to expound on the findings.

We close out the talk by listing remedies for the Top 5 Findings. A sampling of remedies includes the selection of a framework, threat modeling, and tactical assessments to help organizations discover and avoid the risks associated with the Top 5 Findings.

About Mark – Mark Arnold has a 20+ cybersecurity career, serving 8 of those years in leadership roles. As a transformational leader, Mark has built security teams and programs, authored maturity model blueprints, and implemented security domain practices at large enterprises and service providers. Mark’s areas of interest include cloud security, threat intelligence, and vulnerability research, nation-state attack methods and related activities (e.g. information operations and disinformation campaigns), and their collective impact on nations and society. He holds industry certifications and degrees from Stanford, Princeton Seminary, and Harvard University. He is a former competitive gymnast and an ordained minister but, most importantly, a husband and dad.

Ian MacRae

• Video: RVAsec 2023: Ian MacRae – The state of NIST/CMMC compliance today
• Slides: https://rvasec.com/slides/2023/MacRae_Ian-CMMC_2023.pptm

Get a 2023 update on NIST security framework and CMMC compliance. Business with the government is Virginia’s #1 industry. The government is sick of spending billions on projects only to find the data leaked onto the Internet. Due to this many government contracts require security compliance to the National Institute of Standards and Technology (NIST) 800-171 standard. For years businesspeople didn’t take the 110 security controls seriously. Now we are seeing deals being lost to the Supplier Performance Risk System score. Ian has helped dozens of organizations implement compliance programs since 2017 in his role of vCSO.

About Ian – Ever since founding E-N Computers in 1997, Ian has been dedicated to helping people get the most out of their technology. Since then, he’s grown the company from a small computer repair shop into a top-tier regional managed services provider (MSP) that helps SMB and enterprise clients transform their IT through strategic outsourcing.
In his more than 25+ years in the IT world, he’s managed hundreds of IT professionals and helped 60+ clients overcome business challenges through wise use of technology. Ian’s problem-solving approach combines a passion for business success with extensive technical knowledge, as shown in his experience.

Adrian Amos

• Video: RVAsec 2023: Adrian Amos – I <3 my password
• Slides: https://rvasec.com/slides/2023/Amos_Adrian-I-Heart-My-Password_rvasec_12.pptx
• Twitter: @ahamos

Protecting identity is foundational to zero trust, and everybody wants passwordless, but is it always appropriate? If it is, how do we overcome barriers to success, and if it isn’t, how do we protect & isolate workloads to ensure the right people have the right access to the right apps & data? Any security approach must consider the human beings it’s designed to protect, while balancing the risks of authentication strengths.

About Adrian – I’ve supported the Richmond IT community since 1997, in every capacity from retail break/fix to military & corporate Wintel infrastructure. I transitioned to cloud solutions in 2010 and was the first technical hire at Synergy way back in 2012. I have a strong focus on identity & access management and collect terribly inconvenient hobbies.

Rick Lull

• Video: RVAsec 2023: Rick Lull – Network 201: A Tour Through Network Security
• Slides: https://rvasec.com/slides/2023/Lull_Rick-Network_Security_201.pdf

Taking the Network 101 presentation in 2019 a bit further, this talk will dive into network security aka technical security controls that should be considered with respect to risk management in common environment, including private/public cloud and the recent industry buzz words around ZTNA – Zero Trust Network Access.
If you have ever wondered how you might use a VRF to segment authenticated user traffic, this is a talk for you. If you are trying to cut through buzzwords that a sales guy is throwing your way about how to protect your remote workers, this is a talk for you.

About Rick – Lifelong geek turned security consultant after stops as a desktop tech, server bubba, and network jockey. Rick is a healthcare IT survivor, and is now playing Horatio on the bridge for hire with a local technology consulting company, advising clients on security strategy and operations. He currently holds CISSP, CCNP-Security, NSE7 and NSE4 certifications and previously held CEH and CNA certifications. He has promised to not make fun of any manufacturers during his talk.