Loading…
RVAsec 2018 has ended

Log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, June 7
 

8:00am

Breakfast
Thursday June 7, 2018 8:00am - 9:00am
Richmond Salons

8:00am

Registration
Thursday June 7, 2018 8:00am - 6:00pm
Outside Ballroom

9:00am

Welcome to RVAsec!
Speakers
avatar for Jake Kouns

Jake Kouns

CISO, Risk Based Security
Jake is the founder of RVAsec and the CISO for Risk Based Security that provides vulnerabilities and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns has presented at many well-known security... Read More →


Thursday June 7, 2018 9:00am - 9:10am
Ballroom

9:10am

Keynote - Josh Corman
Thursday June 7, 2018 9:10am - 10:10am
Ballroom

10:10am

Vendor Break
Thursday June 7, 2018 10:10am - 10:30am
Richmond Salons

10:30am

CTF Intro
Thursday June 7, 2018 10:30am - 10:40am
Ballroom

10:40am

Badge Intro
Thursday June 7, 2018 10:40am - 10:50am
Ballroom

10:50am

Vendor Break
Thursday June 7, 2018 10:50am - 11:00am
Richmond Salons

11:00am

Demystifying Payments: Payment Technologies and Security Risks
Have you ever wanted to learn how payment technologies work? What happens when you pay for something on a website or using a cell phone? Payment technologies are a transparent part of our lives. They enable us pay for everything from a coffee to a car. In this talk we take a look at payment technologies past, present and future, and look at the security risks associated with them. Learn how payments have evolved and what transactions look like today.

Speakers
avatar for Leigh-Anne Galloway

Leigh-Anne Galloway

Cyber Security Resilience Lead, Positive Technologies
Leigh-Anne Galloway is the Cyber Security Resilience Lead at Positive Technologies where she advises organizations on how best to secure their applications and infrastructure against modern threats. She is an expert in the Application Security Unit, specializing in ATM and POS Security... Read More →
avatar for Tim Yunusov

Tim Yunusov

Head of department, Positive Technologies
Timur Yunusov - Senior Expert of Banking systems security and author of multiple researches in field of application security including "Apple Pay replay attacks" showed at the BlackHat USA 2017, "Bruteforce of PHPSESSID", rated in Top Ten Web Hacking Techniques by WhiteHat Security... Read More →


Thursday June 7, 2018 11:00am - 11:50am
Theatre

11:00am

Bypassing ISP and Enterprise Anti-DDoS with 90's technology
Stressers/Booter services is providing "DDoS as A Service" and they are getting more and more powerfull, measured in amount of traffic, but the current resources they use could be improved, and optimized, and perform a much more dangerous and advanced attack patterns that can bypass large Anti-DDoS solutions through pre-analysis and data-mining with  big data analysis and OSINT informaiton as source.

The research will show a framework on how attackers can optimize attacks based on a combination of big-data analysis and pre-attack analysis, that will show that terabit attacks are not necessarily needed, and why 90's technology is prefered over IoT Worms and other fancy gadgets.

Speakers
avatar for Dennis Rand

Dennis Rand

Founder, eCrimeLabs
Dennis Rand is a security researcher from Denmark. He specializes in vulnerability research, network analysis, penetration testing and incident response. | Dennis has over seventeen years of experience in various security roles including researcher, consultanting, and simply loves... Read More →


Thursday June 7, 2018 11:00am - 11:50am
Ballroom

11:50am

Lunch
Thursday June 7, 2018 11:50am - 1:00pm
Richmond Salons

1:00pm

GDPR and You
The General Data Protection Regulation is the new law of the land for protecting personal information from the EU. The law has placed many US-based businesses in scope requiring compliance. In this talk we will review some of the challenges for compliance that you may encounter.

Speakers
avatar for Bob Siegel

Bob Siegel

President, Privacy Ref, Inc.
Bob Siegel is the president and founder of Privacy Ref. Starting Privacy Ref in 2012, Bob took his experience as the Senior Manager of Worldwide Privacy and Compliance at Staples, Inc. and applied that to assisting companies implement and maintain strong privacy programs. Bob has... Read More →


Thursday June 7, 2018 1:00pm - 1:50pm
Theatre

1:00pm

Container Security: Vulnerabilities, Exploits and Defense
Whether it's an unsecured Kubernetes configuration or the Meltdown/Spectre exploits, there is always a way into your company's seemingly secure container infrastructure. We'll take a tour of the most surprising container exploits - and how to use tools like SSL and VPNs to create a strong defense for your own environment.

Speakers
avatar for Elissa Shevinsky

Elissa Shevinsky

Author, OR Books
Elissa Shevinsky is a serial entrepreneur. She helped launch Geekcorps (acquired), Everyday Health (IPO) and Brave ($35M ICO.) Shevinsky is currently consulting for crypto startups, and doing research on container security.


Thursday June 7, 2018 1:00pm - 1:50pm
Ballroom

1:50pm

Vendor Break
Thursday June 7, 2018 1:50pm - 2:00pm
Richmond Salons

2:00pm

Hacking Intelligence - The Use, Abuse, and Misappropriation of Intel for for Fun and Mostly Profit
The appropriation of intelligence (and/or its art) within the security industry has raised the ire of many trained intelligence practitioners in the field. Some bemoan the fact that intelligence has been hijacked for profit with disregard of the discipline's basic tenets. These tenets include but are not limited to tradecraft, life cycle, theory, analysis, application, and generation of actionable intelligence. On the other side of the aisle, security leaders have been tasked to implement threat intelligence within their respective security programs (maybe *because it has become fashionable to do so). More than not, however, such goals have proven elusive. Further, security leaders who procure intelligence products marketed to them are often left feeling they've been sold a bill of goods when those products fail to deliver.

This talk shares the results from conversations between a security expert/professional trained in the field of intelligence and a practitioner/researcher/leader not classically trained in the discipline. We discuss the uses, abuses, and misappropriations of intel with the hopes of forging a better path forward in this subject area. We do this by asking questions like "What is cyber intelligence," "What does it look like and where is it going," and lastly, "How should it be used?"

To be covered:
•Tenets of intelligence
•The discipline of intelligence
•Why has CTI been in the “hype cycle”? Why do people care?
•What does cyber threat intelligence get us? Hacking the discipline

Speakers
avatar for Mark Arnold

Mark Arnold

Sr. Dir/CISO, Navisite
Mark Arnold, PhD, GXPN, CISSP, CISM has more than 20 years of technical and senior leadership in the information security space. He’s an advisory board member for OWASP Boston, SOURCE Conference, Boston Application Security Conference (BASC), and InfoSecWorld 2018. He is CISO/Sr... Read More →


Thursday June 7, 2018 2:00pm - 2:50pm
Theatre

2:00pm

From Web App to ATM: Why the Basics Matter
This is a technical application security discussion for junior penetration testers or anyone interested in the world of penetration testing. Advanced members of the community are welcome, but the content is geared at newer testers. From Web App to ATM will showcase a penetration test I performed where the only previous work done was web vulnerability scanners that completely missed the iceberg lurking just below the water. In this talk I will cover some "back to basics" of web app security and show real world examples of critical applications exposing these flaws. Unauthenticated APIs, forceful browsing, privilege escalation, and total ownage of ATMs managed by this app are all up for discussion.

Speakers
avatar for Travis McCormack

Travis McCormack

Lead Specialist, Security Testing, Walmart
Travis has 10 years of experience in information security roles. Starting out as a Network Administrator and later SOC Analyst he has built his experience and knowledge up through blue teaming before deciding to try out offensive security. Travis has spent the past 2 years as a penetration... Read More →


Thursday June 7, 2018 2:00pm - 2:50pm
Ballroom

2:50pm

Vendor Break
Thursday June 7, 2018 2:50pm - 3:00pm
Richmond Salons

3:00pm

How Do You Measure Expertise? A New Model for Cybersecurity Education
The industry relies upon a strong and knowledgeable talent base to protect both commercial and national interests, but without a more universal and standardized education model we still have an overall cybersecurity workforce shortage.

This session, designed both for leaders and learners, will explore the current training landscape, describe a model for the new/emerging cybersecurity profession and introduce a career model based on skills/knowledge that are mapped to the field. Participants will leave this session understanding all the tools available for cybersecurity managers to effectively grow the profession from the bottom up, top down, and through the middle via upskilling, reskilling, continuing education and mentoring. They will understand the foundations upon which a framework can be built to address the needs of the individual and the profession as a whole. Finally, participants will recognize the optimal way to balance qualitative measures in the cybersecurity profession (i.e. degree, certifications, etc) and qualitative ones (i.e. continuing education, practice, experience).

Speakers
avatar for Simone Petrella

Simone Petrella

Chief Cyberstrategy Officer, CyberVista
Simone is Chief Cyberstrategy Officer at CyberVista where she leads product development and delivery of cybersecurity training and education curriculums as well as workforce initiatives for executives, cyber practitioners, and continuing education.Previously, Simone was a Senior Associate... Read More →


Thursday June 7, 2018 3:00pm - 3:50pm
Theatre

3:00pm

Hiding in the Clouds - Leveraging Cloud Infrastructure to Evade Detection
Organizational spending on cybersecurity is at an all-time high. From an attacker’s perspective, this means that target networks are becoming increasingly hostile environments to operate in. This has pushed attackers to look for new ways to diminish a defenders ability to identify their activity. The introduction of cloud providers and their associated content delivery networks have provided ample ways to attack and communicate with attack infrastructure while piggy-backing on the cloud provider’s infrastructure and reputation.

Techniques and tactics such as domain fronting for multiple cloud providers, distributed scanning, and leveraging API gateways will be discussed.  Also, more nuanced aspects these cloud services will be explored as they sometimes provide many benefits to an attacker’s infrastructure, including encryption. Most importantly, mitigations for these techniques will provided so that defenders can go about better protecting their network.

Speakers
avatar for Mike Hodges

Mike Hodges

Senior Consultant, Optiv
Mike Hodges is a senior consultant for the Optiv Attack and Penetration Practice. He has a background in application development and is currently OSCP, Assoc CISSP, and CEH certified. He is currently interested in evasive penetration tactics and techniques and is constantly looking... Read More →


Thursday June 7, 2018 3:00pm - 3:50pm
Ballroom

3:50pm

Vendor Break
Thursday June 7, 2018 3:50pm - 4:00pm
Richmond Salons

4:00pm

Red Team Apocalypse
TABLETOP SCENARIO: Your organization regularly patches, uses application whitelisting, has NextGen-NG™ firewalls/IDS’s, and has the latest Cyber-APT-Trapping-Blinky-Box™. You were just made aware that your entire customer database was found being sold on the dark web. Go.

Speakers
avatar for Derek Banks

Derek Banks

Security Analyst, Black Hills Information Security
Derek is a Senior Security Analyst at Black Hills Information Security and has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the... Read More →
avatar for Beau Bullock

Beau Bullock

Senior Security Analyst, Black Hills InfoSec
Beau is a Senior Security Analyst at Black Hills Information Security where he performs penetration tests and red team assessments. He is the author of various red team/pentest tools such as MailSniper, PowerMeta, HostRecon, and DomainPasswordSpray. Beau is a host of the web shows... Read More →


Thursday June 7, 2018 4:00pm - 4:50pm
Ballroom

4:50pm

Closing - Day 1
Speakers
avatar for Chris Sullo

Chris Sullo

Founder, RVAsec
Chris is the founder of RVAsec, and Tech Lead for Application Penetration Testing at a bank. Chris has been in the security industry for 24 years, working in various research and security roles with Focal Point, HP (SPI Dynamics) and Capital One. He is the author of the “Nikto... Read More →


Thursday June 7, 2018 4:50pm - 5:00pm
Ballroom

5:30pm

RVAsec After Party Sponsored by Risk Based Security and GuidePoint Security
The RVAsec 7 after party sponsored by Risk Based Security and GuidePoint Security, will be at The Circuiton Thursday, June 7th, after the conference!

Thu, June 7, 2018
5:30 PM – 7:30 PM

The Circuit is located at:
3121 W. Leigh St
Richmond, Virginia 23230

The Circuit is an arcade bar in the Scott’s Addition Beverage District of Richmond, VA. We have a growing family of 70 arcade games, pinball machines, and skeeball lanes, as well as a forever rotating 50-tap beer wall boasting both local and national favorites.
This is an exclusive event with limited availability, so you must be registered to attend and bring your RVAsec badge or you will not be allowed entrance–no exceptions!

Even if you have a ticket for RVAsec and said that you wanted to attend during the signup process, you MUST now registered for the party!
Register Now!https://www.eventbrite.com/e/rvasec-7-after-party-tickets-45987727531

Sponsors
avatar for Risk Based Security

Risk Based Security

Risk Based Security
Risk Based Security, incorporated in 2011, offers a full set of analytics and user-friendly dashboards designed specifically to identify security risks by industry.Risk Based Security is the only company that offers its clients a fully integrated solution – real time information... Read More →


Thursday June 7, 2018 5:30pm - 7:30pm
The Circuit 3121 W. Leigh St Richmond, Virginia 23230
 
Friday, June 8
 

8:00am

Breakfast
Friday June 8, 2018 8:00am - 8:50am
Richmond Salons

8:00am

Registration
Friday June 8, 2018 8:00am - 5:00pm
Outside Ballroom

8:50am

Welcome to Day 2
Speakers
avatar for Jake Kouns

Jake Kouns

CISO, Risk Based Security
Jake is the founder of RVAsec and the CISO for Risk Based Security that provides vulnerabilities and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns has presented at many well-known security... Read More →


Friday June 8, 2018 8:50am - 9:00am
Ballroom

9:00am

Keynote - Katie Moussouris
Speakers
avatar for Katie Moussouris

Katie Moussouris

CEO, Luta Security
Ms. Moussouris recently testified as an expert on bug bounties & the labor market for security research for the US Senate, and has also been called upon for European Parliament hearings on dual-use technology. She was later invited by the US State Department to help renegotiate the... Read More →


Friday June 8, 2018 9:00am - 10:00am
Ballroom

10:00am

Vendor Break
Friday June 8, 2018 10:00am - 10:10am
Richmond Salons

10:10am

Doxing Phishers: Analyzing Phishing Attacks from Lure to Attribution
This presentation will cover the various pieces of intelligence that can be collected from each stage of a phishing attack (lure, phishing site, phish kit) and discuss how each piece allows us to progress an investigation.  We will look at various analytical techniques that can be performed to track phishing campaigns and enhance detection.  The second half of the presentation will cover an in-depth, real-world case study of the practical application of these techniques, starting with a single phishing lure and ending with the identification of a primary phishing threat actor.

Speakers
avatar for Crane Hasshold

Crane Hasshold

Director of Threat Intelligence, Phishlabs
Crane Hassold is the Director of Threat Intelligence at PhishLabs based out of Charleston, SC, where he oversees the Research, Analysis, and Intelligence Division (RAID). Prior to joining PhishLabs, Crane served as an Analyst at the FBI for more than 11 years, providing strategic... Read More →


Friday June 8, 2018 10:10am - 11:00am
Theatre

10:10am

How to REACT to JavaScript [In]Security
According to a StackOverflow survey, JavaScript is the most commonly used programming language on earth. Today just the client-side JavaScript ecosystem has over 50 frameworks available, and JavaScript is successfully conquering the server-side space. The amount of application logic that is executed in the browser is growing every year, which means the attack surface is growing as well. Which security issues are most common in JavaScript applications? Do new frameworks provide the security controls needed to protect the growing amount of client-side code? In this talk we will answer these questions and, as an example, we will look at one of the hottest JavaScript frameworks today – React. We will discuss its new features like components and server-side DOM rendering, analyze React’s security posture and demonstrate existing vulnerabilities.

Speakers
avatar for Ksenia Peguero

Ksenia Peguero

Sr. Research Lead, Synopsys
Ksenia Peguero is a Sr. Research Lead within Synopsys Software Integrity Group. She has eight years of experience in application security and five years in software development. Ksenia is a subject matter expert in static analysis and JavaScript frameworks and technologies. Before... Read More →


Friday June 8, 2018 10:10am - 11:00am
Ballroom

11:00am

Vendor Break
Friday June 8, 2018 11:00am - 11:10am
Richmond Salons

11:10am

Let’s build an OSS vulnerability management program!
Does your company use Open Source Software (OSS) libraries in the products that it builds? Do you worry that your customers and company will be exploited by these vulnerabilities because no one in your product development team is maintaining those libraries with vulnerability fixes? Well let’s do something about that.  

During this presentation, we will start from nothing and take steps to identify the OSS libraries that your company uses in order to build a bill of materials (BOM), we will then give examples of how to source threat intel on those libraries, and finally we will discuss strategies to remediate the vulnerabilities in our code repository so that we can keep our customers and company safe from malice.  

This presentation will be delivered from the perspective of a Product Security Response team protecting customers who deploy their company’s products. However, this presentation is also useful to those building and defending internally deployed applications.

Speakers
avatar for Tyler Townes

Tyler Townes

Security Program Manager, BlackBerry
Tyler works at BlackBerry Product Security as a Security Program Manager and is the lead incident manager during emergency response events. His focus areas include SDLC, sustained engineering, vulnerability management, and risk management across multiple operating systems. He is currently... Read More →


Friday June 8, 2018 11:10am - 12:00pm
Theatre

11:10am

OS X App Whitelisting Without Losing Your Job
Application whitelisting: it's easy to say it should be practiced as part of a complete endpoint security practice, but in reality it can be hard to deploy widely without causing friction and frustration across the organization. This talk will look at the tools and processes that enabled Duo's Corporate Security team to progressively deploy and monitor application whitelisting across their fleet of OS X endpoints.

Speakers
avatar for Chris Czub

Chris Czub

Senior Security Engineer, Duo Security
Chris Czub is an information security engineer on Duo Security's Corporate Security team where he helps keep their employee endpoints and servers monitored and safe.


Friday June 8, 2018 11:10am - 12:00pm
Ballroom

12:00pm

Lunch
Friday June 8, 2018 12:00pm - 1:00pm
Richmond Salons

1:00pm

From Grief to Enlightenment: Getting the Executive Support for Information Security
Most information security professionals got into the field to enjoy the technical challenges of keeping the hackers at bay.  However, as information security has moved into the executive level of organizations, most professionals struggle to get connect with executives and get the support they need for their programs.  Karen Cole has been successfully handling the most ardent opponents of information security (think politicians, board members, and C-suite executives) for 16 years getting her clients what they need.  This session is focused on real-world actions you can take to get the support and resources for your program.  Leave your governance theory at the door.  This session is going to get real!

Speakers
avatar for Karen Cole

Karen Cole

Co-Founder and Chief Executive Officer, Assura, Inc.
Although Karen grew up on a farm in Virginia, her family nicknamed her, “the black thumb of death” when it comes to plant life. So obviously that lead to a career in IT, not horticulture. She was a cybersecurity practitioner long before it was cool. Many call her a unicorn because... Read More →


Friday June 8, 2018 1:00pm - 1:50pm
Theatre

1:00pm

A Game Theoretic Model of Computer Network Exploitation Campaigns
Increasingly, cyberspace is the battlefield of choice for twenty first century criminal activity and foreign conflict. This suggests that traditional modeling and simulation approaches have stalled in the information security domain. We propose a game theoretic model based on a multistage model of computer network exploitation (CNE) campaigns comprising reconnaissance, tooling, implant, lateral movement, exfiltration and cleanup stages. In each round of the game, the attacker chooses whether to proceed with the next stage of the campaign, nature decides whether the defender is cognizant of the campaign’s progression, and the defender chooses to respond in an active or passive fashion. We propose a dynamic, asymmetric, complete-information, general-sum game to model CNE campaigns and techniques to estimate this game’s parameters. Researchers can extend this work to other threat models, and practitioners can use this work for decision support.

Speakers
avatar for Robert Mitchell

Robert Mitchell

Member of Technical Staff, MITRE
Dr. Robert Mitchell is currently a member of technical staff at Sandia National Laboratories. He received the Ph.D, M.S. and B.S. from Virginia Tech. Robert served as a military officer for six years and has over 12 years of industry experience, having worked previously at Boeing... Read More →


Friday June 8, 2018 1:00pm - 1:50pm
Ballroom

1:50pm

Vendor Break
Friday June 8, 2018 1:50pm - 2:00pm
Richmond Salons

2:00pm

Building a Better Catfish
Picture this, a Red Team and a Blue Team working together to make the organization more secure, and not just trying to prove that they are better then the other one. This is how we did it.

Speakers
avatar for Nathaniel Hirsch

Nathaniel Hirsch

Director Red Team, Capital One
Nat Hirsch is the Director of the Red Team at a large financial institution. He has been doing Red Teaming, Pentesting, and other offensive focused security assessments for the last decade.


Friday June 8, 2018 2:00pm - 2:50pm
Ballroom

2:50pm

Vendor Break
Friday June 8, 2018 2:50pm - 3:00pm
Richmond Salons

3:00pm

Seize and Desist? Criminal Evolution One Year After AlphaBay’s Demise
As we’re approaching the one year anniversary of AlphaBay’s seizure, the talk will demonstrate the impact this has had on the criminal ecosystem. This includes new, alternative mechanisms and technologies for discussing and trading criminal goods and services. The talk will also outline the drivers that will determine the future of the criminal ecosystem and outline what this means for all organizations.

Speakers
avatar for Michael Marriott

Michael Marriott

Senior research and strategy analyst, Digital shadows
Michael Marriott is a Senior Strategy and Research Analyst at Digital Shadows, which he joined in late 2014. Michael has a passion for security analysis and the trends they indicate, in order to better protect clients. He has written several articles and papers, and his research is... Read More →


Friday June 8, 2018 3:00pm - 4:00pm
Ballroom

4:00pm

Closing - Day 2
Speakers
avatar for Chris Sullo

Chris Sullo

Founder, RVAsec
Chris is the founder of RVAsec, and Tech Lead for Application Penetration Testing at a bank. Chris has been in the security industry for 24 years, working in various research and security roles with Focal Point, HP (SPI Dynamics) and Capital One. He is the author of the “Nikto... Read More →


Friday June 8, 2018 4:00pm - 4:10pm
Ballroom

4:10pm

Reception
Friday June 8, 2018 4:10pm - 5:30pm
Ballroom