Opening Ceremony #
Abstract
No description provided.
2024 Speakers
You are viewing the schedule and materials for a past BSides DFW event.
That Time I Accidentally Found a Botnet at Home #
Abstract
With the recent discovery of yet another Chinese IoT Botnet, I found another one disguised as a streaming device called 'SuperBOX'. This one is incredibly nefarious, as it includes observed command and control traffic, a targeted social media campaign, a suspected targeted whisper campaign, ease of use, and direct targeting of key individuals in important sections of US Critical Infrastructure. This situation has created the need for further research into Cyber and Social Psychology and highlights the urgency of assisting the uninitiated in protecting themselves from products that provide a service that seems "too good to be true."
Presented By:
@DreddieBrooks
Repping the Borderlands Region (Las Cruces, El Paso, Juarez), Dead4ss is a young (in career) threat researcher who excels in social engineering and teaching. She specializes in cybersecurity education, training, and advocacy, and is currently pursuing a PhD studying IoT botnets. You can usually find her volunteering at your local BSides.
The Art of Networking #
Abstract
You have heard that, "It's who you know that matters most", "Networking is a natural behavior", "You should network when you need it" --- If I tell you that all this is a big lie, would you be willing to listen to the truth ? What if I showed you the art of networking would you be willing to practice it? If the answer is yes, then this talk is for you!
Presented By:
Elisa Nsab
Elisa is a cyber security enthusiast willing to share information as he learns it. He spends his time learning about different cyber attacks and defense mechanisms. Currently he is preparing for the OSCP exam in January and he is working on creating a blog site. Apart from hacking, he likes camping, boxing and going to the gym. Not a gym bro though !
Session Materials
Switch to Pole Position: What OT Security can achieve by changing the game. #
Abstract
Security is stuck being the knife in a gunfight. Instead, it should be an enabler of reliable and efficient operations, even safety. This presentation outlines how to get OT Security to Pole Position in the game that really matters.
Presented By:
Vivek Ponnada
Vivek Ponnada, currently a Technology Solutions Director at Nozomi Networks, started his career in ICS as an Instrumentation Technician, then became a Controls Engineer and commissioned Gas Turbine Controls systems world-wide. Post-MBA at UT Austin, he held multiple roles in Sales, Marketing & Business Development and Services covering Controls & Cybersecurity solutions for Critical Infrastructure. He is the co-lead for the Top 20 Secure PLC Coding Practices Project, member of ISA and ISACA, Fellow of CS2AI and frequently contributes/speaks at various conferences.
Session Materials
Oh Crap, Do I Need a CNAPP? #
Abstract
In the rapidly evolving world of cloud security, Cloud Native Application Protection Platforms (CNAPPs) have emerged as comprehensive solutions for safeguarding cloud environments. However, the term is often misunderstood, leading to confusion about what a CNAPP truly entails and whether it is necessary for every organization. This talk clarifies what defines a CNAPP by breaking down its core components and the essential requirements for a robust protection platform. We'll also explore why having a CNAPP is crucial for organizations committed to securing their cloud environments.
Presented By:
Kenny Parsons
Kenny Parsons has over a decade of experience in IT and cybersecurity. He is passionate about solving complex problems and helping organizations secure their environments.
Session Materials
EMS and IR Professionals Have a Lot More in Common Than Just a Bunch of Acronyms #
Abstract
EMS and IR professionals are the "first responders" to incidents that people never want to happen. Whether the incident is a ransomware infection at your local hospital; or a respiratory infection caused by a virus that spreads through the air; the people on the front lines of responding to both of those incidents share many similarities in their work. Moreover, even NIST uses an ambulance to symbolize the Containment and Recovery step in the "Computer Security Incident Handling Guide" (NIST SP 800-61 Section 3), which inspired this talk. We as cyber incident responders can learn a lot from the IR professionals who must interact with the most unpredictable systems in the world: human beings. In this presentation, we will examine how these EMS professionals execute this type of high-stress, high-stakes work on a daily basis, including hearing real-world examples from professionals on the ambulance. We will gain insight into triage techniques including the START (simple triage and rapid treatment) triage system, the most common triage system in the United States, as well as learning tips on gathering evidence while under pressure to aid in incident response. The Blue Teamers who attend this presentation will learn traditional incident management practices, triage strategies, "soft skills" and communication tips that can complement their security program's incident response procedures.
Presented By:
@TechEmiiily
Session Materials
Watch Me Hack Your Life #
Abstract
This talk will focus on the personal operational security (OPSEC) challenges. It will uncover how personal digital habits and vulnerabilities can be exploited by attackers and lead to organizational breaches. Through live demonstrations and real-world examples, this talk will equip attendees with practical, actionable steps to improve their personal cybersecurity posture, ensuring that their individual security aligns with their professional responsibilities.
Presented By:
cybercilellc
I Knew You Were Trouble #
Abstract
This presentation unfolds a narrative of how a single OSINT pivot, a SHA-1 hash of a TLS certificate, unraveled a network of Lockbit Cobalt Strike servers. Beginning with an unexpected discovery during research on Blackcat ransomware investigation, the talk will highlight how a single pivot led to the identification of 44 related IP addresses and the nexus of domains managed by a single entity, shedding light on operational patterns, missteps, and mishaps.
Presented By:
@jbeley
Jeff has nearly 30 years of cybersecurity experience working with Fortune 500 organizations. He has led some of the largest nation state investigations - to include cyber espionage, critical national infrastructure, and cyber criminal ransomware cases and is currently a Senior Manager and Global lead investigator with Accenture Security's customer facing incident response team, working with Accenture's largest clients, to investigate and remediate latent and persistent cybersecurity threats. Jeff oversees teams of investigators and threat hunters, leading nation state cyber espionage investigations, threat actor eradication, and destructive ransomware response and recovery efforts. *Jeff's current role entails making artisan Taylor Swift GIFs, chatting with various AI models and consulting law enforcement on breaches of national importance and his team's work has led to a number of convictions of threat actors at the behest of some Accenture's largest clients. Jeff's incident response themed cocktail recipes are legendary pain relievers.*
Session Materials
Security's Effect on the Bottom Line: Corporate Financial Literacy for Information Security Professionals #
Abstract
Cyber security and information security professionals are trained to communicate risk to other technology professionals. But how do we translate that technical risk to business process owners and executives who evaluate risk to the company in dollars? How do we evaluate quarterly and annual financial statements to determine the health of a company? How can we as security professionals help out companies perform better from the perspective of CFOs and investors? In this talk, Jacen is giving a one hour summary of what he is learning in the first semester of his MBA. Knowledge like this should be available to everyone and you shouldn't have to pay tuition to learn how to determine who well a potential employer is performing. Come learn how we as security professionals can help make a financial business case for security speak the language that business understands. We'll go over the three core financial statements that are part of each publicly traded company's quarterly and annual statements and how you can use the information contained to make informed decisions.
Presented By:
@jacenrkohler
Jacen Kohler is currently pursuing an MBA at SMU while building out an Attack Surface Management program at a large critical infrastructure manufacturer. Prior to his current role, he consulted various F100 companies on matters of strategy, communication, and consumer privacy as a member of a big four consulting firm. Jacen started his cyber and information security career at a large investment bank where he ran their global social engineering program, SAST, application allow listing, and supervising approvals of all new applications with data leaving the banks network immediately following his graduation from UNT with his BS in Computer Engineering and Certificate in Cybersecurity from the NSA and led a capstone senior design team doing research for NASA to develop an IP addressing scheme for high ping networks of spacecraft. When not at work, Jacen enjoys spending time with his dog, 3D printing, and running the Red Team for the Southwest region of the Collegiate Cyber Defense Competition.
Session Materials
GAS up copilots with fuzzing (Fuzzing LLMs via User Simulation) #
Abstract
This talk introduces an approach to identifying and addressing security gaps in copilots/LLMs via fuzzing with our tool named GAS (Genie Attack Script). We begin with a high level introduction to fuzzing, and discuss how you can fuzz non memory corruptible applications. We then talk about Genie, our internal user simulation tool that we repurposed to attack LLMs/Copilots. We discuss the development of this tool, as well as our tool GAS. We dive into the what/why/how of its development, walk through a few examples of how it works and what it has found, and we wrap with Future looking work others can do, and what we plan on doing as well.
Presented By:
Tim Michaud
Clearing the FOG: Unveiling the Latest Ransomware Trickery #
Abstract
FOG ransomware, a newly emerged threat in the cyber landscape, has been causing significant disruptions, especially within educational institutions. At Beazley Security Labs, our research team has been investigating this ransomware group since its appearance in May 2024 and we have conducted research to understand the tactics, techniques, and procedures (TTPs) employed by this new threat actor. In this talk, we will present our in-depth analysis and findings on FOG ransomware, shedding light on its origins, tactics, and the rabbit holes we have gone down.
Presented By:
@xprotectszn
Sam is a Security Researcher at Beazley Security with a focus on threat intelligence and cybercrime. In her spare time she works on her nonprofit clearsear.ch which equip CTI experts and law enforcement with a comprehensive threat intel data lake to leveling the playing field against
@lsl_bobby
Bobby is a Principal Researcher at Beazley Security with a focus on malware analysis and threat intelligence. Bobby has experience as a SOC analyst, malware reverse engineer, and a detection engineer.
Session Materials
AI Security: No hype. Just hacks #
Abstract
AI here, AI there, AI Everywhere. Who is using AI in your organization and how? Where is your information going and how is it being used? What can you do about it? Don't go in unarmed. Learn about the latest resources and techniques used to attack and defend Artificial Intelligence in all its forms (yes, GenAI isn't the only thing out there).
Presented By:
@pestopublic
Cowboy hacker emeritus of Ninja Networks since 1995. I'm also a 20 year veteran infosec professional, a father, and a husband. I'm 214 native born in Deep Ellum and a graduate of enn State and UNT. I study eastern and western philosophy and mandarin. I've worked in AI security for four years. MoT.
Session Materials
Attackers' Perspective: The Dangers of Relying on Marketecture Exploring the Risks and Strategies in Enterprise Security Architecture (ESA) #
Abstract
As the threat landscape evolves, traditional Enterprise Security Architectures (ESA) struggle to keep up with growing attack surfaces. This talk explores the critical intersection between ESA and Offensive Security Testing, focusing on how continuous, adversary-driven testing can uncover vulnerabilities and bridge gaps left by relying solely on security product marketing. Drawing from real-world experience, the session will demonstrate the need for full-scope adversarial emulation, continuous penetration testing, and effective validation of security controls. Attendees will learn how to align security strategies with real-world threats, ensuring their architectures remain resilient and adaptive. Key takeaways include evolving ESA to match modern threats, uncovering hidden security gaps, and integrating offensive testing to strengthen defenses. This talk is essential for security architects, red teamers, and leaders aiming to adopt a proactive, threat-informed security strategy.
Presented By:
@dkfredde
Session Materials
I Hope This Email Finds you Well #
Abstract
AI Phishing, MFA Theft, Consent Grant Abuse, and Remediation in O365 & Entra ID.
Presented By:
Mack Taff
IT Guy focused on Cybersecurity. CEH, CHFI and other stuff.
Session Materials
Building a world-class SOC starts with building world-class people #
Abstract
There are several methodologies people apply in building a SOC. From my experience, the most successful model is one that focuses on building and taking care of the people who work in it. I'll go over a few of the observations and philosophies that I have picked up along the way that should let you build a highly effective SOC with the intention of maintaining skilled team members and low turnover.
Presented By:
@alcapwndu
Les Ferguson leads the automation and software engineering efforts on a Cybersecurity Incident Response Team. He has over 12 years of experience in software engineering and cybersecurity, with 8 years being dedicated to Digital Forensics and Incident Response. Professionally, his passion is optimizing and automating processes and technologies in order to simplify and streamline workflows.
Session Materials
A Journey from Alert(1) to P1 (Cat Pic Graffiti and Phishing Payloads) #
Abstract
Tired of taking screenshots of alert boxes? Join me for a working session to discuss how to use JavaScript and DOM manipulation to craft a believable XSS phishing payload resulting in code execution in a target domain. This session was inspired while working on a web application pentest with some colleagues. There were existing CSP restrictions and they asked me to help come up with an XSS payload to demonstrate impact. Today, I am hosting a learning session to show a methodology of taking an XSS from alert(1) to P1. This includes a live demo / working session to turn a target domain into a phishing page (and maybe some cat pics). Attendees are encouraged to follow along in their browsers. Following this session, you will emerge with additional knowledge of - CSP Policy Limitations (and bypasses) - Manipulating the browser's DOM with JS - How to turn alert(1) into a phishing payload from scratch
Presented By:
hoop
Cary Hooper is an offensive security engineer working for a Fortune 500 institution. Cary is a combat veteran and graduate of the United States Military Academy at West Point. He led technical and non-technical teams within the Army Engineer Corps and Cyber Command. Cary's certifications include CISSP, OSCE, OSCP, and OSWE.
Social Engineering: One time, on a pentest. #
Abstract
This session will unravel the fundamental concepts, tactics, and profound impact of social engineering on society, with a particular focus on cybersecurity. The talk will uncover the psychological principles that social engineers exploit, reveal common attack vectors, and explore the ever-evolving landscape of social engineering threats, including the cutting-edge emergence of AI-powered techniques like deepfakes. Andy will also share some of his favorite stories from the hilarious "One Time on a Pentest" segments of the Dallas Hackers Association Meetups, providing firsthand accounts of social engineering in action and the lessons learned from these experiences.
Presented By:
@Andy_Thompson
If you're looking for someone who's passionate about cybersecurity, look no farther than Andy Thompson. Andy brings over almost 30 years of hands-on experience in IT and security to the table. He is a highly certified information security professional, evangelist, and thought leader. He is skilled at making complex technical concepts relatable to general audiences. Prior to joining CyberArk, Thompson worked as a Senior Systems Admin and Security Engineer with a variety of organizations, including large hospitals, global retail companies, movie theater chains, bars, and restaurants. He has since transitioned to the Research Labs Division at CyberArk, where he is an integral part of the team responsible for sharing ongoing research into offensive technology and information security trends. Thompson is also an active member of the Dallas hacking scene. He's one of the organizers and the emcee of the Dallas Hackers Association where he shares his expertise with fellow hackers.
Stature of the Ministry #
Abstract
How it started vs How it is going. Get a quick history of BSidesDFW. Gain a deeper understanding of our guiding principles. Discovery what we are targeting for the future. Decide how you can help.
Presented By:
@0isac0
@hacknotcrime advocate, @DFW_InfoSec contributor, @BSidesDFW coordinator
Session Materials
U.S. Cybersecurity Laws and Regulations - An Overview of Key Cybersecurity Legislation #
Abstract
In today's digital landscape, cybersecurity has become a critical concern for organizations, governments, and individuals alike. This paper provides an overview of signifi cant U.S. cybersecurity laws and regulations designed to protect sensitive information and ensure compliance in various sectors. Key federal laws, such as the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and the Federal Information Security Modernization Act (FISMA), are highlighted for their roles in preventing unauthorized access, securing electronic communications, and enforcing federal information security standards. The paper also discusses specifi c regulations for healthcare and fi nancial industries, including HIPAA and the Gramm-Leach-Bliley Act (GLBA), alongside corporate governance frameworks such as the Sarbanes-Oxley Act (SOX). Additionally, industry standards like the Payment Card Industry Data Security Standard (PCI DSS) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework are explored for their importance in reducing cybersecurity risks. State-level breach notifi cation laws and international regulations, such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), are also reviewed, underscoring the global nature of cybersecurity compliance. Finally, the paper emphasizes the importance of breach notifi cation, compliance strategies, and best practices to safeguard systems and data against cyber threats. By outlining these laws and frameworks, the paper highlights the necessity for organizations to adopt comprehensive cybersecurity measures to mitigate risks and ensure legal compliance.
Presented By:
@Brennan_Crowe
Session Materials
Closing Ceremony / Raffle #
Abstract
No description provided.