agenda.html

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no">
    <meta name="theme-color" content="#000000">
    <link rel="manifest" href="./manifest.json">
    <link rel="shortcut icon" href="./favicon.ico">
    <link href="https://fonts.googleapis.com/css?family=Forum|Jura:300,400,500,700|Montserrat|Roboto:100,300,300i,400,500,700,900" rel="stylesheet">
    <link href="./fa-web/css/all.css" rel="stylesheet">
    <title>Kernelcon</title>
    <link href="./css/app.css" rel="stylesheet">
    <link href="./css/mobile.css" rel="stylesheet">
    <link href="./css/about.css" rel="stylesheet">
    <link href="./css/nav.css" rel="stylesheet">
    <link href="./css/agenda.css" rel="stylesheet">
  </head>
  <body>
    <div class='main'>
      <div class="nav">
        <div class='container'>
          <div class="top-nav">
            <span class="nav-title">
              <a href="./">
                <img src='./img/kernelcon_w_trans.png' height="30" alt="logo"./>
              </a>
            </span>
            <span class="nav-date">
              April 5-6, 2019
            </span>
          </div>
          <div class="nav-header">
          </div>
          <div class="nav-btn">
            <label for="nav-check">
              <span></span>
              <span></span>
              <span></span>
            </label>
          </div>
          <input type="checkbox" id="nav-check">
          <div class="nav-links">
            <a href="./venue.html">venue</a>  
            <a href="./dates.html">dates</a>
            <a href="./call-for-papers.html">call for papers</a>
            <a href="./agenda.html">agenda</a>
            <a href="./con.html">con</a>
            <a href="./register.html">register</a>
            <a href="./sponsors.html">sponsors</a>
            <a href="./about.html">about</a>
          </div>
        </div>
      </div>



      <div class='container main-content'>
        <div class="sky-tabs sky-tabs-pos-left sky-tabs-anim-flip sky-tabs-response-to-icons">
          <input type="radio" name="sky-tabs" checked="" id="sky-tab1" class="sky-tab-content-1">
          <label for="sky-tab1"><span><span><img src="./fa-web/svgs/solid/users.svg" width="20" class='icon-img'/>
          Speakers</span></span></label>
          
          <input type="radio" name="sky-tabs" id="sky-tab2" class="sky-tab-content-2">
          <label for="sky-tab2"><span><span><img src="./fa-web/svgs/solid/clipboard-list.svg" width="20" class='icon-img'/>
          Schedule</span></span></label>
          
          <ul>
            <li class="sky-tab-content-1">          
              <div class="typography">
                <div class='speaker-section key-title'>
                  <h1 class='title'>Keynotes</h1>
                  <div class='keynote-section'>
                    <div class='keynote-text-area'>
                      <h2>David Kennedy</h2>
                      <h3 class='bio-title'>TrustedSec</h3>
                      <p class='bio-text'>David Kennedy is the founder of TrustedSec, Binary Defense Systems (BD) and DerbyCon, a large-scale information security conference. David is an avid gamer, father of three, and passionate about coding. David previously was a Chief Security Officer (CSO) for a Fortune 1000 company with offices in over 77 countries.</p>
                      <p class='bio-text'>Considered a forward thinker in the security field, he is a keynote speaker at some of the nation’s largest conferences in addition to guest appearances on Fox News, CNN, CNBC, MSNBC, Bloomberg and the BBC. His has advised on several TV shows and assisted in some of the content for the popular “Mr. Robot” series.</p>
                      <p class='bio-text'>David has testified in front of US Congress on multiple occasions on the threats faced in security and the government space. A prolific author, he is also the creator of several widely popular open-source tools including “The Social-Engineer Toolkit” (SET). Prior to the private sector, he worked in the United States Marines (USMC) for cyber warfare and forensics analysis activities for the intelligence community including two tours to Iraq.</p>

                    </div>
                    <div class='keynote-image-area'>
                      <img src='./img/davek.png'
                        alt='Dave Kennedy'
                        width="300" />
                    </div>
                  </div>
                  <div class='keynote-talk'>
                    <div class='talk-title'><b>Friday Keynote:</b> Moving Ahead and Beyond Common Tool Detections</div>
                    <div class='abstract'>There’s no question that companies continue to try and get better when it comes to detecting attacks in multiple phases. Instead of just patching and hoping for the best, organizations are spending a substantial amount of investment in trying to detect the 'well what if they get through' situation. As companies focus on enhanced detection capabilities, the focus is often hard to grasp in what to actually look for – there is so much. This talk will dive into where we see most companies fail at detection and how red teams are helping push the bar forward in not just leveraging a checklist, but focusing on the identification of attack patterns in varying levels of sophistication. The over reliance on technology as a method for trying to jump start these programs often causes more harm than good, and we’ll dive into how effective off the shelf endpoint detection tools do when confronted with even basic attackers. As an industry, we have everything we need to get better – it’s a matter of prioritization, focus, and time.</div>
                  </div>
                  <div class='keynote-section'>
                    <div class='keynote-text-area'>
                      <h2>Dan Tentler</h2>
                      <h3 class='bio-title'>Phobos Group</h3>
                      <p class='bio-text'>Dan Tentler is the Executive Founder of Phobos Group. He's got a long history of both attack and defense roles, as well as public speaking engagements and press interviews. He is a professional troublemaker and gets excited about getting on stage to share stories about troublemaking, and tips on how to make trouble.</p>
                  <div class='keynote-talk'>
                    <div class='talk-title'><b>Saturday Keynote</b></div>
                    <div class='abstract'>Do you keep expensive stuff in your hotel room? Did defcon last year completely chap your ass? Do you like the idea of having visibility of your expensive stuff when you're not in your hotel room? I got you covered. I travel quite a lot for work and I carry lots of expensive things around. I've learned how to deploy 'tells', as well as a slurry of cameras in hotel rooms in an effort to keep tabs on things. This talk will elaborate on stories and experiences, talk about how to build hotel room networks, and cover some of the camera models I bought and use. What's good, What's bad, and how you can fall into this rabbit hole too.</div>
                  </div>
                    </div>
                    <div class='keynote-image-area'>
                      <img src='./img/viss.png'
                        alt='Dan Tentler'
                        width="300" />
                    </div>
                  </div>
                </div>
                <div class='speaker-section'>
                  <h1 class='speaker-title'>Speakers</h1>
                  <span class="talks">
                    <div class="single-talk">
                      <div class="talk-title">An Overview of hard research problems in Computer Security; Something of a Historical Perspective</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Blaine Burnham, PhD</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">We have been pouring (that might be something of an overstatement) money into computer Security research for decades.  How we doing? What have been the research priorities as stated by many of the funding agencies?  How we doing?  What is not getting done and why? What does the future portend, near and not so near?</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Dev[Sec]Ops != Dev[Suck]Ops: Mutual of Omaha's Journey Toward a DevOps Security Culture</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Rob Temple</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://www.linkedin.com/in/robtemple" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="linkedin-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="linkedin-icon">LinkedIn icon</title>
                                <path d="M20.447 20.452h-3.554v-5.569c0-1.328-.027-3.037-1.852-3.037-1.853 0-2.136 1.445-2.136 2.939v5.667H9.351V9h3.414v1.561h.046c.477-.9 1.637-1.85 3.37-1.85 3.601 0 4.267 2.37 4.267 5.455v6.286zM5.337 7.433c-1.144 0-2.063-.926-2.063-2.065 0-1.138.92-2.063 2.063-2.063 1.14 0 2.064.925 2.064 2.063 0 1.139-.925 2.065-2.064 2.065zm1.782 13.019H3.555V9h3.564v11.452zM22.225 0H1.771C.792 0 0 .774 0 1.729v20.542C0 23.227.792 24 1.771 24h20.451C23.2 24 24 23.227 24 22.271V1.729C24 .774 23.2 0 22.222 0h.003z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">The traditional approach to software security testing typically involves some form of human interaction. It is accompanied by long wait times, and large, overwhelming scan results. This hardly lives up to the automation hype of the DevOps culture. With the traditional model, follow-up remediation typically includes lengthy conversations with security engineers to a back-and-forth fix and retest cycle. This process is often an afterthought towards the end of the SDLC when code fixes are costly and deployment schedules are tight. The traditional approach does not scale with today's software engineering demands. DevOps, 12 Factor apps, quick agile iterations, and aggressive deployment schedules require security to operate at a new speed; the speed of DevSecOps.  How many product owners have had to hit the pause button on a roll-out in order to complete a full SAST or DAST of the entire world before going live? Traditional find, fix, rinse, and repeat methods are being upstaged by more streamlined solutions that integrate directly into the developer's native workflow allowing a real-world shift-left. This includes allowing the developer to interact with SAST/DAST/IAST/Open Source Monitoring from their development workspace, and also in the CI/CD pipeline. Advanced DevSecOps implementations facilitate agility, early fixes, open source visualization, and developer-centric tooling that give dev teams much more control over secure coding models.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Basics of Radio Hacking with RTL-SDR</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Gus Gorman</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">Radio security is often times neglected because they are only subject  to domestic/local threats (physical access). This has left many radio protocols  vulnerable to a variety of easy attacksTalk will focus on using  inexpensive($20-30) RTL-SDR to intercept &amp; decode various wireless signals,  including train telemetry, alarm sensors, smart meters, garage doors, and  infrastructure communications. Decode and cloning techniques/hardware will also be covered.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Building Security Playbooks 101</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Lior Kolnik</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">SOC and IR professionals are required to use myriad different tools and services to handle alerts and investigate cases, including EDR, Sandboxes, SIEM, pDNS, TIPs and more. Working through all of these GUIs is time consuming and has a learning curve due to the hundreds of different tools and vendors out there - every environment will have different tools. False positives must often be identified manually due to the lack of direct communication between the siloed tools.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Building an Application Security Program from Scratch</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Douglas Swartz</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">Have you spent lots of money on firewalls. network security, intrusion detection, and exfiltration prevention? What about the glaring hole left even after all that expenditure: Applications. Join me as I take you through a journey from no application security program at all, to five years later. We'll explore what my team did right, and our failures. I'll provide you with pointers to application security resources, and a possible approach to get started. If your company hasn't headed off on the application security journey yet, maybe you can avoid some of our mis-steps.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Building the badge - How you can make small, cheap and custom hardware for function or fashion</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">James Dietle</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/jamesdietle" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                          <span class="speaker-icons">
                            <a href="https://www.linkedin.com/in/jamesdietle" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="linkedin-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="linkedin-icon">LinkedIn icon</title>
                                <path d="M20.447 20.452h-3.554v-5.569c0-1.328-.027-3.037-1.852-3.037-1.853 0-2.136 1.445-2.136 2.939v5.667H9.351V9h3.414v1.561h.046c.477-.9 1.637-1.85 3.37-1.85 3.601 0 4.267 2.37 4.267 5.455v6.286zM5.337 7.433c-1.144 0-2.063-.926-2.063-2.065 0-1.138.92-2.063 2.063-2.063 1.14 0 2.064.925 2.064 2.063 0 1.139-.925 2.065-2.064 2.065zm1.782 13.019H3.555V9h3.564v11.452zM22.225 0H1.771C.792 0 0 .774 0 1.729v20.542C0 23.227.792 24 1.771 24h20.451C23.2 24 24 23.227 24 22.271V1.729C24 .774 23.2 0 22.222 0h.003z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">Drawn to increase in neck bling that people wear around looking like futuristic disco balls? Curious about the rise of IoT and how you can start making your hardware for tests?  Want to make your own blinking monstrosity that can scare the cat and blind your neighbors. Cheap PCB fab houses and some free software offers the ability to make all these oddly specific dreams come true. This talk will cover an overview of how you can get your board designed, printed and distributed for your next event without going broke in the process.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Bushwacking your way around a bootloader</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Rebecca (.bx) Shapiro</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">Even when you have access to some binary’s source code, it can still be challenging to un- derstand said software. In this talk, I will discuss the techniques and tools I developed in order to understand and navigate the pile of code that is the open-source Das U-Boot bootloader. The tools I developed do not rely on proprietary software and instead make use of free and powerful debugging tools such as Capstone, Unicorn, and the GDB Python plugin API. My approach strives to highlight the temporal and mechanical connections that exist between higher-level behaviors and regions of the code base/binary by instrumenting, tracing, and analyzing all memory writes with respect to the software’s current execution path. This technique allows us to develop and test our understanding of the relationships between code and objects (data structures and/or regions of memory). I will discuss how these tools and techniques can be used to identify and distinguish between different phases of U-Boot execution (including distinct phases of initialization and relocation) and then show how such information can be used to design a coarse-grained memory region-based access control policy.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Business Email Compromise (BEC) - The Highly Effective Evolution of Nigerian Fraud Schemes</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Jake Foiles</div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">According to the Internet Crime Complaint Center (IC3.gov), Business Email Compromise and other related schemes account for over half of all cyber crime losses.  Learn what BEC is and how you can join the fight against this exploding cyber crime type.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Capture the Flag != Pentest (and other Hackworthy shenanigans)</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Mark Bayley</div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">Capture the flags are a great way to gain talent and increase technical skill. They’re fun, they bring people together (many who admittedly don’t like to be “together” under normal circumstances), and sites like hackthebox can show you some really unusual and unorthodox ways to break into stuff you’ve probably never considered. Despite their fun and popularity, however, capture the flag events do not always translate into real skill as a penetration tester.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Chip-level vulnerability assessment using CHIPSEC and LuvOS</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Dr. Jeffrey (Jeff) Struik</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">ardware level vulnerability assessment is becoming increasingly important with the increase of state-sponsored threats. The ability to perform chip-level vulnerability assessments provides valuable insights for security managers, specifically for critical assets. This presentation demonstrates the value of using CHIPSEC and LuvOS to conduct chip-level vulnerability assessments. The presentation will provide a demonstration of the various functions of CHIPSEC and LuvOS and will also examine how to install and use CHIPSEC for the purpose of hardware, firmware, and chip-level vulnerability assessments.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Containers: Your Ally in Improving Security</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Hillary Benson</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">Container and orchestration technologies have brought new standard interfaces to the way applications are built, deployed, and operated. In this session, we’ll show how security, development, and operations teams can speak the common “language” of Kubernetes to operationalize security controls and risk management with greater precision, testability, and clarity than before. We’ll give a brief overview of key container and orchestration technologies and show how to put specific features to work for better security, with live examples.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Cybersecurity Education: Inside and Out</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Jessica Rooney &amp; Owen Parkins</div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">Cybersecurity is a developing field that is difficult to learn and even more difficult to teach. This talk describes the challenges of learning various aspects of cybersecurity and of teaching it from the perspective of cybersecurity-focused college seniors. The speakers provide unique perspectives on the state of cybersecurity education in universities, and how this education is helping and hindering students in preparation for the workforce.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">DSLAMing: Testing WAN Services on DSL Modems</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Nicholas Starke</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/nstarke" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">IoT Testing, particularly for consumer grade networking devices, can be difficult when the device doesn't use 802.11 or RJ45 for IP traffic.  Take for example the DSL Modem: one of the most commonly deployed networking devices for home users.  A typical DSL Modem will have one or more RJ45 LAN ports, but testing the WAN port proves problematic: most DSL Modems use RJ14 ports for the WAN!  Enter the DSLAM.  The DSLAM is the head end unit for DSL Modems.  We'll talk about the underlying technologies used in communicating with the head end system (DSLAM) as well as how you can source, setup, and successfully test WAN services on a DSL modem using a DSLAM. We'll also talk about why you might want to do this and what you might find.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Detasseling Docker and Other Kernel Related Protections</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Zach Giezen</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/cf_man" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">It's happened before and it will happen again: that one ancient business application that refuses to die. It's riddled with security holes and is so fragile that a strong gust of wind could take it down. I'll take three perspectives through moving that app into the micro-services climate. Builders, breakers and defenders each get tools and techniques on how this radically popular but 'equally ancient' technology can be their friend.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Fuzzing with AFL</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Dhiraj Mishra</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/mishradhiraj_" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">The talk focuses on fuzzing approach that can be used to uncover different types of vulnerabilities on open source project. It will also introduce the general idea and the approach to fuzz real-life targets using AFL.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Grapl - A Graph Analytics Platform for DFIR</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Colin O'Brien</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/insanitybit" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">Traditionally, detection has been performed on point anomalies - a log comes in, the log is analyzed, and a decision is made to alert based on that analysis. Similarly, investigations are based on searches over isolated events - an alert fires and you manually try to find related events based on ad-hoc queries. Grapl aims to move beyond individual events as the fundamental abstraction and focus instead on relationships. Logs are parsed into graph representations and merged into a master graph representing all actions occurring across your environments. This approach allows for relationship-based detections (ex: word isn't scary, and bash isn't scary, but word spawning bash is scary) and more efficient, ergonomic investigations. Grapl handles the work of turning logs into subgraphs, orchestrating signatures executing across the graph, and automatically scoping investigations through expansion of the graph. I hope to demonstrate the benefits of a Graph based approach to DFIR, and how Grapl can aid in that approach.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">HASSH it real good</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Ben Reardon</div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">Is that SSH client/server really what it says it is ? Now you can tell this and more - with HASSH!  Looking for signals in the initialization of encrypted communication channels is not a new concept. There are many examples of fingerprinting both unencrypted and encrypted protocols such as TLS. However somewhat surprisingly, no open source scalable fingerprinting method has been developed for one of our most common and relied upon encrypted protocols SSH&#8202;—&#8202;an integral component of the internet. Enter, the HASSH. HASSH is a network fingerprinting standard invented within the Detection Cloud team at Salesforce. It can be used to help identify specific Client and Server SSH implementations. These fingerprints can be easily stored, searched and shared in the form of a standard string of summary text, a hassh for the Client and hasshServer for the Server.  Gaining a greater insight into the observable nature of SSH clients and servers opens up a few really interesting possibilities. HASSH can highlight Deceptive implementations, Detect novel exfiltration attempts within the SSH negotiation packets themselves, baseline devices including IOT devices, make a passive assessment of patch levels of SSH servers and clients, and can easily detect anomalous SSH components in highly controlled well understood operational environments. Further to Detection uses, HASSH can also be built into the control pipeline as an active component.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">IPv6 Security, or... How Not to Deploy IPv6</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Mark Ciecior</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/mciecior" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                          <span class="speaker-icons">
                            <a href="https://www.linkedin.com/in/markciecior/" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="linkedin-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="linkedin-icon">LinkedIn icon</title>
                                <path d="M20.447 20.452h-3.554v-5.569c0-1.328-.027-3.037-1.852-3.037-1.853 0-2.136 1.445-2.136 2.939v5.667H9.351V9h3.414v1.561h.046c.477-.9 1.637-1.85 3.37-1.85 3.601 0 4.267 2.37 4.267 5.455v6.286zM5.337 7.433c-1.144 0-2.063-.926-2.063-2.065 0-1.138.92-2.063 2.063-2.063 1.14 0 2.064.925 2.064 2.063 0 1.139-.925 2.065-2.064 2.065zm1.782 13.019H3.555V9h3.564v11.452zM22.225 0H1.771C.792 0 0 .774 0 1.729v20.542C0 23.227.792 24 1.771 24h20.451C23.2 24 24 23.227 24 22.271V1.729C24 .774 23.2 0 22.222 0h.003z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">IPv6 has been the Next Big Thing for at least 20 years. Yet few organizations have deployed it since RFC 1883 was formalized in 1995. Or have they? Google has measured US IPv6 adoption at over 35%. Over 25% of the Alexa Top 1000 sites are IPv6-enabled. Chances are good you (and your users) have used IPv6 as well. Was your deployment planned? Did you address common vulnerabilities? Or do you just want to wreak havoc on your local IT guy? Come learn about the state of IPv6 security. All motivations are welcome.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">MacOS host monitoring - the open source way</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Michael George</div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">I will talk about a example piece of malware(Handbrake/Proton) and how you can use open source tooling detection tooling to do detection and light forensics. Since I will be talking about the handbrake malware, I will also be sharing some of the TTPs the malware used if you want to find this activity in your fleet.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">More Than Tor: Shining a Light on Different Corners of the Dark Web</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Benjamin Brown</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/ajnachakra" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">When the terms darknet or dark web are invoked it is almost always in reference to the Tor network, but what about the other extant darknet frameworks? A true understanding of the dark web would be impossible and misleading if it only included the Tor network. In this talk I will expand the field of view to include frameworks such as Freenet, I2P, and OpenBazaar. We’ll take a quick look at the origins and technical underpinnings of these darknets as well as their actors and offerings. I will also discuss the differentiators that set these networks apart from Tor and highlight why they too should be included in modeling our knowledge of the dark web. Audience members will walk away with a fuller understanding of the internet’s hidden corners, the goals of it’s users, and the technologies that help keep them in the dark.</div>
                    </div>

                    <div class="single-talk">
                      <div class="talk-title">Neurodiversity in the workplace</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Carla Raisler &amp; George Walker</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/KyCarla" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">Together, George and Carla work to bring neurodiversity awareness to the workplace and all around us.  Listen as two security professionals discuss how they’ve learned to communicate with people on and off the spectrum. A little bit funny, a little bit brutal, but all honest. George will explain what he hears when Carla skips from subject to subject, and Carla will talk about how she struggles not to finish George's sentences or dismiss something because she doesn't experience it the same way he does. In addition, both Carla and George will talk about the importance of diversity on our teams and throughout the InfoSec community.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Note from Underground: Compromised Credentials</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Brian C. Carter</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">'Notes from Underground:  Compromised Credentials' presents several novel use cases for collecting, enriching, and searching so-called dumps of stolen online accounts.  Although there are many commercial offerings and some free search tools, these tend to focus on the obvious use of stolen credentials to notify potential victims to change their account password.  Victim notification is an important use of the data but researchers can also benefit from collecting and analyzing all of the other relevant details such as IP addresses, user handles, password choice, dates, and sometimes information collected by malicious software.  The audience will see tools to parse, enrich, and format stolen data along with multiple ways to index it, search it, and visualize it.  The tools will be made available publicly at the time of the presentation using GitLab.  Although the presenter cannot give away the data in bulk, sources of compromised credentials will be shared.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">PCAP Feature Engineering for Machine Learning</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Heather Lawrence</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/infosecanon" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">Once signature-based methods of intrusion detection were considered fallible, we turned to machine learning to detect malicious traffic. Each machine learning algorithm is only as effective as the data its fed and the data points, also called features, used to train it. This talk will discuss feature engineering of network traffic in a pcap format including a discussion of recent research on features that can help detect malicious traffic when deep packet inspection capabilities are lost in TLS 1.3.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Python Obfucation and Evasion Techniques</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Nick Beede</div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">Python was designed for rapid development and ease of use which allows for complex tasks to be completed much faster than its counterparts. However, by nature of the language it can be reverse engineered much faster than a compiled language. This limits the language's potential to be used for developing malware and other nefarious tools. We have surveyed current obfuscation and anti-reversing techniques available to harden Python code. We propose that implementing the most advanced and effective obfuscation techniques currently requires too much effort for adversaries at this time, but that situation may rapidly change as frameworks and tools evolve. Our presentation will discuss obfuscation techniques currently seen in the wild and available to adversaries, as well as more advanced techniques that malware analysts should be prepared for in the future.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">SOC Transformation - From 3-Tier to Functional SOC</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Kevin Houle</div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">There are many ways to organize a Security Operations Center (SOC). Among the most pervasive models is the 3-tier SOC model. This talk explores one organization's journey to transform away from a 3-tier SOC model to a functional SOC model focused on Detection, Monitoring, and Response. Discussion includes reasons for making the change and lessons learned along the way.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Security of Industrial Control Systems: How IEC 62443 Can Help</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Alex Nicoll</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">The IEC 62443 series of standards describes a set of industrial control system security standards that apply to asset owners, system integrators, and product suppliers. There are substantial challenges in applying these standards to existing technologies, but adoption of these standards is beginning to be seen as table stakes by the discrete manufacturing and process communities. This talk will discuss a high level overview of the IEC 62443 series of standards, and some of the challenges in applying them to an industrial control environment. Specific focus will be placed on new initiatives in the industry as a result of a renewed focus on cybersecurity.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Self Care in a 24/7 World</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Justin Williams</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">This talk will focus on a period of my life where I was facing incredible burnout while working in IT while ignoring red flags.  It will then cover how I switched to Information Security, but apply the lessons learned from my past life in IT to avoid that same scenario from ever re-occurring.  The takeaway will be importance of self care.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Social Forensication: A Multidisciplinary Approach to Successful Social Engineering</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Joe Gray</div>
                        <div class="length">50 minutes</div>
                      </div>
                      <div class="abstract">This presentation outlines a new twist on an existing social engineering attack. In the past, we have worked on getting users to plug in USB devices to drop malicious documents and executables. While this attack sometimes proves our point, it is the tip of the iceberg that can be done. Enter Social Forensication. This is a two-pronged attack, consisting first of collecting a memory image for offsite offensive forensic analysis, the second being a rogue Wi-Fi access point attack. During this presentation, we will walk through the steps to perform each attack. Since defense is just as (if not more) important as the attack itself, we will also discuss mitigations (technical and procedural) and relevant windows detections for these attacks.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Stop talking about it? Mentoring the next generation</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">John Winger</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/kcgeek" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">Seems like all you read in the twitter verse and in the news is about the shortage of information security talent. This session will highlight personal experiences in mentoring the next generation of information security practicioners and give some options on how to get involved. It will also feature some positive outcomes from giving up some of your precious free time. This talk is for anyone who is sitting on the fence or wonders how they can make a difference.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">The Art and Science of Report Writing, or, How to present your penetration testing findings well</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Michael Born</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/Blu3gl0w13" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                          <span class="speaker-icons">
                            <a href="https://www.linkedin.com/in/michael-born-89080324/" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="linkedin-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="linkedin-icon">LinkedIn icon</title>
                                <path d="M20.447 20.452h-3.554v-5.569c0-1.328-.027-3.037-1.852-3.037-1.853 0-2.136 1.445-2.136 2.939v5.667H9.351V9h3.414v1.561h.046c.477-.9 1.637-1.85 3.37-1.85 3.601 0 4.267 2.37 4.267 5.455v6.286zM5.337 7.433c-1.144 0-2.063-.926-2.063-2.065 0-1.138.92-2.063 2.063-2.063 1.14 0 2.064.925 2.064 2.063 0 1.139-.925 2.065-2.064 2.065zm1.782 13.019H3.555V9h3.564v11.452zM22.225 0H1.771C.792 0 0 .774 0 1.729v20.542C0 23.227.792 24 1.771 24h20.451C23.2 24 24 23.227 24 22.271V1.729C24 .774 23.2 0 22.222 0h.003z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">Over the past 17 years, working in various industries including Airport Weather Observation, Broadcast Communication, Video Engineering and Technology, and finally Information Security, I've learned a thing or two about presenting information. Specifically, how to present a topic that could stir negative emotions, in a way that is non-threatening. I'm a firm believer in presenting penetration testing findings in a way that communicate their urgency without presenting the information using a harsh tone of voice in the writing. This talk will give you, the audience, some useful communication tips on presenting Penetration Testing Findings in a way that doesn't stir negative emotions from the recipient. Tips will include communication styles per personality type, and what I call danger terms, which are words that have a harsh tone when presented in findings, along with alternative words that communicate more effectively.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">The Power of Physical Access</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Ian Trent</div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">With the glaring financial strain put on the video game industry by hackers, they were among the first private-sector industries to truly focus on security and push for keeping attackers out, but in the face of physical access all their provisions, and yours, are razed in the blink of an eye by adversaries with little to no funding for the project. This will contain a brief history of DRM in the video game industry, how those measures have failed, and why they ultimately always will with an inspection of the Nintendo Switch modding community and the devastating capabilities developed there less than 2 years from the launch date.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">Under the Unfluence: The Dark Side of Influence</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Ron Woerner</div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">Unfluence is the negative side of influence. It’s a common form of manipulation used to trick people into giving up their access or information. In this talk, the speaker demonstrates principles of influence and psychology and how black hat hackers use them on their victims. You need to identify and stop them before you, your clients, and your employees under their unfluence. Learn how here.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">WTF, 2FA!? - Y U No Protect Me?</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Christine Seeman</div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">An exploration of two factor authentication from a developers prospective, and why it is so hard to find two factor implementation best practices. Attendees will come out of this talk learning some trials and tribulations of a real life implementation of two factor authentication, why the sms based authentication is by far the least secure, and why two factor is not the security bandage that it is billed to be.</div>
                    </div>
                    <div class="single-talk">
                      <div class="talk-title">What's a Ghidra, and why should you care?</div>
                      <div class="talk-sub-title">
                        <div class="speaker-name">Chris Eagle</div>
                        <div class="speaker-icon-bar">
                          <span class="speaker-icons">
                            <a href="https://twitter.com/sk3wl" target="_blank" rel="noopener noreferrer">
                              <svg class="speaker-icons" aria-labelledby="twitter-icon" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                <title id="twitter-icon">Twitter icon</title>
                                <path d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path>
                              </svg>
                            </a>
                          </span>
                        </div>
                        <div class="length">20 minutes</div>
                      </div>
                      <div class="abstract">The NSA recently announced that they will be releasing one of their in-house  reverse engineering tools, named GHIDRA, to the public on March 5th at RSA USA 2019 (https://bit.ly/2sO1GBt). GHIDRA is a disassembler with a feature set similar to  that of IDA Pro. In this talk we will highlight GHIDRA's feature set, compare and contrast it with IDA Pro, point out some of its strengths and weaknesses, all in an attempt to help you decide whether GHIDRA or worth adopting for your  reverse engineering needs.</div>
                    </div>
                  </span>
                </div>




            </li>
            
            <li class="sky-tab-content-2">
              <div class="typography">
                <div class="schedule-tabs">
                  <div class="grid-wrapper-friday">
                    <div class="schedule both-tracks">Tentative Friday Speaking Schedule</div>
                    <div class="track">Bat of Doom</div>
                    <div class="track">Terrified Chipmunk</div>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">0730</span><span>Registration Open</span></div>
                    </a>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">0850</span><span>Opening Remarks</span></div>
                    </a>
                    <a class="both-tracks" href="#keynotefri">
                      <div class="box"><span class="talk-time">0900</span><span>Keynote: Dave Kennedy</span></div>
                    </a>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">1000</span><span>Break (15 min room switch)</span></div>
                    </a>
                    <a href="#dslam">
                      <div class="box"><span class="talk-time">1015</span><span>DSLAM: Testing WAN Services on DSL Modems - Nicholas Starke</span></div>
                    </a>
                    <a href="#darkweb">
                      <div class="box"><span class="talk-time">1015</span><span>More Than Tor: Shining a Light on Different Corners of the Dark Web - Ben Brown</span></div>
                    </a>
                    <a href="#devsecops">
                      <div class="box"><span class="talk-time">1115</span><span>Automating Secure Development: Practical SecDevOps - Rob Temple</span></div>
                    </a>
                    <a href="#reports">
                      <div class="box"><span class="talk-time">1115</span><span>The Art and Science of Report Writing - Michael Born</span></div>
                    </a>
                    <a href="#2fa">
                      <div class="box"><span class="talk-time">1135</span><span>WTF, 2FA!? Y U No Protect Me? - Christine Seeman</span></div>
                    </a>
                    <a href="#unfluence">
                      <div class="box"><span class="talk-time">1135</span><span>Under the Unfluence: The Dark Side of Influence - Ron Woerner</span></div>
                    </a>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">1155</span><span>Break for Lunch</span></div>
                    </a>
                    <a href="#chipsec">
                      <div class="box"><span class="talk-time">1300</span><span>Chip-level vulnerability assessment using CHIPSEC and LuvOS - Jeffrey Struik</span></div>
                    </a>
                    <a href="#selfcare">
                      <div class="box"><span class="talk-time">1300</span><span>Self Care in a 24/7 World - Justin Williams</span></div>
                    </a>
                    <a href="#iec">
                      <div class="box"><span class="talk-time">1400</span><span>Security of Industrial Control Systems: How IEC 62443 Can Help - Alex Nicoll</span></div>
                    </a>
                    <a href="#rtlsdr">
                      <div class="box"><span class="talk-time">1400</span><span>Basics of Radio Hacking with RTL-SDR - Gus Gorman</span></div>
                    </a>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">1500</span><span>Break</span></div>
                    </a>
                    <a href="#python">
                      <div class="box"><span class="talk-time">1520</span><span>Python Obfuscation and Evasion Techniques - Nick Beede</span></div>
                    </a>
                    <a href="#edu">
                      <div class="box"><span class="talk-time">1520</span><span>Cybersecurity Education: Inside and Out - Owen Parkins &amp; Jessica Rooney</span></div>
                    </a>
                    <a href="#soc">
                      <div class="box"><span class="talk-time">1540</span><span>SOC Transformation - From 3-Tier to Functional - Kevin Houle</span></div>
                    </a>
                    <a href="#mentor">
                      <div class="box"><span class="talk-time">1540</span><span>Stop talking about it? Mentoring the next generation - John Winger</span></div>
                    </a>
                    <a href="#bushwacking">
                      <div class="box"><span class="talk-time">1600</span><span>Bushwacking your way around a bootloader - .bx</span></div>
                    </a>
                    <a href="#ptvsrt">
                      <div class="box"><span class="talk-time">1600</span><span>Pen Testing VS Red Teaming and how to get more from your pen test reports - Sampson Chandler</span></div>
                    </a>
                    <a href="#research">
                      <div class="box"><span class="talk-time">1700</span><span>An Overview of hard research problems in Computer Security; Something of a Historical Perspective - Blaine Burnham</span></div>
                    </a>
                    <a href="#neuro">
                      <div class="box"><span class="talk-time">1700</span><span>Neurodiversity in the Workplace - Carla Raisler &amp; George Walker</span></div>
                    </a>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">1800</span><span>Break for Dinner</span></div>
                    </a>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">1900</span><span>Kernel Panic Party</span></div>
                    </a>
                  </div>
                </div>

                <div class="schedule-tabs">
                  <div class="grid-wrapper-saturday">
                    <div class="schedule both-tracks">Tentative Saturday Speaking Schedule</div>
                    <div class="track">Bat of Doom</div>
                    <div class="track">Terrified Chipmunk</div>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">0730</span><span>Registration Open</span></div>
                    </a>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">0850</span><span>Opening Remarks</span></div>
                    </a>
                    <a class="both-tracks" href="#keynotesat">
                      <div class="box"><span class="talk-time">0900</span><span>Keynote: Dan Tentler (Viss)</span></div>
                    </a>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">1000</span><span>Break (15 min room switch)</span></div>
                    </a>
                    <a href="#mlfundamentals">
                      <div class="box"><span class="talk-time">1015</span><span>Building Security That Thinks - Machine Learning Fundamentals for Cybersecurity Professionals - Chris Morales</span></div>
                    </a>
                    <a href="#grapl">
                      <div class="box"><span class="talk-time">1015</span><span>Grapl - A Graph Analytics Platform for DFIR - Colin O'Brien</span></div>
                    </a>
                    <a href="#hassh">
                      <div class="box"><span class="talk-time">1115</span><span>HASSH It Real Good - Robert Danford</span></div>
                    </a>
                    <a href="#macos">
                      <div class="box"><span class="talk-time">1115</span><span>MacOS host monitoring - the open source way - Michael George</span></div>
                    </a>
                    <a href="#physical">
                      <div class="box"><span class="talk-time">1135</span><span>The Power of Physical Access - Ian Trent</span></div>
                    </a>
                    <a href="#bec">
                      <div class="box"><span class="talk-time">1135</span><span>Business Email Compromise (BEC) - The Effective Evolution of Nigerian Fraud Schemes - Jake Foiles</span></div>
                    </a>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">1155</span><span>Break for Lunch</span></div>
                    </a>
                    <a href="#docker">
                      <div class="box"><span class="talk-time">1300</span><span>Detasseling Docker and Other Kernel Related Protections - Zach Giezen</span></div>
                    </a>
                    <a href="#ipv6">
                      <div class="box"><span class="talk-time">1300</span><span>IPv6 Security, or... How Not to Deploy IPv6 - Mark Ciecior</span></div>
                    </a>
                    <a href="#appsec">
                      <div class="box"><span class="talk-time">1400</span><span>Building an Application Security Program from Scratch - Doug Swartz</span></div>
                    </a>
                    <a href="#playbook">
                      <div class="box"><span class="talk-time">1400</span><span>Building Security Playbooks 101 - Lior Kolnik</span></div>
                    </a>
                    <a class="both-tracks">
                      <div class="box"><span class="talk-time">1500</span><span>Break</span></div>
                    </a>
                    <a class="eagle" href="#ghidra">
                      <div class="box"><span class="talk-time">1520</span><span>What's a Ghidra, and why should you care? - Chris Eagle</span></div>
                    </a>
                    <a href="#pcapml">
                      <div class="box"><span class="talk-time">1520</span><span>PCAP Feature Engineering for Machine Learning - Heather Lawrence</span></div>
                    </a>
                    <a href="#ctfnot">
                      <div class="box"><span class="talk-time">1540</span><span>Capture the Flag != Pentest (and other Hackworthy shenanigans) - Mark Bayley</span></div>
                    </a>
                    <a href="#creds">
                      <div class="box"><span class="talk-time">1600</span><span>Notes from Underground - Compromised Credentials - Brian Carter</span></div>
                    </a>
                    <a href="#badge">
                      <div class="box"><span class="talk-time">1600</span><span>Building the badge - How you can make small, cheap, and custom hardware for function or fashion - James Dietle</span></div>
                    </a>
                    <a href="#socialforensication">
                      <div class="box"><span class="talk-time">1700</span><span>Social Forensication: A Multidisciplinary Approach to Successful Social Engineering - Joe Gray</span></div>
                    </a>
                    <a>
                      <div class="box"><span class="talk-time">1700</span><span>Own the Con - Kernelcon Crew</span></div>
                    </a>
                    <a>
                      <div class=""><span class="talk-time"></span><span></span></div>
                    </a>
                    <a>
                      <div class="box"><span class="talk-time">1800</span><span>Closing Ceremony and Awards</span></div>
                    </a>
                  </div>
                </div>

              </div>
            </li>
          </ul>
        </div>
      </div>
    </div>
  </body>
</html>