Loading…
CONFERENCE STATUS

All systems go.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, October 1
 

8:20am EDT

Welcome and Opening Remarks
Thursday October 1, 2020 8:20am - 8:30am EDT
Room A

8:30am EDT

Keynote Speaker - Karen Evans. CIO - Department of Homeland Security
As CIO, Ms. Evans is responsible for strategically aligning the Department’s Information Technology (IT) personnel resources and assets, including security, infrastructure, and delivery, to support core DHS missions and activities.
Ms. Evans previously served as the first Assistant Secretary for Cybersecurity, Energy Security and Emergency Response for the U.S. Department of Energy (DOE). She was sworn in on August 28, 2018, and provided strategic direction, leadership and management to address emerging threats while improving energy infrastructure security and supporting the DOE national security mission.
Prior to being named Assistant Secretary at DOE, Ms. Evans was the national director of the U.S. Cyber Challenge, a public-private partnership focused on building the cyber workforce. She served on the Trump Transition and Landing Teams to develop the management agenda addressing technology initiatives government wide.
Ms. Evans served as the Administrator for the Office of Electronic Government and Information Technology at the Office of Management and Budget (OMB) during the George W. Bush administration. At OMB, she oversaw nearly $71 billion in annual IT funds, including implementation of IT throughout the federal government. Previously, she served as the CIO for DOE and at the director level with both the U.S. Department of Justice and the Farmers Home Administration.
Ms. Evans holds a Master of Business Administration, a Master of Arts Public History certificate, and a Bachelor of Arts in chemistry from West Virginia University.

Speakers
KE

Karen Evans

Chief Information Offcer, Department of Homeland Security



Thursday October 1, 2020 8:30am - 9:30am EDT
Room A

9:45am EDT

Founders Award
VASCAN members may also nominate a colleague for the 2020 VASCAN Founders Award.  The award is given annually to an information security professional, manager or auditor in recognition of their special efforts to strenthen information security programs in the Commonwealth of Virginia.  If you know someone who might qualify, please review details about the award and submit a nomination form.

Thursday October 1, 2020 9:45am - 10:15am EDT
Room A

10:30am EDT

10:30am EDT

Blockchain, Cryptocurrencies, and Other Applications - Daniel Shin, Esq. - William & Mary
This lecture provides an overview of Blockchain technology and how Cryptocurrencies work. The lecture will also highlight other applications of Blockchain beyond supporting financial systems. Finally, the lecture will review the general benefits and costs of integrating Blockchain technology into a system. This lecture does not require any prior technical, financial, or legal knowledge. Audience members are encouraged to ask questions throughout the lecture!

Thursday October 1, 2020 10:30am - 11:30am EDT
Room B

10:30am EDT

Store It, Destroy It, OR Scan IT: The Impact of COVID-19 Working Remotely on a Paperless Office at ODU - Mark Walsh - Old Dominion University
The teleworking arrangements for all but essential faculty and staff has separated the workforce from physical records for an extended period of time.  The question of the necessity of maintaining physical public records rather than imaged digital versions becomes more important than ever.  Yet with reduced resources, caution must be used in determining appropriate candidates for conversion into an electronic data format.  Additional care must be exercised when the reformatting involves regulated data with significant security considerations.  This presentation will examine how ODU intends to deal with those physical records which are no longer required for business purposes, and those which have active value in daily transactions , risk management and compliance.  Following legislation, policy, standards and procedures has never been more important.

Thursday October 1, 2020 10:30am - 11:30am EDT
Room C

11:45am EDT

Phishing Education: Training our community to better spot and report phishing - Jordon Maidman - American University
The purpose of this presentation is to discuss the process by which we got buy-in for our phishing education program from the university cabinet, changes in our click and reporting numbers, problems and conflicts that we ran into, and how it has affected our annual penetration test, including getting their domains delisted/blacklisted as per our standard phishing procedure.

Thursday October 1, 2020 11:45am - 12:45pm EDT
Room A

11:45am EDT

11:45am EDT

Remote Work Business Process Security BoF - Doug Streit, CISO - Old Dominion University
The rapid move to remote work brought to the surface several scenarios that were on the books to address "some day".  This Birds of a Feather will feature some scenarios encountered at ODU -- from new Telehealth clinics, to printers being brought home, to secure internal file sharing, to an entire COVID back-to-campus project establishing testing and monitoring for faculty, staff and students, as well as provide ample dialogue and collaboration on how to tackle the challenging scenarios faced.  Join this lively discussion, where the rubber meets the road, and you will not be disappointed.

Thursday October 1, 2020 11:45am - 12:45pm EDT
Room C

12:45pm EDT

BREAK
BREAK

Thursday October 1, 2020 12:45pm - 1:45pm EDT

2:00pm EDT

Ransomware: Real World Guidance and Best Practices - Benjamin Woolsey, Sr. Manager - FireEye Mandiant
This is a two part briefing, with both sections heavily influenced by the lessons our teams have learned in the field. The first section is a synopsis of the Ransomware threat and how it is evolving. The second section dives into recommendations on how to best prepare your organization to defend itself. 

Thursday October 1, 2020 2:00pm - 3:00pm EDT
Room A

2:00pm EDT

Leveraging IPv6 and Kerberos to Pwn Your Windows Environment in 15 Minutes - Nick Berrie - Assura
During a recent penetration testing engagement I was running out of ideas when it came to getting into the target’s active directory. The usual stuff wasn’t working – traditional NTLM relaying with responder, privilege escalation within compromised devices, passing the hash, etc. That’s when I remembered working with an IPv6 DNS spoofing tool during a lab some time ago where I was able to chain a series of vulnerabilities together to get domain admin. I figured it was worth a shot. This proposal is an overview of that attack chain, why it is likely present in most environments, and what we as security practitioners can do to prevent it.
What I will discuss:
•Starting with Windows Server 2008/Windows7, Microsoft has IPv6 enabled by default. IPv6 is also the preferred protocol over IPv4 meaning all DNS queries go there first.
•To prevent traditional Windows Proxy Auto Detection (WPAD) abuse Microsoft implemented a mitigation in MS16-077 that prevents any device other than the DNS server from providing the WPAD.dat file to clients. Microsoft also prevents clients from automatically authenticating against NTLM requests with this patch.
•HTTP response code 407 “Proxy Authentication” elicits an NTLM authentication response by most modern browsers.
•By spoofing ourselves as the IPv6 DNS Server, proxying traffic through the attacking device, and then serving a 407 “Proxy Authentication” response to the victim we can successfully relay NTLM credentials in an otherwise secure environment.
Beyond explaining the above attack I will explain how this can be leveraged with inherent Kerberos vulnerabilities to create the perfect storm – Domain Admin within 15 minutes.
After explaining the attack I will explain root-causes and the mitigations for such attacks.

Thursday October 1, 2020 2:00pm - 3:00pm EDT
Room B

2:00pm EDT

Securing the Un-Securable - David Balcar, Carbon Black - VMWare Carbon Black
Close your basement door, grab some popcorn, and hear about real world security issues facing your institutions, faculty, and students especially in these intense work from home days but also the attack vectors causing the greatest harm. How quickly could your organization be breached? How you could help? Please join our special guest, David Balcar a globally recognized security professional, as he will share with you real world experience in the world of cyber security and remember kids “Security never takes a holiday.” (Oh feel free to tweet!)

I. Funny Pics
II. Talk about what is really going on out there
III. Transforming from Legacy to modern security
IV. Talk about IoT, workload and sophisticated APT's attacks... I am looking at you Kim!
V. False Flags? This is not your average flag football game
VI. More funny pics
VII. End!

Thursday October 1, 2020 2:00pm - 3:00pm EDT
Room C

3:15pm EDT

Expanding the Perimeter: Supporting and Securing Remote Endpoints - Mark DeDomenic, Assistant ISO and Brian Klotz, Manager, Desktop Support Group - Old Dominion University
As institutions have shifted their faculty and staff to full-time remote work, IT teams have struggled to maintain a similar level of security controls on endpoints that no longer consistently connect to campus networks.  Utilizing cloud-based management tools for endpoint security, VPN border control and device management, ODU has lowered the risks of an increasingly off-premises workforce and developed a strategy towards further assuring compliance in the future.  This session will provide an overview of our approach and the direction we are heading using tools such as Microsoft Intune, JAMF, VPN, and CrowdStrike.

Thursday October 1, 2020 3:15pm - 4:15pm EDT
Room A

3:15pm EDT

Scaling Configuration Management with Ansible and GitLab - Mathew Thomas, Information Security Engineer and Backup ISO - Radford University
Configuration Management for Radford University started with Ansible playbooks written and deployed from a single employee's workstation. Playbooks to configure and harden server images, install agents like CrowdStrike and Splunk Universal Forwarder, configure SNMP monitoring, and more! This presentation will cover the challenges of maintaining and sharing these reusable playbooks across multiple teams and departments.

Thursday October 1, 2020 3:15pm - 4:15pm EDT
Room B

3:15pm EDT

Your data is secure, now what? A Privacy Officer perspective for data guardians. - Josephine Wiley, Executive Director of Legal Services and Compliance/HIPAA Privacy Officer - Eastern Virginia Medical School
If you have been “voluntold” that you are responsible for protecting health data, it is important to understand how the enduring legacy of HIPAA has shaped dataspeak and created expectations that go beyond network security.

Thursday October 1, 2020 3:15pm - 4:15pm EDT
Room C

4:30pm EDT

Scanning before Pressing Play - Phil Fenstermacher, Linux Engineer - William & Mary
Security scanning as a black box doesn't always tell the whole story. With more infrastructure managed as code, and more software is run in containers, we have more opportunities to scan, typically before we even start things up. This session will give a brief survey of some of the (free) tools that can make scanning easier, and then let's talk about what can be done with all of the new information we can collect.

Thursday October 1, 2020 4:30pm - 5:30pm EDT
Room A

4:30pm EDT

Security Collaboration Workshop Two - Philip Kobezak, Associate Director of University Information Security Initiatives - Virginia Tech
As part of the Collaborative IT Security Partnership for Virginia Higher Education, we will continue our discussion  from last year's workshop.  The goals of the this workshop are to: identify initial proposed services, determine how we can pilot one or more services, get additional buy-in, and determine how we can utilize VASCAN governance.  We would also like to look at how shared security services may benefit us given our current environments (remote work due to COVID).


Thursday October 1, 2020 4:30pm - 5:30pm EDT
Room B

4:30pm EDT

Compliance in the Time of COVID - Cory Brant, Sr. Compliance Analyst - University of Virginia
Join UVA’s InfoSec Compliance team in a guided forum discussion on the challenges of meeting compliance needs in research and operational objectives in this new, COVID world.

Thursday October 1, 2020 4:30pm - 5:30pm EDT
 
Friday, October 2
 

8:30am EDT

Active Defenses - John Strand - Black Hills Information Security
This free class will be about 4-hours long with hands-on labs. It's the first half of the first day of the training class normally taught at Wild West Hackin' Fest.

Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.

In this class, you will learn how to force an attacker to take more moves to attack your network. These moves may increase your ability to detect them. You will learn how to gain better attribution as to who is attacking you and why. You will also find out how to get access to a bad guy's system. And most importantly, you will find out how to do the above legally.

The current threat landscape is shifting. Traditional defenses are failing us. We need to develop new strategies to defend ourselves. Even more importantly, we need to better understand who is attacking us and why. Some of the things we talk about you may implement immediately, others may take you a while to implement. Either way, consider what we discuss as a collection of tools at your disposal when you need them to annoy attackers, attribute who is attacking you and, finally, attack the attackers.

This class is based on the DARPA funded Active Defense Harbinger Distribution live Linux environment. This VM is built from the ground up for defenders to quickly implement Active Defenses in their environments. This class is also very heavy with hands-on labs. We will not just talk about Active Defenses. We will be doing hands-on labs and through them in a way that can be quickly and easily implemented in your environment.

Speakers
JS

John Strand

Black Hills Information Security



Friday October 2, 2020 8:30am - 12:30pm EDT
Room A