Vertek attends annual Shmoocon Cybersecurity Convention in Washington, D.C.
by Vertek Labs
January 20-22, 2023
ShmooCon is an annual Cybersecurity Convention located in Washington D.C. Attending industry recognized Security Conferences offer a tremendous learning opportunity for our team. Every year Shmoocon offers numerous presentations of technology exploitation, software and hardware solutions, and open discussions of critical infosec issues across so many different facets of Cybersecurity. This year was no different! Our team is constantly learning, adapting and pushing the edge with security to stay ahead of the ever evolving threat landscape.
Among the many talk tracks of this year’s conference, there were several standout presentations that brought up important points for Blue Teams.
How to Save Your SOC from Stagnation
Presented by Carson Zimmerman
Carson’s presentation highlights many of the pain points that SOCs around the world experience and steps that SOCs can take to alleviate them. Carson lays out 7 critical processes that SOC’s of any size or age can leverage to empower analysts.
Les Miserable Persistence: Hunting Through Scheduled Tasks
Presented by Brandon DeVault
Did you know that a standard build of Windows 10 or 11 contains about 150 scheduled tasks (of which, about 40 are hidden) by default? Brandon’s presentation highlights some methods of threat hunting for malicious persistence by an adversary through anomalous scheduled tasks using powershell. Brandon also pointed out some pitfalls, struggles, and how to overcome those challenges.
Riverside: A Network Security Visualization Tool
Presented by Kaitlyn DeValk
Kaitlyn’s presentation highlighted the Riverside tool that she developed as part of her master’s thesis to visualize live traffic among hosts. The tool has a lot of potential and Kaitlyn’s presentation makes a point that not only is an event perspective important in dealing with cyber incidents but so is having an anomaly perspective.
Putting on a Big Show: Defending by Attacking Attacker Incentives
Presented by Jacob Torrey
Jacob’s presentation highlighted the importance of understanding attacker incentives and using deception against attackers as a means of reducing an attacker’s incentive to target your organization. Blue teams can weaponize OSINT in their favor and use overt deception against would be attackers to make them doubt the value of any data they might get from your organization should they attack and succeed.
From the Keyboards, Through the Walls, Got Implant Shells for Y’all
Presented by Jonathan Fischer
Jonathan presents on the use of keyboard implants using RF to bypass a blue team’s EDR and other detection tools. Jonathan’s presentation is a great example in the atypical lengths that attackers may go to in the pursuit of their goals. It also shows that blue teams need to be aware of their organization’s physical security as a way to defend against these types of physical attacks.
We look forward to attending other great events throughout 2023!
More information on these and other presentations and their presenters can be found on Shmoocon’s website: https://shmoocon.org/speakers/
Vertek Attendees (left to right): Derrick Farmer, Adora McGrady, and Jordan Suprenant
November 14, 2022