Art into Science - 2020

A Conference for Defense

ACoD 2020 Draft Agenda


Draft 2020 Agenda

Now as official as it gets.  Still risky to depend on it.

Last update: 13 Jan 2020  22:10 UTC

Note: All presentations are alloted a maximum of 20 minutes for speaking and a maximum of 10 minutes for setup and transition. Track chairs may modify the schedules and shorten transistion times as required.

Operations Track, Mike Johnson Chair

Date Time Authors Paper
Tuesday 12:00 PM TBD Intro and Ground Rules
Tuesday 12:15 PM Burbage, Paul K* Beaconing Malware Adversaries
Tuesday 12:45 PM Amini, Pedram* Worm Charming: Harvesting Malware Lures for Fun and Profit
Tuesday 1:15 PM McDonald, Rob*;
Siglar, Chad
Self-Protecting Data – A new toolkit for secure sharing with persistent control
Tuesday 1:45 PM Wright, Jordan*; McNiece, Matt; Mooney, Nick Don’t Let Secrets Git Away: How to Monitor GitHub for Secret Leakage
Tuesday 2:45 PM Owens, Cedric* Post Infection Analysis on macOS Hosts
Tuesday 3:15 PM BREAK BREAK
Tuesday 3:30 PM Nunnally, RJ*; Althouse. John Using active TLS fingerprinting to identify C2 servers.
Tuesday 4:00 PM Wilbanks, Joel* SOC Analyst Mindset – Using Models and Structure Analysis
Tuesday 4:30 PM Bort, Bryson*; Orchilles, Jorge The C2 Matrix
Tuesday 5:00 PM Bannat Wala, Fatema* “Off label” use of DNS – Interesting things to know about DNS!
Tuesday 5:30 PM TBD WRAP
Wednesday 9:00 AM TBD Day 2 Start
Wednesday 9:15 AM Lakhotia, Arun* Machine Learning for Malware Analysis, Revisited
Wednesday 9:45 AM Steindler, Zachary* Learn Cloud Security by Doing, Without Risking the Business
Wednesday 10:15 AM Althouse, John*; Yu, Caleb Detection and Fingerprinting on Google’s QUIC Protocol
Wednesday 10:45 AM BREAK BREAK
Wednesday 11:00 AM Case, Andrew* Volatility 3 Public Beta: A Peek into the Future of Memory Forensics
Wednesday 11:30 AM Frazier, Tim Cops and Robbers: Simulating Adversary Techniques for Detection Validation
Wednesday 12:00 PM LUNCH LUNCH
Wednesday 1:00 PM Bannat Wala, Fatema* KYD – Know Your Devices, a method for profiling devices using DHCP
Wednesday 1:30 PM Duncan, Brad* Ursnif malspam and infection traffic
Wednesday 2:00 PM Hernandez, Jose E*; Soto, Rod A Unified Data Model for Cloud Security
Wednesday 2:30 PM Rickerd, Jacob* Democratizing Chrome Extension Security
Wednesday 3:00 PM BREAK BREAK
Wednesday 3:30 PM Burrows, Christian*; Blackmore, Ashley Regain control, standardize, and level up your alerting pipeline
Wednesday 4:00 PM Stear, Kevin*; Soto, Ellie Credpocalypse Cometh?
Wednesday 4:30 PM Chalupowski, Lilly* Finders Keepers (KPot Stealers) & Operation Lawyer Loot
Wednesday 5:15 PM TBD WRAP
Thursday 9:00 AM TBD Day 3 Start
Thursday 9:15 AM Zadeh, Joseph*; Soto, Rod Shining a light in the Shadows: Data Driven Techniques for DeObfuscating Evil on the DeepWeb
Thursday 9:45 AM Greenhagen , Rhett * Building Art from Noisy Data: Why Noise Is Important
Thursday 10:15 AM Gardner, Philip*; Chamoro, Derek A Novel SIEM Solution That Doesn’t Cost an Arm and a Leg
Thursday 10:45 AM BREAK BREAK
Thursday 11:00 AM Crisler, Vincent*; DiGeroLamo, John Attacking the Gatekeepers
Thursday 11:30 AM Bowling, Jesse* STINGAR: Lessons Learned a Year In
Thursday 12:00 PM LUNCH LUNCH
Thursday 1:00 PM Borland, Justin*; Heise, David B Cyber Saucier – Automating Deobfuscation en masse in near real time
Thursday 1:30 PM Fry, Chris* Criminals Hate This One Weird Trick – Operationalizing Threat Intelligence
Thursday 2:00 PM Roytman, Michael* Intelligent Threat Intelligence
Thursday 2:30 PM Smith, Peter*; Seshadri, Nagraj Mitigating attacks against cloud metadata services (learning from the Capital One-AWS breach)
Thursday 3:00 PM BREAK BREAK
Thursday 3:30 PM Ragan, Rob*; Salazar, Oscar Expose Yourself Without Insecurity
Thursday 4:00 PM Lee, David K* Is your Cyber Threat Intelligence really driving your SOC?
Thursday 5:00 PM TBD WRAP

Philosophy Track, Sounil Yu Chair

Time Authors Paper
Tue 1/14/2020 12:00 TBD (joint tracks) Intro and Ground Rules
Tue 1/14/2020 12:15 Evron, Gadi* A Framework for Engaging in Superbug Eventuality Conflicts (SBEC’s)
Tue 1/14/2020 12:50 Schwalbe, Daniel F* Don’t Cross The Streams”: The battle over the DNS Control-Plane
Tue 1/14/2020 13:25 MacVarish, Rich* Russian Subversion Series: Active Measures – What’s old is new again
Tue 1/14/2020 14:00 Givens, Chandler Alternative and responsible use of security data
Tue 1/14/2020 14:35 Spring, Jonathan*; Manion, Art; Householder, Allen Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization
Tue 1/14/2020 15:10 Ross, Guillaume K* Reliability as a Liability: When something breaking can save us
Tue 1/14/2020 15:45 Liston, Kevin* GEOINT in Distrupting Cyber-Fraud
Tue 1/14/2020 16:20 Bambenek, John* The Difficulties in Cybersecurity Machine Learning
Tue 1/14/2020 16:55 Engler, Maggie* The State of Authentication: A Census-Representative Survey
Wed 1/15/2020 9:00 Evron, Gadi* Building Defensive Mechanisms For Engaging With Disinformation And “Fake News” in the Digital Age
Wed 1/15/2020 9:35 Lin, William* Real-World Applications of the Cyber Defense Matrix
Wed 1/15/2020 10:10 Millar, Thomas* EthicsfIRST: A Step Towards Professionalizing THIRSTy Work
Wed 1/15/2020 10:45 MacVarish, Rich* Russian Subversion Series: Reflexive Control – Perception is not reality… until it is
Wed 1/15/2020 11:20 Martinez, Rick* Open the Gates: Talking Security in your Organization
Wed 1/15/2020 12:00 All Lunch
Wed 1/15/2020 13:00 Pargman, Randy J*; Levene, Brandon Being Dangerous to Threat Actors: Working Together Consequentially
Wed 1/15/2020 13:35 Murray, Michael* Beyond the Operating System – Adventures in Healthcare Security
Wed 1/15/2020 14:10 Duksta, John* Guerrilla GRC: Let’s streamline vendor assessments
Wed 1/15/2020 15:00 All Refinement of presented ideas
Thu 1/16/2020 9:00 All Refinement of presented ideas
Thu 1/16/2020 13:00 All Presentation of refinements

Special thanks to our sponsors:
Cythereal, Dell, duo, EA Security, Farsight Security,
SpyCloud, TachTech, Verisign