Draft 2020 Agenda

Now as official as it gets.  Still risky to depend on it.

Last update: 13 Jan 2020  22:10 UTC

Note: All presentations are alloted a maximum of 20 minutes for speaking and a maximum of 10 minutes for setup and transition. Track chairs may modify the schedules and shorten transistion times as required.

Operations Track, Mike Johnson Chair

Date	Time	Authors	Paper
Tuesday	12:00 PM	TBD	Intro and Ground Rules
Tuesday	12:15 PM	Burbage, Paul K*	Beaconing Malware Adversaries
Tuesday	12:45 PM	Amini, Pedram*	Worm Charming: Harvesting Malware Lures for Fun and Profit
Tuesday	1:15 PM	McDonald, Rob*; Siglar, Chad	Self-Protecting Data – A new toolkit for secure sharing with persistent control
Tuesday	1:45 PM	Wright, Jordan*; McNiece, Matt; Mooney, Nick	Don’t Let Secrets Git Away: How to Monitor GitHub for Secret Leakage
Tuesday	2:45 PM	Owens, Cedric*	Post Infection Analysis on macOS Hosts
Tuesday	3:15 PM	BREAK	BREAK
Tuesday	3:30 PM	Nunnally, RJ*; Althouse. John	Using active TLS fingerprinting to identify C2 servers.
Tuesday	4:00 PM	Wilbanks, Joel*	SOC Analyst Mindset – Using Models and Structure Analysis
Tuesday	4:30 PM	Bort, Bryson*; Orchilles, Jorge	The C2 Matrix
Tuesday	5:00 PM	Bannat Wala, Fatema*	“Off label” use of DNS – Interesting things to know about DNS!
Tuesday	5:30 PM	TBD	WRAP
Wednesday	9:00 AM	TBD	Day 2 Start
Wednesday	9:15 AM	Lakhotia, Arun*	Machine Learning for Malware Analysis, Revisited
Wednesday	9:45 AM	Steindler, Zachary*	Learn Cloud Security by Doing, Without Risking the Business
Wednesday	10:15 AM	Althouse, John*; Yu, Caleb	Detection and Fingerprinting on Google’s QUIC Protocol
Wednesday	10:45 AM	BREAK	BREAK
Wednesday	11:00 AM	Case, Andrew*	Volatility 3 Public Beta: A Peek into the Future of Memory Forensics
Wednesday	11:30 AM	Frazier, Tim	Cops and Robbers: Simulating Adversary Techniques for Detection Validation
Wednesday	12:00 PM	LUNCH	LUNCH
Wednesday	1:00 PM	Bannat Wala, Fatema*	KYD – Know Your Devices, a method for profiling devices using DHCP
Wednesday	1:30 PM	Duncan, Brad*	Ursnif malspam and infection traffic
Wednesday	2:00 PM	Hernandez, Jose E*; Soto, Rod	A Unified Data Model for Cloud Security
Wednesday	2:30 PM	Rickerd, Jacob*	Democratizing Chrome Extension Security
Wednesday	3:00 PM	BREAK	BREAK
Wednesday	3:30 PM	Burrows, Christian*; Blackmore, Ashley	Regain control, standardize, and level up your alerting pipeline
Wednesday	4:00 PM	Stear, Kevin*; Soto, Ellie	Credpocalypse Cometh?
Wednesday	4:30 PM	Chalupowski, Lilly*	Finders Keepers (KPot Stealers) & Operation Lawyer Loot
Wednesday	5:15 PM	TBD	WRAP
Thursday	9:00 AM	TBD	Day 3 Start
Thursday	9:15 AM	Zadeh, Joseph*; Soto, Rod	Shining a light in the Shadows: Data Driven Techniques for DeObfuscating Evil on the DeepWeb
Thursday	9:45 AM	Greenhagen , Rhett *	Building Art from Noisy Data: Why Noise Is Important
Thursday	10:15 AM	Gardner, Philip*; Chamoro, Derek	A Novel SIEM Solution That Doesn’t Cost an Arm and a Leg
Thursday	10:45 AM	BREAK	BREAK
Thursday	11:00 AM	Crisler, Vincent*; DiGeroLamo, John	Attacking the Gatekeepers
Thursday	11:30 AM	Bowling, Jesse*	STINGAR: Lessons Learned a Year In
Thursday	12:00 PM	LUNCH	LUNCH
Thursday	1:00 PM	Borland, Justin*; Heise, David B	Cyber Saucier – Automating Deobfuscation en masse in near real time
Thursday	1:30 PM	Fry, Chris*	Criminals Hate This One Weird Trick – Operationalizing Threat Intelligence
Thursday	2:00 PM	Roytman, Michael*	Intelligent Threat Intelligence
Thursday	2:30 PM	Smith, Peter*; Seshadri, Nagraj	Mitigating attacks against cloud metadata services (learning from the Capital One-AWS breach)
Thursday	3:00 PM	BREAK	BREAK
Thursday	3:30 PM	Ragan, Rob*; Salazar, Oscar	Expose Yourself Without Insecurity
Thursday	4:00 PM	Lee, David K*	Is your Cyber Threat Intelligence really driving your SOC?
Thursday	4:30 PM	LIGHTNING TALKS	LIGHTNING TALKS
Thursday	5:00 PM	TBD	WRAP

Philosophy Track, Sounil Yu Chair

Time	Authors	Paper
Tue 1/14/2020 12:00	TBD (joint tracks)	Intro and Ground Rules
Tue 1/14/2020 12:15	Evron, Gadi*	A Framework for Engaging in Superbug Eventuality Conflicts (SBEC’s)
Tue 1/14/2020 12:50	Schwalbe, Daniel F*	Don’t Cross The Streams”: The battle over the DNS Control-Plane
Tue 1/14/2020 13:25	MacVarish, Rich*	Russian Subversion Series: Active Measures – What’s old is new again
Tue 1/14/2020 14:00	Givens, Chandler	Alternative and responsible use of security data
Tue 1/14/2020 14:35	Spring, Jonathan*; Manion, Art; Householder, Allen	Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization
Tue 1/14/2020 15:10	Ross, Guillaume K*	Reliability as a Liability: When something breaking can save us
Tue 1/14/2020 15:45	Liston, Kevin*	GEOINT in Distrupting Cyber-Fraud
Tue 1/14/2020 16:20	Bambenek, John*	The Difficulties in Cybersecurity Machine Learning
Tue 1/14/2020 16:55	Engler, Maggie*	The State of Authentication: A Census-Representative Survey
Wed 1/15/2020 9:00	Evron, Gadi*	Building Defensive Mechanisms For Engaging With Disinformation And “Fake News” in the Digital Age
Wed 1/15/2020 9:35	Lin, William*	Real-World Applications of the Cyber Defense Matrix
Wed 1/15/2020 10:10	Millar, Thomas*	EthicsfIRST: A Step Towards Professionalizing THIRSTy Work
Wed 1/15/2020 10:45	MacVarish, Rich*	Russian Subversion Series: Reflexive Control – Perception is not reality… until it is
Wed 1/15/2020 11:20	Martinez, Rick*	Open the Gates: Talking Security in your Organization
Wed 1/15/2020 12:00	All	Lunch
Wed 1/15/2020 13:00	Pargman, Randy J*; Levene, Brandon	Being Dangerous to Threat Actors: Working Together Consequentially
Wed 1/15/2020 13:35	Murray, Michael*	Beyond the Operating System – Adventures in Healthcare Security
Wed 1/15/2020 14:10	Duksta, John*	Guerrilla GRC: Let’s streamline vendor assessments
Wed 1/15/2020 15:00	All	Refinement of presented ideas
Thu 1/16/2020 9:00	All	Refinement of presented ideas
Thu 1/16/2020 13:00	All	Presentation of refinements

Special thanks to our sponsors:
Cythereal, Dell, duo, EA Security, Farsight Security,
Scope,
SpyCloud, TachTech, Verisign

.