Speakers, Bios, Sessions Title & Summary


Session Title: Hacker Panel

Speakers: Sn0w, Grifter, L34N

Speaker's Bios:

Stephanie “Snow” Carruthers is the Chief People Hacker on IBM’s X-Force Red global team. Since 2014, Stephanie has presented and taught at numerous security conferences and private events around the world. For fun, Stephanie has earned black badges for winning the Social Engineering Capture the Flag (SECTF) at DEF CON 22 and also “The Vault,” a physical security competition at SAINTCON 2017. Stephanie also enjoys traveling the world to see beautiful locations and meet new people, like Larry, who just let her into your data center.

Neil “Grifter” Wyler is currently a Senior Threat Hunting & Incident Response Specialist with RSA. He has spent over 18 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 16 years and a member of the Senior Staff at DEF CON for 18 years. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. In his free time, Neil keeps himself busy as a member of both the DEF CON, and Black Hat CFP Review Boards, the Black Hat Training Review Board, the founder of DC801, and founder of his local hackerspace, 801 Labs.

Kevin "L34N" Howard is a Senior Information Security Engineer for CompuNet Inc. with over 15 years of cybersecurity experience across many verticals including education, finance, health care, manufacturing and more. He holds a B.S. in Cybersecurity Information Risk & Assurance and his past roles have included incident response, threat intelligence, forensic analysis, security operations, security architecture and other "Cyber" titles. He currently sits on the Board of Trustees for the UtahSAINT organization serving as the membership committee chair and has been a SAINTCON conference committee member for 12 years. Kevin loves volunteering at other conferences such as the Black Hat, DEF CON, BSides, and OpenWest. His passions include wood working, DIY electronics, home automation, both versions of "Crypto", creating STEM projects for his daughters, and dreaming of being just like Grifter when he grows up.


Session Title: Auditing the Security of Browser-Based Password Generators

Session Summary: I audited over 300 browser-based password generators, inspecting the JavaScript source code in every single one. I compiled my results in a spreadsheet and found several factors that were common among the different password generators. This talk will focus on what I learned, what developers should be paying attention to when developing a browser-based password generator, as well as what I liked and didn't like in each of the generators. Armed with this knowledge, I'll show off a personal project showing what I learned and what I think password generators could look like.

Speaker: Aaron Toponce

Speaker's Bio: I am a Linux system administrator and security engineer for XMission, a local ISP based out of Salt Lake City. I have by B.S. in Mathematics and am finishing up my M.S. in Cybersecurity and Information Assurance. I study modern and classical cryptography as well as password application and theory. You can find me on Twitter @AaronToponce.


Session Title: Stop scrolling through a pcap looking for "red" and start analyzing

Session Summary: All too often when someone gets a pcap, they'll fire up Wireshark and then start aimlessly scrolling through it looking for bright red lines showing them what the problem is. Sadly, pcap analysis does not work this way. I will cover several topics including: filtering, identifying poor performance indicators, lining up multiple traces for analysis, file extraction, and other tips and tricks I've picked up along the way. This will be a live 'follow the leader' style session with pcap examples, live analysis, and no slide decks to slog through.

This session will most benefit those who have at least a basic understanding of TCP/IP principles, have used Wireshark before, and isn't a stranger to the OSI model.

Let's put it this way. If 'tcp.flags.syn==1' means something to you, you'll likely enjoy this session.

Speaker: Shaun Price (Klipper)

Speaker's Bio: Shaun Price is a staff security engineer in the healthcare space. He earned his bachelors degree in network administration and security from Utah Valley University . Concurrently, he spent 10 years at Novell / SuSE working as a global escalation engineer performing LAN/WAN analysis for customers around the globe. Now, his focus has shifted to hardening enterprise systems and helping to architect the next generation of secure infrastructure. However, he'd still rather have his nose buried in a pcap. 


Session Title: Ryuk Ransomware in Industrial Control System Networks

Session Summary: Ransomware is the most common attack type against organizations with industrial control system networks today, with incidents leading to shutdowns of critical infrastructure, millions of dollars in productivity lost per hour, layoffs, and ripple effects across multiple markets. Of ransomware strains in use today, Ryuk ransomware actors in particular appear to gravitate toward organizations with industrial control system networks. In addition, there have been more documented cases of Ryuk ending up on operational technology networks themselves compared to most other ransomware strains. This session will provide a deep dive on Ryuk, examine why the actors behind it are targeting industrial control systems, how the ransomware has jumped segmentation into ICS and OT networks, and explore new mechanisms in the malware’s propagation mechanism that might make it even more capable of getting on OT networks in the future. Case studies of specific instances in which Ryuk has migrated into OT networks will be part of this discussion. The session will end with concrete measures organizations with ICS networks can take to shore up defenses against this particular ransomware strain.

Speaker: Camille Jackson Singleton

Speaker's Bio: Camille Singleton brings fifteen years of professional experience to cybersecurity topics, both in the US government and as an analyst at IBM. While specializing in threats to operational technology, she is conversant on a range of topics affecting the cyber threat landscape, including industry-specific analysis, multifactor authentication, ransomware, destructive malware, and phishing trends. She has published multiple articles addressing pressing cybersecurity topics, ranging from vulnerability management to Powershell-based attacks to trends in hacktivism. Camille has appeared as a speaker at THINK, RSA 365, the Australian Cyber Conference, and multiple WiCyS events and has authored several white papers, including ""Combating Destructive Malware: Lessons from the Front Lines"" and the 2021 IBM Security X-Force Threat Intelligence Index. She has two master’s degrees — one from Oxford University and another from George Mason University — lending academic depth to her analysis to complement her professional experience.


Session Title: State of the JavaScript Malware Industry

Speaker: Anthony Hendricks


Session Title: Anatomy of a Distributed Credential Stuffing Attack

Speaker: Bryson Loughmiller


Session Title: BSides SLC 2021 Badge Talk

Session Summary: Want to know more about the badge around your neck? This talk will cover the design process, technical hurdles in the process, and possibly a few hints too.

Speaker: Waylon Grange

Speaker's Bio: Waylon Grange is an experienced vulnerability researcher, reverse engineer, and developer. Prior to Stage 2, he worked for Symantec and the NSA. Waylon has been a speaker at Black Hat, DefCon, RSA, CanSecWest, and DerbyCon and is credited with a US patient, multiple CVEs, and exposing APT groups. His in-depth knowledge of embedded systems is utilized to evaluate the security of IoT systems and develop electronic badges for conferences.


Session Title: What are we missing in Web Applications?

Session Summary: In today's world, we have a modern and stable web application framework to develop on. That is already so much secured from the attacks, regardless of the OS. If you design the system properly, attacker cannot injection the system. Or attacker cannot attack the website with common attacks like XSS, CSRF, SSRF, SSTI, etc.

On the other hand, we have sophisticated scanners which scan the website dynamically with the interactive logins as well, it scans the website along with the internal pages. And we have secure coding practices as well along with the scanners which can scan the source code regardless of the programming language. They are necessary tools while developing a secure application.

But what all these are missing is "Business Logic Flaws", which are the reason for the highest-paid bounties on Hackerone, bugcrowd, etc. Business Logic Flaws are the attacks, which neither the source-code analysis tool nor dynamic web application scanner can detect.

The presentation/talk will discuss vulnerabilities that can arise from business logic flaws which can affect confidentiality, integrity & availability of customers' information as well as the product that is connected with the application. We will discuss CVE-2019-2823 - Oracle Financial Services along with other 2FA bypasses in Financial Mobile Applications. Where I was able to do vertical privilege escalation in regards to roles, checker, maker, etc. modules. These were critical findings that were used in financial information systems. On which APTs are attacking day and night.

The majority of the banks use this Oracle service in the world. There are a lot of similar bugs in the world right now as well, in regards to Business Logic Flaws. We have to enhance the testing skills rather than depending on the scanners, manual testing approach to test the use cases will be a good approach.

~ Test Business Logic in Web Application.
~ Different methodologies to test against this issue.
~ What to look for in source code to mitigate it.

Speaker: Mirza Burhan Baig


Speaker's Bio: Mirza Burhan Baig is an Information Security Threat Analyst at Riyadh Bank – KSA. Mr. Baig is OSCP Certified professional with over 8 years of experience in Penetration Testing, Threat Hunting & Vulnerability assessments which include Core banking solutions, Banking applications, Network assessment, Mobile penetration testing. Mostly served financial industry.

Mr. Baig is also a certified professional and holds an OSCP, eWPTX, eCPPTv2, eNDP, etc. He is involved in bug bounty programs as well, where he helped many companies to fix vulnerabilities at a different level. Companies include Google, Microsoft, Facebook, Amazon, PayPal, Apple, IBM, CISCO, etc. Mr. Baig is also involved in many physical security projects to bypass networks and systems.

Mr. Baig has conducted many seminars and workshops at different levels of corporate, NGOs, Universities, specifically for students to create awareness & guide them to a career path in information security. Some of them include Dubai Electric Water Authority (DEWA), etc.


Session Title: Insights into Smart Vehicle Security


Session Summary: Automation has grown quite significantly in the automotive space in the past few years. Automation in consumer vehicles such as Sedans and SUVs range between ADAS to fully autonomus (L5). Since the expansion of Connected Tech / IoT, we have seen a number of rather unsusal devices getting connected to a network, offering a variety of remote operations. For a vehicle to reach any level of autonmous stature (L1 - L5), the vehicle essentially needs to be connected to a network. This has opened up a substantial amount of attack surface when seen from an Attacker’s perspective. There is a significant risk involved in terms of physical safety as well as disclosure of critical information that could be leveraged by malicious actors.

This talk is devised to showcase the attack surface of a Vehicle with the introduction of Connected Tech in automobiles as well as various attack scenarios through which a Smart Vehicle could be compromised by an attacker.

Speakers: Srinivas Naik and Venkata Hareesh Peddiraju

Speakers Bios: Srinivas Naik is a passionate security researcher, who is also a CWE SIG member. He owns 5 patents in the field of Information Security. He also has an extensive work experience in Automotive and Connected Technology having worked with industry leaders. He has also developed Security Centre of Excellence and groomed fellow engineers in the Security space.

Venkata Hareesh Peddiraju is a Security Researcher. Venkat has extensively worked in performing PenTests / security evaluations on Web / Mobile / Windows / Linux Applications, IT Infrastructure, IoT products; Fuzzing and Binary/Firmware analysis. He finds IoT/Connected Tech and Product security to be especially intriguing among other areas of security. Love to talk about security of all kinds of compute nodes, connected tech and the software that drives them. Speaker at multiple security forums including BSides as well as Universities in India.


Session Title: Gaining Clarity within the Clouds: Incident Response Tactics for the Untrained and Unequipped

Session Summary: Organizations are consistently moving their assets to the Cloud but aren’t always lucky enough to have the requisite training to defend or conduct incident response on their assets. When inquiring about receiving training, people hear things like “it’s not in the budget”, “maybe next quarter”, or “that is way too expensive“. As such, people often find themselves attempting to make do with what they have, which can often be a daunting task. Nonetheless, have no fear! With the right use of automation, inherit features, and open-source capabilities, there is hope. This talk will dive into and demo incident response tactics that will assist in lessening the burden on defenders to defend their Cloud assets.

Speakers: Fernando Tomlinson & David Hall

Speakers Bios: Fernando Tomlinson is a Principal Digital Forensics and Incident Response Consultant with Mandiant. Before joining Mandiant and retiring from the U.S. Army as a Chief Warrant Officer 4, he was the Senior Technical Advisor at the U.S. Army Cyber Command for forensics and malware analysis and all defensive actions within the U.S. Army. He also previously was a Technical Director of a Cyber Operations Center and has led multi-level Digital Forensics and Incident Response (DFIR) and threat hunting teams. Additionally, he is a collegiate cybersecurity Adjunct Professor who enjoys contributing to the community through his blog at https://cyberfibers.com and projects at https://github.com/wiredpulse.

David Hall has more than 23 years experience in cybersecurity and IT operations. He is currently a Senior Customer Engineer at Microsoft specializing in cybersecurity. Before joining Microsoft in 2018 he served more than 21 years in the Army as a Signal Warrant Officer. He finished his Army career as an Instructor at the US Army Cyber Center Of Excellence, FT Gordon GA, teaching Microsoft Official curricula. He is also a former collegiate Adjunct Instructor who enjoys sharing knowledge with the community through his blog and YouTube channel at (https://www.signalwarrant.com)


Session Title: Container Security From the Bottom Up

Session Summary: Most companies have experimented with containerization in one form or another and there is a wealth of information at these higher abstraction levels for securing constructs like Dockerfiles, Container Images, and Container Orchestration tools like Kubernetes. Linux kernel features like namespaces, seccomp, capabilities and cgroups provide the resource isolation functionality that underpin these tools.

This workshop aims to provide participants with an understanding of low level kernel features that form the basis of modern container technologies, with an emphasis on Namespaces and seccomp. At the end of the session, participants will have experience implementing isolation features and better understand their limits as well as the opportunities for use.

Participants should bring a laptop with 2 or more cpus and 8GB or more RAM to run VMware workstation or player and the training VM that will be provided during class.

Who should attend? Anyone who has a desire to understand at a deeper level what is happening ‘behind the scenes’ with containers. This could include Engineers, DevOps, security folks or other technically-minded people who want to look behind the curtain. A basic understanding of linux is recommended and the ability to decipher or write scripts and simple programs is optional/beneficial.

Speakers: Rion Carter & Jacob Carter

Speakers Bios: Rion likes to solve interesting problems- the more esoteric the better! He has varied interests ranging from software development and reverse-engineering to baking and recipe hacking. Rion currently works as a Staff Security Engineer with responsibilities ranging from Product Security, DevSecOps and OpSec. Rumor has it that he bakes a mean batch of fudge brownies and during the holiday season he can't stop making pumpkin pies. @7thzero.com


Jacob is an AppSec engineer by day, and hardware hacker by night. He enjoys making replacement parts for old computers, taking long strolls through code, and dry humor.


Session Title: For Everything Else, There’s WireGuard!

Session Summary: WireGuard is a VPN technology that first appeared publicly in 2016. Due to its speed, simplicity, and versatility it quickly gained popularity among VPN service providers and privacy-minded individuals alike. In this talk you will learn some of what makes WireGuard great and the basics of creating your own VPN, with a bonus discussion of Dockerized “hidden services”


Speakers: Kevin Lustic

Speakers Bios: Kevin is an information security researcher living in Utah and a principal red teamer at ServiceNow. Prior to joining ServiceNow, Kevin was a red teamer at Adobe, following a career as a global network vulnerability analyst in the Intelligence Community. Kevin earned a Bachelor's degree in Mathematics from Ohio University, and a Master's degree in Cyberspace Operations from the Air Force Institute of Technology.


Session Title: Supply Chain Dangers and Disruptions

Session Summary: Join us, as we cover three (3) recent case studies showing how vulnerabilities in the Supply Chain over the last year have negatively affected business with a large presence in the state of Utah!

Speaker: Brandon Benson

Speaker's Bio: Brandon Benson is currently the SOC manager for a large tech company with offices in the Silicon Slopes of Utah. With various certifications (e.g. CISSP since Mar 2008) and many years of practical experience (e.g. 15+ years in cybersecurity), Brandon is a curious learner, always pushing the limits of what is possible within the given areas of cyberspace.


Session Title: Basics of Red Teaming

Speaker: Bryce Kunz

Speaker's Bio: Bryce Kunz (@TweekFawkes) loves researching red team techniques for bleeding edge Cloud services. Currently, Chief Strategy Officer (CSO) at Stage 2 Security ( Stage2Sec.com ), previously supported the NSA (network exploitation & vulnerability research), Adobe (built a red teaming program for cloud services), and DHS (incident response). Bryce holds numerous certifications (e.g. OSCP, CISSP, ...), has spoken at various security conferences (i.e. BlackHat, DerbyCon, BSidesLV, etc...) and teaches classes at BlackHat (e.g. AWS & Azure Exploitation).