BSides Hawaii - Session Information

March 4th, 2020

Prince Waikiki

100 Holomoana Street
Honolulu, HI 96815


Session: Getting a Hand on the Helm - How to make your case to leadership on cybersecurity

Convincing your organization's leadership to invest in cybersecurity can seem harder than it should be. Equip yourself with the arguments to sway your execs and steer your ship out of harm’s way. This talk will cover the legal and business reasons for implementing a cybersecurity program, why the fallout of a breach is so much more than restoring operations, and the surprising allies within your organization who can help. Topics will include the landscape of competing regulators, case studies in breach response (or nonresponse), developments in the law on cybersecurity and fiduciary duties to ensure it, and practical advice for tapping your company’s internal resources.


Sam Sneed, Director and Attorney at ES&A, Inc.

Sam Sneed is a Director and Attorney at ES&A, Inc., A Law Corporation, where her practice focuses on the intersection of business, law and technology. Sam advises clients on the protection and commercialization of information, government contracts and grants, corporate governance, and cybersecurity and privacy policy. Sam holds a BS in electrical engineering and an MBA from the University of Denver and is a graduate of the William S. Richardson School of Law. Sam is a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals, and sits on the industry advisory board of the Pacific Center for Advanced Technology Training, a consortium of the University of Hawaii community colleges. She regularly trains on confidentiality in the workplace, intellectual property rights, building cybersecurity programs, and trends in law and technology at the local, national, and international levels.

Session: Dude, Where's My Domain Admins?

*Attacker pops a workstation on your domain*

*Attacker establishes her foothold and local persistence*

*Attacker begins recon of AD, starting with Domain Admins*

ERROR: The group name could not be found.

Attacker, with a disconcerted look on her face: "Dude, where's my Domain Admins?"

Killchains that involve AD usually involve enumeration of highly-privileged accounts: members of Domain/Enterprise/Builtin Admins, Server Operators, etc. Those groups and their members can be enumerated in AD by default, exposing members as targets of exploitation to obtain those privileges. However, there's a way to use in-the-box AD capabilities to thwart these attempts. Using List Object mode, implicit deny, and AdminSDHolder/SDProp, AD defenders can hide these principals from unprivileged users. In this talk, I'll walk you through the principles, process, and pitfalls, so you can raise the bar on your AD defenses without blowing things up.


Joel M. Leo @joelmleo

Starting at Digital Island in 1998 with a fresh MCSE in Windows NT 4, I have earned experience across a number of platforms and technologies with many jumbles of letters after my name to go along with them. I'm the Active Directory Architect and a Principal Systems Engineer for Gap Inc., and a consultant for several other organizations, focusing primarily on Active Directory. When I'm not rotating krbtgt keys, you can usually find me hitting the waves at home in Hawaii or hotdropping targets in Eve Online.

Session: Threat Intelligence as Proof – Insider’s Advice For Defenders on Navigating Security Investment Decisions

In this talk, Kris arms IT and Security practitioners of Hawaii with insider knowledge on how vendors generate, collect, market, and collect (again) threat intel for use in sales and marketing motions to create the facade of effective defense. We’ll laugh, we’ll cry, we’ll even play a game.  He’ll close the talk with practical guidance for Hawaii’s defenders on how to spot these tactics, and an exercise on how to weigh control-centric vs threat-centric security investments for small and medium sized businesses.


Kris Harms

Kris Harms is an entrepreneurial leader, security veteran and recovering incident responder who thrives on tackling the industry’s hardest problems. Most recently, he was Sr. Director of Product Management and Design (UX) at Cylance, charged with modernizing Cylance’s flagship Protect product.  Kris spent 14 of his 19 years going from startup->exit as one of the first 10 people at Mandiant (FEYE 1.05B 2013) and first 10 at Cylance (BB 1.4B 2019)  Throughout his career, he has built winning teams in product management, UX/design, sales engineering, product evangelism/marketing, education/training, consulting services, and incident response. Kris has appeared on 60 Minutes and PBS, holds a patent on the usage of machine learning models for threat prevention, is a published author, and frequent industry speaker. When Kris isn’t working, he enjoys life on the windward side with his wife and 2 girls.

Session: Living in a White-Listed World

Many attacks infiltrate our network, devices and data stores because we simply allow “strangers” to communicate with us. We allow our users to conduct research and provide access to websites unrelated to business on devices that have direct access to sensitive company or customer information. Our solutions thus far have been to provide access and filter the traffic after. Whatever you cannot block, you must monitor closely. This approach is costly in terms of human resources and technology purchases. The purpose of this talk is to illustrate the pros and cons of reversing that approach and living a “deny all, permit by exception” lifestyle on a Windows desktop. What about Office365, administration, cloud services? What about my sports scores, news, and YouTube “research”? Let’s see what is possible!


Michael Miranda

Michael Miranda is an Assistant Professor of Information Security at the University of Hawaiʻi - West Oʻahu, which has been designated a National Center of Academic Excellence in Cyber Defense Education by the National Security Agency and the U.S. Department of Homeland Security. He is also the Principal Consultant at SPARTIX, a cybersecurity and technology consulting company. Raised in Mililani, Hawaiʻi, Mr. Miranda earned a BA degree in English from the University of Central Florida, a law degree from Gonzaga University and a BA degree in Information and Computer Sciences from the University of Hawaiʻi at Mānoa. He holds current Global Information Assurance Certifications (GIAC) as a Systems and Network Auditor (GSNA), Intrusion Analyst (GCIA) and Forensic Analyst (GCFA).