BSides Hawaii - Session Information

May 24th, 2023

Prince Waikiki

100 Holomoana Street
Honolulu, HI 96815


Session: Defending the Home Front – Legal Compliance in an Evolving Landscape

Securing your organization is hard enough without having to worry about users leaving a back door open, sometimes literally.  It gets even harder as lawmakers and regulators weigh in – and disagree over – what you should do about it.  How do you ensure compliance within your organization? How do you prove it to government regulators and juries? What happens when the law is in flux?

This talk will survey the ever-shifting law and policy landscape, and what it means for your day-to-day operations.


Sam Sneed, Director and Attorney at ES&A, Inc.

Sam Sneed is an attorney and Director with ES&A, Inc.  She represents, advises, and trains for-profit, non-profit, and government clients on issues at the intersection of law, business, and technology – including intellectual property, corporate governance and strategy, government contracts, privacy, and cybersecurity.  Sam holds a BS in electrical engineering and an MBA from the University of Denver.  She presently co-chairs CyberHawaii’s Education Committee and is a regular speaker and participant in local and national events on information security, STEM education, and technology policy.

Session: Inside Black Basta Exfiltration Operations

One of the more capable ransomware adversary groups that emerged in 2022, Black Basta, is known for their efficient and stealthy intrusion, exfiltration, and lock cycle between the initial foothold and when the target sees the ransom note.

Dragos tracks the Black Basta group closely because of reported links to DarkSide, the adversary group behind what has been called the most disruptive cyber-attack ever. In May 2021, Colonial Pipeline preemptively shut down operations to contain the ransomware attack by DarkSide.  The shutdown affected fuel deliveries to many parts of the US East Coast, resulting in an emergency declaration for 17 states and Washington D.C.

In this talk, Dragos Principal Adversary Hunter Kent Backman does more than just a follow-up to his 2021 blog post “Lessons Learned from Telemetry Analysis of DarkSide Affiliate Exfiltration Operations.”

This is an inside look into the Black Basta adversary pattern of life using detailed exfiltration operations metadata related to more than 75 Black Basta victims (and counting) across multiple sectors important to civilization as we know it. Kent will highlight and share key Black Basta exfiltration tactics revealed by the adversaries to better defend, detect, and mitigate when Black Basta sets their sights on your critical network.


Kent Backman

Kent Backman is a Principal Adversary Hunter at Dragos, specializing in behind-keyboard adversaries to industrial control systems and operational technology. Kent’s expertise has been informed by incident response, digital forensics, threat analysis, and hunting work for government and commercial organizations since 2002.

Session: So you failed a pentest, now what?

Tips on how to organize and remediate bad pentest or vulnerability scan results, and a few cocktail recipes to help you get through the worst of it.


Jordan Silva

Jordan has spent over a decade helping organizations implement and utilize technology to solve business challenges. As Senior Manager of Service Delivery at Hawaiian Telcom, Jordan’s teams are responsible for delivering Security and Cloud Services to customers big and small. Jordan has a Masters of Science in Leadership and Management and industry credentials, including the CISSP, C|CISO, and multiple GIAC certifications; giving him a unique balance of nerdy engineer and human leader. Given the opportunity, he will happily talk your ear off about anything related to technology, organizational culture, or the best ways to cook meat with fire.

Session: Leveraging Data to Stop Human Trafficking

A lot of focus has been placed on leveraging data purchased from data brokers for nefarious intent.

This talk aims to inform the attendee on what data is actually collected by data brokers, as well as how that data can be leveraged for good and not just evil. This talk explores a real world case study that used data purchased from several data brokers and how that data was used to target and impact human trafficking operations.

This talk also includes challenges faced and how data from data brokers needs to be analyzed to prevent biased/inaccurate reporting.


Chris @0dayallday

Chris is a Professional Security Consultant, Developer, and Entrepreneur with over 20 years’ experience working within the Information Security (INFOSEC) industry. He has developed numerous products for both the offensive and defensive computing markets as well as spoken and trained at Blackhat and other prominent security conferences.

Session: Incident Response Playbook- 101

With the increase in security incidents happening across companies, Incident response teams are in the spotlight. An Incident Response Playbook will help the team organize the process and provide guidance during the time of chaos.

Join me to understand:
Why a Playbook is extremely important in the Incident Response process,
What a Playbook is and how to build one for your company from scratch.


Yaamini Mohan

My name is Yaamini Mohan, I am a Vulnerability response champion working with PSIRT in Dell Technologies, also I am currently a board member of the WiCyS (Women in Cybersecurity) Austin chapter and Head of the events committee. I am a passionate cybersecurity professional with a MS in Cybersecurity from Johns Hopkins University and spend my spare time volunteering in cybersecurity communities, updating my knowledge in the field, organizing security talks and events.

Session: Threat Actor Familiarly & Confidence = New and Resurrected TTP's

FortiGuard’s Global Incident Response team saw many trends in 2022 as they assisted customers through cyber incidents, but one stood out more than the others. It’s that as threat actors become more familiar with a technology platform the more you will see new techniques and procedures add to their playbook and or old ones resurrected. A few we observed were Web Shells on Exchange servers go from being leveraged for initial access to a post-exploitation technique, successful compromise of VM platforms go from VM host file encryption to being a haven for threat actors to bring their own bastion hosts and Veeam solutions being a focal point for threat actors to capture keys to the kingdom.

While all the above observations were cool the Exchange server Web Shells being leveraged as a post-exploitation technique is the spiciest. So, we may briefly discuss all of them but, the main course of the talk will be centered around our discovery of a new credential harvesting web shell used by APT 34 that we have named “ExchangeLeech”. The web shell has a typical command execution function giving the threat actor a backdoor on the Exchange server; however, the web shell also has a credential harvesting function. The web shell is .NET compiled DLL and has no obfuscation when reverse engineered. Furthermore, it’s registered as an Internet Information System (IIS) module, and while not novel, it is an uncommon characteristic of a web shell.


Anthony K. Giandomenico

Anthony K Giandomenico -30 years of comprehensive experience as an Executive, Entrepreneur, Mentor and Security Consultant for companies within information security across all industries. In his current position at Fortinet he is responsible for all aspects of FortiGuard Security Consulting Services including P&L, advising on marketing activities, service delivery and new service development. He has presented, trained and mentored on various security concepts and strategies at many conferences and trade shows such as BlackHat, the Gartner Security Summit, HIMSS15 and ISMG Data Breach Summit and media outlets including a weekly appearance on KHON2-TV morning news “Tech Buzz” segment and Technology News Bytes on OC16, providing monthly security advice among others.​

John Simmons

John Simmons is the one of the lead analysts for FortiGuard Incident Response. He is responsible for the leading customer engagements involving cybersecurity incidents. He has led dozens of cybersecurity incident engagements in various sectors of business with over 15 years of experience in cybersecurity. He holds the Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler GCIH, CompTIA Advanced Security Practitioner (CASP+) and Certified Ethical Hacker (CEH) certifications. He has vast experience performing forensics and incident response during various customer engagements including ransomware, business email compromise, state-sponsored Advanced Persistent Threat (APT), and corporate espionage.