ATLSECCON 2025

My talk this year will be to emphasize that the inevitability of cyberattacks does not render an organization powerless.  The strength comes from being proactive, vigilant and adaptive so that we can significantly reduce risks and minimize the damage when an attack does occur.   I will discuss the measures that organizations need to take in order to bolster readiness.    This will include understanding the threat landscape by indetifying vulneratbilities and recognizing common attack types.   I will then talk about implementing security measures such as network security, endpoint protection, and encryption.   I will talk about training and awareness including incident response, business continuity and disaster recovery, followed by monitoring and response, compliance and best practices, and lastly how all of that integrates into an organizations culture.  

How hard do you think it would be to disable our civilization? Not as hard as you think.

The daily services, apps, and financial transactions that our civilization now depends on all require and assume the presence of a fully functioning and speedy Internet that can reach "The Cloud" of various large virtual datacenter platform providers.  Do  you remember where you were during the national Rogers netowrk outage in 2022?

"The Cloud" really is just someone else's computer.  All of those services and virtual servers depend on a massive amount of real physical servers, network equipment, and cabling that exists inside of data centers.  Those data centers are connected to your businesses, homes, schools, and phones via a complex web of aerial fiber optic cables attached to utility poles, or in underground conduits.  Our countries and continents are primarily interconnected with fiber optic cables that run under the sea.  The space based satellite Internet systems all require a connection to the fiber optic networks to function. All of that fiber is utilized by connecting it to the vast array of telecommunications equipment that is located in downtown carrier hotels, neighborhood cell tower sites, and roadside cabinets.   The Internet is a complex system that works surprisingly well, until it doesn't.   

We want to have a frank discussion about these risks. We will present some scenarios and outage possibilities that you may not have considered such as targeted intentional sabotage, terrorism, wars, natural disasters, electric grid outages, ransomware in the data center, the fiber optic cable seeking backhoe, and the ever popular "plain old human error" at scale.  

We will also discuss some mitigations for these risks, recommendations for critical infrastructure owners, and give you some actionable recommendations for how to stay connected.

DNS is a critical component of internet infrastructure, primarily known for resolving human-readable domain names into machine-readable IP addresses. However, its functionality extends beyond simple name resolution.  This talk exposes the hidden side of DNS, revealing how attackers can subtly manipulate its features, particularly TXT records, to achieve their malicious goals.  While most people in the information security realm are aware that DNS is a valid means of covert communication, not everyone fully understands how it works on a technical level. 


This presentation aims to educate attendees on exactly how DNS can and is used for both data infiltration and exfiltration, with coding examples, covering such topics as:

DNS Fundamentals: A clear explanation of how DNS operates, including the roles of different record types, and rhe query/response process.

Infiltration Techniques:  An in depth description of how DNS records can be used to covertly smuggle files into a secure, and sometimes segmented, network environment.


Exfiltration Techniques: Exploring how DNS requests can be leveraged to exfiltrate sensitive data out of an environment undetected.


EDR/AV Bypass: A high level overview of how DNS can be used to bypass a corporate security stack by keeping malicious code off disk and living in memory

When was the last time you felt like you had enough time in the day to get your work done? Are you exhausted by the never ending firehose of security challenges you have to deal with each and every day?

In this session, we are not going to change that reality. Sorry, security work is continuous, but it doesn’t have to be overwhelming.

This session looks at the workflows around your security practice and how it interacts with the business. Security is a service business, but teams are rarely set up in a way to deliver that service successfully.

There’s a lot of history that contributes to the current state of security teams, but that history typically isn’t serving a purpose. More often than not, the way we’ve built out our work leads to delays, frustrated colleagues, and eventually teams that work around us instead of with us.

This isn’t a talk about simply getting “buy in” from other leaders, it’s about breaking down our security goals and learning from other types of teams and businesses and how they are set up.

You’ll learn about the hidden challenges that impede your work, structures and workflows that can accelerate security improvements, and how to build stronger relationship with the rest of your organization.

In cybersecurity hindsight is very often 20/20 and it is more important than ever to build systems that are not only resilient but also anti-fragile. This means creating systems that are not only able to withstand unexpected disruptions (black swan events) but also emerge stronger and more capable as a result. In this presentation, we will explore the concept of anti-fragility and its relevance to cybersecurity protection in 2024.

Drawing on real-world examples of black swan events, such as the WannaCry ransomware attack of 2017, we will examine the causes and consequences of these disruptions and discuss strategies for building cybersecurity systems that are better prepared to handle them. We will also focus on the importance of basic security hygiene, particularly in the area of password management, as a critical component of an effective cybersecurity strategy.

Despite the increasing sophistication of cyber threats, many breaches can be traced back to weak or compromised passwords. By implementing simple yet powerful practices such as multi-factor authentication, regular password changes, and password managers, organizations can significantly reduce their risk of a breach. Moreover, by fostering a culture of cybersecurity awareness and training among employees, organizations can create a strong first line of defense against cyber attacks.

This presentation will provide practical guidance on how to build anti-fragile cybersecurity systems that can withstand black swan events and maintain robust security in the face of constantly changing threats. Through a combination of real-world case studies, best practices, and emerging trends, attendees will gain a deeper understanding of the role of anti-fragility and basic security hygiene in protecting their organization's digital assets.