Speaker

Dahvid Schloss

Dahvid Schloss

Echelon Risk LLC, Director - Offensive Security, DEFCON Black Badge

Raleigh, North Carolina, United States

Dahvid is the Director of Offensive Security services at Echelon. As an experienced cybersecurity leader with over 12 years of cyber-attack and defense experience, Dahvid has previously worked as a Red Team Operator with a Big 4 consulting firm leading and conducting Adversarial Emulation (red team) exercises as well as served in the military, leading, conducting, and advising on special operations offensive cyber operations. He has a wide background in cybersecurity including logical, social, and physical exploitation as well as incident response and system/network device hardening. ​Dahvid is also a Malware Development Instructor, growing Adversarial Emulation knowledge to those looking to expand their skills in the highly specialized space.

Area of Expertise

  • Information & Communications Technology

Topics

  • cybersecurity
  • cyber security
  • Cyberthreats
  • cybercrime
  • Red Teaming
  • Malware

How to Stop Your Cybersecurity Program from Failing (through the eyes of a threat actor)

Have you ever wondered if your cybersecurity program is good enough? You may not have been breached yet, but that doesn’t mean that it won’t happen. Cybercrime is massively expanding, expected to be a 10 trillion-dollar-a-year “industry” by 2025. This means that more and more companies will become a target regardless of how big or small they are. On top of that, many industry reports show that 80+% of CISOs believe their program is not resilient enough to handle a real cyber-attack. Even with the ones that are, with a constantly changing threat landscape what’s secure today may not be secure tomorrow.
So, join me (an emulated criminal and prior SOF cyber operator) as we explore and discuss the following topics to help level up your program before it’s too late:
- How the world of cybercrime is constantly changing and what it means to you
- How to improve your people, tools, and processes
- Common mistakes that most cybersecurity programs make
- How to effectively, safely, and fully test your program

PowerShell’s Return to Power

Over the past few years, we saw the rise of popularity and the use of offensive C# over PowerShell. This sparked a plethora of new offsec focused C# tools and executables bypassing the watchful eye of the security community. However, this shift of focus has allowed attackers to learn new techniques on how to bypass and defeat the organic controls that Microsoft has put into place to protect the scripting application. We believe that PowerShell exploits and attack methods are still alive and well. With PowerShell still being deployed on every machine by default, it still is a massive security hole for your organization that could allow an attacker to navigate your environment without ever needing to place an executable “on disk”. Using our own Red Team PowerShell scripts as examples please join me as we discuss the following concepts.
• Advantages of PowerShell for an attacker
• AMSI and “signed script execution” bypassing
• Whitelist application bypassing
• Malware deployment / Shellcode loading
• How to prevent and detect these methods

BSides RDU 2021

September 2021 Durham, North Carolina, United States

Dahvid Schloss

Echelon Risk LLC, Director - Offensive Security, DEFCON Black Badge

Raleigh, North Carolina, United States