Dahvid Schloss
Emulated Mob Boss, CEO Emulated Criminals | DEFCON Black Badge
Raleigh, North Carolina, United States
Actions
Dahvid is an Emulated Mob Boss of a group of emulated criminals, which is a fun way to say he's the CEO of Emulated Criminals. He began his career journey as a Special Operations RTO/Communications operator before pivoting into Offensive Cyber Operations late in his military career. After leaving the military, he led multiple teams, including several international teams, focusing on Red Team/Adversarial Emulation assessment at a Big 4 consulting firm before moving into director-level offensive security roles at smaller organizations. Over the course of his 14+ years in the industry, he has refined his craft in cyber-attack and exploitation, including logical, social, and physical infiltration, alongside expanding his knowledge in defensive realms like incident response and hardening of systems and networks. When not plotting emulated security mayhem, he moonlights as a Malware Development Instructor, demystifying the realm of programming to the next generation of cyber operatives.
Links
Area of Expertise
Topics
How to Stop Your Cybersecurity Program from Failing (through the eyes of a threat actor)
Have you ever wondered if your cybersecurity program is good enough? You may not have been breached yet, but that doesn’t mean that it won’t happen. Cybercrime is massively expanding, expected to be a 10 trillion-dollar-a-year “industry” by 2025. This means that more and more companies will become a target regardless of how big or small they are. On top of that, many industry reports show that 80+% of CISOs believe their program is not resilient enough to handle a real cyber-attack. Even with the ones that are, with a constantly changing threat landscape what’s secure today may not be secure tomorrow.
So, join me (an emulated criminal and prior SOF cyber operator) as we explore and discuss the following topics to help level up your program before it’s too late:
- How the world of cybercrime is constantly changing and what it means to you
- How to improve your people, tools, and processes
- Common mistakes that most cybersecurity programs make
- How to effectively, safely, and fully test your program
PowerShell’s Return to Power
Over the past few years, we saw the rise of popularity and the use of offensive C# over PowerShell. This sparked a plethora of new offsec focused C# tools and executables bypassing the watchful eye of the security community. However, this shift of focus has allowed attackers to learn new techniques on how to bypass and defeat the organic controls that Microsoft has put into place to protect the scripting application. We believe that PowerShell exploits and attack methods are still alive and well. With PowerShell still being deployed on every machine by default, it still is a massive security hole for your organization that could allow an attacker to navigate your environment without ever needing to place an executable “on disk”. Using our own Red Team PowerShell scripts as examples please join me as we discuss the following concepts.
• Advantages of PowerShell for an attacker
• AMSI and “signed script execution” bypassing
• Whitelist application bypassing
• Malware deployment / Shellcode loading
• How to prevent and detect these methods
BSides RDU 2021 Sessionize Event
Dahvid Schloss
Emulated Mob Boss, CEO Emulated Criminals | DEFCON Black Badge
Raleigh, North Carolina, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top