Private Workshops: October 12 & 13, 2015

October 14th, 2015    Dayton Security Summit Day 1:

8:30AM - 9:00AM           Registration & Check-In

9:00AM - 9:30AM           Introductions & Rules of Engagement

9:30AM - 10:15AM         Ron Gula (keynote)

10:15AM - 11:00PM       Mike Sconzo

11:00AM -12:00PM        Adam Luck

12:00PM - 1:00PM         Lunch

1:00PM -   2:00PM         Matthias Luft

2:00PM - 3:00PM           Vladimir “Vlad” Wolstencroft

3:00PM - 3:30PM           Sergey Bratus

3:30PM - 5:00PM           TBD

6:30PM Reception 7:00PM - 10:00PM Delegate Dinner

October 15th, 2015    Dayton Security Summit Day 2:

7:00AM - 8:00AM           5K Hacker Run

9:00AM - 10:00AM         Michael Grimaila

10:00AM - 11:00AM       Adrian Dabrowski

11:00AM - 12:00PM       Jacob Torrey

12:00PM - 1:00PM         Lunch

1:00PM -   2:00PM         Wojtek Przibylla & Dominik Schneider

2:00PM - 3:00PM           Graeme Neilson

3:00PM - 3:30PM           Sergey Bratus

3:30PM - 5:00PM           “Hiding from Robots” & Wrap Up

October 16th, 2015

10:00AM - 2:00PM       HackSec Packetwars Invitational

8:00PM - ???       VIP After Party

Times and Content Subject to Change


Hiding From Robots by Angus Blitter

The genie is out of the bottle, Elvis has left the building and robots will inherit the earth! How should humans respond to the inevitable evolution of automatons? Join the speaker as he describes the current pervasive robot culture and the eco-system propelling it forward. Marvel as he connects the dots and articulates the near future scenarios that warrant your consideration. Finally, he will posit reasonable responses for mitigating threats posed by robotic adversaries, including hiding, running away and playing dead.

A ROBOTS.TXT for your face by Adrian Dabrowski

Let's face it: Most countries have privacy laws to protect the citizen’s rights on his own image – but they are ineffective and unenforceable. Even the most careful photographer might not have the chance to ask all bystanders and unintentionally imaged people for their consent. The reality is, that almost no amateur photographer cares, and most professional photographer lives in constant fears of lawsuits. Maybe it is time to create a machine-readable privacy policy for everyone: a robots.txt for your own appearance, bridging the analogue gap between the pictured individual and the photographer. A method that would allow anyone who cares to know what permissions you gave for photographs of you. And court proof arguments for anyone who did not care.

Quantum Key Distribution by Michael R. Grimaila

Quantum Key Distribution (QKD) is a revolutionary security technology that exploits the laws of quantum mechanics to achieve information-theoretic secure key exchange. In this presentation, he will provide background and the basic principles of QKD and discuss vulnerabilities arising from the non-idealities present in real world QKD system implementations. Recent research findings will be presented, which provide insight into the performance and security of QKD systems.

Leveraging HoneyPots and Automation by Adam Luck

A top challenge for security professionals is a lack of resources. Even a team of brilliant analysts running the latest/greatest security appliances can struggle to stay ahead of the threat. By leveraging the use of automation paired with HoneyPot technology, you can identify threats to your organization without sacrificing your limited resources.

The Cone of Silence by Graeme Neilson

When Strangers Turn Off Your Children's Night Lights by Wojtek Przibylla & Dominik Schneider

The drive of Internet of Things (IoT) pushes a lot of new products and solutions on the market to simplify our lives, such as the automation of buildings to manage power consumption. Years ago this was a sector dominated by electricians only. With the need to make everything available from everywhere or control it with your mobile phone this situation has changed. Nowadays Automation systems are mostly fully fledged IT-systems (including all their problems ) and not only power switches and microcontrollers. In our research we focused on security aspects of smart home systems enabled with KNX. We determined that there are issues with the standard itself but also with the convergence of technologies making remote control possible. Further we found out that very big facilities/buildings like Deutsche Börse, Airport Frankfurt, Hotels and public buildings are using KNX to save energy.

Threat Research, FOSS Style by Mike Sconzo

In this talk the speaker discuss several FOSS threat research related projects and the types of data they allow you to collect. More importantly workflow, scalability, and metrics will be covered. It's great to have tools, but if you can't glue them together to make your analysts more effective and your program stronger, why bother. If you're limited in the amount of data you can process then your workflow might not be as efficient as it could be. Finally, how do you tell your workflow and tools are effective? Do you know enough about your data sources to figure out where you should spend money, and what types of community driven information are worth investing in? Listen to some ideas, make things better, and give things back.

HARES by Jacob Torrey

HARES is the logical extension of the MoRE work presented last year at DC8, providing seamless execution of fully-encrypted binaries on unmodified hardware with ~2% CPU overhead. This technology is far from a pipe dream, as Intel is soon releasing the SGX extension to their CPU and chipsets, providing encrypted enclave execution. This talk will provide a technical overview of the HARES system, and then pivot into discussion on the implications of encrypted execution and the very real possibility of un-reversible malware leveraging the trusted computing primitives used for defense to create "trusted implants".

Bug Hunting for the Man on the Street by Vladimir Wolstencroft


Bigezy -  Has a very cool day job but was a security analyst at a Fortune 500 Electric Utility and is responsible for border defense of scada networks and policy enforcement. He has also done his part protecting the economy spending 5 years securing a mutual fund transfer agency that wired the money around for 54 percent of NASDAQ. Before that he founded one of the first Internet service providers in the Midwest.

Angus Blitter - Your host and resident media whore. Angus is the founder of Hack Sec Klahn, a like-minded group of technologists. Angus is also the creator of PacketWars™ ( the World's first Cyber Sport. Angus believes diversity is good for the species and hackers are a national resource. Old school, grey hat and previously plump, Angus still likes to eat, drink and hack.

Sergey Bratus - Is a Research Assistant Professor of Computer Science at Dartmouth College. His research interests include designing new operating system and hardware-based features to support more expressive and developer-friendly debugging, secure programming and reverse engineering; Linux kernel security (kernel exploits, LKM rootkits, and hardening patches); data organization and other AI techniques for better log and traffic analysis; and various kinds of wired and wireless network hacking. Before coming to Dartmouth, he worked on statistical learning methods for natural text processing and information extraction at BBN Technologies. He has a Ph.D. in Mathematics from Northeastern University. @sergeybratus

Adrian Dabrowski is PhD student at the University of Technology in Vienna and employed as researcher at SBA Research. In his Master's thesis written at SecLab, he focused on several RFID systems ranging from an electronic purse to a metropolitan size locking system. He had the opportunity to be on the winning iCTF (UCSB International Capture the-Flag) team in 2006 and 2011, where he co-organized the team in 2011-2013. In 2013 and 2014 he lived for 9 months in Tokyo, visiting the Echizen Group at the National Institute of Informatics (NII). He is holder of the IEEE Austria Diploma Thesis Award, won the ACSAC 2014 Best Student Paper Award, and was speaker at the technology symposium of European Forum Alpbach 2013, Troopers 2014 and several CCC congresses.

Twitter: @atrox_at


Michael R. Grimaila, PhD, CISM, CISSP (BS 1993, MS 1995, PhD 1999, Texas A&M University) - Is a Professor and Head of the Systems Engineering and Management department at the Air Force Institute of Technology (AFIT), Wright-Patterson AFB, Ohio, USA. He is a member of the Center for Cyberspace Research (CCR), designated as the Air Force Cyberspace Technical Center of Excellence (CyTCoE). Dr. Grimaila serves as a subject matter expert for multiple Department of Defense (DoD) organizations. Dr. Grimaila holds the Certified Information Security Manager (CISM), the Certified Information Systems Security Professional (CISSP), and the National Security Agency's INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM) certifications. Dr. Grimaila is a Fellow of the Information Systems Security Association (ISSA), a Senior Member of the Institute for Electrical and Electronics Engineers (IEEE), and is a member of the Association for Computing Machinery (ACM), Information Systems Audit and Control Association (ISACA), International Information Systems Security Certification Consortium (ISC2), Eta Kappa Nu, and Tau Beta Pi. Dr. Grimaila serves as a National Research Council (NRC) Research Advisor; a conference committee member of the NATO Cooperative Cyber Defense Centre of Excellence (CCD COE) International Conference on Cyber Conflict, Tallinn, Estonia; and as an advisor to the Prince of Wales Fellows / Prince Edward Fellows at MIT and Harvard. His research interests include computer engineering, mission assurance, quantum communications and cryptography, data analytics, network management and security, and systems engineering. He can be contacted via email at

Ron Gula - Started his career in information security at the National Security Agency conducting penetration tests of government networks and performing advanced vulnerability research. He was also the original author of the Dragon Intrusion Detection System and CTO of Network Security Wizards, acquired by Enterasys Networks. At Enterasys, Ron helped many financial, government, service providers and commercial companies to enhance their network security monitoring. While working for BBN and GTE Internetworking, Ron helped to develop one of the first commercial network honeypots and developed security policies for large carrier-class networks. Since co-founding Tenable Network Security in 2002, Ron has served as CEO. Under his leadership the company has become the leader in continuous network monitoring and is relied upon by organizations world-wide to identify vulnerabilities, reduce risk, and ensure compliance. @RonGula

Adam Luck - Is a former Information Security Officer for a medical care management organization that served over 2.3 million individuals. He currently is a Senior Engineer with MicroSolved, Inc.

Matthias Luft - Is a seasoned auditor and pentester with vast experience in corporate environments. Over the years, he developed his own approach in evaluating and reviewing all kinds of applications, protocols and technologies. So he's one of the first researchers who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention. He is a regular speaker at international security conferences and will happily share his knowledge with the audience.

Graeme Neilson - Is the CISO and Head of Research at Aura Information Security, an information security consultancy with offices in Wellington, Auckland, Australia and the US. Graeme’s career has been a street performer, software developer and hacker. At Aura Information Security he has carried out security testing for government and corporate clients around the globe for the last 10 years and has spoken at security conferences including Day-Con, Troopers, H2HC, BlackHat, CanSecWest, Ruxcon and Kiwicon.

Wojtek Przibylla - Is a Security Consultant at ERNW based in Heidelberg, Germany focusing on application security. Apart from security trainings, his work focuses on security assessments of large-scale network infrastructures and applications in corporate environments. Previously he worked for a public contractor specialized on satellite communications. Wojtek holds a Bachelor degree in Computer Networking at Furtwangen University.

Dominik Schneider - Is a security analyst working for ERNW based in Germany. His main area of activity is the security evaluation of Web applications and computer networks. In his research he focuses on smart devices especially devices for home automation systems.

Mike Sconzo - Has been around the Security Industry for quite some time, and is interested in creating and implementing new methods of detecting unknown and suspicious network activity as well as different approaches for file/malware analysis. This includes looking for protocol anomalies, patterns of network traffic, and various forms of static and dynamic file analysis. He works on reversing malware, tool creation for analysis, and threat intelligence. Currently a lot of his time is spent doing data exploration and tinkering with statistical analysis and machine learning.

Jacob Torrey - Is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. In addition to his research, Jacob volunteers his time organizing conferences in Denver (RMISC & BSidesDenver) and regular meet-ups across the front range. @JacobTorrey

Vlasimir Wolstencroft - Is a security consultant, researcher and head trainer with Aura Information Security in New Zealand. Transitioning from a career in development specializing in web and mobile applications and games, Vladimir joined Aura to pursue his passion for security, hacking and generally breaking of all the things. He has previously presented security talks at Troopers, NZITF and ISACA NZ on a range of subjects from mobile security to conducting research within a legal and (mostly) lawful framework. With a wide experience in consulting and training (mostly teaching developers secure coding and design practises, but sometimes making them cry) Vladimir enjoys all aspects of the security field and even more so, the sharing of good stories with you.