BSides Hawaii - Session Information

March 4th, 2020

Prince Waikiki

100 Holomoana Street
Honolulu, HI 96815


Session: Getting a Hand on the Helm - How to make your case to leadership on cybersecurity

Convincing your organization's leadership to invest in cybersecurity can seem harder than it should be. Equip yourself with the arguments to sway your execs and steer your ship out of harm’s way. This talk will cover the legal and business reasons for implementing a cybersecurity program, why the fallout of a breach is so much more than restoring operations, and the surprising allies within your organization who can help. Topics will include the landscape of competing regulators, case studies in breach response (or nonresponse), developments in the law on cybersecurity and fiduciary duties to ensure it, and practical advice for tapping your company’s internal resources.


Sam Sneed, Director and Attorney at ES&A, Inc.

Sam Sneed is a Director and Attorney at ES&A, Inc., A Law Corporation, where her practice focuses on the intersection of business, law and technology. Sam advises clients on the protection and commercialization of information, government contracts and grants, corporate governance, and cybersecurity and privacy policy. Sam holds a BS in electrical engineering and an MBA from the University of Denver and is a graduate of the William S. Richardson School of Law. Sam is a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals, and sits on the industry advisory board of the Pacific Center for Advanced Technology Training, a consortium of the University of Hawaii community colleges. She regularly trains on confidentiality in the workplace, intellectual property rights, building cybersecurity programs, and trends in law and technology at the local, national, and international levels.

Session: Dude, Where's My Domain Admins?

*Attacker pops a workstation on your domain*

*Attacker establishes her foothold and local persistence*

*Attacker begins recon of AD, starting with Domain Admins*

ERROR: The group name could not be found.

Attacker, with a disconcerted look on her face: "Dude, where's my Domain Admins?"

Killchains that involve AD usually involve enumeration of highly-privileged accounts: members of Domain/Enterprise/Builtin Admins, Server Operators, etc. Those groups and their members can be enumerated in AD by default, exposing members as targets of exploitation to obtain those privileges. However, there's a way to use in-the-box AD capabilities to thwart these attempts. Using List Object mode, implicit deny, and AdminSDHolder/SDProp, AD defenders can hide these principals from unprivileged users. In this talk, I'll walk you through the principles, process, and pitfalls, so you can raise the bar on your AD defenses without blowing things up.


Joel M. Leo @joelmleo

Starting at Digital Island in 1998 with a fresh MCSE in Windows NT 4, I have earned experience across a number of platforms and technologies with many jumbles of letters after my name to go along with them. I'm the Active Directory Architect and a Principal Systems Engineer for Gap Inc., and a consultant for several other organizations, focusing primarily on Active Directory. When I'm not rotating krbtgt keys, you can usually find me hitting the waves at home in Hawaii or hotdropping targets in Eve Online.

Session: TBA


Kris Harms

Kris Harms is an entrepreneurial leader, security veteran and recovering incident responder who thrives on tackling the industry’s hardest problems. Most recently, he was Sr. Director of Product Management and Design (UX) at Cylance, charged with modernizing Cylance’s flagship Protect product.  Kris spent 14 of his 19 years going from startup->exit as one of the first 10 people at Mandiant (FEYE 1.05B 2013) and first 10 at Cylance (BB 1.4B 2019)  Throughout his career, he has built winning teams in product management, UX/design, sales engineering, product evangelism/marketing, education/training, consulting services, and incident response. Kris has appeared on 60 Minutes and PBS, holds a patent on the usage of machine learning models for threat prevention, is a published author, and frequent industry speaker. When Kris isn’t working, he enjoys life on the windward side with his wife and 2 girls.