Loading…
Attending this event?
Utah’s Premiere Security Conference

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Monday, October 18
 

6:00pm MDT

Pre-Registration and Soldering Party
Speakers
avatar for Troy Jessup

Troy Jessup

Committee, UtahSAINT / UEN


Monday October 18, 2021 6:00pm - 9:00pm MDT
Expo Area (1st Floor)
 
Tuesday, October 19
 

8:00am MDT

Registration Opens 8a
Registration Booth is open daily, but for the big rush we have placed this on the schedule so people know when to show up to register.

Tuesday October 19, 2021 8:00am - 10:00am MDT
Expo Area (1st Floor)

9:45am MDT

Welcome to SAINTCON
Let's get the Real Life" things going! This is the conference kickoff, outlining our event, things you need to know, and how to get the most out of the conference."

Speakers
avatar for Troy Jessup

Troy Jessup

Committee, UtahSAINT / UEN


Tuesday October 19, 2021 9:45am - 10:15am MDT
Ballroom B (2nd Floor)

10:15am MDT

Keynote Address
Speakers
avatar for Stephanie Caruthers

Stephanie Caruthers

Social Engineer Practice Lead, Snowfensive


Tuesday October 19, 2021 10:15am - 11:00am MDT
Ballroom B (2nd Floor)

11:00am MDT

Keynote Address
NO VIDEO RECORDING WILL BE ALLOWED DURING THIS SESSION

Speakers
avatar for LockPickingLawyer

LockPickingLawyer

Covert Instruments


Tuesday October 19, 2021 11:00am - 11:45am MDT
Ballroom B (2nd Floor)

1:00pm MDT

Active Directory: Elevate your Domain Security - Offense
Training Part 1: Students will participate in a dedicated Active Directory network to penetrate the domain. During this session, students will use red team tools like Mimikatz, techniques such as Kerberoast and DCSync, and go through the steps of a penetration assessment. All tools will be run through a Windows VM. To wrap up the assessment, students will help report on issues found in the environment that can be addressed in part 2.

VM instructions can be found here: https://jmshake.com/SAINT21/

Speakers
avatar for Jim Shakespear

Jim Shakespear

System Admin, Southern Utah University
I've been a member of SAINT since 2012, since I started full-time at Southern Utah University. I've had various roles in our IT department, and currently help maintain our enterprise systems including Active Directory. I've also been an adjunct professor for our CSIS department since... Read More →


Tuesday October 19, 2021 1:00pm - 5:00pm MDT
Cascade E (Training)

1:00pm MDT

Basic Bug Bounty with Burpsuite
This training will help those with no skills using burpsuite to be able to start looking for a variety of vulnerabilities in bug bounty platforms or even help their own organization (with permission of course).        

Speakers
avatar for Nathan Smith

Nathan Smith

Security Analyst, UETN


Tuesday October 19, 2021 1:00pm - 5:00pm MDT
Cascade D (Training)

1:00pm MDT

Python for Scriptkiddies
Want to learn hacky Python? In this workshop, you’ll learn just enough to Google your way to success in various scripting capacities. From HTTP requests to multithreading, this workshop focuses on Python concepts that are dead useful in the infosec day-to-day. Whether you need to scrape a site, generate a super-custom wordlist, or customize a web directory bruteforcer, Python has the tools you need to get by. This workshop is geared towards beginners, but we won’t spend time covering all the ins and outs of Python - just enough to get you started on your next scripting adventure.

Speakers
avatar for Seth Manesse

Seth Manesse

Security Engineer, Lucid Software



Tuesday October 19, 2021 1:00pm - 5:00pm MDT
Cascade C (Training)

1:30pm MDT

Building and Utilizing your Hacker Network
How to grow and use your infosec/cyber/hacker network to progress and grow your career.

Speakers
avatar for Andrew Hall

Andrew Hall

SAINTCON
Always open to talk about the minibadges I design for SAINTCON. Open for any type of conversation and spend a bit of time in the Hardware Hacking area as I enjoy soldering.


Tuesday October 19, 2021 1:30pm - 2:00pm MDT
Ballroom C (2nd Floor)

1:30pm MDT

From SAINTCON to Cyber State Champs
Come see how the cyber security class started for Alpine School District three years ago. Their first visit to SaintCon and how they went on to place first in the state with Cyber Patriots two years in a row.        

Speakers
avatar for Lynne Yocom

Lynne Yocom

Teacher, American Fork and Pleasant Grove High School
Lynne Yocom - I teach Linux and Cyber Secuiry at American Fork High School part time. I work full time at UDOT managing the fiber optic network statewide.


Tuesday October 19, 2021 1:30pm - 2:00pm MDT
Ballroom B (2nd Floor)

1:30pm MDT

Hunting for Privesc in Windows Applications
How to hunt for basic privilege escalation vectors in Windows applications. No Binary Exploitation or 0 days, just a methodology for finding common privilege escalation vectors.

Speakers
KM

Kenton McDaniel

Kenton is an information security engineer at a Fortune 500 Company in Utah County. Kenton enjoys LPE, Crypto, and getting shells.


Tuesday October 19, 2021 1:30pm - 2:00pm MDT
Ballroom A (2nd Floor)

1:30pm MDT

Private LTE - the primer and basics
Private LTE is an emerging technology that will become more apparent in the upcoming years. It is projected that by 2030 there will be more devices on Private LTE than the current Carrier Driven LTE networks. This presentation is your opportunity to familiarize yourself with Private LTE and also the CBRS Spectrum where you can build your own LTE experiences for a few dollars subscription per month.        

Speakers
avatar for Jason Eyre

Jason Eyre

Technology Department Coordinator, Murray City School District
Jason Eyre has worked in IT for over 25 years. Industry experiences include healthcare, government, agriculture, aerospace, information technology, software development, private corrections, and now education all with a focus on data and networking. Being active in implementing the... Read More →


Tuesday October 19, 2021 1:30pm - 2:30pm MDT
Community Talks Arena (Expo SW Corner)

1:30pm MDT

Social Engineering Defense for Leaders
Leadership track social engineering, come learn and discuss the most up-to-date social enineering technics being deployed today.

Speakers
SJ

Seth Johnson

UtahSAINT
I care deeply about privacy, security, and helping people.


Tuesday October 19, 2021 1:30pm - 2:30pm MDT
Cascade A and B

1:30pm MDT

Facilitated keynote panel discussions as part of the SAINTCON Leadership Track.
Jeff Egly will facilitate an open discussion with the SAINTCON keynote speakers and the SAINTCON Leadership Track attendees. The keynote panel discussion is an annual event at SAINTCON providing an opportunity for Leadership Track attendees to interface with national leaders in cybersecurity.

Speakers
avatar for Jeff Egly

Jeff Egly

Director, UETN


Tuesday October 19, 2021 1:30pm - 3:30pm MDT
Hobble Creek

2:00pm MDT

Is this Website Safe? 101
Come and learn website about free tools that can help understand and know, "Is this website safe?"

Speakers
avatar for David Bowman

David Bowman

Systems & Security Manager, Jordan School District
Systems and Security Manager at Jordan School District. Running our Security program for 58,000 students, 8,000 staff, and too many devices to enumerate. David has spent the last 8 years in and around technology in the K-12 environment. David's hobby is "Crazy Christmas Light Guy... Read More →


Tuesday October 19, 2021 2:00pm - 2:30pm MDT
Ballroom C (2nd Floor)

2:00pm MDT

Ransomware Tabletops - Choose your own adventure
Grab the attention of your C-suite by having them fully engaged in a choose your own adventure style tabletop exercise and shows how damaging Ransomware can be while teaching about the many variables in play.

Speakers
avatar for Devin Shelley

Devin Shelley

Mgr. InfoSec, O.C. Tanner
24yr veteran of Utah Army National Guard, last 8 yrs leading Defensive Cyber Operations Team Hacker at heart blue team by trade. Lifelong learning and love teaching.


Tuesday October 19, 2021 2:00pm - 2:30pm MDT
Ballroom A (2nd Floor)

2:00pm MDT

The Evolution of Cryptocurrencies in Cyber Crime
This talk will explore various FBI cases over the past 10 years with regards to cryptocurrencies.


Speakers

Tuesday October 19, 2021 2:00pm - 2:30pm MDT
Ballroom B (2nd Floor)

2:30pm MDT

"Eduroam for K12 Students"
This will be a panel discussion around K12 students using eduroam. Everyone is encouraged to engage with districts that are offering the service to their student population. Come prepared with questions and we look forward to a great discussion!

Speakers
avatar for Amanda Molinari

Amanda Molinari

Network Operations Engineer, UETN



Tuesday October 19, 2021 2:30pm - 3:30pm MDT
Cascade A and B

2:30pm MDT

1.21 GigaWatts! Vulnerabilities in Solar Panel Controllers
Embedded device security has come a long way since the days of telnet and default passwords. Product vendors are now securing their devices but how effective are they? We'll focus on the techniques one solar vendor utilizes. We'll show what works and what doesn't and cover bypasses for many IoT security measures. Attacks in this talk are beneficial to system designers, hobbyists, and researchers.

Speakers
WG

Waylon Grange

Stage 2 Security


Tuesday October 19, 2021 2:30pm - 3:30pm MDT
Ballroom B (2nd Floor)

2:30pm MDT

Effectively Managing Vendor Risk
Managing vendor risk is more than just gathering annual questionnaires. In this presentation, we'll explore strategies for identifying, ranking, and managing vendor risk with the business and the vendor.

Speakers
JO

John Overbaugh

CareCentrix


Tuesday October 19, 2021 2:30pm - 3:30pm MDT
Ballroom A (2nd Floor)

2:30pm MDT

Hacking SDR: What is RF and why hackers should care
We will explore RF from the ground up spending a bit of time on how it works and how it's accessible to the public (including us hackers). We will then briefly survey RF attacks in the wild and why they're interesting. The last half will include a discussion on how to get started (including super cool gadgets) and a demo software/hardware configuration for using a computer to interact with an RF device.

Speakers
EF

Erich Ficker

Moss Adams


Tuesday October 19, 2021 2:30pm - 3:30pm MDT
Ballroom C (2nd Floor)

3:30pm MDT

"Snowmageddon: How TACC dealt with the largest snow storm in Texas history "
How TACC dealt with and the choices that were made during the 2021 snowstorm that crippled Texas.


Tuesday October 19, 2021 3:30pm - 4:30pm MDT
Cascade A and B

3:30pm MDT

IoT safety in a world where everything "needs the internet"
It seems every device that is purchased now has a simple request: "Connect me to the internet" This sentiment always bothered me as I never knew why connectivity was always required for what seemed to be the most straight-forward single-function devices. I spent some time first-hand researching various IoT devices (cameras, smart TV's, light switches, Google Cast devices, etc) to see their behavior when they were connected to a network. As I looked through the lan traces, I was shocked to see random outbound traffic flows to data centers in China on obscure UDP ports, subnet sweeps gathering data about all of the devices on its broadcast domain, and other 'features' that may be useful in some scenarios...but are terrifying in the wrong context (UPnP, looking at you here). Join me on a journey of "who's being naughty on my network" using packet captures, looking at shady third-party web portals to 'control' your smart devices, random things you agree to when you are setting up your new devices, as well as some other fun discoveries I made along the way. We will then go over how you can strike a nice balance between functionality and security in both corporate IoT use as well as in your home.

Speakers
avatar for Shaun Price

Shaun Price

Staff Security Engineer, Henry Schein ONE
Shaun Price is a staff security engineer in the healthcare space. He earned his bachelors degree in network administration and security from Utah Valley University . Concurrently, he spent 10 years at Novell / SuSE working as a global escalation engineer performing LAN/WAN analysis... Read More →


Tuesday October 19, 2021 3:30pm - 4:30pm MDT
Ballroom C (2nd Floor)

3:30pm MDT

System Administration with a Side of Security
Security isn't just the domain of the cyber security folks, it's a constant threat that needs to be constantly monitored and tweaked. System administrators need to be aware of, and deploy, policies that compliment security tools while mitigating the spread of malicious actions. This discussion will focus on the mind-boggling array of tools (many of them free) Microsoft and others provide, and give examples of ways to automate the deployment and maintenance of security enhancing features like user and device white lists, hardware, software, and BIOS version reporting, patching, and mitigating vulnerabilities detected during security scans. Tools and methods covered may include Powershell, Active Directory, System Center Configuration Manager, Windows Sysinternals, Least Privilege Model, and more. Actual topics may vary based on interaction with attendees.

Speakers
EB

Eric Bennick

Weber State University


Tuesday October 19, 2021 3:30pm - 4:30pm MDT
Ballroom A (2nd Floor)

3:30pm MDT

WiFi Kraken Lite, Now With Less Calories
D4rkm4tter has been obsessed with monitoring wireless networks and has built hardware to meet the challenges of scanning and testing in the most busy and client dense environments. The WiFi-Kraken Lite contends with these issues in a smaller package without sacrificing any monitoring performance. This project is the results of years of research into the most effective way to scan and audit wireless in a single box that can be easily deployed or used as a hardened terminal in the most rugged conditions. The WiFi-Kraken Lite consists of a single-board computer which connects 12 wireless radios that enables scanning and auditing WiFi, Bluetooth, LoRaWAN and other commonly used wireless protocols. The number of wireless devices is growing as well as the way those devices are being connected. Having an all-in-one wireless monitoring solution will give you the ability to track this data across these bands and give you the best picture of what's happening in the air around you. This demonstration will provide you the information so that you can build your own all-in-one monitoring device. You will also gain an overview of capture technologies including Kismet that will help you perform this type of analysis in your own environments. Finally once the data is capture, you will get an understanding of efficient data processing using tools like Wireshark and d4rkm4tter's own PCAPinator tool.

Speakers
avatar for Mike Spicer

Mike Spicer

Mike Spicer (d4rkm4tter) is a mad scientist hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science which he has put to use building and breaking a wide array of systems. These include web application pentesting... Read More →


Tuesday October 19, 2021 3:30pm - 4:30pm MDT
Ballroom B (2nd Floor)

3:30pm MDT

Utah Wireless Administrator Group (UWAG) and eduroam user group meeting
We will be holding an combined in person UWAG/eduroam user group meeting

Speakers
avatar for Barry Bryson

Barry Bryson

Associate Director, UETN
IT, Networking, Internet and business veteran. I'm passionate about; Home Theater, media, analog stereo only vintage systems I.E. Vinyl, solar energy, cars, food, medium to high density housing (both pro and against), assisted listening devices, disability accommodation, Android v... Read More →


Tuesday October 19, 2021 3:30pm - 5:00pm MDT
Hobble Creek

8:00pm MDT

Hack-in-the-Box Event
Speakers
avatar for Troy Jessup

Troy Jessup

Committee, UtahSAINT / UEN


Tuesday October 19, 2021 8:00pm - Wednesday October 20, 2021 1:00am MDT
Conference Center (Hyatt Hotel)
 
Wednesday, October 20
 

8:00am MDT

SAINTCON Job Fair
Wednesday October 20, 2021 8:00am - 10:00am MDT
3rd Floor Prefunction Area

8:00am MDT

A Day of Python Part 1
The purpose of this training is to go from 0-60 with Python within a day. We have about 7 hours to cover a lot of material. Your typical conference information through a fire hose reminiscent of any Hollywood movie depicting chow time during boot camp.
Although not not strictly tied to the morning session we will cover the following:
This is a lofty goal so there are some sacrifice that need to be made. We won't have time to talk about the fundamentals of computer science or algorithm design - but if there is need for that let us know!
Completion of the material in this course will provide you with a basic foundation in Python programming and a collection of recipes to help you start completing your own productive projects in python.
Already know Python or want to dig into some more advanced topics. Check out Seth Manesse’s Python for Scriptkiddies.

Speakers
avatar for Michael Fischer

Michael Fischer

LogMeIn
Software Engineer turned security professional


Wednesday October 20, 2021 8:00am - 12:00pm MDT
Cascade C (Training)

8:00am MDT

Active Directory: Elevate your Domain Security - Defense
Training Part 2: Students will participate in a dedicated Active Directory network that has undergone a recent penetration assessment. Based on the results of the assessment, students will implement improvements to the Active Directory domain and test if their actions improve their domain security. Most improvements will be deployed using Group Policy. Some additional tools for assessing/improving security of the domain will include PingCastle and Sysmon.

VM instructions can be found here: https://jmshake.com/SAINT21/

Speakers
avatar for Jim Shakespear

Jim Shakespear

System Admin, Southern Utah University
I've been a member of SAINT since 2012, since I started full-time at Southern Utah University. I've had various roles in our IT department, and currently help maintain our enterprise systems including Active Directory. I've also been an adjunct professor for our CSIS department since... Read More →


Wednesday October 20, 2021 8:00am - 12:00pm MDT
Cascade E (Training)

8:00am MDT

Privacy Workshop
New and improved privacy workshop with learnings post-COVID

Speakers
SJ

Seth Johnson

UtahSAINT
I care deeply about privacy, security, and helping people.


Wednesday October 20, 2021 8:00am - 12:00pm MDT
Cascade D (Training)

9:00am MDT

Discussing Ransomware in K12 Schools - It's a Real Concern!
We will lead a discussion regarding Ransomware in K12 schools.  We will we share examples and allow time for those attending to discuss their experience with Ransomware and what can be done to help protect your district and schools.

Speakers
JG

Jared Ganske

Network Services Manager, Weber School District
LR

Lynn Raymond

Technology Director, Weber School District


Wednesday October 20, 2021 9:00am - 10:00am MDT
Hobble Creek

9:00am MDT

The Problem of the Power Grid
In Ted Koppel's 2015 book he outlined challenges to the United States power grid. Koppel identified 4 areas of concern that could take down large portions of the power grid for long periods of time. These are: 1) Physical Attack; 2) Cyber Attack; 3) Electro Magnetic Pulse (EMP) and 4) Coronal Mass Ejection. Koppel also identifies problems with our aging grid, a lack fundamental knowledge regarding numbers of very large transformers (VLT) embedded within the US power grid and the difficulty in maintaining the US power grid even if no nefarious attacks occur. I will lead a discussion outlining my interpretation of Lights Out. This will first focus on the problem areas identified by Koppel. To conclude I will propose that the only course open to our Utah community will be to identify policy actions addressing each area of concern and contemplate which policy makers can be approached and how policy change may be accomplished.

Speakers
avatar for Jim Stewart

Jim Stewart

CTO, UETN
James L. Stewart has 40 years of experience working in the technology profession. He is currently the Chief Technology Officer (CTO) for the state-wide Utah Education and TeleHealth Network (UETN) organization and has been working directly the past 21 years supporting technology for... Read More →


Wednesday October 20, 2021 9:00am - 10:00am MDT
Cascade A and B

10:00am MDT

Electric Sector Cyber Security – Policies, tools, resources and partnerships
The electric sector is one of 16 Critical Infrastructure in the United States and often serves as a lifeline for the other 15. The North American power system is an incredibly complicated machine and protecting the nation’s electric power grid and ensuring an affordable, reliable, and secure supply of electricity are top priorities. The electric sector uses a defense-in-depth strategy to protect critical assets in addition to public private partnerships (PPPs) as well as continuous engagement and improvements as the environment continues to change. Come hear more about the electric sector’s cyber posture - including policies impacting the sector as well as existing PPP efforts, tools, and resources – to protect our systems, our sector and our consumers.

Speakers

Wednesday October 20, 2021 10:00am - 11:00am MDT
Cascade A and B

10:00am MDT

How can IoT rely on cellular connectivity to work and how can you defend IoT against cyber-attacks?
Cellular IoT adoption is on the rise across industries and verticals, especially in the past year with COVID-19 and the wider availability of 5G. Devices that used to rely on hardwired or closed network connections now connect with Wi-Fi and/or cellular connections. This includes everything from cameras and speakers to printers, energy monitors, badge access systems, and more. As IoT and cellular connections expand, it is no longer possible to define trusted devices by their locations. Now it is essential to establish zero trust networks to protect against cyber-attacks.

Speakers
avatar for Steve Lindsey

Steve Lindsey

CIO/CTO, LiveView Technologies


Wednesday October 20, 2021 10:00am - 11:00am MDT
Hobble Creek

10:00am MDT

Grifting 101
Come learn "Grifting" from the best. 


Wednesday October 20, 2021 10:00am - 11:00am MDT
Ballroom C (2nd Floor)

10:00am MDT

Passwordless Pipedreams?
You've been promised passwordless options for years. Now that it's coming to be a reality, is it actually as secure as it's being sold? Or is it just another vaporware offering that is crazy complex and not consumable for the masses? This session will define the scope of what systems/applications can be passwordless, the risks around this solution as well as the various alternatives stepping you into this solution. We'll pick apart one of the solutions achieving this dream and the security around it. I'll even roll back the covers of how it's working in my day to day work life.

Speakers
avatar for Clint Sorensen

Clint Sorensen

Systems Architect, Cisco Systems
Clint Sorensen is an IT professional with more than 15 years of experience. He's currently a Systems Architect at Cisco Systems focusing on public sector customers and their needs. He's passionate about working smarter, not harder in everything he approaches. He's also an outdoorsman... Read More →


Wednesday October 20, 2021 10:00am - 11:00am MDT
Ballroom A (2nd Floor)

10:00am MDT

The Badge Talk
All about the badge

Speakers

Wednesday October 20, 2021 10:00am - 11:00am MDT
Ballroom B (2nd Floor)

11:00am MDT

Dissecting Man-In-The-Middle Attacks
From a red teamer perspective, the Man In The Middle position is that obscure place that provides you with powerful opportunities to attack victim machines on the same LAN without them knowing. On the other hand, defending against MITM is an often overlooked concept, however, this can be a costly mistake as these attacks can lead to a compromise on a much larger scale. This presentation will provide an overview of why you should care about defending against MITM on the LAN and go over few practical examples.        

Speakers

Wednesday October 20, 2021 11:00am - 11:30am MDT
Ballroom B (2nd Floor)

11:00am MDT

How's your SIEM?
All the logs might be in the SIEM (Security Information and Event Management system), but if you're spending your days twiddling your thumbs and scrolling #infosec Twitter indefinitely, you might be overwhelmed by the amount of data and possibilities that are ahead of you. This sad situation can leave your SIEM feeling lonely and underutilized, despite being one of the top requirements of enterprise level security teams. Attendees of this talk will leave with ideas to make their SIEM feel like a valued team member, including quick ways to identify logging blind spots, threat hunting opportunities, and automation inspiration.

Speakers
avatar for Kimber Duke

Kimber Duke

Security Engineer, S2 Security
As a security engineer working for S2 Security, Kimber's security interests range from social engineering to network defense, with the addition of wardriving and ancient RFCs in between. She is a member of DC801 and recently remodeled 801Labs, come check it out!


Wednesday October 20, 2021 11:00am - 11:30am MDT
Ballroom A (2nd Floor)

11:00am MDT

Lock Bypassing 101
Lock bypass basics. 

Speakers

Wednesday October 20, 2021 11:00am - 11:30am MDT
Ballroom C (2nd Floor)

11:30am MDT

Lockpicking 101
Lock picking basics. 

Speakers

Wednesday October 20, 2021 11:30am - 12:00pm MDT
Ballroom C (2nd Floor)

11:30am MDT

Offensive Security Tooling ‚A Soundtrack for the Modern Age of Security
Offensive Security Tooling has been a debate that's sparked huge discussions, particularly in the Twitter information security community. What is OST? Why is it a big deal? Why should we care, and what can we do? I hope to present a balanced overview of the discussion, outline some of the existing arguments, and provide a jumping off point for others to consider and join in on the conversation. While this is an only an introduction into the argument, it is intermediate technical as I will present the specific tools and capabilities of OST, and what that means for the industry in technical terms.

Speakers
BP

Bronson Peto

Wizards of the Coast


Wednesday October 20, 2021 11:30am - 12:00pm MDT
Ballroom A (2nd Floor)

11:30am MDT

Practical Password Cracking
A lot of people approach password cracking as a total brute force and fail to correctly categorize the probability of a password being cracked based on a well crafted and thought out dictionary attack augmented with rules and/or with masks.

Speakers
KM

Kenton McDaniel

Kenton is an information security engineer at a Fortune 500 Company in Utah County. Kenton enjoys LPE, Crypto, and getting shells.


Wednesday October 20, 2021 11:30am - 12:00pm MDT
Ballroom B (2nd Floor)

11:30am MDT

An introduction to Operational Technology Network Security
"Operational Technology (OT) Networks are the fabric of kinetic tasks. From key infrastructure such as power and gas production to manufacturing and building control, these systems are a fundamental part of many organizations and communities. This presentation will explore the challenges of securing operational technology (OT) networks. We'll discuss what makes the OT environment unique and share strategies to gain visibility and improve incident response capabilities."

Speakers
JP

Jeremy Pierson

Global Security Architect, CompuNet
Infosec Professional, Hackercamp Founder, DC801 grey beard, Packet Janitor and Raconteur.


Wednesday October 20, 2021 11:30am - 12:30pm MDT
Cascade A and B

11:30am MDT

Solar Uses for Supporting IT Services
Exploring the uses of Solar Power for remote, rural, or hard to reach locations. Example Scenarios will illustrate how the uses of Solar Power can enable solutions to solve problems such as bridging the digital divide, building more robust networks, and enabling a wider use of existing technologies for data collection, surveillance, or Smart City/Smart Road infrastructure.

Speakers
KS

Kevin Stratton

Accuretta Holdings


Wednesday October 20, 2021 11:30am - 12:30pm MDT
Hobble Creek

1:00pm MDT

Mini-Badging 201
Time to learn more about mini badging. Learn how to use the mini badge debugger to make your custom mini badges more awesome. 

Speakers

Wednesday October 20, 2021 1:00pm - 3:00pm MDT
Cascade E (Training)

1:00pm MDT

Printing Cookies (for Yum and Profit)
After revelations about the Solarwinds breach went public, the interwebs exploded with investigations and incidents featuring the same attackers. In a blog post, Volexity reported the Solarwinds attackers had targeted a think tank and were regularly visiting the victim's Outlook Web Access (OWA) server to siphon email. Interestingly, despite the OWA server having Duo 2Factor protections in place, the attackers only provided a username and password to log in, completely skipping the 2Factor step! In this hands-on workshop intended for beginner-to-intermediate hackers, participants will discover how such an attack might be carried out and will learn the stealthy power of cookie forgery attacks.

Speakers
KL

Kevin Lustic

ServiceNow
Kevin is an Information Security researcher in Utah, leading the Adobe Red Team in performing offensive security testing against Adobe's Digital Experience SaaS offerings. Prior to joining Adobe, Kevin spent five years in the Intelligence Community as a global network vulnerability... Read More →


Wednesday October 20, 2021 1:00pm - 3:00pm MDT
Cascade D (Training)

1:00pm MDT

A Day of Python Part 2
The purpose of this training is to go from 0-60 with Python within a day. We have about 7 hours to cover a lot of material. Your typical conference information through a fire hose reminiscent of any Hollywood movie depicting chow time during boot camp.
Although not not strictly tied to the afternoon session we will cover the following:This is a lofty goal so there are some sacrifice that need to be made. We won't have time to talk about the fundamentals of computer science or algorithm design - but if there is need for that let us know!
Completion of the material in this course will provide you with a basic foundation in Python programming and a collection of recipes to help you start completing your own productive projects in python.
Already know Python or want to dig into some more advanced topics. Check out Seth Manesse’s Python for Scriptkiddies.

Speakers
avatar for Michael Fischer

Michael Fischer

LogMeIn
Software Engineer turned security professional


Wednesday October 20, 2021 1:00pm - 5:00pm MDT
Cascade C (Training)

1:30pm MDT

How good is a Backup Generator …. Really? - Generators 101 for Leadership
We will be covering things the power company wish it knew before a huge power outage and how failing backup generators made it so much worse.  Including - 
  • Know your system                 
    • Identify essential equipment 
    • How is that powered ? 
    • Can you change power sources and can that be automatic? Are you sure, did you test that ? 
  • You have a backup generator now what ? 
    • Who is in charge of it ? 
    • Maintenance schedule?
    • Testing schedule?
    • What fuel does it run on - What that means? How much do you have? What problems will that cause? 
  • Automatic switching 
    • Really understanding when how/ what part will change power flow. 
    • Where are the brains, how easy do that break, who can replace them? 
  • What we have learned maintaining, also just outsourcing generation maintenance  
  • Things the power guy wants everyone to know?

Speakers
WH

Wes Hoyt

Journeyman Substation Technician & Journeyman Meter Technician, GarKane
KE

Kaber Esplin

IT system analyst, Garkane Energy
Small town guy. learning how to do my job.


Wednesday October 20, 2021 1:30pm - 2:30pm MDT
Hobble Creek

1:30pm MDT

Keeping the “lights” on – the present and future of energy storage, from big to little
In this session we will cover the following - 
  • Changing status of the “grid”
  • Backup solutions for the grid
    • Utility
      • Short Term and Long Term
    • Business/Industrial/Government
    • Residential
  • What the future holds as far as potential changes/additions in backup solutions
 Come join in the discussion.

Speakers
avatar for Curtis Ashton

Curtis Ashton

Director of Training, American Power Systems LLC
Curtis Ashton spent a few years working in an electric utility power generating plant as an Engineering Technician and Electrician’s helper while getting his BSEE degree. He then moved on to a 27 year career with USWEST/Qwest/CenturyLink as a power (including batteries) and grounding... Read More →



Wednesday October 20, 2021 1:30pm - 2:30pm MDT
Cascade A and B

1:30pm MDT

Jup1t3r's totally unprepared presentation about miscreant tactics
This will be a discussion about all of the important security terms, acronyms, and importance of understanding the new terminology and concepts in security.

Speakers
avatar for Troy Jessup

Troy Jessup

Committee, UtahSAINT / UEN


Wednesday October 20, 2021 1:30pm - 2:30pm MDT
Ballroom C (2nd Floor)

1:30pm MDT

Leveraging personality analysis in your Social Engineering program
Using the traits from the Myers-Briggs and Enneagram of Personality to tailor your Social Engineering strategy for your organization. Improve your pretexts by knowing your targets' core fears and motivations, and then use these considerations to identify weaknesses and to ultimately build up those in your organization to be stronger allies with your security program.

Speakers
avatar for Josh Dustin

Josh Dustin

Chief Security Officer, HireVue, Inc.


Wednesday October 20, 2021 1:30pm - 2:30pm MDT
Ballroom A (2nd Floor)

1:30pm MDT

Understanding CIS Critical Controls (Version 8)
The Center for Internet Security recently updated their Critical Controls (now on version 8). Finding, understanding, and adopting a control set is a foundational part of creating/developing an information security program, and the CIS Critical Controls are built for organizations of all sizes. Come and learn about the latest version of the CIS Critical Controls, and how the most recent version affects how you can implement it in your organizations.

Speakers
CH

Christopher Hopkins

Nav Technologies


Wednesday October 20, 2021 1:30pm - 2:30pm MDT
Ballroom B (2nd Floor)

2:30pm MDT

How cameras provide video verification of what IoT is reporting?
Cameras have worked alongside other sensors like motion detection for a long time. Historically, the cameras and sensors were not connected to each other to create cohesive, actionable analytics for the end user. There are growing demands for smart security in public spaces, commercial buildings, public transport, and more where IoT reporting integrates with traditional camera surveillance.

Speakers
avatar for Steve Lindsey

Steve Lindsey

CIO/CTO, LiveView Technologies


Wednesday October 20, 2021 2:30pm - 3:30pm MDT
Hobble Creek

2:30pm MDT

Personal Power Generation, Past, Present and Future
My neighborhood is notorious for frequent and very inconvenient power outages. I don't like it when the power goes down and I, and my family, are left without means of cooking, lighting, central heat and/or air conditioning, food spoiling in the refrigerators and freezers and an overall feeling of helplessness hoping that a repair crew is on its way. This is a show and tell presentation. I will talk about my preparations, gas and solar generators, solar cells, power needs, calculations, the good and bad experiences, what I've been working on and what I will be investing in, both my time and money, in the immediate future. I will also discuss the limitations of personal power generations and what individuals can do to help themselves, their family and friends and their communities.

Speakers
avatar for Jim Stewart

Jim Stewart

CTO, UETN
James L. Stewart has 40 years of experience working in the technology profession. He is currently the Chief Technology Officer (CTO) for the state-wide Utah Education and TeleHealth Network (UETN) organization and has been working directly the past 21 years supporting technology for... Read More →


Wednesday October 20, 2021 2:30pm - 3:30pm MDT
Cascade A and B

2:30pm MDT

Hacking Like A Girl
We will go over all the interesting bits, cool hacks, and protections from some of my past security presentations (Owning MFA, Breaking Federated Identity, Advanced Phishing, etc.) and highlight awesome hacks from other women in cybersecurity.

Speakers

Wednesday October 20, 2021 2:30pm - 3:30pm MDT
Ballroom B (2nd Floor)

2:30pm MDT

Networking 101
New to the networking game? New a refresher? Then come on down for networking 101. 

Wednesday October 20, 2021 2:30pm - 3:30pm MDT
Ballroom A (2nd Floor)

2:30pm MDT

Wireshark: A Beginners Introduction
Have you heard your friends or colleagues talk about "sniffing" network traffic? Do you want to know if that new "smart"-X device is actually just a way for companies to "steal" more of your private information. Find out what is really happening on your networks with this introduction to Wireshark, one of the most popular tools used in industry for network analysis. No prior knowledge is necessary. We will start with a brief introduction to Wireshark, its capabilities and uses. Next, we will discuss where and how to monitor your network with Wireshark and what factors affect those decisions. At this point we are now ready to start applying capture filters, display filters, and custom colorization rules to highlight the information we are interested in seeing. We will focus on understanding several popular network protocols including ARP, IP, ICMP, TCP, UDP, HTTP and others. The entire workshop will be very hands on with many different sample captures to work from as we identify both normal and abnormal traffic. We will not be doing any live captures.        

Speakers
KF

Kyle Feuz

Weber State University
Kyle Feuz is an Assistant Professor at Weber State University in the School of Computing. He earned his Ph.D from Washington State University in 2014 and a B.S and M.S in Computer Science from Utah State University in 2010 and 2011, respectively. He is currently serving as the Program... Read More →


Wednesday October 20, 2021 2:30pm - 4:30pm MDT
Ballroom C (2nd Floor)

3:00pm MDT

Easy Serverless Apps for Automating Red Teaming on AWS
Join us for this hands-on training, where we will walk you through how to easily build your first serverless applications using various AWS services including: Lambda for Processing Data, API Gateway for Communicating with Users S3 for Storage of Data CloudFormation for Automating the Deployment Cloud9 for creating software via the Integrated Development Environment (IDE) And More! :) We will be using AWS‚ Serverless Application Model (SAM) to build some incredibly easy to create serverless applications, which will also save you countless hours when executing a red team, penetration testing, and/or purple teaming engagement! This course assumes the student already has some IT experience and would like to learn more about how to apply serverless technologies to automate various workflows. Students should be comfortable with: Basic networking concepts and services (e.g. TCP/IP, DNS, DHCP, etc) Students will benefit from having: Some experience interacting with AWS is recommended, but not required. Some python scripting knowledge is recommended, but not required. Some basic penetration testing experience is recommended, but not required. Students will need to bring to the class: The Laptop needs to be able to join a wireless network with a web browser able to access AWS services. Students do NOT need to have their own accounts with AWS during the course, but having an AWS account will enable the student to continue to work on the course content after the course has concluded for the day.

Speakers
BK

Bryce Kunz

S2.Security
Bryce Kunz (@TweekFawkes) is an Information Security Researcher located in Salt Lake City, Utah. Bryce currently leads the security offensive testing of Adobe's Marketing Cloud SaaS infrastructure via researching and developing custom exploits for web applications and other cloud... Read More →


Wednesday October 20, 2021 3:00pm - 5:00pm MDT
Cascade D (Training)

3:00pm MDT

regex: find (and replace) on steroids
A reduced pain, increased interest introduction to regular expressions. You know you need to learn this, and friends don't let friends regex alone. We will be using a linux app to walk through the basics of regular expression pattern matching (find) and substitution (replace). Bring your linux (vm is fine) or share with a neighbor.

Speakers

Wednesday October 20, 2021 3:00pm - 5:00pm MDT
Cascade E (Training)

3:30pm MDT

Developing K12 Cybersecurity Strategies for a School District
Join us as Jordan School District’s Systems and Security Manager David Bowman shares best practices and lessons learned as Jordan School District has expanded out an expert team on Cybersecurity over the last 18 months. Some of the topics he will cover: Understanding your current posture, Building a culture of Security as a priority, Personnel planning, and Critical tools to consider.

Speakers
avatar for David Bowman

David Bowman

Systems & Security Manager, Jordan School District
Systems and Security Manager at Jordan School District. Running our Security program for 58,000 students, 8,000 staff, and too many devices to enumerate. David has spent the last 8 years in and around technology in the K-12 environment. David's hobby is "Crazy Christmas Light Guy... Read More →


Wednesday October 20, 2021 3:30pm - 4:30pm MDT
Hobble Creek

3:30pm MDT

UPS Battery Technology
Utility power is not reliable. Going over the ""nines of availability"" when power is lost. I will show the importance of maintaining batteries and what can be done to help prevent loss of power and different battery technology used in UPS systems.


Wednesday October 20, 2021 3:30pm - 4:30pm MDT
Cascade A and B

3:30pm MDT

7 Times I Was Engineered: Confessions of a Social Engineer
Nature is cool and teaches us a lot about heuristics and social engineering. Let's exploit it.

Speakers
SJ

Seth Johnson

UtahSAINT
I care deeply about privacy, security, and helping people.


Wednesday October 20, 2021 3:30pm - 4:30pm MDT
Ballroom B (2nd Floor)

3:30pm MDT

Palo KungFu
Tips and Tricks for your PaloAlto Firewall. Automate security tasks, gather intelligence, and all without spending a bunch on expensive subscriptions.

Speakers
JC

Jeremy Cox

Washington County School District


Wednesday October 20, 2021 3:30pm - 4:30pm MDT
Ballroom A (2nd Floor)

6:00pm MDT

SAINTCON Family Night Event
SAINTCON Family Night Event is designed for kids to join their parents to participate in the funnest aspects of SAINTCON.  We will be focusing on younger hackers, teaching them skills, letting them hack things, and enjoying an evening without the usual "stay inside the box" restrictions.
Parents should attend, but not expect to have much to entertain them. This event is for the Kids!

Speakers
avatar for Troy Jessup

Troy Jessup

Committee, UtahSAINT / UEN


Wednesday October 20, 2021 6:00pm - 9:15pm MDT
Expo Area (1st Floor)

8:00pm MDT

Hack-in-the-Box Event
Speakers
avatar for Troy Jessup

Troy Jessup

Committee, UtahSAINT / UEN


Wednesday October 20, 2021 8:00pm - Thursday October 21, 2021 1:00am MDT
Conference Center (Hyatt Hotel)
 
Thursday, October 21
 

8:00am MDT

Basic Buffer Overflow for OSCP
Want an easy 25 points on your OSCP exam? Come learn everything you need to know about buffer overflow to pass the buffer overflow portion of the OSCP exam in under an hour. We'll go over all the steps necessary to get from basic fuzzing to a reverse shell.
We'll be using a lab on TryHackMe - come prepared with an account and having joined the room below (it's free):
https://www.tryhackme.com/room/bufferoverflowprep
It is also strongly recommended to come with a Kali Linux VM, as we'll be using tools like python* and msfvenom.
Note that this course will NOT cover topics such as ASLR, stack canaries, or other buffer overflow protections - we will focus on the bare essentials and theory of stack-based buffer overflow.
*no scripting knowledge necessary

Speakers
avatar for Seth Manesse

Seth Manesse

Security Engineer, Lucid Software



Thursday October 21, 2021 8:00am - 12:00pm MDT
Cascade E (Training)

9:00am MDT

Bitcoin and why it's the currency for Ransomware
Discussion about bitcoin anonymity, and the impact of Ransomware.

Speakers
avatar for Troy Jessup

Troy Jessup

Committee, UtahSAINT / UEN


Thursday October 21, 2021 9:00am - 10:00am MDT
Cascade A and B

9:00am MDT

Education Strategies around Cyber Security
As CISO and managers of K12 schools how do we handle the increasing cyber security barrage against schools? Panel Discussion topics include User education / phishing / CEO fraud / gift card fraud, successful strategies in end-user data security awareness training.

Speakers
avatar for Mark Houtz

Mark Houtz

Network Engineer, NUES


Thursday October 21, 2021 9:00am - 10:00am MDT
Hobble Creek

10:00am MDT

Lockpicking 101 - Executive/Leadership Briefing
25 minute briefing on basics of lockpicking. Very similar to this https://www.youtube.com/watch?v=_6pgjvoC2og

Speakers

Thursday October 21, 2021 10:00am - 10:30am MDT
Cascade A and B

10:00am MDT

Extending Secure Wireless Access for Students in Utah
All school districts in Utah, higher education campuses, and many public buildings now have access to eduroam. Staff and students can realize significant benefits to using this platform as their primary SSID.

Speakers
avatar for Supt. David Long

Supt. David Long

Superintendent, Beaver School District
avatar for Rick Gaisford

Rick Gaisford

Technology Specialist, USBE
Rick Gaisford has 35 years in education and has been involved with educational technology for over 30 years at the classroom, school, district and state levels. He was an elementary school teacher, school technology specialist, district technology specialist and trainer. For the past... Read More →


Thursday October 21, 2021 10:00am - 11:00am MDT
Hobble Creek

10:00am MDT

#ransomware
Ransomware is still a thing, learn about the state of the warez that are ransomed

Speakers

Thursday October 21, 2021 10:00am - 11:00am MDT
Ballroom C (2nd Floor)

10:00am MDT

Just Scraping By - The Privacy Implications of Mining the Internet
Using python web scraping, this talk will touch on the privacy implications when using web scraping to pull data from the internet. Starting with county jails and mugshots, there are some pretty obvious issues that can arise from someone who had a mugshot taken but may have not been convicted of anything. We will explore this and other issues concerning our privacy with publicly available data from scraping and mining the internet.        

Speakers

Thursday October 21, 2021 10:00am - 11:00am MDT
Ballroom A (2nd Floor)

10:00am MDT

Of Sandcastles and Luck - Rethinking Vulnerability Management
Vulnerability Management has been a disaster for the last 20 years in IT. It's IT's problem, it's security's problem, but in the end everyone suffers when we do it poorly. While there has been a glut of tools for finding vulnerabilities that's only the very top of the iceberg. The entire lifecycle: identification, triage, mitigation, and reporting is broken and needs to be rethought for modern IT and risk thinking. This talk addresses each of the Vulnerability Management lifecycle and draws upon 20+ years experience advising, building, and operating vulnerability management programs across various market verticals and organization types to draw conclusions and suggest ways to address, if not outright fix, some of the badly broken parts. If you're still scanning, dumping to spreadsheet, emailing people, and hoping things get fixed - you need to listen to this talk.

Speakers

Thursday October 21, 2021 10:00am - 11:00am MDT
Ballroom B (2nd Floor)

10:00am MDT

Metasploit 101
Metasploit is a network application that allows an easy way to develop and execute exploits. In this training we will cover basic concepts of Metasploit like searching and running exploits, as well as intermediate concepts like payload generation and analyzing and developing an exploits. Concepts explained during the training will be enforced with examples and hands-on exercises. Basic knowledge of networking and Linux commands is recommended but not required. Participants are encouraged to bring their laptop with two virtual machines: Kali Linux and Metasploitable.

Speakers
avatar for Santiago Gimenez Ocano

Santiago Gimenez Ocano

Security Engineer, Praetorian



Thursday October 21, 2021 10:00am - 12:00pm MDT
Cascade D (Training)

10:00am MDT

Mini-Badging 101 with CompukidMike
Back by popular demand, CompukidMike will show you how to make a minibadge step-by-step. Please install KiCad on your laptop prior to the workshop.
https://www.kicad.org/download/


Speakers

Thursday October 21, 2021 10:00am - 12:00pm MDT
Cascade C (Training)

10:30am MDT

UETN Pentesting Update
Common pentesting findings and how you can have your own test

Speakers
NH

Nate Henne

Security, UETN
Nate have worked in education for a long time.


Thursday October 21, 2021 10:30am - 11:00am MDT
Cascade A and B

11:00am MDT

Password Attacks: From Ashigaru to Daimyo
This talk will cover everything you need to know in order to get up to speed in the world of password cracking. We will cover what password hashes are, why password hashes should always be used, the basics of cracking password hashes, and techniques to increase efficiency of your password cracking. Towards, we will cover Hashcat, how to use it, and how give it enough horsepower to burn out electrical outlets in your home...ask me how I know.

Speakers
DH

Danny Howerton

Mark V Security


Thursday October 21, 2021 11:00am - 12:00pm MDT
Ballroom A (2nd Floor)

11:00am MDT

Phishers of men (and women)
Attackers are targeting your users with phishing. It's happening. You can't ignore it. You need both effective prevention tools and user training to help your company not become the next victim. This presentation will teach you how to develop and implement an effective internal phishing program and provide guidance on using opensource tools and an overall architecture to help get your users trained up on how to detect and repel phishing attacks.

Speakers
RB

Ryan Burnett

Pluralsight
Ryan is a native Utahn with a BS in Telecommunications Administration Weber State University, CISSP, CEH, etc. He has worked as a federal contractor for [REDACTED] for [REDACTED] period of time working on the CLASSIFIED [REDACTED] initiative. After that he worked for a large healthcare... Read More →


Thursday October 21, 2021 11:00am - 12:00pm MDT
Ballroom B (2nd Floor)

11:00am MDT

Zero Trust for Humans
What is Zero Trust and how does it fit in my environment.

Speakers

Thursday October 21, 2021 11:00am - 12:00pm MDT
Ballroom C (2nd Floor)

11:30am MDT

Ransomware & Phishing - An open discussion for educational and technology leadership
Ransomeware, Phishing & Power grid threats... oh my! This session is designed to be an open conversation between peers, both defining terms, assessing the current reality of these threats and brainstorming ideas for "next steps"; to protect our students and their data.

Speakers
avatar for Cody Spedlove

Cody Spedlove

Ed Tech Director, Alpine School District
I think people should be sharing the BEST Pedagogical Practice you have seen during COVID 2020-21 school year.  Things you think Teachers/Schools SHOULD KEEP Doing it AFTER the pandemic.
JC

Jeremy Cox

Washington County School District


Thursday October 21, 2021 11:30am - 12:30pm MDT
Cascade A and B

11:30am MDT

SaintCon to Cyber State Champs - Alpine Students - Q&A
Q&A Based on the main session presentation - This presentation will show how the cyber security class started for Alpine School District three years ago. Their first visit to SaintCon and how they went on to place first in the state with Cyber Patriots two years in a row.

Speakers
avatar for Lynne Yocom

Lynne Yocom

Teacher, American Fork and Pleasant Grove High School
Lynne Yocom - I teach Linux and Cyber Secuiry at American Fork High School part time. I work full time at UDOT managing the fiber optic network statewide.


Thursday October 21, 2021 11:30am - 12:30pm MDT
Hobble Creek

1:00pm MDT

Mini-Badging 102 with CompukidMike
It can be daunting to find the proper parts for a minibadge design.You'll learn how to navigate distributor's websites and some tricks to find the parts you need to make your minibadge.

Speakers

Thursday October 21, 2021 1:00pm - 3:00pm MDT
Cascade C (Training)

1:00pm MDT

NMAP 101
A basic introduction to scanning a network with Nmap, the free and open source utility for network discovery and security auditing. You will learn how to discover hosts, ports, services, operating systems, and vulnerabilities within a network. We will discuss the legality of port scanning, how Nmap scanning could possibly stress a network, and how you can better read and interpret scan results. Available for Linux, MacOS and Windows.

Speakers

Thursday October 21, 2021 1:00pm - 3:00pm MDT
Cascade D (Training)

1:30pm MDT

CISO Leadership Panel
This panel discussion will include Utah CISOs discussing how the role of Chief Information Security Officer (CISO) has changed in the age of data breaches, power grid issues and high-profile cyber attacks.

Speakers
avatar for Mark Milne

Mark Milne

CISO, Nu Skin


Thursday October 21, 2021 1:30pm - 2:30pm MDT
Cascade A and B

1:30pm MDT

Lions, and tigers, and hackers! Oh my!
We'll talk about some of the current and recent tactics of hackers and malware groups. While discussing the methods used, we will demo how some of these tools and tactics work.

Speakers
avatar for Matt Lorimer

Matt Lorimer

SAINTCON
Zodiak is a recovering linux/vmware sysadmin, turned infosec ops and red teamer. He has been doing things at SAINTCON for years including SAINT BINGO, Wii modding, communities and much more. He spends way too much time inside adulting, and not enough time in the mountains riding... Read More →


Thursday October 21, 2021 1:30pm - 2:30pm MDT
Hobble Creek

1:30pm MDT

Dependency Confusion - Python and pip
Namesquatting with package managers is nothing new, but if you are using private hosted packages on your own index or from a git repository, you may be inadvertently exposing your dev, build, and production environments, as well as any networks they operate in, to this class of supply chain attack. Learn how these attacks work, what can go wrong if you get caught in an attack, and most importantly, how to improve and validate your development, testing, and deployments to avoid these attacks altogether. The focus of this presentation is on Python using the default package manager pip. These attacks, mitigations strategies and the core concepts apply to nearly every language with a public index for downloading and distributing 3rd party code used in developing and deploying applications.

Speakers
JP

John Pope

Utah State University


Thursday October 21, 2021 1:30pm - 2:30pm MDT
Ballroom B (2nd Floor)

1:30pm MDT

Ouch That Hurt -or- Lessons Learned over a Decade of Pentests
A panel discussion with long-time members of the USHE penetration testing team and IT leaders. We'll discuss tactics, strategies, and outcomes of over 10 years of systemic penetration testing within the Utah System of Higher Education.

Speakers
avatar for Andrew Goble

Andrew Goble

Dixie State University / USHE
Andrew Goble is the long-time Information Security Officer at Dixie State University. He moonlights with the USHE Security Assessment team. They have red-teamed their way into becoming the most infamous IT guys in Utah higher ed.


Thursday October 21, 2021 1:30pm - 2:30pm MDT
Ballroom A (2nd Floor)

1:30pm MDT

Security 101: Tools of the Trade
100 tools (more or less) in 60 minutes

Speakers
avatar for Josh Galvez

Josh Galvez

Hackers Challenge GameMaster, SAINTCON


Thursday October 21, 2021 1:30pm - 2:30pm MDT
Ballroom C (2nd Floor)

1:30pm MDT

SAINTCON Story Time
Come and join your SAINTCON compatriots in a friendly environment to share war stories off the record (brought to you by TFHT)

Speakers
avatar for Troy Jessup

Troy Jessup

Committee, UtahSAINT / UEN


Thursday October 21, 2021 1:30pm - 3:00pm MDT
Cascade E (Training)

2:30pm MDT

Doom and Gloom
What you should be watching and doing but are NOT

Speakers
DP

Dave Packham

Dave Packham is a great mind in the realm of technology, security and drones!


Thursday October 21, 2021 2:30pm - 3:30pm MDT
Cascade A and B

2:30pm MDT

In-Filtration: Staying Ahead of Changes in Internet Content Filtering
Leadership track session discussing updates to Content Filtering and a panel discussion with 4-5 subject matter expertsto answer questions from attendees.

Speakers
KH

Kiera Hamilton

IT Project Manager, UETN


Thursday October 21, 2021 2:30pm - 3:30pm MDT
Hobble Creek

2:30pm MDT

New security professionals: 10 reasons why you fail (and how to fix it)
Security comes naturally to you, but speaking doesn't. Packets and code make sense, but people and politics don't. You've got a lot to offer, but people aren't taking you seriously. This presentation goes over the 10 mistakes I made that slowed my career in Information Security, and what you should know to avoid them.

Speakers
avatar for Jonathan Taylor

Jonathan Taylor

In my 25 career years I've scanned, penetrated, plundered and reported on many hospital networks and applications.  I've designed and deployed many large enterprise solutions and security technologies. I've given impassioned presentations that led to big funding and great change... Read More →


Thursday October 21, 2021 2:30pm - 3:30pm MDT
Ballroom C (2nd Floor)

2:30pm MDT

Securing and Monitoring Office 365 On a Budget
I will walk participants through how to secure Office 365 online exchange without breaking the bank and buying Azure AD Premium licenses.

Speakers
DC

David Casteel

Cornerstone Technologies


Thursday October 21, 2021 2:30pm - 3:30pm MDT
Ballroom A (2nd Floor)

2:30pm MDT

Why climb the corporate ladder when hacking the elevator is more fun?
Bring your career questions to ask Seth Manesse (@sketrik), Colin Jackson (@d1dymu5), Seth Johnson (@sj),  Sherrie Cowley (@AlicesLabyrinth), and Mark Milne. @zodiak will moderate this panel where you will learn how to successfully take the next step in your career, whether that means first job, your next job, a promotion/raise, or finding that last jump to carry you through to retirement. We will answer your questions about careers, advancement, negotiating, resumes, and more with informal, fun discussions and stories.

Speakers
avatar for Matt Lorimer

Matt Lorimer

SAINTCON
Zodiak is a recovering linux/vmware sysadmin, turned infosec ops and red teamer. He has been doing things at SAINTCON for years including SAINT BINGO, Wii modding, communities and much more. He spends way too much time inside adulting, and not enough time in the mountains riding... Read More →


Thursday October 21, 2021 2:30pm - 3:30pm MDT
Ballroom B (2nd Floor)

3:30pm MDT

What are Data Security Benefits of a Private LTE Network?
UETN is currently implementing a Private LTE network pilot project. We will discuss this pilot in some details with a focus on how PLTE can be used to provide a highly secure environment both in education and in the real world. We will be sharing PLTE security use cases that are currently being used in our pilot sites as well as facilitating an open discussion with those attendees this presentation.

Speakers
avatar for Cory Stokes

Cory Stokes

Project Manager, UETN
Cory Stokes has worked in educational technology for the last 28 years. He has worked as a technology coordinator in a district, a technology director at a regional service center and is now managing statewide digital teaching and learning initiatives and projects in Utah. He works... Read More →
avatar for Bryan Petersen

Bryan Petersen

Director, UETN
Currently employed at Utah Education & Telehealth Network since 1995, current position is Technical Services Associate Director over Enterprise Systems and Software Development. Bryan has held various positions in the IT field over the last 25 years, Systems Admin, Database Admin... Read More →


Thursday October 21, 2021 3:30pm - 4:00pm MDT
Hobble Creek

3:30pm MDT

Get Your School's Data Breach Response Party Going Again!
A recent survey of LEA data managers and information security officers found that data breach response is a major concern in Utah schools. This presentation will cover recent, real-life examples of data incidents in schools as well as updates to the Center for Internet Security (CIS) controls in order to help participants in the leadership track understand changes in the threat landscape and controls that can be used to prepare for and mitigate risks.

Speakers
avatar for Whitney Phillips

Whitney Phillips

Educational Director Data Privacy, USBE
Dr. Whitney Phillips is the Chief Privacy Officer at the Utah State Board of Education. Previously she was the project manager for federal and Utah state accountability and was a program evaluator at the Arizona Department of Education. She was a junior high English and taught students... Read More →


Thursday October 21, 2021 3:30pm - 4:30pm MDT
Cascade A and B

3:30pm MDT

Mining Cloud Resources for Initial Access via Serverless Services
Cloud (AWS, Azure, GCP, etc.) providers make the sharing of resources as easy and convenient as the push of a button, but how often do users unintentionally also share sensitive information which would enable an attacker and/or red teamer to gain a foothold into the targeted cloud environment? Join us in this action-packed session, where we will explore a few practical cloud-centric attack vectors, which may have disastrous consequences for unprepared organizations. Including: - Collection of shared resources (e.g. AWS‚Äôs AMIs, EBS Snapshots, etc.) - Processing of resources for credentials (e.g. AWS Access Key IDs & Secrets, SSH Private Keys, Password Hashes, etc.) and other semi-sensitive information (e.g. AWS Account IDs, Usernames, etc.) - Leveraging of credentials to gain initial access into targeted information systems (e.g. RDP, SSH, Cloud Provider‚ CLIs, etc.). In addition, we will show you how by leveraging various serverless technologies (e.g. AWS‚ Lambda, Azure Functions, etc.) we were able to automate various aspects of our red team, penetration testing processes, enabling us to scale our offensive operations to new heights!

Speakers
BK

Bryce Kunz

S2.Security
Bryce Kunz (@TweekFawkes) is an Information Security Researcher located in Salt Lake City, Utah. Bryce currently leads the security offensive testing of Adobe's Marketing Cloud SaaS infrastructure via researching and developing custom exploits for web applications and other cloud... Read More →


Thursday October 21, 2021 3:30pm - 4:30pm MDT
Ballroom B (2nd Floor)

3:30pm MDT

One man's trash is another man's Homelab (2021 Edition)
A follow up to the dumpster-diving antics presented in the Home Lab 2019 edition! A lot has changed in the Home Lab space in the past two years. Chip shortages, supply line interruptions, storage hoarding, as well as increased popularity in Home labs have made finding great deals on under-valued hardware more difficult than it has been historically. Don't even mention trying to find a GPU for a password cracking lab (actually do mention it, we can still get them). This just means we work harder and dig deeper in the dumpster of used hardware to find the deals! We're going to hit the main pillars for Home Labs (Compute, networking, and storage) and update the best bang for the buck items as well as give upgrade paths to those that have already started their homelab journey. We're also going to discuss some ultra low-power / low-noise options for our friends just getting started or those looking to keep it quiet and simple. This year we're going to focus a bit more on the actual use / functions of homelab as well and dipping a bit into homeprod. Some projects / systems can be set up to make you (and your co-habitants) lives easier, safer, and more enjoyable. After all, keeping the co-habitants happy is sometimes the key to getting more homelab gear! Whether this is the first foray into homelabbing, or you are a seasoned veteran; there will be something for everyone (not to mention some laughs at my expense over some of my more 'out-there' ideas that just didn't quite pan out).

Speakers
avatar for Shaun Price

Shaun Price

Staff Security Engineer, Henry Schein ONE
Shaun Price is a staff security engineer in the healthcare space. He earned his bachelors degree in network administration and security from Utah Valley University . Concurrently, he spent 10 years at Novell / SuSE working as a global escalation engineer performing LAN/WAN analysis... Read More →


Thursday October 21, 2021 3:30pm - 4:30pm MDT
Ballroom C (2nd Floor)

3:30pm MDT

Pen-Testing with Mobile Devices
Mobile devices are becoming increasingly powerful and are cheap. This presentation will discuss tools and methods for turning these cheap mobile devices into powerful pen-testing devices.        

Speakers
SH

Spencer Heywood

Utah Education & Telehealth Network


Thursday October 21, 2021 3:30pm - 4:30pm MDT
Ballroom A (2nd Floor)

8:00pm MDT

Hack-in-the-Box Event
Speakers
avatar for Troy Jessup

Troy Jessup

Committee, UtahSAINT / UEN


Thursday October 21, 2021 8:00pm - Friday October 22, 2021 1:00am MDT
Conference Center (Hyatt Hotel)
 
Friday, October 22
 

10:00am MDT

How to build a conference network (2021)
How was the SAINTCON network designed? What did it take to put it all together? What interesting traffic and analytics have you seen? What lessons have been learned? Find answers to these questions or bring your own questions.

Speakers

Friday October 22, 2021 10:00am - 11:00am MDT
Ballroom B (2nd Floor)

10:00am MDT

It's Not If, But When. So What Should You Do NOW?
We're going to be hacked. We're going to have the site DOSed. We're going to have someone click a link. So what should we do right now to get ready, and what will we do when it happens? This is going to be Incident Response 101. We'll talk about how to get ready, how to get your baselines, and what to watch for. We'll talk about what you need to prepare so you can be ready to take action when it" happens, and you don't get blinded by information overload and the fog of war."

Speakers
avatar for Sean Jackson

Sean Jackson

Director of Information Security, Spiff
Sean has been active in the Utah InfoSec scene for many years. He enjoys CTFs, good food, good friends, and his family, but not in that order. He believes everyone has a place in InfoSec, no matter their color, gender, preferences, or disposition. That last one is the hardest one... Read More →


Friday October 22, 2021 10:00am - 11:00am MDT
Ballroom C (2nd Floor)

10:00am MDT

Limiting Mimikatz Attacks
Dumping credentials from Windows computers is a common technique for attacks and Mimikatz is the go to tool for covering a variety of techniques. There are many built-in settings for Windows that will reduce the attack surface and limit access to the credentials even further. Come learn some of the Mimikatz techniques and how they can be limited with the right settings.

Speakers
avatar for Jim Shakespear

Jim Shakespear

System Admin, Southern Utah University
I've been a member of SAINT since 2012, since I started full-time at Southern Utah University. I've had various roles in our IT department, and currently help maintain our enterprise systems including Active Directory. I've also been an adjunct professor for our CSIS department since... Read More →


Friday October 22, 2021 10:00am - 11:00am MDT
Ballroom A (2nd Floor)

11:00am MDT

Hackers Challenge Shakedown
What went down, what rocked, what stumped you. We'll walkthrough the highlights of the game, and solve some of the puzzles.

Speakers
avatar for Josh Galvez

Josh Galvez

Hackers Challenge GameMaster, SAINTCON


Friday October 22, 2021 11:00am - 11:30am MDT
Ballroom B (2nd Floor)

12:00pm MDT

Closing Ceremonies
Speakers
avatar for Troy Jessup

Troy Jessup

Committee, UtahSAINT / UEN


Friday October 22, 2021 12:00pm - 1:00pm MDT
Ballroom B (2nd Floor)