1. Opening Remarks
10am - 10:05 | Robert M. Lee
2. MITRE ATT&CK and Dragos Activity Groups
10:05 - 10:35 | Sergio Caltagirone & Anna Seitz
Resources
- MITRE ATT&CK for ICS
- Dragos web resource for MITRE ATT&CK for ICS
- Dragos Worldview Portal
- Dragos Activity Groups
3. Bow Tie Model of Destructive Malware
10:35 - 11:15 | Josh Carlson & Daniel Michaud-Soucy
Resources
- Dragos Webinar: "Ransomware in an Industrial World"
- U.S. Department of the Treasury - Ransomware Advisory
- Microsoft Attack Surface Reduction
- Fortinet: "Stomping Shadow Copies - A Second Look Into Deletion Methods"
- NIST: "Securing Data Integrity Against Ransomware Attacks: Using the NIST Cybersecurity Framework and NIST Cybersecurity Practice Guides"
4. What's New In Dragos Training
11:15 - 11:30 | Laura Buell & Mark Heard
Resources
5. Defense Assessment & Validation: "Nothing Goes Over My Head, I Would Catch It"
11:30 - 12 | Jacob Benjamin
Resources
| Topic | Source | Name |
| Physical Security | IAEA | NSS No.27-G, NSS No.10, INFCIRC 225 |
| Threat Intelligence | Dragos | Diamond Model, WorldView, ICS Threat Intelligence Whitepaper |
| Shared Lexicon | MITRE | ATT&CK For ICS, Enterprise ATT&CK |
| Cyber DBTs | University of Idaho | Coming Soon |
| GOTG | Marvel | Guardians of the Galaxy |
Break - 30 Minutes
6. KYBERITE TTPs
12:30 - 1pm | Emily Crose & Chris Nourrie
7. Lessons Learned From Our Dragos Deployment
1pm - 1:45 | Brent Heyen & Mark Johnson-Barbier, SRP
Resources
8. Adventures in EKANS: Golang Lazy Loading and API Recovery
1:45 - 2:30 | Jimmy Wylie
Resources
- https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/
- https://www.wired.com/story/ekans-ransomware-industrial-control-systems/
- https://golang.org/doc/effective_go.html#introduction
- https://golang.org/ref/spec#Introduction
- https://golang.org/dl/
- https://go-re.tk/redress/
- https://lekstu.ga/posts/pclntab-function-recovery/
- https://github.com/sibears/IDAGolangHelper
- https://github.com/unixpickle/gobfuscate
- https://gist.github.com/W3ndige/c80e7cce80ff12e01c37eb98f7dc70db
- https://twitter.com/w3ndige/status/1258321900788428800?s=20
- https://dr-knz.net/go-calling-convention-x86-64.html
- https://godoc.org/builtin#error
- https://blog.osiris.cyber.nyu.edu/2019/12/19/go-deepdive/blog.osiris.cyber.nyu.edu/2019/12/19/go-deepdive/
Break - 30 Minutes
9. Creating an Intel-Informed, National ICS Regulation
3pm - 3:30 | Jim Gilsinn, Gus Serino, & Seth Pelletier
Resources
- NIST CSF
- NIST SP
- ISA/IEC 62443
- DOE C2M2
- NERC CIP
- NORSOK
- Dragos Activity Groups
- MITRE ATT&CK
- MITRE ATT&CK for ICS
10. We Need to Talk About Instruments
3:30 - 4pm | Reid Wightman & Kate Vajda
Resources
11. Penetration Testing With Consequence
4pm - 4:30 | Greg Pollmann & Danny Buentello
Resources
- https://www.dragos.com/resource/dependency-modeling-for-identifying-cybersecurity-crown-jewels-in-an-ics-environment/
- https://www.dragos.com/blog/industry-news/combating-cyber-attacks-with-consequence-driven-ics-cybersecurity/
- https://www.henrystewartpublications.com/sites/default/files/Wyman%20(5).pdf
Break - 30 Minutes
12. 2021 Dragos Roadmap
5pm - 6pm | Robert M. Lee & Chris Carlson
13. Closing Remarks
6pm - 6:15 | Robert M. Lee
