Presentations
Here is a collection of Kenneth G. Hartman’s articles and presentations of a variety of topics including information security, privacy, and leadership:
Table of Contents
- Dealing with the Deluge of Digital Discovery
- Mastering Fabric
- Personal Cyber Security in an AI-Driven World
- Beware! Encryption Jedi Mind Trick
- Differential File System Analysis for the Quick Win
- Docker Crash Course
- Can You Really Be More Secure in the Cloud?
- Embrace Your Inner Hacker
- Tech Tuesday Workshop
- A Purple-Team Approach to Exploring AWS Security Services & Capabilities
- How Azure, AWS, Google handle data destruction in the cloud
- Doing Cloud in China
- SANS Webcast - The Best of Both Worlds - Cloud + SASE
- SANS Webcast - What To Do When Moving to the Cloud
- A DevOps Approach to Security Controls
- What Cloud Saavy Customers Really Want
- Data Protection in the Public Cloud
- Digital Forensic Analysis of Amazon Linux EC2 Instances
Dealing with the Deluge of Digital Discovery
Leveraging AI to Tackle Modern Legal Challenges
The exponential growth of digital data has revolutionized legal discovery, presenting both opportunities and challenges for defense attorneys. In this session, we will explore innovative strategies for managing large volumes of discovery documents using cutting-edge AI and Natural Language Processing (NLP) techniques. Attendees will get an exclusive sneak peek at the Lucid Truth’s “Discovery Processing Web App,” a novel tool in development designed to streamline the organization, tracking, and analysis of legal documents.
Through this interactive presentation, we will:
- Discuss best practices for handling legal discovery, including inventory management and version control.
- Highlight AI-driven approaches for identifying and resolving document discrepancies.
- Demonstrate how AI Tools like the Discovery Processing Web App can transform raw data into actionable insights.
- Understand the technical challenges and limitations of such tools.
Join us to learn how to overcome the deluge of digital discovery and enhance your investigations with AI-powered solutions. This session is ideal for PIs and Criminal Defense Investigators seeking practical tools to navigate the complexities of modern case analysis.
Dealing with the Deluge of Digital Discovery - SLIDES (2/6/2025)
Michigan Council of Professional Investigators Meeting Announcement (2/6/2025)
Mastering Fabric
Bringing the Power of LLMs to the Command Line
Security professionals are constantly seeking ways to streamline workflows, automate repetitive tasks, and analyze complex data with precision. Fabric, a command-line tool that integrates large language models (LLMs), offers a transformative approach to meeting these challenges.
This talk introduces Fabric and its potential to revolutionize workflows for security and development professionals. Attendees will learn how to integrate Fabric into tools like Visual Studio Code and GitHub Codespaces to create efficient, collaborative environments. Topics include the basics of Fabric patterns, an introduction to prompt engineering, and hands-on examples tailored to security use cases, such as log analysis and incident response.
Through engaging demonstrations and real-world scenarios, this session will show how combining Fabric with traditional CLI tools can enhance productivity and uncover new insights. Whether you are an experienced CLI user or exploring new ways to optimize your workflows, this talk will provide actionable techniques and inspiration to incorporate Fabric into your practice. No prior experience with Fabric is necessary. Join us to explore how this innovative tool can empower you to work smarter and faster in security and development.
Mastering Fabric: Bringing the Power of LLMs to the Command Line - SLIDES (1/29/2025)
Practice Files for Hands On Workshop
Daniel Miessler’s FABRIC Github Repo
Personal Cyber Security in an AI-Driven World
As artificial intelligence (AI) becomes more integrated into our daily lives, cybercriminals are finding new ways to exploit personal data and online identities through increasingly sophisticated scams. In this talk, we will explore the emerging threats posed by AI-driven cyber scams, from phishing attacks and social engineering to the dangers of voice cloning.
Participants will learn how to protect themselves using Multi-Factor Authentication (MFA) methods, including the latest advances in hardware tokens and passkeys, while also understanding the limitations of each approach. While MFA adds a vital layer of protection, it is not infallible, and knowing its weaknesses will help users stay vigilant against potential bypass tactics. We’ll also discuss how to recognize fake alerts and secure cloud backups to minimize risks.
Personal Cyber Security in an AI-Diven World - SLIDES (12/9/2024)
Meeting Announcement: Grand Traverse Humanists (12/9/2024)
Beware! Encryption Jedi Mind Trick
When a cloud service provider (CSP) says they are using encryption, that’s when you know you need to dig deeper into the details rather than succumb to the Jedi mind tricks of encryption. “You can trust us. We use encryption.” We will cover BYOK – what it actually is - and misconceptions, along with end-to-end encryption. Where do you use encryption? How do you perform encryption? How do you protect the keys throughout the key management life cycle?
Beware! Encryption Jedi Mind Trick - SLIDES (8/29/2023)
Beware! Encryption Jedi Mind Trick - YouTube Video
Differential File System Analysis for the Quick Win
Mature DevOps organizations use continuous integration/continuous delivery (CI/CD) techniques to deliver a hardened virtual machine “gold image” to production that does not need any additional configuration on first boot and is ready to join the cluster of virtual machines in the backend pool of its designated load balancer. This approach offers several significant security advantages, but it can also speed up the time to do a forensic analysis when Differential File System Analysis is employed.
Differential File System Analysis is a technique wherein the storage volume(s) of a VM launched from a gold image are mounted read-only to a forensic workstation and are used as a basis for comparison against the forensic copies of the storage volume(s) of a VM that is suspected to be compromised. A reference hash set of all files on the gold image can be prepared in advance by the CI/CD pipeline and stored until needed. Any hashes on the compromised system that are not found in the reference hash set are either new or altered.
Although this talk will demonstrate how to use the Differential File System Analysis technique and open-source software to investigate a compromised AWS EC2 instance, this technique is effective on any system launched recently from a gold image. The talk concludes with examples of how the high-level forensic processing steps can be automated to further reduce the time from compromise to analysis.
Differential File System Analysis for the Quick Win - SLIDES (8/4/2023)
Differential File System Analysis for the Quick Win - YouTube Video
Docker Crash Course - Github Repo